daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated example and evil.com domains

main
Prince Chaddha 2024-07-23 16:51:51 +04:00
parent 082059a909
commit 09962be03e
13 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
http/cves/2018/CVE-2018-17422.yaml
View File

@ -37,14 +37,14 @@ info:
http:
- method: GET
path:
- '{{BaseURL}}/html/common/forward_js.jsp?FORWARD_URL=http://evil.com'
- '{{BaseURL}}/html/portlet/ext/common/page_preview_popup.jsp?hostname=evil.com'
- '{{BaseURL}}/html/common/forward_js.jsp?FORWARD_URL=http://oast.me'
- '{{BaseURL}}/html/portlet/ext/common/page_preview_popup.jsp?hostname=oast.me'
stop-at-first-match: true
matchers:
- type: word
part: body
words:
- "self.location = 'http://evil.com'"
- "location.href = 'http\\x3a\\x2f\\x2fwww\\x2eevil\\x2ecom'"
- "self.location = 'http://oast.me'"
- "location.href = 'http\\x3a\\x2f\\x2fwww\\x2eoast\\x2eme'"
# digest: 4a0a00473045022100ef42faf462b056809e87c56a2bd991601c0d4b37f9b1b0aa4e16c58a0cc1762802204ecf6513868b5bb6ce9f8b4a830ded2d3c2a660d9e27255179622995bacbc87e:922c64590222798bb761d5b6d8e72950

2
http/cves/2020/CVE-2020-13121.yaml
View File

@ -30,7 +30,7 @@ info:
http:
- raw:
- |
POST /authentication/check_login?old=http%253A%252F%252Fexample.com%252Fhome HTTP/1.1
POST /authentication/check_login?old=http%253A%252F%252Finteract.sh%252Fhome HTTP/1.1
Host: {{Hostname}}
Origin: {{RootURL}}
Content-Type: application/x-www-form-urlencoded

2
http/cves/2022/CVE-2022-0826.yaml
View File

@ -40,7 +40,7 @@ http:
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=wp_video_gallery_ajax_add_single_youtube&url=http://example.com/?x%26v=1%2522 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%2523
action=wp_video_gallery_ajax_add_single_youtube&url=http://oast.me/?x%26v=1%2522 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%2523
matchers:
- type: dsl

2
http/cves/2022/CVE-2022-1386.yaml
View File

@ -51,7 +51,7 @@ http:
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="formData"
email=example%40example.com&fusion_privacy_store_ip_ua=false&fusion_privacy_expiration_interval=48&priva
email=example%40oast.me&fusion_privacy_store_ip_ua=false&fusion_privacy_expiration_interval=48&priva
cy_expiration_action=ignore&fusion-form-nonce-0={{fusionformnonce}}&fusion-fields-hold-private-data=
-----------------------------30259827232283860776499538268
Content-Disposition: form-data; name="action"

2
http/cves/2022/CVE-2022-29153.yaml
View File

@ -43,7 +43,7 @@ http:
Host: {{Hostname}}
Content-Type: application/json
{"id":"{{randstr}}","name":"TEST NODE","method":"GET","http":"http://example.com","interval":"10s","timeout":"1s","disable_redirects":true}
{"id":"{{randstr}}","name":"TEST NODE","method":"GET","http":"http://oast.me","interval":"10s","timeout":"1s","disable_redirects":true}
- | # deregister test node
PUT /v1/agent/check/deregister/{{randstr}} HTTP/1.1
Host: {{Hostname}}

4
http/cves/2022/CVE-2022-38131.yaml
View File

@ -39,7 +39,7 @@ info:
http:
- raw:
- |
GET //%5cexample.com HTTP/1.1
GET //%5coast.me HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
@ -47,7 +47,7 @@ http:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$'
- type: status
status:

4
http/cves/2023/CVE-2023-24044.yaml
View File

@ -46,14 +46,14 @@ http:
- "{{BaseURL}}/login.php"
headers:
Host: "evil.com"
Host: "oast.me"
matchers-condition: and
matchers:
- type: word
part: location
words:
- 'https://evil.com/login_up.php'
- 'https://oast.me/login_up.php'
- type: status
status:

4
http/cves/2023/CVE-2023-34362.yaml
View File

@ -49,7 +49,7 @@ http:
X-siLock-Transaction: session_setvars
X-siLock-SessVar0: MyUsername: Guest
X-siLock-SessVar1: MyPkgAccessCode: 123
X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@example.com
X-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@oast.me
Cookie: siLockLongTermInstID=0
- |
POST /guestaccess.aspx HTTP/1.1
@ -83,7 +83,7 @@ http:
Cookie: siLockLongTermInstID=0
Content-Type: application/x-www-form-urlencoded
CsrfToken={{csrf}}&transaction=secmsgpost&Arg01=email_subject&Arg04=email_body&Arg06=123&Arg05=send&Arg08=email%40example.com&Arg09=attachment_list
CsrfToken={{csrf}}&transaction=secmsgpost&Arg01=email_subject&Arg04=email_body&Arg06=123&Arg05=send&Arg08=email%40oast.me&Arg09=attachment_list
- |
POST /api/v1/auth/token HTTP/1.1
Host: {{Hostname}}

2
http/exposures/backups/zip-backup-files.yaml
View File

@ -22,7 +22,7 @@ http:
payloads:
FILENAME:
- "{{FQDN}}" # www.example.com
- "{{RDN}}" # example.com
- "{{RDN}}" #
- "{{DN}}" # example
- "{{SD}}" # www
- "{{date_time('%Y')}}" # 2023

4
http/token-spray/api-scraperbox.yaml
View File

@ -17,7 +17,7 @@ self-contained: true
http:
- method: GET
path:
- "https://api.scraperbox.com/scrape?token={{token}}&url=https://example.com"
- "https://api.scraperbox.com/scrape?token={{token}}&url=https://oast.me"
matchers-condition: and
matchers:
@ -28,6 +28,6 @@ http:
- type: word
part: body
words:
- '<title>Example Domain</title>'
- '<h1> Interactsh Server </h1>'
# digest: 4a0a0047304502207f36a4754fda5d47376179286a5929f95ecb39833d01276df125df4cbd5b3712022100e471d820cf8e65b92617364b2126738d2dcefb072e6073ae15af81d922a347f2:922c64590222798bb761d5b6d8e72950

4
http/token-spray/api-scrapestack.yaml
View File

@ -17,12 +17,12 @@ self-contained: true
http:
- method: GET
path:
- "https://api.scrapestack.com/scrape?access_key={{token}}&url=https://example.com"
- "https://api.scrapestack.com/scrape?access_key={{token}}&url=https://oast.me"
matchers:
- type: word
part: body
words:
- '<title>Example Domain</title>'
- '<h1> Interactsh Server </h1>'
# digest: 4b0a00483046022100eac15c431eb927c4e320c9e035ceca60c466be6beca8cf895164f574c60216a1022100ff782e772cac1246805653374e5809e611e222b90840b47d3ff64ebd78365124:922c64590222798bb761d5b6d8e72950

4
http/token-spray/api-zenrows.yaml
View File

@ -17,12 +17,12 @@ self-contained: true
http:
- method: GET
path:
- "https://api.zenrows.com/v1/?apikey={{token}}&url=https://example.com"
- "https://api.zenrows.com/v1/?apikey={{token}}&url=https://oast.me/"
matchers:
- type: word
part: body
words:
- '<title>Example Domain</title>'
- '<h1> Interactsh Server </h1>'
# digest: 490a00463044022053400d85ec2ff13f0c35b64bcadd50ad94e1a5dd83e8ee17fc28a0fba7da62cc022032c0210f12b83c7ebe8bd917a35c833b82ad629aa4e67377438baa7f4b673765:922c64590222798bb761d5b6d8e72950

2
http/vulnerabilities/other/bitrix-open-redirect.yaml
View File

@ -34,7 +34,7 @@ http:
- '/bitrix/rk.php?id=129&event1=banner&event2=click&event3=5+%2F+%5B129%5D+%5BGARMIN_AKCII%5D+Garmin+%E1%EE%ED%F3%F1+%ED%EE%E2%EE%F1%F2%FC+%E2+%E0%EA%F6%E8%E8&goto=https://interact.sh'
- '/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://interact.sh'
- '/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://interact.sh'
- '/bitrix/redirect.php?goto=https://example.com%252F:123@interactsh.com/'
- '/bitrix/redirect.php?goto=https://{{Hostname}}%252F:123@interactsh.com/'
- '/bitrix/tools/track_mail_click.php?url=http://site%252F@interactsh.com/'
stop-at-first-match: true