Skip to content

Commit

Permalink
Merge pull request #183 from DolphFlynn/user_agent
Browse files Browse the repository at this point in the history 
Replace hardcoded User-Agent strings with variable.
  • Loading branch information
@Hannah-PortSwigger
Hannah-PortSwigger authored Feb 26, 2024
2 parents 9142f72 + 12620ed commit 0884f95
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 11 deletions.
Empty file modified vulnerabilities-CVEd/CVE-2018-1000129 - Jolokia 137 - Cross-Site Scripting.bcheck
100755 → 100644
View file
Empty file.
4 changes: 2 additions & 2 deletions vulnerabilities-CVEd/CVE-2019-17662 - ThinVNC 10b1 - Auth Bypass.bcheck
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
metadata:
language: v1-beta
language: v2-beta
name: "CVE-2019-17662 - ThinVNC 1.0b1 - Auth Bypass"
description: "Checks for CVE-2019-17662"
author: "Dolph Flynn"
Expand All @@ -13,7 +13,7 @@ given host then
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36
User-Agent: {user_agent}
Connection: close
Cache-Control: max-age=0

Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities-CVEd/CVE-2020-35713 - Belkin Linksys RE6500 10012001 - RCE.bcheck
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
metadata:
language: v1-beta
language: v2-beta
name: "CVE-2020-35713 - Belkin Linksys RE6500 <1.0.012.001 - RCE"
description: "Checks for CVE-2020-35713"
author: "Dolph Flynn"
Expand All @@ -10,7 +10,7 @@ given host then
send request called check:
`POST /goform/setSysAdm HTTP/1.1
Host: {base.request.url.host}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111 Safari/537.36
User-Agent: {user_agent}
Connection: close
Accept-Encoding: gzip, deflate, br
Accept: */*
Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities-CVEd/CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE.bcheck
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
metadata:
language: v1-beta
language: v2-beta
name: "CVE-2021-38647 - Microsoft Open Management Infrastructure - RCE"
description: "Checks for CVE-2021-38647"
author: "Dolph Flynn"
Expand All @@ -11,7 +11,7 @@ given host then
`POST /wsman HTTP/1.1
Host: {base.request.url.host}
Content-Type: application/soap+xml;charset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
User-Agent: {user_agent}
Connection: close

<s:Envelope
Expand Down
6 changes: 3 additions & 3 deletions vulnerabilities-CVEd/CVE-2023-32563 - Ivanti Avalanche - RCE.bcheck
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939

metadata:
language: v1-beta
language: v2-beta
name: "CVE-2023-32563 - Ivanti Avalanche - RCE"
description: "Checks for CVE-2023-32563"
author: "Dolph Flynn"
Expand All @@ -20,7 +20,7 @@ given host then
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36
User-Agent: {user_agent}
Content-Length: 333
Content-Type: multipart/form-data; boundary=------------------------92afcaa4bcd3c990
Connection: close
Expand All @@ -44,7 +44,7 @@ out.println("{test_nonce}");
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36
User-Agent: {user_agent}
Connection: close

`
Expand Down
4 changes: 2 additions & 2 deletions vulnerabilities-CVEd/CVE-2023-38035 - Ivanti Sentry - Auth Bypass.bcheck
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
metadata:
language: v1-beta
language: v2-beta
name: "CVE-2023-38035 - Ivanti Sentry - Auth Bypass"
description: "Checks for CVE-2023-38035"
author: "Dolph Flynn"
Expand All @@ -15,7 +15,7 @@ given host then
send request called check:
`POST /mics/services/MICSLogService HTTP/1.1
Host: {base.request.url.host}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
User-Agent: {user_agent}
Connection: close
Content-Length: 133
Content-Type: application/json
Expand Down

0 comments on commit 0884f95

Please sign in to comment.