Commit Graph

2745 Commits (1fe0d4c9d712e80bc98764640a2d4a9bb444b78a)

Author SHA1 Message Date
pwnhxl 453841f7d6 ssrf 2023-03-05 16:33:31 +08:00
sullo 2be3e16516 Change to CVSSv3.1 2023-03-03 11:50:58 -05:00
sullo 2a7b69bab3 Match severity with CVSS 2023-03-03 10:27:54 -05:00
Dhiyaneshwaran 73bdedf50a
Merge pull request #6815 from JorianWoltjer/main
Reduce false-positives in Open Redirect regexes
2023-03-03 17:19:14 +05:30
MostInterestingBotInTheWorld 9a8397c2f3
Merge branch 'projectdiscovery:main' into dashboard 2023-03-02 16:08:27 -05:00
sullo f42443a761 Add missing cves
Cleanup a poor quality template
Rename/relocate ruijie from password leak to RCE
2023-03-02 16:07:26 -05:00
Prince Chaddha 8b43d840f8
misc 2023-03-03 00:36:32 +05:30
Dhiyaneshwaran 367a2434b3
Fix FP 2023-03-03 00:33:52 +05:30
Jorian Woltjer 06e9e06961 Add open-directed improvement to more templates 2023-03-01 19:22:21 +01:00
Jorian Woltjer 71fd3bf973 Reduce false-positives in open-redirect regexes 2023-03-01 09:39:14 +01:00
GitHub Action 4a363a8511 Auto Generated CVE annotations [Sun Feb 26 13:23:33 UTC 2023] 🤖 2023-02-26 13:23:33 +00:00
pussycat0x b95666fb6c
filename -update 2023-02-24 11:15:54 +05:30
pussycat0x 9b4f78e67b
reference &metadata -update 2023-02-22 22:57:33 +05:30
Prince Chaddha 7c512ee0aa
Merge pull request #6641 from nodauf/patch-1
Add new payload for CORS
2023-02-21 13:32:35 +05:30
GitHub Action 75055f7ceb Auto Generated CVE annotations [Mon Feb 20 18:22:21 UTC 2023] 🤖 2023-02-20 18:22:21 +00:00
Ritik Chaddha 8a1b8d516c
Merge pull request #6752 from projectdiscovery/nextjs-redirect
Create nextjs-redirect.yaml
2023-02-20 23:35:51 +05:30
Ritik Chaddha 1b9a33bf17
Merge pull request #6759 from MariamTariq404/main
seatreg-open-redirect.yaml
2023-02-20 23:04:46 +05:30
Ritik Chaddha f1479b1441
updated name,matchers 2023-02-20 22:50:25 +05:30
Dhiyaneshwaran 5d3d1b4c6d
moving around directory 2023-02-20 15:49:16 +05:30
Rahul Maini 3e6198f6fa
Fixing metersphere-plugin-rce template (#6758)
* Fixing metersphere-plugin-rce template

* Update metersphere-plugin-rce.yaml

* Fixed the filename in Content-Disposition header

---------

Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
2023-02-19 17:53:06 +05:30
arliya 3327727379 add templates: thinkphp6_arbitrary_write 2023-02-17 07:25:24 -05:00
Dhiyaneshwaran b56027ff24
Create nextjs-redirect.yaml 2023-02-16 16:26:36 +05:30
Dhiyaneshwaran 708c42181e
Merge pull request #6676 from galoget/main
Added template for Ruijie Password Hashes Leakage
2023-02-15 14:04:11 +05:30
Ritik Chaddha 749480c23c
Delete ruijie-password-hashes-leak.yaml 2023-02-14 19:47:22 +05:30
Ritik Chaddha fa5f1f5d8d
template update 2023-02-14 19:46:56 +05:30
Thibault Soubiran 8d26b3fea5 Improve Keycloak templates 2023-02-10 22:01:43 +01:00
brightio 8321b40726
Fix a typo in hashicorp-consul-rce.yaml 2023-02-10 11:24:24 +01:00
Dhiyaneshwaran c661f7c531
fix-false-positive-can-xss 2023-02-10 00:28:16 +05:30
Dhiyaneshwaran e812da36fb
Merge pull request #6677 from imhunterand/patch-2
Update open-redirect.yaml
2023-02-07 10:22:19 +05:30
Dhiyaneshwaran b8e613ff03
change from google.com -> evil.com 2023-02-07 10:19:11 +05:30
Ritik Chaddha fee8ede5fa
Merge branch 'main' into dashboard 2023-02-07 02:04:58 +05:30
Ritik Chaddha 818b243e3e
updated metadata 2023-02-07 01:48:48 +05:30
ANDRI d19938ba8a
Update open-redirect.yaml 2023-02-05 20:49:10 +07:00
galoget 7e99d7e03b Added template for Ruijie Password Hashes Leakage, Fix trailing spaces 2023-02-05 07:08:15 -05:00
galoget a2c360113f Added template for Ruijie Password Hashes Leakage 2023-02-05 06:58:07 -05:00
Dhiyaneshwaran 59077b2ddc
Create avaya-aura-xss.yaml 2023-02-03 23:56:05 +05:30
Dhiyaneshwaran 3d7732e3b8
Update avaya-aura-rce.yaml 2023-02-03 23:45:34 +05:30
Dhiyaneshwaran 2b234ce699
Create avaya-aura-rce.yaml 2023-02-03 23:44:11 +05:30
sullo 29ad9bc9e9 Syntax fixes 2023-02-02 16:51:33 -05:00
nodauf 6a50f45f96
Add new payload for CORS 2023-01-30 15:21:39 +01:00
MostInterestingBotInTheWorld a852c35c15 Enhancement: vulnerabilities/generic/generic-j2ee-lfi.yaml by mp 2023-01-29 14:29:20 -05:00
MostInterestingBotInTheWorld e9b37518bb Enhancement: vulnerabilities/generic/generic-j2ee-lfi.yaml by mp 2023-01-29 14:24:06 -05:00
sullo d199a8c18b
Merge branch 'main' into dashboard 2023-01-27 07:31:06 -08:00
sullo 7521dda0f6 Severities and relocations 2023-01-27 09:57:27 -05:00
pussycat0x af71446887
Merge pull request #6597 from tess-ss/patch-113
Create vmware-cloud-reflected-xss.yaml
2023-01-25 18:55:26 +05:30
Dhiyaneshwaran 521c875436
added-meta-data 2023-01-25 16:15:20 +05:30
MostInterestingBotInTheWorld 693e1e3daa
Dashboard Content Enhancements (#6613)
Dashboard Content Enhancements
2023-01-24 08:21:18 -08:00
sullo d51bacf769
Merge branch 'main' into dashboard 2023-01-24 08:15:56 -08:00
Dhiyaneshwaran 8a581f5790
changed dork -> query 2023-01-24 15:32:50 +05:30
Prince Chaddha 2f3e0a3112
fixed trailing spaces 2023-01-24 13:01:15 +05:30
sullo e9e29939f7 Fixing: severity mismatches, trailing spaces, other cleanups 2023-01-23 22:06:12 -08:00
GitHub Action 8fd50b3632 Auto Generated CVE annotations [Mon Jan 23 22:30:31 UTC 2023] 🤖 2023-01-23 22:30:31 +00:00
MostInterestingBotInTheWorld 0d6fbd237f
Dashboard Content Enhancements (#6598)
Dashboard Content Enhancements
2023-01-23 14:14:23 -08:00
sullo ea6cbbf438
Merge branch 'main' into dashboard 2023-01-23 15:20:38 -05:00
sullo 8a3eeea516 Fixing spelling, -dorks, and some severity mismatches 2023-01-23 15:11:25 -05:00
Arman 7d98d173ad
Create vmware-cloud-reflected-xss.yaml 2023-01-23 13:39:37 -05:00
GitHub Action 5addb51f6d Auto Generated CVE annotations [Mon Jan 23 10:36:01 UTC 2023] 🤖 2023-01-23 10:36:01 +00:00
Dhiyaneshwaran 2ccee035fb
Merge pull request #6586 from cryptoconman/patch-122
Create slims-xss.yaml
2023-01-23 15:57:03 +05:30
Ritik Chaddha 398bb21665
Merge pull request #6585 from cryptoconman/patch-121
Create alms-xss
2023-01-23 15:28:30 +05:30
Ritik Chaddha 095df8edcc
updated matchers 2023-01-23 15:24:33 +05:30
Ritik Chaddha f60dcf0f19
added text/html header 2023-01-23 15:17:20 +05:30
Dhiyaneshwaran 68861082fc
Merge pull request #6587 from cryptoconman/patch-123
Create tikiwiki-xss.yaml
2023-01-23 15:04:02 +05:30
GitHub Action f7da6d8b33 Auto Generated CVE annotations [Mon Jan 23 07:48:36 UTC 2023] 🤖 2023-01-23 07:48:36 +00:00
Ritik Chaddha 9aa77a4e09
updated matchers 2023-01-23 13:08:09 +05:30
Dhiyaneshwaran 243b12571c
matcher-update
added additional data to keep the template uniform
2023-01-23 10:57:54 +05:30
Dhiyaneshwaran 74b188e8e0
added-stop-first-match 2023-01-23 10:21:13 +05:30
Dhiyaneshwaran e39f508e51
fix-matcher 2023-01-23 10:20:26 +05:30
Dhiyaneshwaran ed200ecad8
fixed-formatting 2023-01-23 09:52:06 +05:30
Cryptoc0nman e0c253202e
Create sound4-disclosure.yaml 2023-01-23 01:54:11 +05:30
Cryptoc0nman 86c69575b3
Create tikiwiki-xss.yaml 2023-01-23 00:58:22 +05:30
Cryptoc0nman 7480a83529
Create slims-xss.yaml 2023-01-23 00:30:48 +05:30
Cryptoc0nman ea6e61448d
Create alms-xss 2023-01-23 00:02:57 +05:30
Prince Chaddha a071c03a22 Merge branch 'patch-360' of https://github.com/pikpikcu/nuclei-templates 2023-01-20 18:47:21 +05:30
Ritik Chaddha c10f665af5
updated id, name, path and description 2023-01-18 12:48:27 +05:30
MostInterestingBotInTheWorld 643700ca28
Dashboard Content Enhancements (#6526)
Dashboard Content Enhancements
2023-01-16 12:41:15 -05:00
PikPikcU 63b54672b0
Update and rename vulnerabilities/thinkphp/thinkphp6-lang-lfi.yaml to cves/2022/CVE-2022-47945.yaml 2023-01-16 00:19:02 +07:00
GitHub Action c3bc305f3f Auto Generated CVE annotations [Sun Jan 15 06:48:30 UTC 2023] 🤖 2023-01-15 06:48:30 +00:00
Ritik Chaddha 4f22547b0f
Merge pull request #6511 from projectdiscovery/elastic-log4j-fix-fp
Update elasticsearch5-log4j-rce.yaml
2023-01-15 11:58:55 +05:30
Dhiyaneshwaran 8f99b72676
Update apache-solr-log4j-rce.yaml 2023-01-11 12:04:21 +05:30
Dhiyaneshwaran 60ecd5c167
Update elasticsearch5-log4j-rce.yaml 2023-01-11 11:53:35 +05:30
Ritik Chaddha 6a0fc2e6c8
Merge pull request #6421 from projectdiscovery/sni-addition
Sni Addition
2023-01-10 17:25:52 +05:30
Emre Kara 09504ab427
Wrong part name (#6482)
Part name should be "header" instead "location"
2023-01-08 00:30:41 +05:30
MostInterestingBotInTheWorld a89d7e99ba
Dashboard Content Enhancements (#6469)
Dashboard Content Enhancements
2023-01-05 09:57:06 -05:00
GitHub Action 997d941552 Auto Generated CVE annotations [Thu Jan 5 11:21:19 UTC 2023] 🤖 2023-01-05 11:21:19 +00:00
Dhiyaneshwaran 8d0acc447a
Update digital-ocean-ssrf.yaml 2022-12-23 23:27:17 +05:30
Dhiyaneshwaran a9d8abe0ec
Update amazon-ec2-ssrf.yaml 2022-12-23 23:26:07 +05:30
Dhiyaneshwaran ed26f07765
minor-update 2022-12-23 15:00:52 +05:30
Ritik Chaddha b0ca4271d7
Create thinkphp6-lang-lfi.yaml 2022-12-23 12:55:38 +05:30
Ritik Chaddha 4f99d40e0e
Merge pull request #6393 from projectdiscovery/digital-ocean-ssrf
Create digital-ocean-ssrf.yaml
2022-12-22 11:15:54 +05:30
Ritik Chaddha 2ed7357a2a
Merge pull request #6385 from projectdiscovery/amazon-ec2-ssrf
Create amazon-ec2-ssrf.yaml (IWCON)
2022-12-22 11:09:23 +05:30
Ritik Chaddha 916d86ecb5
Update digital-ocean-ssrf.yaml 2022-12-22 11:06:01 +05:30
Ritik Chaddha cacf0ef565
Update amazon-ec2-ssrf.yaml 2022-12-22 11:03:37 +05:30
Dhiyaneshwaran ab7f19491b
Create digital-ocean-ssrf.yaml 2022-12-20 10:51:20 +05:30
Dhiyaneshwaran dece342c21
Update amazon-ec2-ssrf.yaml 2022-12-18 22:23:05 +05:30
Dhiyaneshwaran 6b45d0be7a
Create amazon-ec2-ssrf.yaml 2022-12-18 19:53:30 +05:30
Prince Chaddha 1b4413709e
updated-tag 2022-12-16 23:18:35 +05:30
Ritik Chaddha d668920669
Update unauth-lfd-zhttpd.yaml 2022-12-16 08:41:31 +05:30
Dhiyaneshwaran 87d7bde9df
Update unauth-lfd-zhttpd.yaml 2022-12-16 00:42:12 +05:30
Dhiyaneshwaran 13f9a338d3
minor-update-fix-fp 2022-12-16 00:31:01 +05:30
EvergreenCartoons 33afc71bb2
fucking yamllint doing me over 2022-12-15 13:40:38 +00:00
EvergreenCartoons ee562e420d
Create zyxel-exportlog-lfd.yaml 2022-12-15 13:32:26 +00:00
MostInterestingBotInTheWorld 03c2ef2391
Dashboard Content Enhancements (#6358)
Dashboard Content Enhancements
2022-12-13 15:36:48 -05:00
Dhiyaneshwaran 4cfacf2028
Merge pull request #6337 from pect0ral/master
Added Profile header for additional WAP coverage on CJServer hosts
2022-12-12 23:16:01 +05:30
Dhiyaneshwaran 74eba669f3
Update qibocms-file-download.yaml 2022-12-12 22:48:05 +05:30
Ritik Chaddha 27a5c1b9c1
Update qibocms-file-download.yaml 2022-12-12 22:42:18 +05:30
Ritik Chaddha e5398d06d1
Update qibocms-file-download.yaml 2022-12-12 22:40:15 +05:30
Abhinav Gaur 221b253406
Create qibocms-file-download.yaml 2022-12-12 21:06:09 +05:30
M4rtin Hsu 1574d7d589
VMware NSX Manager XStream Pre-authenticated RCE (#6295)
* Added CVE-2022-37042 Template

* misc updates

* Added vmware-nsx-stream-rce Template

* Update vmware-nsx-stream-rce.yaml

* misc update

* added fofa query

* Update and rename vulnerabilities/vmware/vmware-nsx-stream-rce.yaml to cves/2021/CVE-2021-39144.yaml

* Update CVE-2021-39144.yaml

* Update CVE-2021-39144.yaml

* Update and rename cves/2021/CVE-2021-39144.yaml to vulnerabilities/vmware/vmware-nsx-stream-rce.yaml

* Update vmware-nsx-stream-rce.yaml

* Update vmware-nsx-stream-rce.yaml

* format update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-12-11 15:49:35 +05:30
Mike Piekarski 2e9ba680a7 Added Profile header for additional WAP coverage on CJServer hosts 2022-12-10 17:42:58 -05:00
Sandeep Singh ec5168def8
fix: redirect template update (#6329) 2022-12-10 20:12:59 +05:30
Ritik Chaddha e1965b05b2
Merge pull request #6258 from SleepingBag945/new-template-nps-auth-bypass
Added nps-auth-bypass
2022-12-09 14:35:35 +05:30
Ritik Chaddha 4de98de0c2
Update nps-auth-bypass.yaml 2022-12-09 14:33:49 +05:30
Joshua Rogers 5b7b5aa86c
Update grafana-file-read.yaml
Add CVE to metadata.
2022-12-08 22:38:53 +01:00
Ritik Chaddha f29e0c8c4b
Merge pull request #6201 from pdelteil/patch-117
Update apache-solr-file-read.yaml
2022-12-08 14:53:37 +05:30
Ritik Chaddha c5d280b359
Update apache-solr-file-read.yaml 2022-12-08 14:42:36 +05:30
Ritik Chaddha 457974c2de
Update grafana-file-read.yaml 2022-12-08 13:42:47 +05:30
Ritik Chaddha eb36eedb10
Update grafana-file-read.yaml 2022-12-08 11:13:26 +05:30
Joshua Rogers d38ddd1804 Add space and remove tag from non-loading Grafana template 2022-12-08 11:40:13 +11:00
Dhiyaneshwaran e2429ca6a4
Merge pull request #6256 from c3l3si4n/master
added Reflected XSS for ZendFramework1
2022-12-07 23:02:48 +05:30
Ritik Chaddha a033b96ceb
Update zend-v1-xss.yaml 2022-12-07 19:22:26 +05:30
Ritik Chaddha f417ca8a2b
Update zend-v1-xss.yaml 2022-12-07 18:23:56 +05:30
GitHub Action 972bafe93e Auto Generated CVE annotations [Wed Dec 7 09:42:26 UTC 2022] 🤖 2022-12-07 09:42:26 +00:00
Sandeep Singh b48c05dc27
Added Template Checksum generator (#6283)
* Added Template Checksum generator

* fixed lint errors
2022-12-07 14:54:33 +05:30
Dhiyaneshwaran 4500d5e374
Rename wp-related-post-xss to wp-related-post-xss.yaml 2022-12-07 14:41:03 +05:30
Dhiyaneshwaran 948f05204c
Update nps-auth-bypass.yaml 2022-12-07 10:55:13 +05:30
Dhiyaneshwaran 9cfebe489b
Update nps-auth-bypass.yaml 2022-12-07 10:49:50 +05:30
Ritik Chaddha b04feae9ca
Update zend-v1-xss.yaml 2022-12-06 14:31:05 +05:30
SleepingBag945 af11412622 Added nps-auth-bypass 2022-12-06 16:52:23 +08:00
Celesian 84a48a61ad added XSS for ZendFramework1 2022-12-06 05:13:46 -03:00
Prince Chaddha 61d8f37cca
Update open-redirect.yaml 2022-12-02 13:03:13 +05:30
Dhiyaneshwaran 11b94a1f5a
Update apache-solr-file-read.yaml 2022-12-02 09:32:17 +05:30
Dhiyaneshwaran fd270d85f6
Update apache-solr-file-read.yaml 2022-12-02 09:31:15 +05:30
Dhiyaneshwaran c8b5033ccc
Update apache-solr-file-read.yaml 2022-12-02 09:21:51 +05:30
Dhiyaneshwaran 0384b0d51d
Update apache-solr-file-read.yaml 2022-12-02 09:13:23 +05:30
Dhiyaneshwaran a37abb4401
Update apache-solr-file-read.yaml 2022-12-02 09:12:05 +05:30
Philippe Delteil 843264155b
Update apache-solr-file-read.yaml
1. The added GET request triggers a file local read on Windows OS. 
2. Matcher added to the Response trigger by 1. 
3. Matcher for other cases (Errors, ie. not found path)
2022-12-01 18:51:21 -05:00
Dhiyaneshwaran a7dfed84ef
Merge pull request #6159 from arafatansari/patch-112
Create wp-related-post-xss
2022-12-01 12:53:45 +05:30
Ritik Chaddha 46dcb9ee92
Update wp-related-post-xss 2022-11-29 19:09:35 +05:30
Dhiyaneshwaran e5a63cf26a
Merge pull request #6174 from pdelteil/patch-111
Rename tikiwiki-json-rpc.yaml to kiwitcms-json-rpc.yaml
2022-11-29 11:32:03 +05:30
Dhiyaneshwaran 0cc2b7b562
Merge pull request #6173 from pdelteil/patch-110
Update nuuo-nvrmini2-rce.yaml
2022-11-29 11:28:26 +05:30
Dhiyaneshwaran 8dfea46220
Merge pull request #6176 from pdelteil/patch-113
Rename vulnerabilities/other/devalcms-xss.yaml to cves/2008/CVE-2008-…
2022-11-29 11:25:35 +05:30
Dhiyaneshwaran 516f3fc0c0
Merge pull request #6172 from pdelteil/patch-109
Rename icewarp-openredirects.yaml to icewarp-open-redirect.yaml
2022-11-29 11:16:40 +05:30
Philippe Delteil 688b56b5df
Rename vulnerabilities/other/devalcms-xss.yaml to cves/2008/CVE-2008-6982.yaml 2022-11-29 00:38:16 -05:00
Philippe Delteil 8b4e280c02
Rename tikiwiki-json-rpc.yaml to kiwitcms-json-rpc.yaml
- Incorrect file name (tikiwiki vs Kiwi TCMS). 
- Matching filename + id.
2022-11-29 00:28:22 -05:00
Philippe Delteil 9c2c3d964b
Update nuuo-nvrmini2-rce.yaml
filename + id matching
2022-11-29 00:24:14 -05:00
Philippe Delteil 3458bcabd9
Rename icewarp-openredirects.yaml to icewarp-open-redirect.yaml
id + filename matching
2022-11-29 00:22:34 -05:00
Philippe Delteil 5bdb492bac
Update comtrend-password-exposure.yaml
Corrected typo -> match id with filename.
2022-11-29 00:16:28 -05:00
GitHub Action 9f60094d84 Auto Generated CVE annotations [Mon Nov 28 08:04:24 UTC 2022] 🤖 2022-11-28 08:04:24 +00:00
Arafat Ansari e93a5a87f6
Create wp-related-post-xss 2022-11-27 12:41:16 +05:30
Prince Chaddha 335f78adc0
Merge pull request #6137 from projectdiscovery/wptouch-xss
Create wptouch-xss.yaml
2022-11-26 22:16:14 +05:30