Template regeneration after fixing template id's. Fixes #24, #25

topscoder · Feb 10, 2025 · 7e624b2 · 7e624b2
1 parent c6add9f
commit 7e624b2
Show file tree

Hide file tree

Showing 2,045 changed files with 93,109 additions and 1,479 deletions.
diff --git a/nuclei-templates/2007/CVE-2007-4014-5d6f4e2c361c4aab3a6bd8c466682a86.yaml b/nuclei-templates/2007/CVE-2007-4014-5d6f4e2c361c4aab3a6bd8c466682a86.yaml
@@ -15,17 +15,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2007-4014
   metadata:
-    fofa-query: "wp-content/themes/blixed/"
-    google-query: inurl:"/wp-content/themes/blixed/"
+    fofa-query: "wp-content/themes/blix/"
+    google-query: inurl:"/wp-content/themes/blix/"
     shodan-query: 'vuln:CVE-2007-4014'
-  tags: cve,wordpress,wp-theme,blixed,medium
+  tags: cve,wordpress,wp-theme,blix,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/themes/blixed/style.css"
+      - "{{BaseURL}}/wp-content/themes/blix/style.css"
 
     extractors:
       - type: regex
@@ -51,9 +51,9 @@ http:
 
       - type: word
         words:
-          - "blixed"
+          - "blix"
         part: body
 
       - type: dsl
         dsl:
-          - compare_versions(version, '<= 1.0')
+          - compare_versions(version, '<= 0.9.1')
diff --git a/nuclei-templates/2011/CVE-2011-4106-2978b3e7944a7a048e47347602b1cfab.yaml b/nuclei-templates/2011/CVE-2011-4106-2978b3e7944a7a048e47347602b1cfab.yaml
@@ -15,17 +15,17 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2011-4106
   metadata:
-    fofa-query: "wp-content/plugins/category-list-portfolio-page/"
-    google-query: inurl:"/wp-content/plugins/category-list-portfolio-page/"
+    fofa-query: "wp-content/plugins/simple-post-thumbnails/"
+    google-query: inurl:"/wp-content/plugins/simple-post-thumbnails/"
     shodan-query: 'vuln:CVE-2011-4106'
-  tags: cve,wordpress,wp-plugin,category-list-portfolio-page,critical
+  tags: cve,wordpress,wp-plugin,simple-post-thumbnails,critical
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/category-list-portfolio-page/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/simple-post-thumbnails/readme.txt"
 
     extractors:
       - type: regex
@@ -51,7 +51,7 @@ http:
 
       - type: word
         words:
-          - "category-list-portfolio-page"
+          - "simple-post-thumbnails"
         part: body
 
       - type: dsl

diff --git a/nuclei-templates/2012/CVE-2012-3414-16ab5f3f6b91262e4d8f2689341e8445.yaml b/nuclei-templates/2012/CVE-2012-3414-16ab5f3f6b91262e4d8f2689341e8445.yaml
@@ -0,0 +1,59 @@
+id: CVE-2012-3414-16ab5f3f6b91262e4d8f2689341e8445
+
+info:
+  name: >
+    SWFUpload <= 2.2.0.1 - Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2012-3414
+  metadata:
+    fofa-query: "wp-content/plugins/nextgen-gallery/"
+    google-query: inurl:"/wp-content/plugins/nextgen-gallery/"
+    shodan-query: 'vuln:CVE-2012-3414'
+  tags: cve,wordpress,wp-plugin,nextgen-gallery,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "nextgen-gallery"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.9.6')
diff --git a/nuclei-templates/2012/CVE-2012-3414-17b4021889355e42273acdbf861def42.yaml b/nuclei-templates/2012/CVE-2012-3414-17b4021889355e42273acdbf861def42.yaml
@@ -15,17 +15,17 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2012-3414
   metadata:
-    fofa-query: "wp-content/plugins/wp-ecommerce-cvs-importer/"
-    google-query: inurl:"/wp-content/plugins/wp-ecommerce-cvs-importer/"
+    fofa-query: "wp-content/plugins/pica-photo-gallery/"
+    google-query: inurl:"/wp-content/plugins/pica-photo-gallery/"
     shodan-query: 'vuln:CVE-2012-3414'
-  tags: cve,wordpress,wp-plugin,wp-ecommerce-cvs-importer,medium
+  tags: cve,wordpress,wp-plugin,pica-photo-gallery,medium
 
 http:
   - method: GET
     redirects: true
     max-redirects: 3
     path:
-      - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-cvs-importer/readme.txt"
+      - "{{BaseURL}}/wp-content/plugins/pica-photo-gallery/readme.txt"
 
     extractors:
       - type: regex
@@ -51,7 +51,7 @@ http:
 
       - type: word
         words:
-          - "wp-ecommerce-cvs-importer"
+          - "pica-photo-gallery"
         part: body
 
       - type: dsl

diff --git a/nuclei-templates/2012/CVE-2012-3414-1a838116c494b197a9b7e34122973b1e.yaml b/nuclei-templates/2012/CVE-2012-3414-1a838116c494b197a9b7e34122973b1e.yaml
@@ -0,0 +1,59 @@
+id: CVE-2012-3414-1a838116c494b197a9b7e34122973b1e
+
+info:
+  name: >
+    SWFUpload <= 2.2.0.1 - Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2012-3414
+  metadata:
+    fofa-query: "wp-content/plugins/wp-carouselslideshow/"
+    google-query: inurl:"/wp-content/plugins/wp-carouselslideshow/"
+    shodan-query: 'vuln:CVE-2012-3414'
+  tags: cve,wordpress,wp-plugin,wp-carouselslideshow,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wp-carouselslideshow/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wp-carouselslideshow"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.10')
diff --git a/nuclei-templates/2012/CVE-2012-3414-2136cd9926cebb79386190c5b5c4849d.yaml b/nuclei-templates/2012/CVE-2012-3414-2136cd9926cebb79386190c5b5c4849d.yaml
@@ -0,0 +1,59 @@
+id: CVE-2012-3414-2136cd9926cebb79386190c5b5c4849d
+
+info:
+  name: >
+    SWFUpload <= 2.2.0.1 - Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2012-3414
+  metadata:
+    fofa-query: "wp-content/plugins/wysija-newsletters/"
+    google-query: inurl:"/wp-content/plugins/wysija-newsletters/"
+    shodan-query: 'vuln:CVE-2012-3414'
+  tags: cve,wordpress,wp-plugin,wysija-newsletters,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wysija-newsletters/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wysija-newsletters"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.1.6')
diff --git a/nuclei-templates/2012/CVE-2012-3414-4e91c1a1829b052a9734b79f2d73e4ee.yaml b/nuclei-templates/2012/CVE-2012-3414-4e91c1a1829b052a9734b79f2d73e4ee.yaml
@@ -0,0 +1,59 @@
+id: CVE-2012-3414-4e91c1a1829b052a9734b79f2d73e4ee
+
+info:
+  name: >
+    SWFUpload <= 2.2.0.1 - Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2012-3414
+  metadata:
+    fofa-query: "wp-content/plugins/wp-yasslideshow/"
+    google-query: inurl:"/wp-content/plugins/wp-yasslideshow/"
+    shodan-query: 'vuln:CVE-2012-3414'
+  tags: cve,wordpress,wp-plugin,wp-yasslideshow,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wp-yasslideshow/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wp-yasslideshow"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.3')