daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improving descriptions (#9048)

patch-1
kazet 2024-01-30 11:47:24 +01:00 committed by GitHub
parent 52ef767133
commit bc89f2ee75
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
http/exposures/files/ds-store-file.yaml
View File

@ -2,6 +2,7 @@ id: ds-store-file
info:
name: Exposed DS_Store File
description: A .DS_Store file was found. This file may contain names of files that exist on the server, including backups or other files that aren't meant to be publicly available.
author: 0w4ys,pwnhxl
severity: info
reference:

6
http/misconfiguration/django-debug-detect.yaml
View File

@ -1,10 +1,10 @@
id: django-debug
info:
name: Django Debug Method Enabled
name: Django Debug Configuration Enabled
author: dhiyaneshDK,hackergautam
severity: medium
description: Django Debug Method is enabled.
description: Django debug configuration is enabled, which allows an attacker to obtain system configuration information such as paths or settings.
metadata:
max-request: 1
tags: django,debug,misconfig
@ -26,4 +26,4 @@ http:
- type: status
status:
- 404
# digest: 4a0a0047304502200c0a545535be6f1e5900164dda6fdccd4ccccd7560a8d63a04974313f07f798a022100e4de2e75d131f5519a59e17abec3140b8751fb5cb7f5ebcad1cf0beb3e326c90:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502200c0a545535be6f1e5900164dda6fdccd4ccccd7560a8d63a04974313f07f798a022100e4de2e75d131f5519a59e17abec3140b8751fb5cb7f5ebcad1cf0beb3e326c90:922c64590222798bb761d5b6d8e72950

4
http/misconfiguration/server-status-localhost.yaml
View File

@ -4,7 +4,7 @@ info:
name: Server Status Disclosure
author: pdteam,geeknik
severity: low
description: Server Status is exposed.
description: Apache Server Status page is exposed, which may contain information about pages visited by the users, their IPs or sensitive information such as session tokens.
metadata:
max-request: 1
tags: apache,debug,misconfig
@ -33,4 +33,4 @@ http:
- "Apache Server Status"
- "Server Version"
condition: and
# digest: 4b0a00483046022100b1d7367f280fcefee5a7187a5fb87a1593b22b0aaee129adbc613fe55558c3c702210089576edace1c1b6aef9abe9bb6199c0dee699be2afec2297597657eb9989ce0b:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100b1d7367f280fcefee5a7187a5fb87a1593b22b0aaee129adbc613fe55558c3c702210089576edace1c1b6aef9abe9bb6199c0dee699be2afec2297597657eb9989ce0b:922c64590222798bb761d5b6d8e72950

2
http/vulnerabilities/generic/error-based-sql-injection.yaml
View File

@ -4,7 +4,7 @@ info:
name: Error based SQL injection
author: geeknik
severity: critical
description: Detects potential SQL injection via error strings in 29 database engines. Inspired by https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml.
description: A SQL injection vulnerability was identified based on an error message returned by the server.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

2
http/vulnerabilities/generic/generic-linux-lfi.yaml
View File

@ -4,7 +4,7 @@ info:
name: Generic Linux - Local File Inclusion
author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley,DhiyaneshDK
severity: high
description: Generic Linux is subject to local file Inclusion on searches for /etc/passwd on passed URLs.
description: Generic Linux is subject to Local File Inclusion - the vulnerability was identified by requesting /etc/passwd from the server.
reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N