Merge pull request #26 from projectdiscovery/master

Updation
2021-03-09 01:37:15 +05:30 · 2021-03-09 01:37:15 +05:30 · 5d7d2bc554
parent 4516189b45 0f3136414b
commit 5d7d2bc554
4 changed files with 36 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc

 | Templates      | Counts                         | Templates       | Counts                          | Templates        | Counts                         |
 | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
-| cves           | 229            | vulnerabilities | 105 | exposed-panels   | 100   |
-| exposures      | 60      | technologies    | 50      | misconfiguration | 51 |
+| cves           | 229            | vulnerabilities | 105 | exposed-panels   | 103   |
+| exposures      | 61      | technologies    | 50      | misconfiguration | 53 |
 | workflows      | 23        | miscellaneous   | 16     | default-logins   | 18 |
 | exposed-tokens | 9 | dns             | 6               | fuzzing          | 4          |
 | helpers        | 2        | takeovers       | 1         | -                | -                              |

-**72 directories, 687 files**.
+**72 directories, 693 files**.

 </td>
 </tr>
--- a/cves/2021/CVE-2021-26855.yaml
+++ b/cves/2021/CVE-2021-26855.yaml
@ -19,7 +19,7 @@ requests:
        GET /owa/auth/x.js HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
-        Cookie: X-AnonResource=true; X-AnonResource-Backend=burpcollaborator.net/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3;
+        Cookie: X-AnonResource=true; X-AnonResource-Backend=somethingnonexistent/ecp/default.flt?~3; X-BEResource=somethingnonexistent/owa/auth/logon.aspx?~3;
        Accept-Language: en
        Connection: close

@ -27,8 +27,10 @@ requests:
    matchers:
      - type: status
        status:
-          - 200
+          - 500
+          - 503
+
      - type: word
        words:
-          - "Burp Collaborator Server"
-        part: body
+          - 'X-Calculatedbetarget: somethingnonexistent'
+        part: header
--- a/cves/2021/CVE-2021-3019.yaml
+++ b/cves/2021/CVE-2021-3019.yaml
@ -4,7 +4,7 @@ info:
  name: Lanproxy Directory Traversal
  author: pikpikcu
  severity: medium
-  refrence: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3019
+  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3019
  tags: cve,cve2021,lanproxy,traversal

 requests:
--- a/exposures/configs/ruijie-information-disclosure.yaml
+++ b/exposures/configs/ruijie-information-disclosure.yaml
@ -0,0 +1,26 @@
+id: ruijie-information-disclosure
+
+info:
+  name: Ruijie Information Disclosure
+  author: pikpikcu
+  severity: high
+  reference: https://www.cnblogs.com/cHr1s/p/14499858.html
+  tags: ruijie
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/login.php'
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - '"role":"super_admin","name":"(.*)","password":"(.*)"'
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200