From 05c60b4a09da884cbcddbaa8037a9deabb43b285 Mon Sep 17 00:00:00 2001
From: "@xer0dayz" <1n3@hushmail.com>
Date: Tue, 15 Sep 2020 08:13:14 -0700
Subject: [PATCH] Finalized changes for v8.7 Added CVE-2020-15129 - Open
 Redirect In Traefik sc0pe template

---
 CHANGELOG.md                                          | 11 ++++++-----
 sniper                                                |  2 +-
 .../CVE-2020-15129_-_Open_Redirect_In_Traefik.sh      |  9 +++++++++
 3 files changed, 16 insertions(+), 6 deletions(-)
 create mode 100644 templates/active/CVE-2020-15129_-_Open_Redirect_In_Traefik.sh

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fa91d861..b12642af 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,11 +2,12 @@
 * v8.7 - Updated web file bruteforce lists
 * v8.7 - Added updated Slack API integration/notifications
 * v8.7 - Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers
+* v8.7 - Added CVE-2020-15129 - Open Redirect In Traefik sc0pe template
 * v8.7 - Added MobileIron Login sc0pe template
 * v8.7 - Added Revive Adserver XSS sc0pe template
 * v8.7 - Added IceWarp Webmail XSS sc0pe template
 * v8.7 - Added Mara CMS v7.5 XSS sc0pe template
-* v8.7 - Added Administrative Privilege Escalation in SAP NetWeaver
+* v8.7 - Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template
 * v8.7 - Added Magento 2.3.0 SQL Injection sc0pe template
 * v8.7 - Added CVE-2020-15920 - Unauthenticated RCE at Mida eFramework sc0pe template
 * v8.7 - Added CVE-2019-7192 - QNAP Pre-Auth Root RCE sc0pe template
@@ -19,11 +20,11 @@
 * v8.7 - Added Robots.txt Detected sc0pe template
 * v8.7 - Added AWS S3 Public Bucket Listing sc0pe template
 * v8.7 - Fixed logic error in stealth mode recon scans not running
-* v8.7 - Added CVE-2020-7048 - WP Database Reset 3.15 Unauthenticated Database Reset
+* v8.7 - Added CVE-2020-7048 - WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template
 * v8.7 - Fixed F- detection in Wordpress Sc0pe templates
-* v8.7 - Added CVE-2020-11530 - Wordpress Chop Slider 3 Plugin SQL Injection
-* v8.7 - Added CVE-2019-11580 - Atlassian Crowd Data Center Unauthenticated RCE
-* v8.7 - Added CVE-2019-16759 - vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass
+* v8.7 - Added CVE-2020-11530 - Wordpress Chop Slider 3 Plugin SQL Injection sc0pe template
+* v8.7 - Added CVE-2019-11580 - Atlassian Crowd Data Center Unauthenticated RCE sc0pe template
+* v8.7 - Added CVE-2019-16759 - vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template
 * v8.6 - Added new Sn1per configuration flow that allows persistent user configurations and API key transfer
 * v8.6 - Updated port lists to remove duplicate ports error and slim down list
 * v8.6 - Updated PHP to 7.4
diff --git a/sniper b/sniper
index 94516c08..a49f6c72 100755
--- a/sniper
+++ b/sniper
@@ -8,7 +8,7 @@ if [[ $EUID -ne 0 ]]; then
    exit 1
 fi
 
-VER="8.6"
+VER="8.7"
 INSTALL_DIR="/usr/share/sniper"
 LOOT_DIR="$INSTALL_DIR/loot/$TARGET"
 SNIPER_PRO=$INSTALL_DIR/pro.sh
diff --git a/templates/active/CVE-2020-15129_-_Open_Redirect_In_Traefik.sh b/templates/active/CVE-2020-15129_-_Open_Redirect_In_Traefik.sh
new file mode 100644
index 00000000..f5be42cd
--- /dev/null
+++ b/templates/active/CVE-2020-15129_-_Open_Redirect_In_Traefik.sh
@@ -0,0 +1,9 @@
+AUTHOR='@xer0dayz'
+VULN_NAME='CVE-2020-15129 - Open Redirect In Traefik'
+URI='/'
+METHOD='GET'
+MATCH="<a href=\"https://google.com/dashboard/\">Found</a>"
+SEVERITY='P3 - MEDIUM'
+CURL_OPTS="--user-agent '' -s -L --insecure -H 'X-Forwarded-Prefix: https://google.com'"
+SECONDARY_COMMANDS=''
+GREP_OPTIONS='-i'
\ No newline at end of file