daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated names

patch-1
Prince Chaddha 2023-07-02 23:10:27 +05:30
parent f9982cf3b6
commit a5d22b8684
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
file/nodejs/express-lfr.yaml
View File

@ -1,7 +1,7 @@
id: express-lfr id: express-lfr
info: info:
name: Express LFR name: Express - Local File Read
author: me_dheeraj (https://twitter.com/Dheerajmadhukar) author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info severity: info
description: Untrusted user input in express render() function can result in arbitrary file read if hbs templating is used. description: Untrusted user input in express render() function can result in arbitrary file read if hbs templating is used.

4
file/nodejs/generic-path-traversal.yaml
View File

@ -1,7 +1,7 @@
id: generic-path-traversal id: generic-path-traversal
info: info:
name: Generic Path Traversal name: Generic - Path Traversal
author: me_dheeraj (https://twitter.com/Dheerajmadhukar) author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info severity: info
description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks. description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks.
@ -18,4 +18,4 @@ file:
- "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)" - "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)" - "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)" - "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
condition: or condition: or

6
file/nodejs/tar-path-overwrite.yaml
View File

@ -1,7 +1,7 @@
id: tar-path-overwrite id: tar-extraction
info: info:
name: Tar Path Overwrite name: Path Injection Vulnerability in TAR Extraction
author: me_dheeraj (https://twitter.com/Dheerajmadhukar) author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info severity: info
description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection. description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.
@ -18,4 +18,4 @@ file:
- "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)" - "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)" - "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)" - "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
condition: or condition: or