Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Multiple CVE and Misconfiguration Templates #50

Merged
merged 4 commits into from
Jul 19, 2023
Merged

Added Multiple CVE and Misconfiguration Templates #50

merged 4 commits into from
Jul 19, 2023

Conversation

Parimal-shaw
Copy link
Contributor

Added Following Templates:

  • CVE_2022_0150_WordPress_Accessibility_Helper_Lt_0_6_0_7_Cross_Site.bcheck
  • CVE-2022-2460 VoipMonitor - Pre-Auth SQL Injection.bcheck
  • CVE-2023-36346 POS Codekop v2.0 - Cross-site Scripting.bcheck
  • CVE_2021_20114_TCExam_Gt_14_8_1_Sensitive_Information_Exposure.bcheck
  • CVE_2021_20158_Trendnet_AC2600_TEW_827DRU_2_08B01_Admin_Password.bcheck
  • CVE_2021_21816_D_Link_DIR_3040_1_13B03_Information_Disclosure.bcheck
  • SAP Directory Listing.bcheck
  • Xdebug_remote_code_execution_via_xdebug_remote_connect_back.bcheck
  • Apache Tomcat Manager Path Normalization Panel.bcheck
  • Cloudflare External Image Resizing Misconfiguration.bcheck
  • Etcd Server - Unauthenticated Access.bcheck
  • Kubernetes_Pods_API_Discovery_&_Remote_Code_Execution.bcheck
  • Rails CRLF and XSS.bcheck

@Parimal-shaw
Added CVE
dabd08f 
CVE_2022_0150_WordPress_Accessibility_Helper_Lt_0_6_0_7_Cross_Site.bcheck
CVE-2022-2460 VoipMonitor - Pre-Auth SQL Injection.bcheck
CVE-2023-36346 POS Codekop v2.0 - Cross-site Scripting.bcheck
CVE_2021_20114_TCExam_Gt_14_8_1_Sensitive_Information_Exposure.bcheck
CVE_2021_20158_Trendnet_AC2600_TEW_827DRU_2_08B01_Admin_Password.bcheck
CVE_2021_21816_D_Link_DIR_3040_1_13B03_Information_Disclosure.bcheck
@Parimal-shaw
Added Multiple misconfiguration checks
92f2395 
SAP Directory Listing.bcheck
Xdebug_remote_code_execution_via_xdebug_remote_connect_back.bcheck
Apache Tomcat Manager Path Normalization Panel.bcheck
Cloudflare External Image Resizing Misconfiguration.bcheck
Etcd Server - Unauthenticated Access.bcheck
Kubernetes_Pods_API_Discovery_&_Remote_Code_Execution.bcheck
Rails CRLF and XSS.bcheck
@olliewuk
Copy link
Contributor

in other/Apache Tomcat Manager Path Normalization Panel.bcheck should the password be static as it is?

@Parimal-shaw
Copy link
Contributor Author

Parimal-shaw commented Jul 16, 2023
edited
Loading

Yes, it doesn't disclose current users password a user can change whatever they want the password to be .

@olliewuk
Copy link
Contributor

Yes, it doesn't disclose current users password a user can change whatever they want the password to be .

Should the check be modified in that case to not include a specific password?

@Parimal-shaw
Copy link
Contributor Author

Not required , the current check cannot be changed in any other way the following checks required a password in static form or else the password will get rejected .

@Parimal-shaw
Copy link
Contributor Author

All the changes have been done ,suggested by you

PortSwiggerWiener
PortSwiggerWiener approved these changes Jul 19, 2023
View reviewed changes
Copy link
Collaborator

@PortSwiggerWiener PortSwiggerWiener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@PortSwiggerWiener PortSwiggerWiener merged commit adc6df0 into PortSwigger:main Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olliewuk olliewuk olliewuk approved these changes

@PortSwiggerWiener PortSwiggerWiener PortSwiggerWiener approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Parimal-shaw @olliewuk @PortSwiggerWiener