Prince Chaddha
d19093dcc8
Merge pull request #3117 from pussycat0x/master
...
unauthorized hp officepro printer
2021-11-11 12:51:25 +05:30
Prince Chaddha
58c224e3a5
Update unauthorized-hp-officepro-printer.yaml
2021-11-11 11:14:52 +05:30
Prince Chaddha
1a15d91764
Update and rename misconfiguration/unauthorized-hp-officepro-printer.yaml to misconfiguration/hp/unauthorized-hp-officepro-printer.yaml
2021-11-11 11:10:36 +05:30
pussycat0x
f9263c047a
Update unauthorized-hp-officepro-printer.yaml
2021-11-10 17:58:59 +05:30
pussycat0x
cb0b495fe0
Add files via upload
2021-11-10 17:46:34 +05:30
Sandeep Singh
037d974e8b
Merge pull request #3095 from projectdiscovery/CVE-2020-26413
...
Create CVE-2020-26413.yaml
2021-11-06 22:38:14 +05:30
sandeep
dbbb08e40c
misc updates
2021-11-06 22:36:37 +05:30
Sandeep Singh
199d7061f7
Update gocd-encryption-key.yaml
2021-11-06 18:45:55 +05:30
Pradeepch99
32e666d1f0
Update gocd-encryption-key.yaml
2021-11-06 18:24:24 +05:30
sandeep
a6d228ad50
misc updates
2021-11-06 16:27:38 +05:30
sandeep
5fa10c4b64
cves update
2021-11-06 12:34:04 +05:30
sandeep
b2eceeff1a
syntax update
2021-11-05 02:56:16 +05:30
Dhiyaneshwaran
3736a5ccc9
Update gocd-unauth-dashboard.yaml
2021-11-05 02:51:56 +05:30
Dhiyaneshwaran
2e4ca64ca7
Update gocd-server-configuration.yaml
2021-11-05 02:51:48 +05:30
Dhiyaneshwaran
2e4e27cb69
Update gocd-encryption-key.yaml
2021-11-05 02:51:39 +05:30
Dhiyaneshwaran
134c27219d
Update gocd-arbitrary-file.yaml
2021-11-05 02:51:18 +05:30
sandeep
99ba23f9af
misc update
2021-11-05 02:29:38 +05:30
Dhiyaneshwaran
62a629cda9
Create gocd-unauth-dashboard.yaml
2021-11-05 02:27:08 +05:30
Dhiyaneshwaran
bb2e3b1d38
Create gocd-encryption-key.yaml
2021-11-05 02:22:06 +05:30
Dhiyaneshwaran
fd9ffceacd
Update and rename go-cd-arbitrary-file.yaml to gocd-arbitrary-file.yaml
2021-11-05 02:13:15 +05:30
Dhiyaneshwaran
5d7e8f72de
Update gocd-server-configuration.yaml
2021-11-05 02:12:33 +05:30
Dhiyaneshwaran
2e7ab374eb
Create gocd-server-configuration.yaml
2021-11-05 01:54:26 +05:30
Dhiyaneshwaran
db91642c3d
Rename pre-auth-rce-gocd.yaml to go-cd-arbitrary-file.yaml
2021-11-05 01:48:25 +05:30
Dhiyaneshwaran
7a60f45431
Update pre-auth-rce-gocd.yaml
2021-11-05 01:46:11 +05:30
Dhiyaneshwaran
0ac7e92ac9
Update pre-auth-rce-gocd.yaml
2021-11-05 01:41:25 +05:30
Dhiyaneshwaran
3eff5e541d
Create pre-auth-rce-gocd.yaml
2021-11-05 01:30:11 +05:30
sandeep
421624d732
Added missing tags
2021-11-04 15:13:32 +05:30
Dhiyaneshwaran
be871b155c
Create sitecore-debug-page.yaml
2021-11-03 23:16:23 +05:30
sandeep
b83e79a8fe
moving files around
2021-11-01 19:36:21 +05:30
sandeep
f650961021
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into gitlab-updates
2021-11-01 19:21:55 +05:30
Prince Chaddha
a229a2e822
Merge pull request #2986 from projectdiscovery/wildcard-postmessage
...
Added Wildcard postMessage detection
2021-11-01 15:46:00 +05:30
Prince Chaddha
ec2907e6b0
Update wildcard-postmessage.yaml
2021-11-01 14:54:51 +05:30
Prince Chaddha
4d58562095
Update umbraco-base-ssrf.yaml
2021-10-30 22:06:04 +05:30
Prince Chaddha
40340c89c6
Update and rename misconfiguration/umbraco-base-ssrf.yaml to misconfiguration/vulnerabilities/other/umbraco-base-ssrf.yaml
2021-10-30 17:33:53 +05:30
Dhiyaneshwaran
9e1f9859d8
Create umbraco-base-ssrf.yaml
2021-10-30 11:03:14 +05:30
sandeep
e91e2e6e27
Added missing tag
2021-10-28 17:44:58 +05:30
Prince Chaddha
cd9195b7e4
Update wildcard-postmessage.yaml
2021-10-26 23:48:28 +05:30
Prince Chaddha
d43c694da7
Delete docker-version-detect.yaml
2021-10-26 23:41:28 +05:30
sandeep
0de8bc19f8
misc template updates
2021-10-26 17:39:26 +05:30
Prince Chaddha
e4a646f9d4
Update and rename misconfiguration/unauth-securityspy-camera-detect.yaml to exposed-panels/securityspy-detect.yaml
2021-10-25 15:00:32 +05:30
pussycat0x
a7c02f99dc
Update unauth-securityspy-camera-detect.yaml
2021-10-25 10:34:24 +05:30
pussycat0x
2b4356dcc1
Add files via upload
2021-10-25 08:34:17 +05:30
pussycat0x
854016684c
Add files via upload
2021-10-24 18:05:09 +05:30
sandeep
80301e3f63
Added Wildcard postMessage detection
2021-10-23 23:34:49 +05:30
sandeep
c849b7d51a
metadata update
2021-10-22 23:22:36 +05:30
Sandeep Singh
fc1b7a658c
Merge pull request #2956 from CristiVlad25/misconfig
...
Created app.yaml Template
2021-10-22 22:38:45 +05:30
sandeep
62dc0c0c31
misc update
2021-10-22 22:19:12 +05:30
Dhiyaneshwaran
444fa88b24
Create jaeger-ui-dashboard.yaml
2021-10-22 22:15:57 +05:30
Cristi Vlad
8632760893
Created app.yaml Template
2021-10-22 12:17:44 +03:00
Sufijen Bani
ac9f713d97
Merge PHP Errors Templates
...
There was an extra error template for PHP warnings although there was
another template holding that already.
The status code check (500) is a step that would make sense for all of
the checks. This is not limited to warnings. Though I think that error
code 500 shrinks the result set too much in this case. That's why I
would leave it out.
2021-10-21 10:46:04 +02:00
Prince Chaddha
52e498506e
Update zenphoto-sensitive-info.yaml
2021-10-19 17:45:19 +05:30
Philippe Delteil
69953cf73e
Update zenphoto-sensitive-info.yaml
2021-10-18 23:18:31 -03:00
sandeep
33badb66d1
oob tags update
2021-10-19 02:10:26 +05:30
Prince Chaddha
f86ef5382b
Merge pull request #2783 from pikpikcu/patch-295
...
Added skycaiji
2021-10-17 22:23:07 +05:30
sandeep
acda6fdb53
added missing slash
2021-10-16 01:10:48 +05:30
sandeep
196cc292b8
adding tags
2021-10-16 01:09:19 +05:30
sandeep
5e2c52f803
Merge branch 'misconfiguration' of https://github.com/CristiVlad25/nuclei-templates into pr/2900
2021-10-16 01:07:50 +05:30
sandeep
dd106dcb8f
misc update and moving files around
2021-10-16 01:06:37 +05:30
sandeep
10b4076f88
misc update
2021-10-14 00:14:29 +05:30
Divya
0102fad1a9
Add hpe-system-management-anonymous.yaml
...
Detect anonymous HPE System Management instance
2021-10-12 18:11:25 -04:00
sandeep
673a9107c5
misc updates
2021-10-11 01:38:44 +05:30
Divya
3e3e64c20e
Add unauthenticated-lansweeper.yaml
...
Detect unauthenticated Lansweeper instance
2021-10-10 13:03:46 -04:00
Prince Chaddha
0ed37945d6
Update skycaiji-install.yaml
2021-10-08 12:06:44 +05:30
Roman Ananyev
f1e4a2b15f
Added one more status page for NGINX
2021-10-06 12:12:13 +04:00
Prince Chaddha
179e265f8a
Update and rename misconfiguration/iotawatt-configuration-app.yaml to iot/iotawatt-app-exposure.yaml
2021-10-06 11:07:51 +05:30
pussycat0x
a71096bcd8
Add files via upload
2021-10-05 22:28:16 +05:30
Prince Chaddha
bfb3d70662
Update and rename misconfiguration/hp-switch-default-creds.yaml to default-logins/hp/hp-switch-default-login.yaml
2021-10-05 15:19:15 +05:30
pussycat0x
6a38a61321
Update hp-switch-default-creds.yaml
2021-10-05 01:56:47 +05:30
pussycat0x
f0a572eae8
Update hp-switch-default-creds.yaml
2021-10-05 01:43:14 +05:30
pussycat0x
30c447d42b
Add files via upload
2021-10-05 01:25:35 +05:30
sandeep
55b0673d27
Added IBM Websphere Friendly Path Exposure
...
Co-Authored-By: clarkvoss <32307041+clarkvoss@users.noreply.github.com>
2021-10-03 16:49:06 +05:30
Sullo
3878138bfe
* Added Host headers where needed (validated via disclosures/posts)
...
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
PikPikcU
553772ab8a
Create skycaiji-install.yaml
2021-09-30 23:49:10 +07:00
Prince Chaddha
807920c0ac
clean-up
2021-09-21 17:16:53 +05:30
sullo
b57620cce2
Typo and language corrections
2021-09-20 15:25:11 -04:00
Prince Chaddha
6564d0fca4
Merge pull request #2708 from pussycat0x/master
...
New templates
2021-09-20 14:18:41 +05:30
Prince Chaddha
27572bcc92
Update and rename service-pwd-expose.yaml to service-pwd.yaml
2021-09-18 12:11:19 +05:30
Prince Chaddha
4d2d1f35d6
Update service-pwd-expose.yaml
2021-09-18 12:08:32 +05:30
Prince Chaddha
6ff85169c3
Update service-pwd-expose.yaml
2021-09-18 12:03:17 +05:30
pussycat0x
b49aee881b
Add files via upload
2021-09-18 10:38:21 +05:30
Sandeep Singh
117c59094b
Merge pull request #2704 from geeknik/patch-28
...
Update shell-history.yaml
2021-09-17 23:37:56 +05:30
Prince Chaddha
7223d54eea
Merge pull request #2649 from pussycat0x/master
...
Glowroot-anonymous-access
2021-09-17 22:32:06 +05:30
Geeknik Labs
7f5dd080cc
Update shell-history.yaml
...
Follow-up fix for comment in #2129
2021-09-17 10:00:22 -05:00
Prince Chaddha
ab4e6a4dd6
Merge pull request #2696 from DhiyaneshGeek/master
...
New Templates Added
2021-09-17 16:29:58 +05:30
Prince Chaddha
5858e3a01c
Update and rename exposures/logs/database-error.yaml to misconfiguration/database-error.yaml
2021-09-17 13:33:54 +05:30
Prince Chaddha
769a6ea059
Update zabbix-error.yaml
2021-09-17 13:01:57 +05:30
Prince Chaddha
52162716e5
Update and rename exposures/logs/zabbix-error.yaml to misconfiguration/zabbix-error.yaml
2021-09-17 13:00:35 +05:30
Prince Chaddha
317c941340
Update php-errors.yaml
2021-09-17 12:59:34 +05:30
Sandeep Singh
f47c4da9e8
Merge pull request #2694 from geeknik/geeknik-patch-1
...
MIscellaneous updates
2021-09-17 02:22:26 +05:30
Sandeep Singh
067247401b
Merge pull request #2442 from pdelteil/patch-38
...
Create springboot-info.yaml
2021-09-17 02:22:08 +05:30
sandeep
74871a7412
Update springboot-info.yaml
2021-09-17 02:21:49 +05:30
Geeknik Labs
fd768f4b2c
Update rack-mini-profiler.yaml
2021-09-16 15:18:31 -05:00
Sandeep Singh
0ab82749ef
Create unauthenticated-glowroot.yaml
2021-09-15 13:28:43 +05:30
Prince Chaddha
2790f5ff9f
Update glowroot-anonymous-access.yaml
2021-09-14 15:35:52 +05:30
pussycat0x
9c5a43e25d
Glowroot-anonymous-access
2021-09-13 23:58:56 +05:30
Sandeep Singh
cf4ef2ac5a
Merge pull request #2622 from projectdiscovery/missing-tags
2021-09-10 12:32:47 +05:30
sandeep
bd24dc198e
Coverage for all templates using tags
2021-09-09 19:08:13 +05:30
Sandeep Singh
54c9f08233
Merge pull request #2612 from projectdiscovery/cleanups
...
Removed extra headers not required for template
2021-09-09 14:50:00 +05:30
sandeep
39a0ffd0a5
Update python-metrics.yaml
2021-09-08 18:19:15 +05:30
Dhiyaneshwaran
664ac52065
Update python-metrics.yaml
2021-09-08 18:09:15 +05:30
Dhiyaneshwaran
85adcd95be
Update python-metrics.yaml
2021-09-08 17:58:43 +05:30
Dhiyaneshwaran
6fee9b2b1b
Create python-metrics.yaml
2021-09-08 17:48:54 +05:30
sandeep
609705f676
removed extra headers not required for template
2021-09-08 17:47:19 +05:30
sandeep
7e601216b9
Added additional path
2021-09-08 13:01:42 +05:30
sullo
ef1f7c5e92
Updates across many templates for clarity, spelling, and grammar.
2021-09-05 17:13:45 -04:00
sandeep
63ce5e0b77
Nextcloud templates
2021-09-05 22:52:45 +05:30
Sandeep Singh
ac558b2887
Merge pull request #2568 from pussycat0x/master
...
New Templates added
2021-09-04 15:56:17 +05:30
sandeep
969e08f12e
moving files around
2021-09-04 15:54:24 +05:30
sandeep
4a9a339feb
misc update
2021-09-04 15:40:34 +05:30
sandeep
b74dffae92
misc update
2021-09-04 15:23:49 +05:30
Sandeep Singh
d10439c29f
Merge pull request #2565 from geeknik/patch-25
...
Update php-errors.yaml
2021-09-04 00:43:26 +05:30
Geeknik Labs
735b1df1c5
Update php-errors.yaml
2021-09-03 12:09:59 -05:00
sandeep
32fed54169
removing duplicate templates and few updates
2021-09-03 22:35:58 +05:30
sandeep
d27dadb79e
updated matchers
2021-09-03 22:24:11 +05:30
pussycat0x
6ba8cb040d
Update overview-kubernetes-resource-report.yaml
2021-09-03 22:23:59 +05:30
Geeknik Labs
ac4bce9ca5
Update php-errors.yaml
...
Made better through use of regex extractors. More useful information is displayed on-screen.
2021-09-03 11:28:42 -05:00
pussycat0x
6e2816be3e
Add files via upload
2021-09-03 20:12:53 +05:30
sandeep
90f8caf302
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481
2021-09-03 14:55:30 +05:30
sandeep
c266084621
Added stop-at-first-match in applicable templates
2021-09-02 17:29:10 +05:30
Prince Chaddha
bec1c542cd
Update unauthenticated-mongo-express.yaml
2021-08-31 13:32:56 +05:30
Prince Chaddha
212072fad2
Update unauthenticated-mongo-express.yaml
2021-08-31 13:31:48 +05:30
forgedhallpass
419a957409
Fixing errors in templates
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-27 10:43:24 +03:00
socketz
ddd3ef8493
Merge branch 'master' of github.com:socketz/nuclei-templates
2021-08-25 14:32:22 +02:00
socketz
c766a8454d
Fixed yaml linting errors
2021-08-25 14:09:42 +02:00
Prince Chaddha
0ef631dce1
Update http-missing-security-headers.yaml
2021-08-25 16:52:35 +05:30
socketz
de76c65d01
Merge branch 'projectdiscovery:master' into master
2021-08-24 13:10:56 +02:00
forgedhallpass
296edfc37b
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-23 14:40:33 +03:00
sandeep
76c9bbee20
minor update
2021-08-21 15:53:06 +05:30
Philippe Delteil
b013ef69df
Create springboot-threaddump.yaml
...
Testing
nuclei -t springboot-threaddump.yaml -u https://folhaponto.cmm.pr.gov.br/
nuclei -t springboot-threaddump.yaml -u https://ctacte.realechile.cl/
2021-08-21 00:42:49 -04:00
sandeep
d3552cc6e3
Update springboot-info.yaml
2021-08-21 01:20:10 +05:30
forgedhallpass
dc4cc62629
Merge remote-tracking branch 'origin/master' into dynamic_attributes
2021-08-20 15:35:17 +03:00
Philippe Delteil
a5c7f36781
Update springboot-env.yaml
2021-08-20 03:12:53 -04:00
Philippe Delteil
e6029630f4
Create springboot-info.yaml
2021-08-20 03:08:19 -04:00
sandeep
3f803deb28
more updates
2021-08-20 02:14:42 +05:30
sandeep
20d1f0a54f
Added intrusive tag
...
Added intrusive tag for identification / exclusion as discussed here - https://github.com/projectdiscovery/nuclei/discussions/551
2021-08-19 22:59:45 +05:30
sandeep
4f1e61f021
Adding unique prefix for identification
2021-08-19 22:39:56 +05:30
sandeep
247b07a76a
Added grafana-public-signup
2021-08-19 22:11:11 +05:30
forgedhallpass
77103bc629
Satisfying the linter (all errors and warnings)
...
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass
f55d6b75e1
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass
7b29be739e
Merge branch 'master' into dynamic_attributes
2021-08-19 16:23:26 +03:00
forgedhallpass
ffaff64565
Changes fixes/around dynamic attributes ("additional-fields")
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
Geeknik Labs
6a8d9e0687
Update and rename misconfiguration/sidekiq-dashboard.yaml to exposed-panels/sidekiq-dashboard.yaml
...
Added references.
Moved template to exposed-panels.
2021-08-18 14:44:12 -05:00
forgedhallpass
cdf9451158
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
sandeep
8c48ca97d2
matcher + payload + regex updates
2021-08-09 21:58:28 +05:30
Sandeep Singh
c4f9a2e32d
Merge pull request #2325 from pussycat0x/master
...
springboot Actuator
2021-08-06 21:05:54 +05:30
sandeep
1a043cc846
minor update
2021-08-06 21:02:50 +05:30
sandeep
32709de987
misc updates
2021-08-06 20:48:32 +05:30
sandeep
b20ba6754d
minor update
2021-08-05 16:31:01 +05:30
sandeep
1140b9117a
updated matchers
2021-08-05 16:29:52 +05:30
Dhiyaneshwaran
dbab8fb57a
Create office365-open-redirect.yaml
2021-08-05 15:25:08 +05:30
pussycat0x
2ad4805bcd
Add files via upload
2021-08-04 22:43:45 +05:30
pussycat0x
ed8ba1451d
Update springboot-metrics.yaml
2021-08-04 22:17:33 +05:30
pussycat0x
cb63ec5176
Update springboot-dump.yaml
2021-08-04 22:17:01 +05:30
pussycat0x
4715314c2b
Add files via upload
2021-08-04 22:08:47 +05:30
sandeep
89ce8da31c
template update
2021-08-02 16:10:05 +05:30
Sandeep Singh
ee06aea64d
Merge pull request #2262 from DhiyaneshGeek/master
...
New Template
2021-07-31 22:50:25 +05:30
sandeep
83a1769c04
Added Open Akamai ARL XSS Detection
2021-07-31 00:53:25 +05:30
Sandeep Singh
918a6deead
Merge pull request #2265 from pussycat0x/master
...
zabbix-dashboards-access
2021-07-30 02:37:02 +05:30
sandeep
6b02fb31ed
updated matcher
2021-07-30 02:33:01 +05:30
pussycat0x
3caeca71ab
Add files via upload
2021-07-29 23:36:59 +05:30
Dhiyaneshwaran
c8e11b8254
Create viewpoint-system-status.yaml
2021-07-29 19:08:40 +05:30
Prince Chaddha
c49a4b32f1
Update android-debug-database-exposed.yaml
2021-07-29 10:47:01 +05:30
Dhiyaneshwaran
9f93ea0eba
Update android-debug-database-exposed.yaml
2021-07-28 21:37:19 +05:30
socketz
71a27da891
Added security headers templates
2021-07-28 14:40:20 +02:00
Dhiyaneshwaran
bbc34b011b
Create android-debug-database-exposed.yaml
2021-07-28 17:46:31 +05:30
sandeep
1b437d300a
Additional matcher for Symfony debug mode
2021-07-26 17:21:46 +05:30
sandeep
bfd40054e4
matcher update
2021-07-26 15:18:10 +05:30
Pham Sy Minh
934d899f5e
Reduce false positives
2021-07-26 12:53:34 +07:00
Sandeep Singh
a57bcda074
Merge pull request #2111 from pikpikcu/patch-203
...
Update hadoop-unauth.yaml
2021-07-26 01:35:34 +05:30
sandeep
3fc8626874
Update hadoop-unauth.yaml
2021-07-26 01:33:02 +05:30
Sandeep Singh
b905a91cdc
Merge pull request #2129 from geeknik/patch-6
...
Update shell-history.yaml
2021-07-26 01:08:46 +05:30
sandeep
bb8a22401b
Separating service detection + SSRF detection
2021-07-25 15:22:09 +05:30
Pham Sy Minh
cff60a04b5
Fix false positive
2021-07-25 12:14:24 +07:00
sandeep
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
Sandeep Singh
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep
b1d8ab1193
more matchers update
2021-07-24 03:13:09 +05:30
Sandeep Singh
327819a037
Update misconfiguration/clockwork-dashboard-exposure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:24 +05:30
Sandeep Singh
f8a1c2c2b5
Update misconfiguration/clockwork-dashboard-exposure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:09 +05:30
Prince Chaddha
1754aecb5e
Update wamp-server-configuration.yaml
2021-07-22 17:54:19 +05:30
Geeknik Labs
d354d50bb9
Update shell-history.yaml
...
fix false positive
2021-07-21 12:26:20 -05:00
Prince Chaddha
ff374372e0
Update clockwork-dashboard-exposure.yaml
2021-07-21 17:23:40 +05:30
Dhiyaneshwaran
c9852b62dd
Create clockwork-dashboard-exposure.yaml
2021-07-21 11:02:36 +05:30
PikPikcU
9c8e154b5a
Update hadoop-unauth.yaml
2021-07-20 19:29:10 +07:00
Dhiyaneshwaran
525ffdefcc
Update unauthenticated-popup-upload.yaml
2021-07-15 13:52:06 +05:30
sandeep
6dd92167eb
minor updates
2021-07-13 19:35:58 +05:30
Dhiyaneshwaran
4822208487
Merge pull request #71 from projectdiscovery/master
...
Updation
2021-07-13 14:54:00 +05:30
Dhiyaneshwaran
51d6477505
Create unauthenticated-alert-manager.yaml
2021-07-13 14:10:37 +05:30
Sandeep Singh
920255635b
Merge pull request #1876 from pussycat0x/master
...
web-ftp
2021-07-13 01:53:15 +05:30
Sandeep Singh
8ec1767561
Rename hp-printer-unanuthorized-access.yaml to unauthorized-hp-printer.yaml
2021-07-13 01:45:40 +05:30
sandeep
567096e97f
matcher update
2021-07-13 01:42:15 +05:30
sandeep
3b13abc7f2
matcher update
2021-07-13 01:30:58 +05:30
pussycat0x
647677f0ab
Update hp-printer-unanuthorized-access.yaml
2021-07-11 23:49:17 +05:30
pussycat0x
09b002134d
Add files via upload
2021-07-11 23:44:34 +05:30
Sandeep Singh
22421fd38e
Merge pull request #1843 from DhiyaneshGeek/master
...
Update AEM CRX bypass , AEM Debug XSS and Java sean debug page, Jetty showcontexts enable , jfrog-unauth-build-exposed Templates Added
2021-07-04 01:23:20 +05:30
sandeep
afcbe4cfe4
minor updates
2021-07-04 01:22:08 +05:30
sandeep
a5f8175017
Update unauthorized-plastic-scm.yaml
2021-07-03 16:39:59 +05:30
sandeep
5d7388f0ae
Added Unauthorized Access to Plastic Admin Console
2021-07-03 16:37:11 +05:30
Dhiyaneshwaran
31a10ebfb7
Update jetty-showcontexts-enable.yaml
2021-07-02 20:50:15 +05:30
sandeep
5b91ef07a6
Update unauthenticated-glances.yaml
2021-07-02 17:15:32 +05:30
sandeep
db61d85e75
minor updates
2021-07-02 17:14:03 +05:30
Dhiyaneshwaran
5f779266bc
Create jetty-showcontexts-enable.yaml
2021-07-02 08:16:57 +05:30
Dhiyaneshwaran
39eb91a582
Update aem-crx-bypass.yaml
2021-07-01 22:23:08 +05:30
Petko D. Petkov
7c39ab8c79
Check if json.
2021-06-30 12:03:47 +00:00
sandeep
e8ffd4ea06
Update aem-crx-bypass.yaml
2021-06-28 20:45:41 +05:30
sandeep
eaa5d7600f
Added more strict matchers
2021-06-28 20:44:24 +05:30
Dhiyaneshwaran
e53b262283
Update aem-crx-bypass.yaml
2021-06-28 20:23:11 +05:30
Dhiyaneshwaran
91b673ad17
Create aem-crx-bypass.yaml
2021-06-28 20:20:58 +05:30
sandeep
2a7d45fa1f
more strict matcher
2021-06-26 19:42:11 +05:30
Prince Chaddha
89b4fdf8ed
Merge pull request #1757 from pussycat0x/master
...
New template added
2021-06-24 02:02:42 +05:30
Prince Chaddha
5fa51dd043
Update phpmyadmin-sql.php-server.yaml
2021-06-24 01:26:51 +05:30
sandeep
134a23aeab
Some fixes (WIP)
...
- Added missing matcher condition
- Updated severity to lowercase, as it's case sensitive
2021-06-24 01:03:41 +05:30
pussycat0x
2dd0ce2664
Update phpmyadmin-sql.php-server.yaml
2021-06-23 21:37:14 +05:30
pussycat0x
5ae899a66f
Update phpmyadmin-sql.php-server.yaml
2021-06-23 21:34:13 +05:30
pussycat0x
bb251938c8
Add files via upload
2021-06-22 20:40:53 +05:30
sandeep
49f9b67827
Added reference
2021-06-20 16:39:47 +05:30
Prince Chaddha
bd4b43bbce
Merge pull request #995 from pikpikcu/patch-101
...
Create zhiyuan-oa-unauthorized
2021-06-19 12:53:24 +05:30
Prince Chaddha
5463655627
Update zhiyuan-oa-unauthorized.yaml
2021-06-19 12:52:35 +05:30
sandeep
f0b67ef56b
Few template updates
2021-06-18 15:53:49 +05:30
sandeep
6081edd83f
Added reference
2021-06-18 12:16:27 +05:30
sandeep
f9d068a105
Added ssrf-via-oauth-misconfig
2021-06-18 12:15:13 +05:30
sandeep
b1e401ff9c
Delete adobe-connect-xss.yaml
2021-06-15 15:54:19 +05:30
sandeep
891e8374b1
misc changes
2021-06-14 20:32:21 +05:30
Dhiyaneshwaran
629b655ef1
Create adobe-connect-xss.yaml
2021-06-13 23:54:48 +05:30
Dhiyaneshwaran
afec528d82
Create adobe-connect-version.yaml
2021-06-13 23:40:58 +05:30
Dhiyaneshwaran
6e727805c1
Create adobe-connect-username-exposure.yaml
2021-06-13 23:25:39 +05:30
sandeep
8d35960831
Strict matchers
2021-06-10 21:18:38 +05:30
Sandeep Singh
13090ace75
Merge pull request #1659 from WillD96/IIS-Internal-IP-Disclosure
...
Created IIS Internal IP Disclosure Template
2021-06-10 00:02:02 +05:30
r3naissance
aa9e899dd2
Added conditional word in body
...
I found this be a valid finding /actuator/env on a production host but was missing additional words to check which was causing a false negative. 'activeProfiles' allows this test to pass on the instance that I came across.
2021-06-09 11:36:54 -06:00
sandeep
3c6aa9da0c
misc updates
2021-06-09 22:15:55 +05:30
Will Davison
cd06c6137f
Fixed trailing spaces
2021-06-09 16:04:53 +01:00
Will Davison
ad8d064bf9
Fixed linting error.
2021-06-09 15:40:06 +01:00
Will Davison
6279e1fb70
Added template for IIS Internal IP Disclosure
...
By sending a HTTP 1.0 request to the root of the webserver, sometimes an internal IP address is disclosed in the Location header of the 302 response.
2021-06-09 15:30:59 +01:00
Prince Chaddha
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
Prince Chaddha
0013f94807
Merge pull request #1631 from projectdiscovery/sap_update
...
SAP NetWeaver update
2021-06-09 14:17:51 +05:30
sandeep
1851068721
Updated matcher
2021-06-08 00:33:06 +05:30
sandeep
0fe0d327b0
moving files around
2021-06-07 19:57:59 +05:30
Dhiyaneshwaran
52adac2e12
Create firebase-urls.yaml
2021-06-06 19:38:51 +05:30
Dhiyaneshwaran
158914d4db
Create artifactory-anonymous-deploy.yaml
2021-06-06 19:37:32 +05:30
Prince Chaddha
1d07ace8a5
Merge pull request #1634 from DhiyaneshGeek/master
...
Exposed jQuery File Upload
2021-06-06 17:58:25 +05:30
Prince Chaddha
6649abf131
Update exposed-jquery-file-upload.yaml
2021-06-06 17:55:05 +05:30
Sandeep Singh
fae9755374
Merge pull request #1639 from pdelteil/patch-9
...
Update shell-history.yaml
2021-06-06 13:40:47 +05:30
sandeep
0cf8ffdc57
misc changes
2021-06-06 13:39:16 +05:30
sandeep
e2eaedc6a1
misc updates
2021-06-06 13:19:01 +05:30
Philippe Delteil
652da29f9a
Update shell-history.yaml
...
There are two problems with this template, it only checks for chmod commands but most importantly doesn't check for html tags. A real history file the response doesn't include html tags at all.
So, I'm adding two rules: Check for another possible commands (from real example) and adding a negative rule to discard false positives like this one:
nuclei -debug -t /home/kali/nuclei-templates/misconfiguration/shell-history.yaml -u http://777.urbanup.com
2021-06-05 22:06:30 -04:00
Philippe Delteil
9014a4b0a2
Update aws-object-listing.yaml
...
Added extractor that retrieves the name of the s3 bucket.
Test
nuclei -t nuclei-templates/misconfiguration/aws-object-listing.yaml -u http://img.secnews.gr
[2021-06-06 01:19:10] [aws-object-listing] [http] [low] http://imgcdn.secnews.gr [img.secnews.gr]
2021-06-05 21:27:44 -04:00
Dhiyaneshwaran
0d82660f90
Create exposed-jquery-file-upload.yaml
2021-06-05 22:04:09 +05:30
sandeep
a85c1dd35a
Moving files around + duplicate remove
2021-06-05 15:57:13 +05:30
sandeep
ae8c130668
Moving files around
2021-06-05 15:55:01 +05:30
sandeep
edcc35d604
Added Private key exposure via helper detector
2021-06-04 20:46:19 +05:30
sandeep
0c436e35aa
Added airflow-debug
2021-06-03 19:39:51 +05:30