commit
5d7d2bc554
|
@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
|
||||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
||||
| cves | 229 | vulnerabilities | 105 | exposed-panels | 100 |
|
||||
| exposures | 60 | technologies | 50 | misconfiguration | 51 |
|
||||
| cves | 229 | vulnerabilities | 105 | exposed-panels | 103 |
|
||||
| exposures | 61 | technologies | 50 | misconfiguration | 53 |
|
||||
| workflows | 23 | miscellaneous | 16 | default-logins | 18 |
|
||||
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
||||
| helpers | 2 | takeovers | 1 | - | - |
|
||||
|
||||
**72 directories, 687 files**.
|
||||
**72 directories, 693 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
@ -19,7 +19,7 @@ requests:
|
|||
GET /owa/auth/x.js HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
|
||||
Cookie: X-AnonResource=true; X-AnonResource-Backend=burpcollaborator.net/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3;
|
||||
Cookie: X-AnonResource=true; X-AnonResource-Backend=somethingnonexistent/ecp/default.flt?~3; X-BEResource=somethingnonexistent/owa/auth/logon.aspx?~3;
|
||||
Accept-Language: en
|
||||
Connection: close
|
||||
|
||||
|
@ -27,8 +27,10 @@ requests:
|
|||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 500
|
||||
- 503
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "Burp Collaborator Server"
|
||||
part: body
|
||||
- 'X-Calculatedbetarget: somethingnonexistent'
|
||||
part: header
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Lanproxy Directory Traversal
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
refrence: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3019
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3019
|
||||
tags: cve,cve2021,lanproxy,traversal
|
||||
|
||||
requests:
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
id: ruijie-information-disclosure
|
||||
|
||||
info:
|
||||
name: Ruijie Information Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://www.cnblogs.com/cHr1s/p/14499858.html
|
||||
tags: ruijie
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/login.php'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- '"role":"super_admin","name":"(.*)","password":"(.*)"'
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue