sandeep
afcbe4cfe4
minor updates
2021-07-04 01:22:08 +05:30
sandeep
a5f8175017
Update unauthorized-plastic-scm.yaml
2021-07-03 16:39:59 +05:30
sandeep
5d7388f0ae
Added Unauthorized Access to Plastic Admin Console
2021-07-03 16:37:11 +05:30
Dhiyaneshwaran
31a10ebfb7
Update jetty-showcontexts-enable.yaml
2021-07-02 20:50:15 +05:30
sandeep
5b91ef07a6
Update unauthenticated-glances.yaml
2021-07-02 17:15:32 +05:30
sandeep
db61d85e75
minor updates
2021-07-02 17:14:03 +05:30
Dhiyaneshwaran
5f779266bc
Create jetty-showcontexts-enable.yaml
2021-07-02 08:16:57 +05:30
Dhiyaneshwaran
39eb91a582
Update aem-crx-bypass.yaml
2021-07-01 22:23:08 +05:30
Petko D. Petkov
7c39ab8c79
Check if json.
2021-06-30 12:03:47 +00:00
sandeep
e8ffd4ea06
Update aem-crx-bypass.yaml
2021-06-28 20:45:41 +05:30
sandeep
eaa5d7600f
Added more strict matchers
2021-06-28 20:44:24 +05:30
Dhiyaneshwaran
e53b262283
Update aem-crx-bypass.yaml
2021-06-28 20:23:11 +05:30
Dhiyaneshwaran
91b673ad17
Create aem-crx-bypass.yaml
2021-06-28 20:20:58 +05:30
sandeep
2a7d45fa1f
more strict matcher
2021-06-26 19:42:11 +05:30
Prince Chaddha
89b4fdf8ed
Merge pull request #1757 from pussycat0x/master
...
New template added
2021-06-24 02:02:42 +05:30
Prince Chaddha
5fa51dd043
Update phpmyadmin-sql.php-server.yaml
2021-06-24 01:26:51 +05:30
sandeep
134a23aeab
Some fixes (WIP)
...
- Added missing matcher condition
- Updated severity to lowercase, as it's case sensitive
2021-06-24 01:03:41 +05:30
pussycat0x
2dd0ce2664
Update phpmyadmin-sql.php-server.yaml
2021-06-23 21:37:14 +05:30
pussycat0x
5ae899a66f
Update phpmyadmin-sql.php-server.yaml
2021-06-23 21:34:13 +05:30
pussycat0x
bb251938c8
Add files via upload
2021-06-22 20:40:53 +05:30
sandeep
49f9b67827
Added reference
2021-06-20 16:39:47 +05:30
Prince Chaddha
bd4b43bbce
Merge pull request #995 from pikpikcu/patch-101
...
Create zhiyuan-oa-unauthorized
2021-06-19 12:53:24 +05:30
Prince Chaddha
5463655627
Update zhiyuan-oa-unauthorized.yaml
2021-06-19 12:52:35 +05:30
sandeep
f0b67ef56b
Few template updates
2021-06-18 15:53:49 +05:30
sandeep
6081edd83f
Added reference
2021-06-18 12:16:27 +05:30
sandeep
f9d068a105
Added ssrf-via-oauth-misconfig
2021-06-18 12:15:13 +05:30
sandeep
b1e401ff9c
Delete adobe-connect-xss.yaml
2021-06-15 15:54:19 +05:30
sandeep
891e8374b1
misc changes
2021-06-14 20:32:21 +05:30
Dhiyaneshwaran
629b655ef1
Create adobe-connect-xss.yaml
2021-06-13 23:54:48 +05:30
Dhiyaneshwaran
afec528d82
Create adobe-connect-version.yaml
2021-06-13 23:40:58 +05:30
Dhiyaneshwaran
6e727805c1
Create adobe-connect-username-exposure.yaml
2021-06-13 23:25:39 +05:30
sandeep
8d35960831
Strict matchers
2021-06-10 21:18:38 +05:30
Sandeep Singh
13090ace75
Merge pull request #1659 from WillD96/IIS-Internal-IP-Disclosure
...
Created IIS Internal IP Disclosure Template
2021-06-10 00:02:02 +05:30
r3naissance
aa9e899dd2
Added conditional word in body
...
I found this be a valid finding /actuator/env on a production host but was missing additional words to check which was causing a false negative. 'activeProfiles' allows this test to pass on the instance that I came across.
2021-06-09 11:36:54 -06:00
sandeep
3c6aa9da0c
misc updates
2021-06-09 22:15:55 +05:30
Will Davison
cd06c6137f
Fixed trailing spaces
2021-06-09 16:04:53 +01:00
Will Davison
ad8d064bf9
Fixed linting error.
2021-06-09 15:40:06 +01:00
Will Davison
6279e1fb70
Added template for IIS Internal IP Disclosure
...
By sending a HTTP 1.0 request to the root of the webserver, sometimes an internal IP address is disclosed in the Location header of the 302 response.
2021-06-09 15:30:59 +01:00
Prince Chaddha
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
Prince Chaddha
0013f94807
Merge pull request #1631 from projectdiscovery/sap_update
...
SAP NetWeaver update
2021-06-09 14:17:51 +05:30
sandeep
1851068721
Updated matcher
2021-06-08 00:33:06 +05:30
sandeep
0fe0d327b0
moving files around
2021-06-07 19:57:59 +05:30
Dhiyaneshwaran
52adac2e12
Create firebase-urls.yaml
2021-06-06 19:38:51 +05:30
Dhiyaneshwaran
158914d4db
Create artifactory-anonymous-deploy.yaml
2021-06-06 19:37:32 +05:30
Prince Chaddha
1d07ace8a5
Merge pull request #1634 from DhiyaneshGeek/master
...
Exposed jQuery File Upload
2021-06-06 17:58:25 +05:30
Prince Chaddha
6649abf131
Update exposed-jquery-file-upload.yaml
2021-06-06 17:55:05 +05:30
Sandeep Singh
fae9755374
Merge pull request #1639 from pdelteil/patch-9
...
Update shell-history.yaml
2021-06-06 13:40:47 +05:30
sandeep
0cf8ffdc57
misc changes
2021-06-06 13:39:16 +05:30
sandeep
e2eaedc6a1
misc updates
2021-06-06 13:19:01 +05:30
Philippe Delteil
652da29f9a
Update shell-history.yaml
...
There are two problems with this template, it only checks for chmod commands but most importantly doesn't check for html tags. A real history file the response doesn't include html tags at all.
So, I'm adding two rules: Check for another possible commands (from real example) and adding a negative rule to discard false positives like this one:
nuclei -debug -t /home/kali/nuclei-templates/misconfiguration/shell-history.yaml -u http://777.urbanup.com
2021-06-05 22:06:30 -04:00
Philippe Delteil
9014a4b0a2
Update aws-object-listing.yaml
...
Added extractor that retrieves the name of the s3 bucket.
Test
nuclei -t nuclei-templates/misconfiguration/aws-object-listing.yaml -u http://img.secnews.gr
[2021-06-06 01:19:10] [aws-object-listing] [http] [low] http://imgcdn.secnews.gr [img.secnews.gr]
2021-06-05 21:27:44 -04:00
Dhiyaneshwaran
0d82660f90
Create exposed-jquery-file-upload.yaml
2021-06-05 22:04:09 +05:30
sandeep
a85c1dd35a
Moving files around + duplicate remove
2021-06-05 15:57:13 +05:30
sandeep
ae8c130668
Moving files around
2021-06-05 15:55:01 +05:30
sandeep
edcc35d604
Added Private key exposure via helper detector
2021-06-04 20:46:19 +05:30
sandeep
0c436e35aa
Added airflow-debug
2021-06-03 19:39:51 +05:30
sandeep
0c4f75d3ad
Duplicate template
2021-06-03 18:44:50 +05:30
sandeep
bdc803fd4b
Added CVE-2020-13927
2021-06-03 14:23:34 +05:30
Prince Chaddha
f63cd48c79
Update alibaba-mongoshake-unauth.yaml
2021-06-02 01:16:41 +05:30
PikPikcU
9f8852572e
Create alibaba-mongoshake-unauth.yaml
2021-06-01 10:53:26 +00:00
Prince Chaddha
cf0a3f69c6
Update kubernetes-pods.yaml
2021-05-27 02:45:50 +05:30
Prince Chaddha
8d65ab7958
Update exposed-docker-api.yaml
2021-05-27 02:44:54 +05:30
Prince Chaddha
da49c78c7c
Update docker-registry.yaml
2021-05-27 02:44:33 +05:30
Prince Chaddha
0ed9fe6fa3
Update misconfigured-docker.yaml
2021-05-27 02:42:11 +05:30
Sandeep Singh
6e23c0c207
Merge pull request #1528 from projectdiscovery/DhiyaneshGeek/master
...
Dhiyanesh geek/master
2021-05-24 01:28:15 +05:30
sandeep
8a182ff0cc
misc changes
2021-05-24 01:26:48 +05:30
Dhiyaneshwaran
22812d2112
Create cx-cloud-upload-detect.yaml
2021-05-23 17:07:30 +05:30
Geeknik Labs
c83785f916
Update server-status-localhost.yaml
...
OCD
2021-05-22 13:46:31 -05:00
Dhiyaneshwaran
7499faff02
Create kubeflow-dashboard-unauth.yaml
2021-05-22 20:05:32 +05:30
Dhiyaneshwaran
4fc7bd61fe
Create pinpoint-unauth.yaml
2021-05-22 20:01:28 +05:30
TheConciergeDev
a1c283da87
Update java-melody-exposed.yaml
2021-05-21 15:42:46 +02:00
TheConciergeDev
8e5255c407
updated tags
...
The affected technology is JavaMelody - the given services in the tag help to mitigate the problem, however are not the affected technology themselves.
Ref: https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
2021-05-21 15:42:29 +02:00
Ajaysen R
842d62bb40
Create springboot-beans.yaml
2021-05-20 01:39:21 +05:30
Ajaysen R
aabf384e39
Update springboot-httptrace.yaml
...
It can be accessed via a path like /httptrace also.
2021-05-19 12:36:42 +05:30
sandeep
0f13cd506c
misc changes
2021-05-16 21:04:58 +05:30
Dhiyaneshwaran
b01fc7c9d7
Create tensorflow-unauth.yaml
2021-05-16 18:34:43 +05:30
sandeep
5488370527
Handling edge cases
2021-05-16 15:19:19 +05:30
Sandeep Singh
ffe61049e7
Merge pull request #1465 from geeknik/patch-92
...
Create apache-filename-brute-force.yaml
2021-05-14 21:24:21 +05:30
sandeep
3203754361
Workflow and tags update
2021-05-14 19:37:13 +05:30
sandeep
450254cd3d
Adding "max-size" to avoid timeout error due to response size
2021-05-14 19:22:08 +05:30
sandeep
92c742a890
severity updates
2021-05-14 18:55:06 +05:30
Geeknik Labs
f5771466c1
Update apache-filename-brute-force.yaml
2021-05-12 20:31:52 +00:00
Geeknik Labs
00af677408
Create apache-filename-brute-force.yaml
2021-05-12 20:30:15 +00:00
Sandeep Singh
27ed8be9dd
Merge pull request #1444 from DhiyaneshGeek/master
...
PHP Debug bar,SAP Directory Listing,Unauthenticated Netdata,Zippkin Unauth
2021-05-11 23:07:35 +05:30
sandeep
915501175a
file updates
2021-05-11 21:14:40 +05:30
sandeep
5b102e02ef
Improved matcher
2021-05-11 21:12:10 +05:30
sandeep
a854fec546
Improved matcher
2021-05-11 21:09:56 +05:30
sandeep
f495d36958
minor update
2021-05-09 20:36:52 +05:30
sandeep
252e4dc2fa
Adding cloudflare-image-ssrf
2021-05-09 20:26:24 +05:30
Dhiyaneshwaran
a53286b201
Create zippkin-unauth.yaml
2021-05-09 12:47:14 +05:30
Dhiyaneshwaran
8093e13f63
Create sap-directory-listing.yaml
2021-05-09 12:20:03 +05:30
Dhiyaneshwaran
ab93cda4ae
Create unauth-netdata.yaml
2021-05-09 11:47:58 +05:30
sandeep
c062651789
minor update
2021-05-07 14:41:52 +05:30
Dhiyaneshwaran
103df33af8
Create exposed-kafdrop.yaml
2021-05-06 00:23:22 +05:30
sandeep
b10918510c
Adding strict matcher
2021-05-05 17:39:31 +05:30
Sandeep Singh
500ce9544b
Merge pull request #1411 from geeknik/patch-82
...
Create nginx-vhost-traffic-status.yaml
2021-05-05 14:29:26 +05:30
sandeep
e0c99aea6a
misc changes
2021-05-05 14:28:46 +05:30
sandeep
399fc675a6
improved matcher
2021-05-04 16:32:53 +05:30
Noam Rathaus
20a67faa4a
Description
2021-05-02 09:13:37 +03:00
sandeep
c5f24e5692
misc updates
2021-04-28 15:50:24 +05:30