daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Strict matchers / f/p fix (#4320) 

* more strict matcher + matcher fix

* misc updates
patch-1
Sandeep Singh 2022-05-08 12:13:38 +05:30 committed by GitHub
parent 8a8a993031
commit 958b15663c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 32 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cves/2018/CVE-2018-18069.yaml
View File

@ -20,12 +20,18 @@ requests:
- method: POST
path:
- "{{BaseURL}}/wp-admin/admin.php"
body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN"><script>alert(0);</script>'
redirects: true
body: |
icl_post_action=save_theme_localization&locale_file_name_en=EN"><script>alert(0);</script>
redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'contains(tolower(all_headers), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\"><script>alert(0);</script>")'
- 'contains(tolower(all_headers), "text/html")'
- 'contains(set_cookie, "_icl_current_admin_language")'
- 'contains(body, "\"><script>alert(0);</script>")'
condition: and
# Enhanced by mp on 2022/04/08

12
cves/2019/CVE-2019-14223.yaml
View File

@ -14,17 +14,21 @@ info:
cvss-score: 6.1
cve-id: CVE-2019-14223
cwe-id: CWE-601
tags: cve,cve2019,redirect
tags: cve,cve2019,redirect,alfresco
requests:
- method: POST
path:
- '{{BaseURL}}/share/page/dologin'
headers:
Content-Type: application/x-www-form-urlencoded
body: success=%2Fshare%2Fpage%2F&failure=:\\google.com&username=baduser&password=badpass
body: |
success=%2Fshare%2Fpage%2F&failure=:\\example.com&username=baduser&password=badpass
matchers:
- type: regex
part: body
part: header
regex:
- "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?google\\.com(?:\\s*)$"
- "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?example\\.com(?:\\s*)$"

6
cves/2020/CVE-2020-15129.yaml
View File

@ -19,15 +19,17 @@ requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
X-Forwarded-Prefix: "https://foo.nl"
matchers-condition: and
matchers:
- type: status
status:
- 302
- type: word
part: body
words:
- "<a href=\"https://foo.nl/dashboard/\">Found</a>"
condition: or
part: body

7
cves/2020/CVE-2020-17506.yaml
View File

@ -19,6 +19,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;"
redirects: true
max-redirects: 1
matchers-condition: and
@ -26,17 +27,19 @@ requests:
- type: word
words:
- "artica-applianc"
- type: status
status:
- 200
- 301
- 302
condition: or
- type: word
name: session
part: header
words:
- "PHPSESSID"
part: header
extractors:
- type: kval
kval:

4
cves/2020/CVE-2020-24550.yaml
View File

@ -16,16 +16,16 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/find_v2/_click?_t_id=&_t_q=&_t_hit.id=&_t_redirect=https://example.com'
matchers-condition: and
matchers:
- type: word
part: header
words:
- "Location: https://example.com"
part: header
- type: status
status:
- 301

7
vulnerabilities/other/aspnuke-openredirect.yaml
View File

@ -9,9 +9,10 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/gotoURL.asp?url=google.com&id=43569"
- "{{BaseURL}}/gotoURL.asp?url=example.com&id=43569"
matchers:
- type: regex
part: body
part: header
regex:
- '(?m)^(?:Location\s*:\s*)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?google\.com(?:\s*)$'
- '(?m)^(?:Location\s*:\s*)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?example\.com(?:\s*)$'