Skip to content

Commit 12971c1

Browse files
authored
Merge branch 'master' into feature/adguardhome-dot
2 parents 66cf04a + daf17d9 commit 12971c1

37 files changed

Lines changed: 1220 additions & 405 deletions
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
## autogenerated on 2026-04-15 13:30:23
2+
id: CVE-2026-21643
3+
info:
4+
name: CVE-2026-21643
5+
author: crowdsec
6+
severity: info
7+
description: CVE-2026-21643 testing
8+
tags: appsec-testing
9+
http:
10+
- raw:
11+
- |
12+
GET /api/v1/init_consts HTTP/1.1
13+
Host: {{Hostname}}
14+
Site: tenant1; SELECT pg_sleep(8)--
15+
cookie-reuse: true
16+
matchers:
17+
- type: status
18+
status:
19+
- 403
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
## autogenerated on 2026-04-15 13:30:23
2+
appsec-rules:
3+
- ./appsec-rules/crowdsecurity/base-config.yaml
4+
- ./appsec-rules/crowdsecurity/vpatch-CVE-2026-21643.yaml
5+
nuclei_template: CVE-2026-21643.yaml
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
id: CVE-2026-26980
2+
info:
3+
name: CVE-2026-26980
4+
author: crowdsec
5+
severity: info
6+
description: CVE-2026-26980 testing
7+
tags: appsec-testing
8+
http:
9+
- raw:
10+
- |
11+
GET /ghost/api/content/tags/?key=0123456789abcdef01234567&filter=slug:%5B%27%7C%7CCASE%20WHEN%201%3D1%20THEN%200%20ELSE%20EXP%28710%29%20END%7C%7C%27,test%5D HTTP/1.1
12+
Host: {{Hostname}}
13+
14+
cookie-reuse: true
15+
matchers:
16+
- type: status
17+
status:
18+
- 403
19+
- raw:
20+
- |
21+
GET /ghost/api/content/tags/?key=0123456789abcdef01234567&filter=slug:%5B%27%26%26CASE%20WHEN%201%3D1%20THEN%200%20ELSE%20EXP%28710%29%20END%26%26%27,test%5D HTTP/1.1
22+
Host: {{Hostname}}
23+
24+
cookie-reuse: true
25+
matchers:
26+
- type: status
27+
status:
28+
- 403
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
appsec-rules:
2+
- ./appsec-rules/crowdsecurity/base-config.yaml
3+
- ./appsec-rules/crowdsecurity/vpatch-CVE-2026-26980.yaml
4+
nuclei_template: CVE-2026-26980.yaml
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
id: CVE-2026-46725
2+
info:
3+
name: CVE-2026-46725
4+
author: crowdsec
5+
severity: info
6+
description: CVE-2026-46725 testing
7+
tags: appsec-testing
8+
http:
9+
- raw:
10+
- |
11+
GET / HTTP/1.1
12+
Host: {{Hostname}}
13+
Cookie: T3_ceselector_1=O%3A28%3A%22Monolog%5CHandler%5CGroupHandler%22%3A1%3A%7B%7D
14+
15+
cookie-reuse: true
16+
matchers:
17+
- type: status
18+
status:
19+
- 403
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
appsec-rules:
2+
- ./appsec-rules/crowdsecurity/base-config.yaml
3+
- ./appsec-rules/crowdsecurity/vpatch-CVE-2026-46725.yaml
4+
nuclei_template: CVE-2026-46725.yaml
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
id: CVE-2026-9082
2+
info:
3+
name: CVE-2026-9082
4+
author: crowdsec
5+
severity: info
6+
description: CVE-2026-9082 testing
7+
tags: appsec-testing
8+
http:
9+
- raw:
10+
- |
11+
GET /jsonapi/node/article?filter%5Bf%5D%5Bcondition%5D%5Bpath%5D=title&filter%5Bf%5D%5Bcondition%5D%5Boperator%5D=IN&filter%5Bf%5D%5Bcondition%5D%5Bvalue%5D%5B0%5D=ywh-test&filter%5Bf%5D%5Bcondition%5D%5Bvalue%5D%5B0%7C%7C%28SELECT%20%27ywh-test%27%3A%3Atext%5B%5D%29%5D=y HTTP/1.1
12+
Host: {{Hostname}}
13+
14+
cookie-reuse: true
15+
matchers:
16+
- type: status
17+
status:
18+
- 403
19+
- raw:
20+
- |
21+
GET /jsonapi/node/article?filter%5Bf%5D%5Bcondition%5D%5Bpath%5D=title&filter%5Bf%5D%5Bcondition%5D%5Boperator%5D=IN&filter%5Bf%5D%5Bcondition%5D%5Bvalue%5D%5B0%5D=ywh-test&filter%5Bf%5D%5Bcondition%5D%5Bvalue%5D%5B0%60%28SELECT%20%27ywh-test%27%3A%3Atext%5B%5D%29%60%5D=y HTTP/1.1
22+
Host: {{Hostname}}
23+
24+
cookie-reuse: true
25+
matchers:
26+
- type: status
27+
status:
28+
- 403
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
appsec-rules:
2+
- ./appsec-rules/crowdsecurity/base-config.yaml
3+
- ./appsec-rules/crowdsecurity/vpatch-CVE-2026-9082.yaml
4+
nuclei_template: CVE-2026-9082.yaml

.index.json

Lines changed: 184 additions & 9 deletions
Large diffs are not rendered by default.

.tests/authelia-bf/scenario.assert

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ results[0].Overflow.Alert.Events[0].GetMeta("service") == "authelia"
1212
results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "5.5.5.6"
1313
results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2022-02-16T12:31:49+02:00"
1414
results[0].Overflow.Alert.Events[0].GetMeta("user") == "fakeuser1@example.com"
15+
results[0].Overflow.Alert.Events[0].GetMeta("target_user") == "fakeuser1@example.com"
1516
basename(results[0].Overflow.Alert.Events[1].GetMeta("datasource_path")) == "authelia-bf.log"
1617
results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
1718
results[0].Overflow.Alert.Events[1].GetMeta("log_format") == "JSON"
@@ -1566,4 +1567,4 @@ results[27].Overflow.Alert.Events[5].GetMeta("timestamp") == "2022-02-14T13:47:5
15661567
results[27].Overflow.Alert.Events[5].GetMeta("user") == "fakeuser6"
15671568
results[27].Overflow.Alert.GetScenario() == "LePresidente/authelia-bf"
15681569
results[27].Overflow.Alert.Remediation == true
1569-
results[27].Overflow.Alert.GetEventsCount() == 6
1570+
results[27].Overflow.Alert.GetEventsCount() == 6

0 commit comments

Comments
 (0)