Merge branch 'master' into master
commit
d1d679e04c
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
name: Submit Template
|
||||
about: Submit nuclei template using issue
|
||||
title: "[nuclei-template] "
|
||||
labels: ''
|
||||
assignees: ''
|
||||
|
||||
---
|
||||
|
||||
**Template Details**
|
||||
|
||||
```
|
||||
nuclei template goes here
|
||||
```
|
33
README.md
33
README.md
|
@ -12,10 +12,10 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
<summary>Template Directory</summary>
|
||||
|
||||
```
|
||||
├── LICENSE.md
|
||||
├── README.md
|
||||
├── cves
|
||||
│ ├── CVE-2017-10075.yaml
|
||||
│ ├── CVE-2017-14849.yaml
|
||||
│ ├── CVE-2017-5638.yaml
|
||||
│ ├── CVE-2017-7529.yaml
|
||||
│ ├── CVE-2017-9506.yaml
|
||||
│ ├── CVE-2017-9841.yaml
|
||||
|
@ -37,7 +37,9 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── CVE-2018-5230.yaml
|
||||
│ ├── CVE-2018-7490.yaml
|
||||
│ ├── CVE-2019-10475.yaml
|
||||
│ ├── CVE-2019-11248.yaml
|
||||
│ ├── CVE-2019-11510.yaml
|
||||
│ ├── CVE-2019-11580.yaml
|
||||
│ ├── CVE-2019-12314.yaml
|
||||
│ ├── CVE-2019-14322.yaml
|
||||
│ ├── CVE-2019-14974.yaml
|
||||
|
@ -51,9 +53,11 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── CVE-2019-19908.yaml
|
||||
│ ├── CVE-2019-19985.yaml
|
||||
│ ├── CVE-2019-2588.yaml
|
||||
│ ├── CVE-2019-2725.yaml
|
||||
│ ├── CVE-2019-3396.yaml
|
||||
│ ├── CVE-2019-3799.yaml
|
||||
│ ├── CVE-2019-5418.yaml
|
||||
│ ├── CVE-2019-6112.yaml
|
||||
│ ├── CVE-2019-7609.yaml
|
||||
│ ├── CVE-2019-8449.yaml
|
||||
│ ├── CVE-2019-8451.yaml
|
||||
|
@ -66,6 +70,8 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── CVE-2020-12720.yaml
|
||||
│ ├── CVE-2020-13167.yaml
|
||||
│ ├── CVE-2020-13379.yaml
|
||||
│ ├── CVE-2020-17505.yaml
|
||||
│ ├── CVE-2020-17506.yaml
|
||||
│ ├── CVE-2020-2096.yaml
|
||||
│ ├── CVE-2020-3187.yaml
|
||||
│ ├── CVE-2020-3452.yaml
|
||||
|
@ -78,12 +84,14 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── CVE-2020-7961.yaml
|
||||
│ ├── CVE-2020-8091.yaml
|
||||
│ ├── CVE-2020-8115.yaml
|
||||
│ ├── CVE-2020-8163.yaml
|
||||
│ ├── CVE-2020-8191.yaml
|
||||
│ ├── CVE-2020-8193.yaml
|
||||
│ ├── CVE-2020-8194.yaml
|
||||
│ ├── CVE-2020-8512.yaml
|
||||
│ ├── CVE-2020-8982.yaml
|
||||
│ ├── CVE-2020-9484.yaml
|
||||
│ ├── CVE-2020-9496.yaml
|
||||
│ └── CVE-2020-9757.yaml
|
||||
├── default-credentials
|
||||
│ ├── grafana-default-credential.yaml
|
||||
|
@ -97,10 +105,11 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
├── files
|
||||
│ ├── apc-info.yaml
|
||||
│ ├── cgi-test-page.yaml
|
||||
│ ├── debug-pprof.yaml
|
||||
│ ├── dir-listing.yaml
|
||||
│ ├── docker-registry.yaml
|
||||
│ ├── druid-monitor.yaml
|
||||
│ ├── drupal-install.yaml
|
||||
│ ├── ds_store.yaml
|
||||
│ ├── elasticsearch.yaml
|
||||
│ ├── exposed-kibana.yaml
|
||||
│ ├── exposed-svn.yaml
|
||||
|
@ -144,6 +153,7 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── kubernetes-pods.yaml
|
||||
│ ├── mongo-express-web-gui.yaml
|
||||
│ ├── parallels-html-client.yaml
|
||||
│ ├── pfsense-web-gui.yaml
|
||||
│ ├── phpmyadmin-panel.yaml
|
||||
│ ├── pulse-secure-panel.yaml
|
||||
│ ├── rabbitmq-dashboard.yaml
|
||||
|
@ -153,8 +163,10 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── supervpn-panel.yaml
|
||||
│ ├── swagger-panel.yaml
|
||||
│ ├── tikiwiki-cms.yaml
|
||||
│ ├── traefik-dashboard
|
||||
│ ├── weave-scope-dashboard-detect.yaml
|
||||
│ └── webeditors.yaml
|
||||
│ ├── webeditors.yaml
|
||||
│ └── workspaceone-uem-airWatch-dashboard-detect.yaml
|
||||
├── payloads
|
||||
│ └── CVE-2020-6287.xml
|
||||
├── security-misconfiguration
|
||||
|
@ -166,6 +178,8 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── jira-unauthenticated-popular-filters.yaml
|
||||
│ ├── jira-unauthenticated-projects.yaml
|
||||
│ ├── jira-unauthenticated-user-picker.yaml
|
||||
│ ├── missing-x-frame-options.yaml
|
||||
│ ├── put-method-enabled.yaml
|
||||
│ ├── rack-mini-profiler.yaml
|
||||
│ ├── springboot-detect.yaml
|
||||
│ ├── wamp-xdebug-detect.yaml
|
||||
|
@ -174,10 +188,12 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── detect-all-takeovers.yaml
|
||||
│ └── s3-subtakeover.yaml
|
||||
├── technologies
|
||||
│ ├── artica-web-proxy-detect.yaml
|
||||
│ ├── bigip-config-utility-detect.yaml
|
||||
│ ├── citrix-vpn-detect.yaml
|
||||
│ ├── clockwork-php-page.yaml
|
||||
│ ├── couchdb-detect.yaml
|
||||
│ ├── favicon-detection.yaml
|
||||
│ ├── github-enterprise-detect.yaml
|
||||
│ ├── gitlab-detect.yaml
|
||||
│ ├── graphql.yaml
|
||||
|
@ -188,7 +204,6 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── linkerd-badrule-detect.yaml
|
||||
│ ├── linkerd-ssrf-detect.yaml
|
||||
│ ├── netsweeper-webadmin-detect.yaml
|
||||
│ ├── ntlm-directories.yaml
|
||||
│ ├── prometheus-exposed-panel.yaml
|
||||
│ ├── s3-detect.yaml
|
||||
│ ├── sap-netweaver-as-java-detect.yaml
|
||||
|
@ -200,6 +215,7 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
├── tokens
|
||||
│ ├── amazon-mws-auth-token-value.yaml
|
||||
│ ├── aws-access-key-value.yaml
|
||||
│ ├── credentials-disclosure.yaml
|
||||
│ ├── google-api-key.yaml
|
||||
│ ├── http-username-password.yaml
|
||||
│ ├── mailchimp-api-key.yaml
|
||||
|
@ -209,6 +225,7 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── couchdb-adminparty.yaml
|
||||
│ ├── crlf-injection.yaml
|
||||
│ ├── discourse-xss.yaml
|
||||
│ ├── eclipse-help-system-xss.yaml
|
||||
│ ├── git-config-nginxoffbyslash.yaml
|
||||
│ ├── ibm-infoprint-directory-traversal.yaml
|
||||
│ ├── microstrategy-ssrf.yaml
|
||||
|
@ -220,16 +237,20 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
│ ├── pdf-signer-ssti-to-rce.yaml
|
||||
│ ├── rce-shellshock-user-agent.yaml
|
||||
│ ├── rce-via-java-deserialization.yaml
|
||||
│ ├── sick-beard-xss.yaml
|
||||
│ ├── springboot-actuators-jolokia-xxe.yaml
|
||||
│ ├── symfony-debugmode.yaml
|
||||
│ ├── tikiwiki-reflected-xss.yaml
|
||||
│ ├── tomcat-manager-pathnormalization.yaml
|
||||
│ ├── twig-php-ssti.yaml
|
||||
│ ├── wems-manager-xss.yaml
|
||||
│ ├── wordpress-duplicator-path-traversal.yaml
|
||||
│ ├── wordpress-wordfence-xss.yaml
|
||||
│ └── x-forwarded-host-injection.yaml
|
||||
└── workflows
|
||||
├── artica-web-proxy-workflow.yaml
|
||||
├── bigip-pwner-workflow.yaml
|
||||
├── cisco-asa-workflow.yaml
|
||||
├── grafana-workflow.yaml
|
||||
├── jira-exploitaiton-workflow.yaml
|
||||
├── liferay-rce-workflow.yaml
|
||||
|
@ -243,7 +264,7 @@ Templates are the core of [nuclei scanner](https://github.com/projectdiscovery/n
|
|||
|
||||
</details>
|
||||
|
||||
13 directories, **214 templates**.
|
||||
13 directories, **235 templates**.
|
||||
|
||||
Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding.
|
||||
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
id: CVE-2017-7529
|
||||
info:
|
||||
author: "Harsh Bothra & @dwisiswant0"
|
||||
name: "Nginx Remote Integer Overflow"
|
||||
severity: medium
|
||||
description: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
|
||||
|
||||
# This template supports the detection part only.
|
||||
# Do not test any website without permission
|
||||
# https://gist.githubusercontent.com/BlackVirusScript/75fae10a037c376555b0ad3f3da1a966/raw/d1cc081053636711881ea45c84e0971d5babe103/CVE-2017-7529.py
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Range: bytes=-17208,-9223372036854758792
|
||||
Connection: close
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 206
|
||||
- type: word
|
||||
words:
|
||||
- "Server: nginx"
|
||||
- "Content-Range"
|
||||
condition: and
|
||||
part: header
|
|
@ -3,7 +3,7 @@ id: CVE-2017-9841
|
|||
info:
|
||||
name: CVE-2017-9841
|
||||
author: Random-Robbie
|
||||
severity: High
|
||||
severity: high
|
||||
description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI
|
||||
# Reference to exploit
|
||||
# https://github.com/cyberharsh/Php-unit-CVE-2017-9841
|
||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2018-1271
|
|||
info:
|
||||
name: Spring MVC Directory Traversal Vulnerability
|
||||
author: hetroublemakr
|
||||
severity: High
|
||||
severity: high
|
||||
# reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2019-17382
|
|||
info:
|
||||
name: Zabbix Authentication Bypass
|
||||
author: Harsh Bothra
|
||||
severity: Critical
|
||||
severity: critical
|
||||
# source:- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
|
||||
|
||||
requests:
|
||||
|
|
|
@ -2,7 +2,7 @@ id: CVE-2019-3396
|
|||
info:
|
||||
author: "Harsh Bothra"
|
||||
name: "Atlassian Confluence Path Traversal"
|
||||
severity: High
|
||||
severity: high
|
||||
|
||||
# https://github.com/x-f1v3/CVE-2019-3396
|
||||
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
id: CVE-2020-2140
|
||||
info:
|
||||
author: j3ssie/geraldino2
|
||||
name: Jenkin AuditTrailPlugin XSS
|
||||
severity: medium
|
||||
description: Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
|
||||
|
||||
# Source:- https://nvd.nist.gov/vuln/detail/CVE-2020-2140
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j<h1>sample"
|
||||
- "{{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j<h1>sample"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- <h1>sample
|
||||
part: body
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -5,7 +5,7 @@ id: CVE-2020-3187
|
|||
info:
|
||||
name: CVE-2020-3187
|
||||
author: KareemSe1im
|
||||
severity: High
|
||||
severity: high
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2020-5405
|
|||
info:
|
||||
name: Spring Cloud Directory Traversal
|
||||
author: Harsh Bothra
|
||||
severity: High
|
||||
severity: high
|
||||
|
||||
# source:- https://nvd.nist.gov/vuln/detail/CVE-2020-5405
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ id: rabbitmq-default-admin
|
|||
info:
|
||||
name: RabbitMQ Default Credentials
|
||||
author: fyoorer & dwisiswant0
|
||||
severity: High
|
||||
severity: high
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
id: robots-txt
|
||||
info:
|
||||
name: robots.txt file
|
||||
author: CasperGN
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/robots.txt"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Disallow:"
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- text/plain
|
||||
part: header
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,26 @@
|
|||
id: wp-debug-log
|
||||
|
||||
info:
|
||||
name: WordPress debug log
|
||||
author: geraldino2 & @dwisiswant0
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/debug.log"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- octet-stream
|
||||
- text/plain
|
||||
part: header
|
||||
condition: or
|
||||
- type: regex
|
||||
regex:
|
||||
- "[[0-9]{2}-[a-zA-Z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [A-Z]{3}] PHP"
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -9,6 +9,9 @@ requests:
|
|||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wp-content/uploads/"
|
||||
- "{{BaseURL}}/wp-content/themes/"
|
||||
- "{{BaseURL}}/wp-content/plugins/"
|
||||
- "{{BaseURL}}/wp-includes/"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
@ -16,4 +19,4 @@ requests:
|
|||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- Index of /wp-content/uploads
|
||||
- Index of /
|
||||
|
|
|
@ -2,7 +2,7 @@ id: jmx-console
|
|||
info:
|
||||
name: JMX Console
|
||||
author: Yash Anand @yashanand155
|
||||
severity: Low
|
||||
severity: low
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
id: mongo-express-web-gui
|
||||
|
||||
info:
|
||||
name: Mongo Express Web GUI
|
||||
author: puzzlepeaches
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Set-Cookie: mongo-express="
|
||||
part: header
|
|
@ -1,16 +0,0 @@
|
|||
id: pfsense-web-gui
|
||||
|
||||
info:
|
||||
name: pfSense Web GUI
|
||||
author: ossie
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "Login to pfSense"
|
|
@ -1,20 +0,0 @@
|
|||
id: weave-scope-dashboard-detect
|
||||
|
||||
info:
|
||||
name: Weave Scope Dashboard
|
||||
author: e_schultze_
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<title>Weave Scope</title>"
|
||||
- "__WEAVEWORKS_CSRF_TOKEN"
|
||||
- "__CSRF_TOKEN_PLACEHOLDER__"
|
||||
condition: and
|
||||
part: body
|
|
@ -1,4 +1,4 @@
|
|||
id: workspaceone-uem-airWatch-dashboard-detect
|
||||
id: workspaceone-uem-airwatch-dashboard-detect
|
||||
|
||||
info:
|
||||
name: Workspace ONE Unified Endpoint Management (UEM) AirWatch
|
|
@ -0,0 +1,30 @@
|
|||
id: drupal-user-enum-redirect
|
||||
|
||||
info:
|
||||
name: Drupal User Enumration [Redirect]
|
||||
author: 0w4ys
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/user/0"
|
||||
- "{{BaseURL}}/user/1"
|
||||
- "{{BaseURL}}/user/2"
|
||||
- "{{BaseURL}}/user/3"
|
||||
headers:
|
||||
User-Agent: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- '(?i)Location: http(s|):\/\/[\w\.\-]+(\/ar|\/en|)\/users\/\w+'
|
||||
part: header
|
||||
- type: status
|
||||
status:
|
||||
- 301
|
||||
extractors:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- 'users\/\w+'
|
|
@ -3,7 +3,7 @@ id: jira-unauthenticated-user-picker
|
|||
info:
|
||||
name: Jira Unauthenticated User Picker
|
||||
author: TechbrunchFR
|
||||
severity: High
|
||||
severity: high
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -14,8 +14,11 @@ info:
|
|||
# 17542,e16377344d2d52a15e735041b3eb2c5a,jenkins
|
||||
# 1150,6d2adf39ca320265830403dfc030033a,liferay
|
||||
# 3638,59a0c7b6e4848ccdabcea0636efda02b,blogger
|
||||
# 198,59a0c7b6e4848ccdabcea0636efda02b,wordpress
|
||||
# 5430,59a0c7b6e4848ccdabcea0636efda02b,wordpress
|
||||
# 198,c6acedaff906029fc5455d9ec52c7f42,wordpress
|
||||
# 5430,c291c057816f71ce15ba5c496f1a965a,wordpress
|
||||
# 1611,f7e3d97f404e71d302b3239eef48d5f2,gitlab
|
||||
# 6093,88717398db158e3330ce94fc1784e4a7,jira
|
||||
# 2494,88717398db158e3330ce94fc1784e4a7,jira
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -69,3 +72,19 @@ requests:
|
|||
name: wordpress
|
||||
dsl:
|
||||
- "len(body)==5430 && status_code==200 && (\"c291c057816f71ce15ba5c496f1a965a\" == md5(body))"
|
||||
- type: dsl
|
||||
name: gitlab
|
||||
dsl:
|
||||
- "len(body)==1611 && status_code==200 && (\"f7e3d97f404e71d302b3239eef48d5f2\" == md5(body))"
|
||||
- type: dsl
|
||||
name: jira
|
||||
dsl:
|
||||
- "len(body)==6093 && status_code==200 && (\"88717398db158e3330ce94fc1784e4a7\" == md5(body))"
|
||||
- type: dsl
|
||||
name: jira
|
||||
dsl:
|
||||
- "len(body)==2494 && status_code==200 && (\"04d89d5b7a290334f5ce37c7e8b6a349\" == md5(body))"
|
||||
- type: dsl
|
||||
name: confluence
|
||||
dsl:
|
||||
- "len(body)==4259 && status_code==200 && (\"966e60f8eb85b7ea43a7b0095f3e2336\" == md5(body))"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: Github-Enterprise-Detect
|
||||
id: github-enterprise-detect
|
||||
|
||||
info:
|
||||
name: Detect Github Enterprise
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: Gitlab-Detect
|
||||
id: gitlab-detect
|
||||
|
||||
info:
|
||||
name: Detect Gitlab
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: Jaspersoft-detect
|
||||
id: jaspersoft-detect
|
||||
|
||||
info:
|
||||
name: Jaspersoft detected
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: SAP-Netweaver-Detect
|
||||
id: sap-netweaver-detect
|
||||
info:
|
||||
name: SAP NetWeaver Detect
|
||||
author: rakeshmane10
|
||||
|
|
|
@ -2688,4 +2688,30 @@ requests:
|
|||
words:
|
||||
- "/etc/clientlibs/"
|
||||
- "/content/dam/"
|
||||
part: body
|
||||
part: body
|
||||
|
||||
- type: word
|
||||
name: lotus-domino
|
||||
words:
|
||||
- "Server: Lotus-Domino"
|
||||
part: header
|
||||
|
||||
- type: word
|
||||
name: mongo-express-web-gui
|
||||
words:
|
||||
- "Set-Cookie: mongo-express="
|
||||
part: header
|
||||
|
||||
- type: word
|
||||
name: pf-sense-ui
|
||||
words:
|
||||
- "Login to pfSense"
|
||||
|
||||
- type: word
|
||||
name: weave-scope-dashboard
|
||||
words:
|
||||
- "<title>Weave Scope</title>"
|
||||
- "__WEAVEWORKS_CSRF_TOKEN"
|
||||
- "__CSRF_TOKEN_PLACEHOLDER__"
|
||||
condition: and
|
||||
part: body
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: WebLogic-Detect
|
||||
id: weblogic-detect
|
||||
|
||||
info:
|
||||
name: Detect Weblogic
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: Discourse XSS
|
||||
id: discourse-xss
|
||||
|
||||
info:
|
||||
name: Discourse CMS - XSS
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
id: eclipse-help-system-xss
|
||||
|
||||
info:
|
||||
name: Eclipse Help System RXSS vulnerability
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
|
||||
# Source:- https://github.com/pikpikcu/nuclei-templates/blob/master/vulnerabilities/eclipse-xss.yaml
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/help/index.jsp?view=<script>alert(document.cookie)</script>"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "<script>alert(document.cookie)</script>"
|
||||
part: body
|
|
@ -1,4 +1,4 @@
|
|||
id: IBM InfoPrint Directory Traversal
|
||||
id: ibm-infoprint-directory-traversal
|
||||
|
||||
info:
|
||||
name: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
|
||||
|
|
|
@ -3,7 +3,7 @@ id: oracle-ebs-bispgrapgh-file-read
|
|||
info:
|
||||
name: Oracle EBS Bispgraph File Access
|
||||
author: "Alfie Njeru (@emenalf) - https://the-infosec.com"
|
||||
severity: Critical
|
||||
severity: critical
|
||||
description: todo
|
||||
|
||||
requests:
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
id: wems-manager-xss
|
||||
|
||||
info:
|
||||
name: WEMS Enterprise Manager XSS
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
|
||||
# Source
|
||||
# https://packetstormsecurity.com/files/155777/WEMS-Enterprise-Manager-2.58-Cross-Site-Scripting.html
|
||||
# https://github.com/pikpikcu/nuclei-templates/blob/master/vulnerabilities/wems-enterprise-xss.yaml
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/guest/users/forgotten?email="><script>confirm(document.domain)</script>'
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- '"><script>confirm(document.domain)</script>'
|
||||
part: body
|
|
@ -13,4 +13,4 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "<svg/onload=alert(1337)>"
|
||||
part: body
|
||||
part: body
|
|
@ -11,6 +11,7 @@ variables:
|
|||
wordpress_duplicator_path_traversal: vulnerabilities/wordpress-duplicator-path-traversal.yaml
|
||||
wordpress_wordfence_xss: vulnerabilities/wordpress-wordfence-xss.yaml
|
||||
wordpress_cve_1: cves/CVE-2019-9978.yaml
|
||||
wordpress_debug_log: files/wordpress-debug-log.yaml
|
||||
|
||||
logic: |
|
||||
wordpress_tech()
|
||||
|
@ -23,4 +24,5 @@ logic: |
|
|||
wordpress_duplicator_path_traversal()
|
||||
wordpress_wordfence_xss()
|
||||
wordpress_cve_1()
|
||||
wordpress_debug_log()
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue