daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update general-tokens.yaml 

proposed fix for false positives related to the presence of `keyup`, `keydown`, and `keypress` in the response body.
patch-1
Geeknik Labs 2021-04-05 00:04:52 +00:00 committed by GitHub
parent d1792193d5
commit 9057a617e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
exposed-tokens/generic/general-tokens.yaml
View File

@ -2,7 +2,7 @@ id: generic-tokens
info:
name: Generic Tokens
author: nadino
author: nadino & geeknik
severity: info
tags: token
@ -12,6 +12,11 @@ requests:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- (K|k)ey(up|down|press)
negativee: true
- type: dsl
dsl:
- regex("TOKEN[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"",""))