daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/Sicks3c/nuclei-templates into sicks3c

patch-1
Sicks3c 2021-06-02 21:12:20 +01:00
parent 4d2897536f 7fac0067d0
commit 2f48aff345
7 changed files with 47 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | 325 | vulnerabilities | 176 | exposed-panels | 144 |
| cves | 325 | vulnerabilities | 177 | exposed-panels | 144 |
| takeovers | 67 | exposures | 106 | technologies | 97 |
| misconfiguration | 67 | workflows | 31 | miscellaneous | 22 |
| default-logins | 30 | exposed-tokens | 0 | dns | 9 |
| fuzzing | 9 | helpers | 8 | iot | 12 |
**110 directories, 1191 files**.
**110 directories, 1192 files**.
</td>
</tr>

2
cves/2020/CVE-2020-36112.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2020-36112
info:
name: CSE Bookstore 1.0 SQL Injection
author: geeknik
description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successfull exploitation of this vulnerability will lead to an attacker dumping the entire database.
description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database.
reference: |
- https://www.exploit-db.com/exploits/49314
- https://www.tenable.com/cve/CVE-2020-36112

2
cves/2021/CVE-2021-22122.yaml
View File

@ -23,7 +23,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/error3?msg=30&data=';alert('nuclei');//"
- "{{BaseURL}}/omni_success?cmdb_edit_path=");alert('nuclei');//"
- "{{BaseURL}}/omni_success?cmdb_edit_path=\");alert('nuclei');//"
matchers-condition: and
matchers:
- type: word

2
exposures/tokens/generic/general-tokens.yaml
View File

@ -26,6 +26,8 @@ requests:
part: body
regex:
- (K|k)ey(up|down|press)
- (K|k)eyboard(N|n)avigation
condition: or
negative: true
extractors:

27
technologies/telerik-dialoghandler-detect.yaml
View File

@ -4,17 +4,30 @@ info:
name: Detect Telerik Web UI Dialog Handler
author: organiccrap & zhenwarx
severity: info
reference: https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html
reference: |
- https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html
- https://github.com/bao7uo/dp_crypto
tags: telerik,asp
requests:
- method: GET
path:
- '{{BaseURL}}/Telerik.Web.UI.DialogHandler.aspx'
- '{{BaseURL}}/DesktopModules/Admin/RadEditorProvider/telerik.web.ui.dialoghandler.aspx'
- '{{BaseURL}}/providers/htmleditorproviders/telerik/telerik.web.ui.dialoghandler.aspx'
- '{{BaseURL}}/desktopmodules/telerikwebui/radeditorprovider/telerik.web.ui.dialoghandler.aspx'
- '{{BaseURL}}/desktopmodules/dnnwerk.radeditorprovider/dialoghandler.aspx'
- '{{BaseURL}}/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/desktopmodules/telerikwebui/radeditorprovider/telerik.web.ui.dialoghandler.aspx?dp=1'
- '{{BaseURL}}/desktopmodules/dnnwerk.radeditorprovider/dialoghandler.aspx?dp=1'
- '{{BaseURL}}/DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx?dp=1'
- '{{BaseURL}}/DesktopModule/UIQuestionControls/UIAskQuestion/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/Modules/CMS/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/Admin/ServerSide/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/DesktopModules/TNComments/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/Providers/HtmlEditorProviders/Telerik/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/App_Master/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/common/admin/PhotoGallery2/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/common/admin/Jobs2/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/AsiCommon/Controls/ContentManagement/ContentDesigner/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/common/admin/Calendar/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/cms/portlets/Telerik.Web.UI.DialogHandler.aspx?dp=1'
- '{{BaseURL}}/dashboard/UserControl/CMS/Page/Telerik.Web.UI.DialogHandler.aspx/Desktopmodules/Admin/dnnWerk.Users/DialogHandler.aspx?dp=1'
matchers-condition: and
matchers:
@ -23,4 +36,4 @@ requests:
- 200
- type: word
words:
- Loading the dialog...
- 'Invalid length for a Base-64 char array'

1
vulnerabilities/other/kafdrop-xss.yaml
View File

@ -5,6 +5,7 @@ info:
author: dhiyaneshDk
severity: medium
tags: kafdrop,xss
description: A vulnerability in KafDrop allows remote unauthenticated attackers to inject arbitrary HTML and/or Javascript into the response returned by the server.
reference: https://github.com/HomeAdvisor/Kafdrop/issues/12
requests:

20
vulnerabilities/other/odoo-cms-redirect.yaml Normal file
View File

@ -0,0 +1,20 @@
id: odoo-cms-redirect
info:
name: Odoo CMS - Open redirection all Version
author: 0x_Akoko
description: Odoo CMS - Open redirection all Version.
reference: https://cxsecurity.com/issue/WLB-2021020143
severity: low
tags: odoo,redirect
requests:
- method: GET
path:
- "{{BaseURL}}/website/lang/en_US?r=https://example.com/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
part: header