daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/file/nodejs/generic-path-traversal.yaml

22 lines
877 B
YAML
Raw Normal View History

Create generic-path-traversal.yaml
2022-12-22 10:59:18 +00:00
id: generic-path-traversal
info:
updated names
2023-07-02 17:40:27 +00:00
name: Generic - Path Traversal
Create generic-path-traversal.yaml
2022-12-22 10:59:18 +00:00
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks.
tags: file,nodejs
file:
- extensions:
- all
updated extractor to matcher
2022-12-22 11:36:43 +00:00
matchers:
Create generic-path-traversal.yaml
2022-12-22 10:59:18 +00:00
- type: regex
regex:
Update generic-path-traversal.yaml
2023-06-28 05:11:36 +00:00
- "[^\\.]*\\.createReadStream\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
templateman update
2023-10-14 11:27:55 +00:00
condition: or
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot:
2023-10-20 11:41:13 +00:00
# digest: 4b0a00483046022100e21a018d792fd5746301590fee7667c09666ad26347732653bdf90db09245f150221008bddd8b9b51c116885885104f24ed7cda9f5ba500680a85415390a22c4584a8b:922c64590222798bb761d5b6d8e72950