daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,577 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

904 Commits (210a2d71467292795914f8e333ca00e617869e52)

Author SHA1 Message Date
Philippe Delteil 1f6a6a8764
Update jenkins-stack-trace.yaml 
file name  =  template id.
 2021-07-29 02:50:35 -04:00
Prince Chaddha 6d205308ea
Merge pull request #2239 from pikpikcu/patch-236 
Add Bitrix Open redirect
 2021-07-29 00:16:19 +05:30
Prince Chaddha 49efd9fa07
Update bitrix-open-redirect.yaml 2021-07-29 00:13:15 +05:30
Philippe Delteil 4b7080333a
Rename unauthenticated-jenkin-dashboard.yaml to unaunthenticated-jenkin.yaml 
id - name file consistency
 2021-07-28 01:17:18 -04:00
PikPikcU 783550d003
Update bitrix-open-redirect.yaml 2021-07-28 08:38:48 +07:00
PikPikcU 72fcdc20bf
Create bitrix-open-redirect.yaml 2021-07-28 08:37:25 +07:00
Prince Chaddha 9f28ff8f9b
Update qcubed-xss.yaml 2021-07-27 11:57:30 +05:30
PikPikcU a2fc63b7ac
Create qcubed-xss.yaml 2021-07-27 13:06:30 +07:00
Prince Chaddha 833ae4ae48
Merge pull request #1083 from pikpikcu/patch-123 
Create dedecms-membergroup-sqli
 2021-07-26 18:02:27 +05:30
Prince Chaddha 86989129d1
Update netgear-wnap320-rce.yaml 2021-07-26 13:38:38 +05:30
GwanYeong Kim c72190c4bf Create netgear-wnap320-rce.yaml 
vulnerabilities in the web-based management interface of Netgear WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-26 08:35:22 +09:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
Prince Chaddha 2c0aa783c4
Merge pull request #2148 from gy741/rule-add-v34 
Add KevinLAB BEMS 1.0 Multiple Vulnerabilities
 2021-07-24 15:37:48 +05:30
Prince Chaddha bf7c0d3a63
Merge pull request #2122 from gy741/rule-add-v33 
Create magicflow-lfi.yaml
 2021-07-24 12:13:59 +05:30
Prince Chaddha ac45802ef5
Update kevinlab-bems-sqli.yaml 2021-07-24 12:10:46 +05:30
Prince Chaddha 2631f55550
Update kevinlab-bems-backdoor.yaml 2021-07-24 12:07:27 +05:30
Prince Chaddha 9a46592f71
Update kevinlab-bems-sqli.yaml 2021-07-24 11:59:35 +05:30
Prince Chaddha 87b4c2e98b
Update kevinlab-bems-sqli.yaml 2021-07-24 11:47:05 +05:30
Sandeep Singh 4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master 
17 New Templates Added
 2021-07-24 03:26:09 +05:30
sandeep 9617bc5815 matcher update 2021-07-24 03:25:22 +05:30
sandeep 47ea40bc55 Update kevinlab-bems-backdoor.yaml 2021-07-24 03:17:53 +05:30
Sandeep Singh b346584002
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-24 00:25:13 +05:30
Sandeep Singh 1909e3f628
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-24 00:24:37 +05:30
Sandeep Singh 59f90ffffa
Merge pull request #2150 from pussycat0x/master 
New templates added
 2021-07-24 00:09:43 +05:30
sandeep 79e15e7123 Update wordpress-wpcourses-info-disclosure.yaml 2021-07-24 00:07:50 +05:30
sandeep 43dccef185 generic improvements 2021-07-24 00:06:13 +05:30
sandeep 97aa239d52 Merge branch 'master' of https://github.com/pussycat0x/nuclei-templates into pr/2037 2021-07-24 00:00:55 +05:30
sandeep 3960d1f295 strict matchers 2021-07-23 23:59:54 +05:30
Sandeep Singh 38c2b6d4a9
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:49:58 +05:30
Sandeep Singh bdfee95603
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:49:33 +05:30
Sandeep Singh 6ebd1a36e0
Update vulnerabilities/wordpress/wp-email-subscribers-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:49:28 +05:30
Sandeep Singh edc62d15a4
Update vulnerabilities/wordpress/wp-email-subscribers-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:49:20 +05:30
Sandeep Singh 5170f4962b
Update vulnerabilities/wordpress/wp-arforms-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:49:14 +05:30
Sandeep Singh 1feaaded28
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:41:26 +05:30
Sandeep Singh 750a86c500
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:41:14 +05:30
Sandeep Singh 04b71d9335
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:41:06 +05:30
Sandeep Singh b82ac4b3fc
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 23:40:56 +05:30
sandeep 28d7d26953 Update wp-sfwd-lms-listing.yaml 2021-07-23 23:39:46 +05:30
Prince Chaddha ca49fb21c7
Merge pull request #2154 from pdelteil/patch-25 
Update coldfusion-debug-xss.yaml
 2021-07-23 20:54:31 +05:30
Prince Chaddha 2dfa3d2e82
Update visual-tools-dvr-rce.yaml 2021-07-23 20:46:49 +05:30
Prince Chaddha 1dd4e3c846
Update visual-tools-dvr-rce.yaml 2021-07-23 15:15:23 +05:30
GwanYeong Kim 2c77510faa Create visual-tools-dvr-rce.yaml 
vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-23 08:47:29 +09:00
Philippe Delteil abacdafb4f
Update coldfusion-debug-xss.yaml 
The term adobe is more general than coldfusion. Since Coldfusion is a product of Adobe.
 2021-07-22 19:44:57 -04:00
pussycat0x d3ff29daaa
Update vulnerabilities/wordpress/wp-arforms-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 00:32:13 +05:30
pussycat0x 6987e1ffee
Update vulnerabilities/wordpress/wp-arforms-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 00:32:05 +05:30
pussycat0x eac08288e8
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 00:31:33 +05:30
pussycat0x 05846a34c7
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml 
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
 2021-07-23 00:31:13 +05:30
pussycat0x a81e3b53cb
Add files via upload 2021-07-22 19:42:25 +05:30
GwanYeong Kim 69db0862ee Create kevinlab-bems-backdoor.yaml 
The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-22 22:13:00 +09:00
GwanYeong Kim a4ec6a2b11 Create kevinlab-bems-sqli.yaml 
The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'input_id' POST parameter in '/http/index.php' is not properly sanitised before being returned to the user or used in SQL queries.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-07-22 21:46:18 +09:00