Skip to content

Commit 05c60b4

Browse files
1N31N3
committed
Finalized changes for v8.7
Added CVE-2020-15129 - Open Redirect In Traefik sc0pe template
1 parent 8d7c2bd commit 05c60b4

3 files changed

Lines changed: 16 additions & 6 deletions

File tree

CHANGELOG.md

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,12 @@
22
* v8.7 - Updated web file bruteforce lists
33
* v8.7 - Added updated Slack API integration/notifications
44
* v8.7 - Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers
5+
* v8.7 - Added CVE-2020-15129 - Open Redirect In Traefik sc0pe template
56
* v8.7 - Added MobileIron Login sc0pe template
67
* v8.7 - Added Revive Adserver XSS sc0pe template
78
* v8.7 - Added IceWarp Webmail XSS sc0pe template
89
* v8.7 - Added Mara CMS v7.5 XSS sc0pe template
9-
* v8.7 - Added Administrative Privilege Escalation in SAP NetWeaver
10+
* v8.7 - Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template
1011
* v8.7 - Added Magento 2.3.0 SQL Injection sc0pe template
1112
* v8.7 - Added CVE-2020-15920 - Unauthenticated RCE at Mida eFramework sc0pe template
1213
* v8.7 - Added CVE-2019-7192 - QNAP Pre-Auth Root RCE sc0pe template
@@ -19,11 +20,11 @@
1920
* v8.7 - Added Robots.txt Detected sc0pe template
2021
* v8.7 - Added AWS S3 Public Bucket Listing sc0pe template
2122
* v8.7 - Fixed logic error in stealth mode recon scans not running
22-
* v8.7 - Added CVE-2020-7048 - WP Database Reset 3.15 Unauthenticated Database Reset
23+
* v8.7 - Added CVE-2020-7048 - WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template
2324
* v8.7 - Fixed F- detection in Wordpress Sc0pe templates
24-
* v8.7 - Added CVE-2020-11530 - Wordpress Chop Slider 3 Plugin SQL Injection
25-
* v8.7 - Added CVE-2019-11580 - Atlassian Crowd Data Center Unauthenticated RCE
26-
* v8.7 - Added CVE-2019-16759 - vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass
25+
* v8.7 - Added CVE-2020-11530 - Wordpress Chop Slider 3 Plugin SQL Injection sc0pe template
26+
* v8.7 - Added CVE-2019-11580 - Atlassian Crowd Data Center Unauthenticated RCE sc0pe template
27+
* v8.7 - Added CVE-2019-16759 - vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template
2728
* v8.6 - Added new Sn1per configuration flow that allows persistent user configurations and API key transfer
2829
* v8.6 - Updated port lists to remove duplicate ports error and slim down list
2930
* v8.6 - Updated PHP to 7.4

sniper

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ if [[ $EUID -ne 0 ]]; then
88
exit 1
99
fi
1010

11-
VER="8.6"
11+
VER="8.7"
1212
INSTALL_DIR="/usr/share/sniper"
1313
LOOT_DIR="$INSTALL_DIR/loot/$TARGET"
1414
SNIPER_PRO=$INSTALL_DIR/pro.sh

templates/active/CVE-2020-15129_-_Open_Redirect_In_Traefik.sh

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
AUTHOR='@xer0dayz'
2+
VULN_NAME='CVE-2020-15129 - Open Redirect In Traefik'
3+
URI='/'
4+
METHOD='GET'
5+
MATCH="<a href=\"https://google.com/dashboard/\">Found</a>"
6+
SEVERITY='P3 - MEDIUM'
7+
CURL_OPTS="--user-agent '' -s -L --insecure -H 'X-Forwarded-Prefix: https://google.com'"
8+
SECONDARY_COMMANDS=''
9+
GREP_OPTIONS='-i'

0 commit comments

Comments
 (0)