Commit Graph

378 Commits (17d836b2c412fbfd6b1f9a51a26112f17987f288)

Author SHA1 Message Date
sandeep 609ac0e098 Update rockmongo-xss.yaml 2021-02-25 17:16:33 +05:30
sandeep 3ea4c3a826 Update rockmongo-xss.yaml 2021-02-25 17:15:21 +05:30
PikPikcU 63a71afa62
Create rockmongo-xss.yaml 2021-02-25 11:28:40 +00:00
sandeep c2982994a4 Update weiphp-sql-injection.yaml 2021-02-25 16:36:57 +05:30
sandeep 30483cf1e5 Update weiphp-path-traversal.yaml 2021-02-25 16:18:18 +05:30
ganoes 8927253cb3 Improvement of the regex in open redirection template 2021-02-25 11:13:01 +01:00
PikPikcU 4a55ac7128
Update weiphp-sql-injection.yaml 2021-02-25 10:02:04 +00:00
PikPikcU e81b961873
Update weiphp-sql-injection.yaml 2021-02-25 09:51:58 +00:00
PikPikcU fe995933bc
Create weiphp-sql-injection.yaml 2021-02-25 09:49:18 +00:00
sandeep 48f55d25d0 Update weiphp-path-traversal.yaml 2021-02-25 15:03:56 +05:30
PikPikcU f0f11568c0
Update weiphp-path-traversal.yaml 2021-02-25 09:07:26 +00:00
PikPikcU b18c68674c
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00
PD-Team 9e9aa20646
Merge pull request #929 from pikpikcu/patch-80
zhiyuan-oa session leak
2021-02-24 23:24:28 +05:30
sandeep a0175f96c4 Update zhiyuan-oa-info-leak.yaml 2021-02-24 23:22:23 +05:30
sandeep 00abdb4732 Update yarn-resourcemanager-rce.yaml 2021-02-24 21:29:13 +05:30
sandeep 99b1ae2d46 Improved matcher 2021-02-24 21:28:48 +05:30
PikPikcU 2f39160e65
Create zhiyuan-oa-info-leak.yaml 2021-02-24 08:07:57 +00:00
PikPikcU b86a406d26
Create zhiyuan-oa-session-leak.yaml 2021-02-24 08:06:28 +00:00
Muhammad Daffa f6042d3d43
Update wordpress-accessible-wpconfig.yaml 2021-02-22 09:51:01 +07:00
sandeep cd2a3a7a77 Update dedecms-openredirect.yaml 2021-02-20 23:12:14 +05:30
PikPikcU d118e3e8cf
Create dedecms-openredirect.yaml 2021-02-21 00:35:47 +07:00
sandeep 6f74d31e0b few updates 2021-02-20 22:41:54 +05:30
PikPikcU 6ace5ab376
Create finereport-path-traversal.yaml 2021-02-20 23:36:48 +07:00
sandeep 5ffc1aa211 Update metinfo-lfi.yaml 2021-02-20 19:24:20 +05:30
PikPikcU 6e19a6eb45
Create metinfo-lfi.yaml 2021-02-20 07:25:43 +07:00
sandeep d77862ef7b adding tags 2021-02-19 13:51:21 +05:30
PikPikcU e537b279a0
Create cisco-webui-rce.yaml 2021-02-19 14:39:32 +07:00
sandeep b538a7f481 Update seacms-rce.yaml 2021-02-18 20:38:50 +05:30
PikPikcU 15bff234ef
Create seacms-rce.yaml 2021-02-18 20:05:35 +07:00
sandeep 0ca299e92b adding wp template and workflow 2021-02-17 17:33:03 +05:30
sandeep 86243622cc tag updates 2021-02-16 22:32:57 +05:30
sandeep 6d88f03e08 moving files around 2021-02-16 14:54:04 +05:30
sandeep a9769ed11b Update oracle-glassfish-lfi.yaml 2021-02-16 14:25:42 +05:30
PikPikcU b38e84957e
Update oracle-glassfish-lfi.yaml 2021-02-16 08:41:11 +00:00
PikPikcU 35e0b8e2f4
Create oracle-glassfish-lfi.yaml 2021-02-16 08:38:42 +00:00
PD-Team a772670227
Merge pull request #866 from pikpikcu/patch-66
Create cacti-weathermap-file-write
2021-02-16 02:19:45 +05:30
sandeep b4a9d2ec68 Update cacti-weathermap-file-write.yaml 2021-02-16 02:17:45 +05:30
PD-Team f165b4bef4
Merge pull request #867 from Mad-robot/master
Create Zebra_Form_XSS.yaml
2021-02-16 00:30:09 +05:30
sandeep 3bb6b81dc5 misc changes 2021-02-16 00:28:11 +05:30
Geeknik Labs 07eb454de6
Update open-redirect.yaml
Seems a bit rude to add a production website like test.com to a template like this will generate a ton of unexpected traffic for a company who might not be expecting it or appreciating it.
2021-02-15 17:42:57 +00:00
sandeep 55b6b33e93 misc changes 2021-02-15 21:29:12 +05:30
SaN ThosH 18fde04cb7
Update Zebra_Form_XSS.yaml 2021-02-15 17:54:22 +05:30
SaN ThosH 1655381ae6
Update Zebra_Form_XSS.yaml 2021-02-15 17:53:52 +05:30
SaN ThosH 68ffcca822
Update Zebra_Form_XSS.yaml 2021-02-15 17:42:09 +05:30
SaN ThosH 91768dc160
Create Zebra_Form_XSS.yaml 2021-02-15 16:13:31 +05:30
PikPikcU 3f3f9b9f43
Create samsung-wlan-ap-rce.yaml 2021-02-15 06:17:07 +00:00
PikPikcU 50c0d50d3d
Create samsung-wlan-ap-xss.yaml 2021-02-15 05:53:18 +00:00
PikPikcU ef6b416535
Create cacti-weathermap-file-write.yaml 2021-02-15 04:39:47 +00:00
PikPikcU 9daed142be
Create samsung-wlan-ap-lfi.yaml 2021-02-15 04:30:32 +00:00
sandeep eb50c32a64 Update rails6-xss.yaml 2021-02-15 04:27:45 +05:30
sandeep 4d8510a60d Update rails6-xss.yaml 2021-02-15 00:31:40 +05:30
PD-Team f577b9c91e
Merge pull request #860 from Mad-robot/master
Update rails6-xss.yaml
2021-02-15 00:17:02 +05:30
sandeep 6222b9fe49 Added working poc as comment 2021-02-15 00:15:07 +05:30
sandeep 58835cfc59 Update oa-tongda-path-traversal.yaml 2021-02-14 20:24:12 +05:30
SaN ThosH ccd53e0677
Update rails6-xss.yaml 2021-02-14 19:04:20 +05:30
PikPikcU 9362086705
Create oa-tongda-path-traversal.yaml 2021-02-14 12:22:51 +00:00
PD-Team 483161371b
Merge pull request #857 from afaq1337/patch-2
added new signatures for URL Redirect
2021-02-14 17:13:59 +05:30
sandeep 0c82bbb53c Update open-redirect.yaml 2021-02-14 17:12:34 +05:30
sandeep 0ee8b53fb4 payload updates 2021-02-14 17:11:51 +05:30
sandeep 0e5a07232f misc changes 2021-02-14 16:29:41 +05:30
PikPikcU 197bf2286e
Create powercreator-cms-rce.yaml 2021-02-14 08:40:45 +00:00
Afaq dea2fd28dc
update name 2021-02-14 13:35:57 +05:00
Afaq 01535dd36a
added new signatures for URL Redirect
Update double quotes with single quotes against escaping, and added new signatures
2021-02-14 13:29:18 +05:00
sandeep 768c05a9df Update rce-shellshock-user-agent.yaml 2021-02-13 10:25:02 +05:30
sandeep ec7a29957d Adding tags to vulnerabilities and workflows 2021-02-12 11:23:01 +05:30
sandeep 16f23c84be improved matcher 2021-02-12 10:29:05 +05:30
Khaled Mohamed e7c6731d1a
Update
Edit after update from Mohamed elbadry @melbadry9
2021-02-11 22:53:19 +02:00
sandeep 5c419acb32 misc updates 2021-02-12 02:03:38 +05:30
PikPikcU 82acc49390
Update and rename thinkcmf-shell-write.yaml to thinkcmf-rce.yaml 2021-02-11 17:49:03 +00:00
PikPikcU 29eda8d1ab
Create thinkcmf-shell-write.yaml 2021-02-11 17:31:25 +00:00
sandeep e6c31e6512 Update thinkcmf-lfi.yaml 2021-02-11 22:23:14 +05:30
PikPikcU 2b8c738e03
Create thinkcmf-lfi.yaml 2021-02-11 15:46:20 +00:00
sandeep aefbc1db67 misc changes 2021-02-10 22:07:17 +05:30
PikPikcU f27418b7ba
Added apache-flink-rce (#810) 2021-02-10 20:48:24 +05:30
Prince Chaddha e02cba08c8
Create jira-unauthenticated-projectcategories.yaml 2021-02-10 02:59:28 +05:30
Prince Chaddha 41cb45656c
Create jira-unauthenticated-adminprojects.yaml 2021-02-10 02:51:14 +05:30
Prince Chaddha 557f0113ff
Create jira-unauthenticated-resolutions.yaml (#830) 2021-02-10 02:35:12 +05:30
PD-Team 0a82b1920f Added tags to wordpress templates. 2021-02-05 14:53:55 +05:30
PD-Team 83fb22a81b
Merge pull request #801 from pikpikcu/patch-42
Adding sangfor-edr-rce
2021-02-03 17:30:11 +05:30
PD-Team 3a28f79400 Update chamilo-lms-xss.yaml 2021-02-03 16:58:43 +05:30
PikPikcU c21acfa7a0
Create sangfor-edr-rce.yaml 2021-02-03 04:40:07 +00:00
Geeknik Labs 26f1e7d857
Create chamilo-lms-xss.yaml 2021-02-01 20:54:21 +00:00
PD-Team fa732d4565
Merge pull request #787 from pikpikcu/patch-36
Create dlink-dir-850l-info-leak
2021-02-01 23:12:23 +05:30
PD-Team b476243f85 misc changes 2021-02-01 23:11:29 +05:30
PD-Team c649ff4a85 Added key-cloak xss and admin panel 2021-02-01 22:17:31 +05:30
PD-Team 6101f8e537 misc update 2021-01-31 12:54:53 +05:30
PikPikcU ed4b717d65
Create wooyun-path-traversal.yaml 2021-01-30 21:37:05 +00:00
PD-Team f6ccec48ed Update CNVD-2020-62422.yaml 2021-01-30 18:33:26 +05:30
PikPikcU 64209dca7d
Create CNVD-2020-62422.yaml 2021-01-30 10:45:17 +00:00
PD-Team a887ebe289 few updates 2021-01-26 20:01:01 +05:30
PR3R00T 7f1abf1e4b
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:45:15 +00:00
PR3R00T 1712d10086
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:44:17 +00:00
PR3R00T 4782898579
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:40:48 +00:00
PR3R00T f4529d02c5
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:37:18 +00:00
PR3R00T abe3f04402
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:34:17 +00:00
PR3R00T 45d26b875e
New Sonicwall 0day Exploit test 2021-01-26 10:20:46 +00:00
PD-Team c762044d29 updating incorrect file permissions 2021-01-21 23:28:32 +05:30
PD-Team a98c2c6bb1 moving files 2021-01-21 23:11:15 +05:30
PD-Team de09cbbd43 updating template 2021-01-21 20:17:20 +05:30
PD-Team 1a14ff8c44 syntax update 2021-01-19 12:33:48 +05:30
parrot 58ebf59035 Added ThinkPHP templates and signature. 2021-01-19 01:16:59 -03:00
PD-Team dc24595935 BaseURL updates 2021-01-14 20:11:56 +05:30
Khaled Mohamed 5c2eabbebc
Create openam-ldap-injection.yaml
reference: https://blog.cybercastle.io/ldap-injection-in-openam/

The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email.
2021-01-13 23:36:19 +02:00
team-projectdiscovery 106da77fc3 Preparing for request clustering 2021-01-13 13:01:46 +05:30
team-projectdiscovery b5159893d0 removing duplicate template 2021-01-13 12:40:31 +05:30
team-projectdiscovery 0b4c49e485 misc 2021-01-11 13:24:57 +05:30
team-projectdiscovery c62dfd2b53 adding few from masters 2021-01-11 12:28:56 +05:30
team-projectdiscovery 1468d8a52c matcher updates 2021-01-11 12:14:22 +05:30
team-projectdiscovery b5dd30abf5 fixes 2021-01-11 04:09:54 +05:30
team-projectdiscovery b80ca7732d linting errors 2021-01-11 03:31:24 +05:30
team-projectdiscovery a52ffe5c4e fixes and updates 2021-01-10 19:45:36 +05:30
team-projectdiscovery a90d047991 Massive template checks addition 🎉 🎉 2021-01-10 18:41:25 +05:30
team-projectdiscovery 187e4a5feb moving more files around 2021-01-09 18:32:04 +05:30
team-projectdiscovery 95d784d9b7 moving folder/files around 2021-01-08 22:25:54 +05:30
team-projectdiscovery 9a1c93c1c0 Update thinkific-redirect.yaml 2020-12-29 11:30:30 +05:30
Gal Nagli c5838760fe
Create thinkific-redirect.yaml 2020-12-29 00:51:40 +02:00
team-projectdiscovery fb3b2551df Removing as this is same as cve-2020-11738 2020-12-23 19:31:29 +05:30
team-projectdiscovery 441c1d2c40 updated rails6-xss 2020-12-23 14:54:03 +05:30
PD-Team 280ad158a5
Merge pull request #682 from PR3R00T/patch-6
Linux appliance version of vmware-vcenter-lfi.yaml
2020-12-15 01:14:33 +05:30
team-projectdiscovery 6690a49299 Update vmware-vcenter-lfi-linux.yaml 2020-12-15 01:14:06 +05:30
team-projectdiscovery 961977a1d4 Update easy-wp-smtp-listing.yaml 2020-12-14 19:04:51 +05:30
PR3R00T 9d6d6bbd70
Linux appliance version of vmware-vcenter-lfi.yaml
Looking into the references in vmware-vcenter-lfi.yaml, Twitter comments also mentioned it affecting the Linux appliance version (VMWare PSC). 
I created this template and tested it on vulnerable PSCs.
2020-12-13 20:30:05 +00:00
PR3R00T 76e8315c3f
Create easy-wp-smtp-listing.yaml 2020-12-13 20:05:21 +00:00
team-projectdiscovery d0df82d928 Adding content type checks for XSS templates 2020-12-14 00:54:23 +05:30
Dwi Siswanto 0d103fe950 ✏️ Update description 2020-12-09 15:53:20 +07:00
Dwi Siswanto 711053cfa5 🔥 Add McAfee ePO RCE vulnerability 2020-12-09 15:33:35 +07:00
bauthard 9d51cec01e Reference update 2020-11-23 23:56:36 +05:30
bauthard beb578cdf0 Marker updates to payloads
Adding § marker to variable names to avoid any confusion with real data and variable name, supported from nuclei v2.2.0
2020-11-21 12:25:49 +05:30
Geeknik Labs bc398cf3e3
Update open-redirect.yaml
Add `langTo` parameter.
2020-11-16 17:02:48 +00:00
Geeknik Labs a2243cbf30
Update open-redirect.yaml
Add missing host to `RequestURI`. 👍🏻
2020-11-16 16:52:13 +00:00
bauthard 4f746684c8 Encoding updates 2020-11-10 19:43:51 +05:30
bauthard 377a7df758 Adding NUUO NVRmini2 3.0.8 - Remote Code Execution 2020-11-09 16:09:50 +05:30
bauthard e55d12c8de
Merge pull request #587 from dwisiswant0/add-vuln/wordpress-wpcourses-info-disclosure
Add wordpress-wpcourses-info-disclosure
2020-10-23 02:16:07 +05:30
bauthard c11b53eedb Update sassy-social-share.yaml 2020-10-23 02:08:55 +05:30
Dwi Siswanto 4e09270571 🔥 Add wordpress-wpcourses-info-disclosure 2020-10-20 23:46:12 +07:00
Robbie 6a1ade3566
Create sassy-social-share.yaml 2020-10-20 16:28:01 +01:00
bauthard ec50c8519e
Merge pull request #574 from dwisiswant0/add/vpms-auth-bypass
Add Vehicle Parking Management System 1.0 - Authentication Bypass
2020-10-16 13:23:21 +05:30
Dwi Siswanto 5885f7b7cc 🔥 Add VPMS Auth Bypass 2020-10-16 02:42:37 +07:00
Dwi Siswanto 8903773275 📝 Add more regex patterns 2020-10-16 02:32:52 +07:00
Dwi Siswanto c098675c01 🔥 Add ZMS Auth Bypass 2020-10-16 02:30:42 +07:00
Dwi Siswanto f899b78fa8 🔥 Add rConfig RCE 2020-10-16 00:26:11 +07:00
bauthard 29ec4777e2 Update vmware-vcenter-lfi.yaml 2020-10-13 21:34:12 +05:30
bauthard aa83f5e443 Update vmware-vcenter-lfi.yaml 2020-10-13 21:32:26 +05:30
Dwi Siswanto 7b662fbaee 🔨 Update regex pattern 2020-10-13 22:51:29 +07:00
Dwi Siswanto ac8c5c98b4 🔨 Using paths as payloads 2020-10-13 21:55:29 +07:00
Dwi Siswanto e0afe64ec1 📝 Remove additional matchers based on docs.vmware.com 2020-10-13 21:34:08 +07:00
Dwi Siswanto e238af244b 🔥 Add VMware vCenter Unauthenticated Arbitrary File Read 2020-10-13 21:24:30 +07:00
bauthard 1a01b49bd5 Removed host-header-injection
Removing as this template look for reflection and not HTTP interaction, that is also not possible to detect for now.
2020-10-12 21:19:32 +05:30
bauthard 901f8d4483
Rename Symantec-Messaging-Gateway.yaml to symantec-messaging-gateway.yaml 2020-10-08 16:01:14 +05:30
bauthard 072adb6681 template update 2020-10-08 03:49:59 +05:30