daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updates

patch-1
organiccrap 2020-07-02 21:53:41 +08:00
parent 29722f8547
commit 2d8c78c263
13 changed files with 264 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
files/telerik-dialoghandler-detect.yaml Normal file
View File

@ -0,0 +1,20 @@
id: telerik-dialoghandler-detect
info:
name: Detect Telerik Web UI Dialog Handler
author: organiccrap
severity: low
#https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html
requests:
- method: GET
path:
- '{{BaseURL}}/Telerik.Web.UI.DialogHandler.aspx'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers-codition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- Loading the dialog...

16
panels/atlassian-crowd-panel.yaml Normal file
View File

@ -0,0 +1,16 @@
id: atlassian-crowd-panel
info:
name: Atlassian Crowd panel detect
author: organiccrap
severity: low
requests:
- method: GET
path:
- '{{BaseURL}}/crowd/console/login.action'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- <title>Atlassian Crowd - Login</title>
part: body

16
panels/citrix-adc-gateway-detect.yaml Normal file
View File

@ -0,0 +1,16 @@
id: citrix-adc-gateway-panel
info:
name: Citrix ADC Gateway detect
author: organiccrap
severity: low
requests:
- method: GET
path:
- '{{BaseURL}}/logon/LogonPoint/index.html'
- '{{BaseURL}}/logon/LogonPoint/custom.html'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- _ctxstxt_CitrixCopyright

19
technologies/clockwork-php-header.yaml Normal file
View File

@ -0,0 +1,19 @@
id: clockwork-php-header
info:
name: Clockwork PHP exposure
author: organiccrap
severity: high
#https://twitter.com/damian_89_/status/1250721398747791360
requests:
- method: GET
path:
- '{{BaseURL}}/'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- 'X-Clockwork-Id:'
- 'X-Clockwork-Version:'
part: header
condition: and

23
technologies/clockwork-php-page.yaml Normal file
View File

@ -0,0 +1,23 @@
id: clockwork-php-page
info:
name: Clockwork PHP page exposure
author: organiccrap
severity: high
#https://twitter.com/damian_89_/status/1250721398747791360
requests:
- method: GET
path:
- '{{BaseURL}}/__clockwork/app'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- <title>Clockwork</title>
- <html ng-app="Clockwork" ng-csp="">
part: body
condition: or

19
technologies/couchdb-detect.yaml Normal file
View File

@ -0,0 +1,19 @@
id: couchdb-detect
info:
name: couchdb detection
author: organiccrap
severity: low
# commonly runs on port 5984/http
requests:
- method: GET
path:
- '{{BaseURL}}/_all_dbs'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- CouchDB/
- Erlang OTP/
part: header
condition: and

20
technologies/liferay-portal-detect.yaml Normal file
View File

@ -0,0 +1,20 @@
id: liferay-portal-detect
info:
name: Liferay Portal Detection
author: organiccrap
severity: low
#CVE-2020-7961: Liferay Portal Unauthenticated RCE
#https://github.com/mzer0one/CVE-2020-7961-POC
requests:
- method: GET
path:
- '{{BaseURL}}/api/jsonws'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- <title>json-web-services-api</title>
- There are no services matching that phrase.
condition: or
part: body

16
technologies/prometheus-exposed-panel.yaml Normal file
View File

@ -0,0 +1,16 @@
id: prometheus-exposed-panel
info:
name: Prometheus.io exposed panel
author: organiccrap
severity: low
#usually runs on port http/9090
requests:
- method: GET
path:
- '{{BaseURL}}/graph'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- <title>Prometheus Time Series Collection and Processing Server</title>

26
vulnerabilities/couchdb-adminparty.yaml Normal file
View File

@ -0,0 +1,26 @@
id: couchdb-adminparty
info:
name: couchdb admin party
author: organiccrap
severity: high
# commonly runs on port 5984/http
requests:
- method: GET
path:
- '{{BaseURL}}/_users/_all_docs'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers-condition: and
matchers:
- type: word
words:
- CouchDB/
- Erlang OTP/
part: header
condition: and
- type: word
words:
- total_rows
- offset
part: body
condition: and

25
vulnerabilities/git-config-nginxoffbyslash.yaml Normal file
View File

@ -0,0 +1,25 @@
id: git-config-nginxoffbyslash
info:
name: Git config nginx off by slash
author: organiccrap
severity: medium
#https://twitter.com/Random_Robbie/status/1262676628167110656
requests:
- method: GET
path:
- '{{BaseURL}}/static../.git/config'
- '{{BaseURL}}/js../.git/config'
- '{{BaseURL}}/images../.git/config'
- '{{BaseURL}}/img../.git/config'
- '{{BaseURL}}/css../.git/config'
- '{{BaseURL}}/assets../.git/config'
- '{{BaseURL}}/content../.git/config'
- '{{BaseURL}}/events../.git/config'
- '{{BaseURL}}/media../.git/config'
- '{{BaseURL}}/lib../.git/config'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- '[core]'

23
vulnerabilities/microstrategy-ssrf.yaml Normal file
View File

@ -0,0 +1,23 @@
id: microstrategy-ssrf
info:
name: MicroStrategy tinyurl SSRF
author: organiccrap
severity: high
# https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
# blind ssrf
# /servlet/taskProc?taskId=wikiScrapper&taskEnv=xml&taskContentType=xml&searchString=https://SSRF&shouldSuggest=false&publicDataSuggestionURL=&publicDataSearchURL=&publicDataPageURL=
# /servlet/taskProc?taskId=validateUsherConfigTask&taskEnv=xml&taskContentType=xml&serverURL=https://SSRF
requests:
- method: GET
path:
- '{{BaseURL}}/servlet/taskProc?taskId=shortURL&taskEnv=xml&taskContentType=xml&srcURL=https://google.com'
- '{{BaseURL}}/MicroStrategy/servlet/taskProc?taskId=shortURL&taskEnv=xml&taskContentType=xml&srcURL=https://google.com'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- taskResponse
- The source URL is not valid
condition: and
part: body

23
vulnerabilities/symfony-debugmode.yaml Normal file
View File

@ -0,0 +1,23 @@
id: symfony-debugmode
info:
name: Symfony Debug Mode
author: organiccrap
severity: high
#https://github.com/synacktiv/eos
requests:
- method: GET
path:
- '{{BaseURL}}/'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'X-Debug-Token-Link:'
- /_profiler/
part: header
condition: and

18
vulnerabilities/tomcat-manager-pathnormalization.yaml Normal file
View File

@ -0,0 +1,18 @@
id: tomcat-manager-pathnormalization
info:
name: Tomcat Manager Path Normalization
author: organiccrap
severity: info
#https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
requests:
- method: GET
path:
- '{{BaseURL}}/..;/manager/html'
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55
matchers:
- type: word
words:
- username="tomcat" password="s3cret"
- manager-gui
condition: and