Commit Graph

1792 Commits (34f251f2966fbf0ebc6e40f07edcb6617967f8fc)

Author SHA1 Message Date
Prince Chaddha f0823ebe1e
Update wp-whmcs-xss.yaml 2022-02-22 13:37:05 +05:30
Prince Chaddha ca58bd4714
Update and rename wp-accessibility-helper-xss.yaml to accessibility-helper-xss.yaml 2022-02-22 13:20:05 +05:30
Prince Chaddha 4731194ac2
Update pollbot-redirect.yaml 2022-02-22 12:01:20 +05:30
Prince Chaddha 2fb5401ddb
Update pollbot-redirect.yaml 2022-02-22 11:48:32 +05:30
Prince Chaddha 0672c4dc7d
Update goip-1-lfi.yaml 2022-02-22 11:38:07 +05:30
Dhiyaneshwaran 4006546b5c
Create easy-facebook-likebox-xss.yaml 2022-02-19 17:08:31 +05:30
Dhiyaneshwaran cb4cf6a176
Create elex-woocommerce-xss.yaml 2022-02-19 17:01:47 +05:30
Dhiyaneshwaran 5241045485
Create my-chatbot-xss.yaml 2022-02-19 16:59:51 +05:30
Dhiyaneshwaran a13bb3fa4e
Create feedwordpress-xss.yaml 2022-02-19 16:48:05 +05:30
Dhiyaneshwaran 9981421aab
Create wp-accessibility-helper-xss.yaml 2022-02-19 16:43:05 +05:30
Dhiyaneshwaran 9f75abc6f6
Create wp-whmcs-xss.yaml 2022-02-19 16:38:30 +05:30
Dhiyaneshwaran 4a9922a66b
Create wp-mthemeunus-lfi.yaml 2022-02-19 16:31:43 +05:30
Evan Rubinstein 21a267d106
Updated Template 2022-02-18 10:48:34 -05:00
Evan Rubinstein a536bb5087
Added pollbot-redirect 2022-02-18 10:39:04 -05:00
GwanYeong Kim a2cec40a5d Create goip-1-lfi.yaml
Input passed thru the 'content' or 'sidebar' GET parameter in 'frame.html' or 'frame.A100.html' not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2022-02-18 21:33:17 +09:00
sandeep 6c726a373f template fixes 2022-02-18 12:05:33 +05:30
Prince Chaddha 7addac9e51
Merge pull request #3708 from evanRubinsteinIT/master
Added critical yshaadmin path traveral vulnerability
2022-02-17 01:09:57 +05:30
MostInterestingBotInTheWorld e5e0e1ebf4
Dashboard Content Enhancements (#3711)
* Enhancement: cves/2010/CVE-2010-1353.yaml by mp

* Enhancement: cves/2010/CVE-2010-1352.yaml by mp

* Enhancement: cves/2010/CVE-2010-1345.yaml by mp

* Enhancement: cves/2010/CVE-2010-1340.yaml by mp

* Enhancement: cves/2010/CVE-2010-1345.yaml by mp

* Enhancement: cves/2010/CVE-2010-1315.yaml by mp

* Enhancement: cves/2010/CVE-2010-1314.yaml by mp

* Enhancement: cves/2010/CVE-2010-1313.yaml by mp

* Enhancement: cves/2010/CVE-2010-1312.yaml by mp

* Enhancement: cves/2010/CVE-2010-1308.yaml by mp

* Enhancement: cves/2010/CVE-2010-1307.yaml by mp

* Enhancement: cves/2010/CVE-2010-1306.yaml by mp

* Enhancement: cves/2010/CVE-2010-1305.yaml by mp

* Enhancement: cves/2010/CVE-2010-1304.yaml by mp

* Enhancement: cves/2010/CVE-2010-1302.yaml by mp

* Enhancement: cves/2010/CVE-2010-1219.yaml by mp

* Enhancement: cves/2010/CVE-2010-1352.yaml by mp

* Enhancement: cves/2010/CVE-2010-1354.yaml by mp

* Enhancement: cves/2010/CVE-2010-1461.yaml by mp

* Enhancement: cves/2010/CVE-2010-1469.yaml by mp

* Enhancement: cves/2010/CVE-2010-1470.yaml by mp

* Enhancement: cves/2010/CVE-2010-1471.yaml by mp

* Enhancement: cves/2010/CVE-2010-1472.yaml by mp

* Enhancement: cves/2010/CVE-2010-1473.yaml by mp

* Enhancement: cves/2010/CVE-2010-1474.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1476.yaml by mp

* Enhancement: cves/2010/CVE-2010-1478.yaml by mp

* Enhancement: cves/2010/CVE-2010-1491.yaml by mp

* Enhancement: cves/2010/CVE-2010-1494.yaml by mp

* Enhancement: cves/2010/CVE-2010-1495.yaml by mp

* Enhancement: cves/2010/CVE-2010-1531.yaml by mp

* Enhancement: cves/2010/CVE-2010-1473.yaml by mp

* Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs

* Enhancement: cves/2016/CVE-2016-4975.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-google.yaml by cs

* Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs

* Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs

* Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs

* Enhancement: cves/2021/CVE-2021-1497.yaml by cs

* Spacing fixes and enhancement to CNVD-2019-01348.yaml

* Spacing fixes, and enhancement to CNVD-2019-01348.yaml

* Merge artifact

* Spacing

* Minor tags cleanup

* Enhancement: cves/2010/CVE-2010-1532.yaml by mp

* Enhancement: cves/2010/CVE-2010-1533.yaml by mp

* Enhancement: cves/2010/CVE-2010-1534.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: cves/2010/CVE-2010-1540.yaml by mp

* Enhancement: cves/2010/CVE-2010-1601.yaml by mp

* Enhancement: cves/2010/CVE-2010-1602.yaml by mp

* Enhancement: cves/2010/CVE-2010-1603.yaml by mp

* Enhancement: cves/2010/CVE-2010-1607.yaml by mp

* Enhancement: cves/2010/CVE-2010-1653.yaml by mp

* Enhancement: cves/2010/CVE-2010-1657.yaml by mp

* Enhancement: cves/2010/CVE-2010-1657.yaml by mp

* Enhancement: cves/2010/CVE-2010-1658.yaml by mp

* Enhancement: cves/2010/CVE-2010-1659.yaml by mp

* Enhancement: cves/2010/CVE-2010-1714.yaml by mp

* Enhancement: cves/2010/CVE-2010-1715.yaml by mp

* Enhancement: cves/2010/CVE-2010-1532.yaml by mp

* Enhancement: cves/2010/CVE-2010-1533.yaml by mp

* Enhancement: cves/2010/CVE-2010-1534.yaml by mp

* Enhancement: cves/2010/CVE-2010-1534.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: cves/2010/CVE-2010-1540.yaml by mp

* Enhancement: cves/2010/CVE-2010-1540.yaml by mp

* Enhancement: cves/2010/CVE-2010-1717.yaml by mp

* Enhancement: cves/2010/CVE-2010-1718.yaml by mp

* Enhancement: cves/2010/CVE-2010-1719.yaml by mp

* Enhancement: cves/2010/CVE-2010-1722.yaml by mp

* Enhancement: cves/2010/CVE-2010-1723.yaml by mp

* Enhancement: cves/2010/CVE-2010-1858.yaml by mp

* Enhancement: cves/2010/CVE-2010-1873.yaml by mp

* Enhancement: cves/2010/CVE-2010-1870.yaml by mp

* Enhancement: cves/2010/CVE-2010-1875.yaml by mp

* Enhancement: cves/2010/CVE-2010-1878.yaml by mp

* Enhancement: cves/2010/CVE-2010-1952.yaml by mp

* Enhancement: cves/2010/CVE-2010-1953.yaml by mp

* Enhancement: cves/2010/CVE-2010-1954.yaml by mp

* Enhancement: cves/2010/CVE-2010-1955.yaml by mp

* Enhancement: cves/2010/CVE-2010-1956.yaml by mp

* Information Enhancements

Co-authored-by: sullo <sullo@cirt.net>
2022-02-16 04:17:54 +05:30
Sandeep Singh f705c2debd
removing duplicate template 2022-02-15 23:43:06 +05:30
Prince Chaddha 7bf3ac584c
Merge pull request #3695 from DhiyaneshGeek/master
17 New Wordpress Templates
2022-02-15 18:35:47 +05:30
Prince Chaddha be309f08e0
Update and rename yshaadmin-traversal.yaml to yishaadmin-lfi.yaml 2022-02-15 18:33:24 +05:30
Prince Chaddha 06b34a62f6
Update elementorpage-open-redirect.yaml 2022-02-15 18:25:04 +05:30
Prince Chaddha 4fb33627d4
Update and rename wp-cherry-lfi.yaml to cherry-lfi.yaml 2022-02-15 17:36:09 +05:30
Prince Chaddha e39e61ac5d
Update and rename wp-sniplets-xss.yaml to sniplets-xss.yaml 2022-02-15 17:35:52 +05:30
Prince Chaddha 5e6b000e40
Update and rename wp-sniplets-lfi.yaml to sniplets-lfi.yaml 2022-02-15 17:33:40 +05:30
Prince Chaddha a61b1da563
Update and rename wp-simple-image-manipulator-lfi.yaml to simple-image-manipulator-lfi.yaml 2022-02-15 17:26:32 +05:30
Prince Chaddha d73c5da442
Update and rename wp-hide-security-enhancer-lfi.yaml to hide-security-enhancer-lfi.yaml 2022-02-15 17:19:32 +05:30
Prince Chaddha 110a51a0f1
Update and rename wp-hb-audio-lfi.yaml to hb-audio-lfi.yaml 2022-02-15 17:09:31 +05:30
Prince Chaddha 19fe0f80be
Update wp-cherry-lfi.yaml 2022-02-15 16:59:08 +05:30
Prince Chaddha df3b03f2f9
Update webp-coverter-open-redirect.yaml 2022-02-15 16:52:00 +05:30
Prince Chaddha 6be4e7d1d3
Update shortcode-lfi.yaml 2022-02-15 16:48:20 +05:30
Prince Chaddha 196f4449d9
Update noptin-open-redirect.yaml 2022-02-15 16:44:37 +05:30
Prince Chaddha 5d259e4321
Update ninjaform-open-redirect.yaml 2022-02-15 16:40:56 +05:30
Prince Chaddha fea65848db
Update newsletter-open-redirect.yaml 2022-02-15 16:33:09 +05:30
Evan Rubinstein 22d14023a7
Update yshaadmin-traversal.yaml 2022-02-14 23:53:28 -05:00
Evan Rubinstein 5fcaefe315
Added yshaadmin path traversal vulnerability 2022-02-14 23:48:57 -05:00
Evan Rubinstein b9efa77da3
Merge branch 'projectdiscovery:master' into master 2022-02-14 23:47:10 -05:00
Prince Chaddha 2d745615c5
Update music-store-open-redirect.yaml 2022-02-15 03:10:01 +05:30
Prince Chaddha 94005a6d19
Update and rename eventticket-open-redirect.yaml to eventtickets-open-redirect.yaml 2022-02-15 02:58:41 +05:30
Prince Chaddha bf00922a03
Update elementorpage-open-redirect.yaml 2022-02-15 02:54:12 +05:30
Prince Chaddha f637184495
Update db-backup-lfi.yaml 2022-02-15 02:51:49 +05:30
Prince Chaddha 465eb0c54d
Update and rename churchope-application-lfi.yaml to churchope-lfi.yaml 2022-02-15 02:50:20 +05:30
Prince Chaddha 16193a60ee
Update candidate-application-lfi.yaml 2022-02-15 02:47:56 +05:30
Prince Chaddha 6c6b4e7270
Merge pull request #3700 from Akokonunes/patch-116
Create kyocera-rx-ecosys-m2035dn-lfi.yaml
2022-02-15 02:16:54 +05:30
Prince Chaddha 1f1b03ba67
Update and rename kyocera-rx-ecosys-m2035dn-lfi.yaml to vulnerabilities/other/kyocera-m2035dn-lfi.yaml 2022-02-15 02:10:30 +05:30
Prince Chaddha f8a52f9be2
Update nuuno-network-login.yaml (#3701)
* Update nuuno-network-login.yaml

* Update panasonic-network-management.yaml

* Update cisco-network-config.yaml

* Update emerson-power-panel.yaml

* Update unifi-network-log4j-rce.yaml
2022-02-14 19:53:51 +05:30
Dhiyaneshwaran da6691f067
Create wp-cherry-lfi.yaml 2022-02-12 23:48:31 +05:30
Dhiyaneshwaran 150da05a81
Create wp-hb-audio-lfi.yaml 2022-02-12 23:46:52 +05:30
Dhiyaneshwaran fc660ec0db
Create wp-simple-image-manipulator-lfi.yaml 2022-02-12 23:44:11 +05:30
Dhiyaneshwaran bcbe4dabff
Create wp-sniplets-xss.yaml 2022-02-12 23:40:42 +05:30
Dhiyaneshwaran 5d28b42d7e
Delete wp-sniplets-xss.yaml 2022-02-12 23:38:15 +05:30
Dhiyaneshwaran 30363093f5
Update wp-sniplets-xss.yaml 2022-02-12 23:36:55 +05:30
Dhiyaneshwaran 08f1498d54
Update wp-sniplets-xss.yaml 2022-02-12 23:34:16 +05:30
Dhiyaneshwaran b3b9958989
Create wp-sniplets-xss.yaml 2022-02-12 23:32:15 +05:30
Dhiyaneshwaran 7a10704d42
Create wp-sniplets-lfi.yaml 2022-02-12 23:27:12 +05:30
Dhiyaneshwaran 17108c2b4f
Create wp-hide-security-enhancer-lfi.yaml 2022-02-12 23:23:30 +05:30
Dhiyaneshwaran 7294e5577c
Create churchope-application-lfi.yaml 2022-02-12 23:18:53 +05:30
Dhiyaneshwaran 0796ba6ff3
Create candidate-application-lfi.yaml 2022-02-12 23:08:06 +05:30
Dhiyaneshwaran 7e637c60c3
Create db-backup-lfi.yaml 2022-02-12 22:34:53 +05:30
Dhiyaneshwaran a10ff8f997
Create shortcode-lfi.yaml 2022-02-12 22:30:51 +05:30
Dhiyaneshwaran 96c42781c3
Create noptin-open-redirect.yaml 2022-02-12 22:23:11 +05:30
Dhiyaneshwaran c1cf1971bd
Create webp-coverter-open-redirect.yaml 2022-02-12 22:19:24 +05:30
Dhiyaneshwaran 1e3fb587d6
Create eventticket-open-redirect.yaml 2022-02-12 22:17:01 +05:30
Dhiyaneshwaran e815bdc1b6
Create elementorpage-open-redirect.yaml 2022-02-12 22:11:04 +05:30
Dhiyaneshwaran 19ef16c195
Update ninjaform-open-redirect.yaml 2022-02-12 22:05:49 +05:30
Dhiyaneshwaran 527641f834
Create ninjaform-open-redirect.yaml 2022-02-12 22:03:19 +05:30
Dhiyaneshwaran a0cb16fbc3
Create newsletter-open-redirect.yaml 2022-02-12 21:56:13 +05:30
Dhiyaneshwaran 63c450cba2
Create music-store-open-redirect.yaml 2022-02-12 21:50:32 +05:30
Dhiyaneshwaran 780ec34a40
Delete music-store-open-redirect.yaml 2022-02-12 21:49:53 +05:30
Dhiyaneshwaran d1c6580287
Create music-store-open-redirect.yaml 2022-02-12 21:39:27 +05:30
Prince Chaddha 56160908f0
Merge pull request #3676 from DhiyaneshGeek/master
NetSUS Server Login Panel , Javo Spot Premium Theme - Unauthenticated Directory Traversal
2022-02-08 02:08:30 +05:30
Prince Chaddha a2e236867c
Update and rename wp-java-spot-premium-lfi.yaml to wp-spot-premium-lfi.yaml 2022-02-08 01:56:11 +05:30
Dhiyaneshwaran 74790976c2
Create wp-java-spot-premium-lfi.yaml 2022-02-06 21:26:28 +05:30
sullo 111f7d9a88 Cleanup some dashboard artifacts 2022-02-04 14:02:53 -05:00
MostInterestingBotInTheWorld 439b0ebffc Enhancement: vulnerabilities/other/zhiyuan-file-upload.yaml by mp 2022-02-04 10:55:39 -05:00
MostInterestingBotInTheWorld 26137cf96f Enhancement: vulnerabilities/other/zhiyuan-file-upload.yaml by mp 2022-02-04 10:54:04 -05:00
Prince Chaddha 4b52787228
Merge pull request #3567 from Leovalcante/rusty-joomla-rce
Create check for Rusty Joomla RCE
2022-02-02 02:01:37 +05:30
Prince Chaddha ec94360afd
Update rusty-joomla.yaml 2022-02-02 02:00:09 +05:30
Prince Chaddha b1fe83b35b
Merge pull request #3644 from projectdiscovery/antsword-backdoor
Create antsword-backdoor.yaml
2022-02-02 00:14:26 +05:30
Sandeep Singh 839fc813f3
Merge pull request #3627 from projectdiscovery/deadbolt-ransomware
Added Deadbolt Ransomware Detection
2022-02-01 16:44:54 +05:30
sandeep c68f4762b3 Added JAMF Blind XXE 2022-02-01 16:10:51 +05:30
sandeep ab1291ec13 Added JAMF Log4j JNDI RCE Template 2022-02-01 15:25:52 +05:30
Prince Chaddha e1b8bf3da2
Update antsword-backdoor.yaml 2022-02-01 01:52:39 +05:30
Prince Chaddha e5a77aa803
Create antsword-backdoor.yaml 2022-02-01 01:39:46 +05:30
Prince Chaddha e0988ed383
Update and rename xss-code-snippet-wp.yaml to wp-code-snippets-xss.yaml 2022-01-31 01:56:39 +05:30
Dhiyaneshwaran b41db4f4f1
Create xss-code-snippet-wp.yaml 2022-01-29 21:25:16 +05:30
sandeep d59a6c6017 Added Deadbolt Ransomware Detection 2022-01-28 16:04:06 +05:30
Prince Chaddha 9e3473d55f
Update and rename laravel-ignition-xss.yaml to vulnerabilities/laravel/laravel-ignition-xss.yaml 2022-01-27 14:45:41 +05:30
Sullo 9a8482172d Remove:
- various nonstandard ascii chars in favor of the standard ones (mostly quotes)
 - spaces after : in some files
2022-01-25 14:38:53 -05:00
Prince Chaddha e5b30f69d1
Update and rename vulnerabilities/JavaMelody/java-melody-xss.yaml to vulnerabilities/other/java-melody-xss.yaml 2022-01-24 13:15:23 +05:30
corrupted-brain de36b9a5c6 Added JavaMelody-xss Template 2022-01-21 23:04:43 +05:45
Prince Chaddha 5357d884b4
Update and rename rusty_joomla.yaml to rusty-joomla.yaml 2022-01-21 12:39:28 +05:30
Sandeep Singh 1b0c7f1b7f
CVE-2021-22205 update (#3568)
*moved cves/2021/CVE-2021-22205.yaml to vulnerabilities/gitlab/gitlab-rce.yaml
*template extension update + added missing severity + misc updates
2022-01-20 14:25:57 +05:30
Valerio Preti be75b507ab Create check for Rusty Joomla RCE 2022-01-20 09:39:19 +01:00
sandeep 7c30910d69 Added missing request 2022-01-18 10:46:50 +05:30
Evan Rubinstein ae3e6c0c21
Merge branch 'projectdiscovery:master' into master 2022-01-16 23:24:58 -05:00
Sandeep Singh 02c01d30da
Added MeterSphere Plugin Pre-auth RCE (#3543) 2022-01-16 03:06:09 +05:30
gy741 e5958c1364
Update tags (#3538) 2022-01-16 02:08:21 +05:30
Muhammad Daffa 0a651c182f
Update tags (#3530) 2022-01-13 10:49:53 +05:30
Muhammad Daffa 5ea92bcb0f
Update tags woocommerce (#3531) 2022-01-13 10:49:26 +05:30
Muhammad Daffa 64cf0fa4ba
Rename maian cart rce (#3532)
* Update and rename vulnerabilities/other/maian-cart-preauth-rce.yaml to cves/2021/CVE-2021-32172.yaml

* Update CVE-2021-32172.yaml

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2022-01-13 10:48:51 +05:30
Prince Chaddha 33d009da24
Update xerox-efi-lfi.yaml 2022-01-10 12:07:06 +05:30
GwanYeong Kim 9befbf0654 Create xerox-efi-lfi.yaml
Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2022-01-09 15:39:39 +09:00
Sandeep Singh 844c3b4a02
Network template updates & fixes (#3497)
* Fixed template syntax

* network template update and fixes
2022-01-07 12:58:37 +05:30
Sandeep Singh 365e9003b1
Template ID's update (#3490) 2022-01-06 17:21:21 +05:30
ImNightmaree c5723bdf55
Renames vulnerabilities/other/WooYun2015-148227 (#3488)
Swaps capitalization to all lowercase, as Linux filesystems don't handle capitalization well which may result in this file being skipped.
2022-01-06 12:00:31 +05:30
Pathtaga e281e5bf88
Updated all templates tags with technologies (#3478)
* Updated tags for template sonicwall-email-security-detect.yaml

* Updated tags for template detect-sentry.yaml

* Updated tags for template kong-detect.yaml

* Updated tags for template openam-detect.yaml

* Updated tags for template shiro-detect.yaml

* Updated tags for template iplanet-web-server.yaml

* Updated tags for template graylog-api-browser.yaml

* Updated tags for template prtg-detect.yaml

* Updated tags for template node-red-detect.yaml

* Updated tags for template abyss-web-server.yaml

* Updated tags for template geo-webserver.yaml

* Updated tags for template autobahn-python-detect.yaml

* Updated tags for template default-lighttpd-page.yaml

* Updated tags for template microsoft-iis-8.yaml

* Updated tags for template lucee-detect.yaml

* Updated tags for template php-proxy-detect.yaml

* Updated tags for template jenkins-detect.yaml

* Updated tags for template cockpit-detect.yaml

* Updated tags for template csrfguard-detect.yaml

* Updated tags for template dwr-index-detect.yaml

* Updated tags for template netsweeper-webadmin-detect.yaml

* Updated tags for template weblogic-detect.yaml

* Updated tags for template s3-detect.yaml

* Updated tags for template tileserver-gl.yaml

* Updated tags for template springboot-actuator.yaml

* Updated tags for template terraform-detect.yaml

* Updated tags for template redmine-cli-detect.yaml

* Updated tags for template mrtg-detect.yaml

* Updated tags for template tableau-server-detect.yaml

* Updated tags for template magmi-detect.yaml

* Updated tags for template oidc-detect.yaml

* Updated tags for template tor-socks-proxy.yaml

* Updated tags for template synology-web-station.yaml

* Updated tags for template herokuapp-detect.yaml

* Updated tags for template gunicorn-detect.yaml

* Updated tags for template sql-server-reporting.yaml

* Updated tags for template google-bucket-service.yaml

* Updated tags for template kubernetes-mirantis.yaml

* Updated tags for template kubernetes-enterprise-manager.yaml

* Updated tags for template oracle-iplanet-web-server.yaml

* Updated tags for template dell-idrac7-detect.yaml

* Updated tags for template dell-idrac6-detect.yaml

* Updated tags for template dell-idrac9-detect.yaml

* Updated tags for template dell-idrac8-detect.yaml

* Updated tags for template apache-guacamole.yaml

* Updated tags for template aws-cloudfront-service.yaml

* Updated tags for template aws-bucket-service.yaml

* Updated tags for template nginx-linux-page.yaml

* Updated tags for template telerik-fileupload-detect.yaml

* Updated tags for template telerik-dialoghandler-detect.yaml

* Updated tags for template htaccess-config.yaml

* Updated tags for template microsoft-azure-error.yaml

* Updated tags for template detect-options-method.yaml

* Updated tags for template unpatched-coldfusion.yaml

* Updated tags for template moodle-changelog.yaml

* Updated tags for template detect-dns-over-https.yaml

* Updated tags for template CVE-2019-19134.yaml

* Updated tags for template CVE-2019-3929.yaml

* Updated tags for template CVE-2019-19908.yaml

* Updated tags for template CVE-2019-10475.yaml

* Updated tags for template CVE-2019-17382.yaml

* Updated tags for template CVE-2019-16332.yaml

* Updated tags for template CVE-2019-14974.yaml

* Updated tags for template CVE-2019-19368.yaml

* Updated tags for template CVE-2019-12725.yaml

* Updated tags for template CVE-2019-15501.yaml

* Updated tags for template CVE-2019-9733.yaml

* Updated tags for template CVE-2019-14322.yaml

* Updated tags for template CVE-2019-9955.yaml

* Updated tags for template CVE-2019-0230.yaml

* Updated tags for template CVE-2019-10232.yaml

* Updated tags for template CVE-2019-17506.yaml

* Updated tags for template CVE-2019-8449.yaml

* Updated tags for template CVE-2019-12593.yaml

* Updated tags for template CVE-2019-10092.yaml

* Updated tags for template CVE-2019-1821.yaml

* Updated tags for template CVE-2019-3401.yaml

* Updated tags for template CVE-2019-16662.yaml

* Updated tags for template CVE-2019-5418.yaml

* Updated tags for template CVE-2016-4975.yaml

* Updated tags for template CVE-2016-1000137.yaml

* Updated tags for template CVE-2016-7552.yaml

* Updated tags for template CVE-2016-10956.yaml

* Updated tags for template CVE-2016-1000146.yaml

* Updated tags for template CVE-2013-2251.yaml

* Updated tags for template CVE-2013-1965.yaml

* Updated tags for template CVE-2014-2323.yaml

* Updated tags for template CVE-2014-5111.yaml

* Updated tags for template CVE-2014-2962.yaml

* Updated tags for template CVE-2014-4561.yaml

* Updated tags for template CVE-2014-4558.yaml

* Updated tags for template CVE-2014-3120.yaml

* Updated tags for template CVE-2007-5728.yaml

* Updated tags for template CVE-2009-4679.yaml

* Updated tags for template CVE-2009-1558.yaml

* Updated tags for template CVE-2009-4202.yaml

* Updated tags for template CVE-2009-0932.yaml

* Updated tags for template CVE-2015-2068.yaml

* Updated tags for template CVE-2015-8813.yaml

* Updated tags for template CVE-2015-7450.yaml

* Updated tags for template CVE-2015-2067.yaml

* Updated tags for template CVE-2015-3306.yaml

* Updated tags for template CVE-2015-3337.yaml

* Updated tags for template CVE-2015-1427.yaml

* Updated tags for template CVE-2015-1503.yaml

* Updated tags for template CVE-2015-1880.yaml

* Updated tags for template CVE-2018-3810.yaml

* Updated tags for template CVE-2018-18069.yaml

* Updated tags for template CVE-2018-17246.yaml

* Updated tags for template CVE-2018-10141.yaml

* Updated tags for template CVE-2018-16341.yaml

* Updated tags for template CVE-2018-18777.yaml

* Updated tags for template CVE-2018-15138.yaml

* Updated tags for template CVE-2018-11784.yaml

* Updated tags for template CVE-2018-16299.yaml

* Updated tags for template CVE-2018-7251.yaml

* Updated tags for template CVE-2018-1273.yaml

* Updated tags for template CVE-2018-1271.yaml

* Updated tags for template CVE-2018-11759.yaml

* Updated tags for template CVE-2018-3167.yaml

* Updated tags for template CVE-2018-7490.yaml

* Updated tags for template CVE-2018-2628.yaml

* Updated tags for template CVE-2018-13380.yaml

* Updated tags for template CVE-2018-2893.yaml

* Updated tags for template CVE-2018-5316.yaml

* Updated tags for template CVE-2018-20985.yaml

* Updated tags for template CVE-2018-10818.yaml

* Updated tags for template CVE-2018-1000861.yaml

* Updated tags for template CVE-2018-0296.yaml

* Updated tags for template CVE-2018-19458.yaml

* Updated tags for template CVE-2018-3760.yaml

* Updated tags for template CVE-2018-12998.yaml

* Updated tags for template CVE-2018-9118.yaml

* Updated tags for template CVE-2018-1000130.yaml

* Updated tags for template CVE-2008-6668.yaml

* Updated tags for template CVE-2017-7269.yaml

* Updated tags for template CVE-2017-1000170.yaml

* Updated tags for template CVE-2017-16877.yaml

* Updated tags for template CVE-2017-1000486.yaml

* Updated tags for template CVE-2017-9822.yaml

* Updated tags for template CVE-2017-0929.yaml

* Updated tags for template CVE-2017-7921.yaml

* Updated tags for template CVE-2017-14535.yaml

* Updated tags for template CVE-2017-5521.yaml

* Updated tags for template CVE-2017-12637.yaml

* Updated tags for template CVE-2017-12635.yaml

* Updated tags for template CVE-2017-11610.yaml

* Updated tags for template CVE-2021-20114.yaml

* Updated tags for template CVE-2021-40856.yaml

* Updated tags for template CVE-2021-21972.yaml

* Updated tags for template CVE-2021-31602.yaml

* Updated tags for template CVE-2021-41773.yaml

* Updated tags for template CVE-2021-37704.yaml

* Updated tags for template CVE-2021-45046.yaml

* Updated tags for template CVE-2021-26084.yaml

* Updated tags for template CVE-2021-27931.yaml

* Updated tags for template CVE-2021-24291.yaml

* Updated tags for template CVE-2021-41648.yaml

* Updated tags for template CVE-2021-37216.yaml

* Updated tags for template CVE-2021-22005.yaml

* Updated tags for template CVE-2021-37573.yaml

* Updated tags for template CVE-2021-31755.yaml

* Updated tags for template CVE-2021-43287.yaml

* Updated tags for template CVE-2021-24274.yaml

* Updated tags for template CVE-2021-33564.yaml

* Updated tags for template CVE-2021-22145.yaml

* Updated tags for template CVE-2021-24237.yaml

* Updated tags for template CVE-2021-44848.yaml

* Updated tags for template CVE-2021-25646.yaml

* Updated tags for template CVE-2021-21816.yaml

* Updated tags for template CVE-2021-41649.yaml

* Updated tags for template CVE-2021-41291.yaml

* Updated tags for template CVE-2021-41293.yaml

* Updated tags for template CVE-2021-21801.yaml

* Updated tags for template CVE-2021-29156.yaml

* Updated tags for template CVE-2021-34370.yaml

* Updated tags for template CVE-2021-27132.yaml

* Updated tags for template CVE-2021-28151.yaml

* Updated tags for template CVE-2021-26812.yaml

* Updated tags for template CVE-2021-21985.yaml

* Updated tags for template CVE-2021-43778.yaml

* Updated tags for template CVE-2021-25281.yaml

* Updated tags for template CVE-2021-40539.yaml

* Updated tags for template CVE-2021-36749.yaml

* Updated tags for template CVE-2021-21234.yaml

* Updated tags for template CVE-2021-33221.yaml

* Updated tags for template CVE-2021-42013.yaml

* Updated tags for template CVE-2021-33807.yaml

* Updated tags for template CVE-2021-44228.yaml

* Updated tags for template CVE-2012-0896.yaml

* Updated tags for template CVE-2012-0991.yaml

* Updated tags for template CVE-2012-0392.yaml

* Updated tags for template CVE-2012-4940.yaml

* Updated tags for template CVE-2012-1226.yaml

* Updated tags for template CVE-2012-4878.yaml

* Updated tags for template CVE-2010-1304.yaml

* Updated tags for template CVE-2010-1217.yaml

* Updated tags for template CVE-2010-0759.yaml

* Updated tags for template CVE-2010-2307.yaml

* Updated tags for template CVE-2010-4231.yaml

* Updated tags for template CVE-2010-2861.yaml

* Updated tags for template CVE-2010-4282.yaml

* Updated tags for template CVE-2010-1302.yaml

* Updated tags for template CVE-2010-1461.yaml

* Updated tags for template CVE-2020-4463.yaml

* Updated tags for template CVE-2020-1943.yaml

* Updated tags for template CVE-2020-36289.yaml

* Updated tags for template CVE-2020-17518.yaml

* Updated tags for template CVE-2020-12800.yaml

* Updated tags for template CVE-2020-10770.yaml

* Updated tags for template CVE-2020-17506.yaml

* Updated tags for template CVE-2020-11547.yaml

* Updated tags for template CVE-2020-11034.yaml

* Updated tags for template CVE-2020-24589.yaml

* Updated tags for template CVE-2020-9054.yaml

* Updated tags for template CVE-2020-28976.yaml

* Updated tags for template CVE-2020-16952.yaml

* Updated tags for template CVE-2020-24312.yaml

* Updated tags for template CVE-2020-8512.yaml

* Updated tags for template CVE-2020-14179.yaml

* Updated tags for template CVE-2020-6308.yaml

* Updated tags for template CVE-2020-35846.yaml

* Updated tags for template CVE-2020-7318.yaml

* Updated tags for template CVE-2020-2140.yaml

* Updated tags for template CVE-2020-5410.yaml

* Updated tags for template CVE-2020-5777.yaml

* Updated tags for template CVE-2020-13700.yaml

* Updated tags for template CVE-2020-5775.yaml

* Updated tags for template CVE-2020-13167.yaml

* Updated tags for template CVE-2020-35848.yaml

* Updated tags for template CVE-2020-9484.yaml

* Updated tags for template CVE-2020-15505.yaml

* Updated tags for template CVE-2020-9047.yaml

* Updated tags for template CVE-2020-17519.yaml

* Updated tags for template CVE-2020-17505.yaml

* Updated tags for template CVE-2020-9376.yaml

* Updated tags for template CVE-2020-8497.yaml

* Updated tags for template CVE-2020-14092.yaml

* Updated tags for template CVE-2020-10148.yaml

* Updated tags for template CVE-2020-35847.yaml

* Updated tags for template CVE-2020-12116.yaml

* Updated tags for template CVE-2020-11930.yaml

* Updated tags for template CVE-2020-24186.yaml

* Updated tags for template CVE-2020-9496.yaml

* Updated tags for template CVE-2020-35489.yaml

* Updated tags for template CVE-2020-26413.yaml

* Updated tags for template CVE-2020-2096.yaml

* misc updates

* misc update

* more updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-05 01:04:16 +05:30
Prince Chaddha 3357141838
Merge pull request #3425 from Akokonunes/patch-96
Create accent-microcomputers-lfi.yaml
2022-01-03 10:29:56 +05:30
Prince Chaddha 7ab7eca6ef
Merge pull request #3426 from Akokonunes/patch-97
Create sofneta-mecdream-pacs-server-lfi.yaml
2022-01-03 10:29:46 +05:30
Prince Chaddha 2ed4e8a966
Merge pull request #3421 from pikpikcu/patch-311
Create sponip-network-system-ping-rce
2022-01-03 10:28:00 +05:30
Prince Chaddha ba686ad67f
Update and rename accent-microcomputers-lfi.yaml to vulnerabilities/other/accent-microcomputers-lfi.yaml 2022-01-03 10:24:12 +05:30
Prince Chaddha b70b9bcbf1
Update and rename sofneta-mecdream-pacs-server-lfi.yaml to sofneta-mecdream-pacs-lfi.yaml 2022-01-03 10:21:00 +05:30
Prince Chaddha 139b04c9b6
Update and rename jinfornet-jreport-lfi.yaml to vulnerabilities/other/jinfornet-jreport-lfi.yaml 2022-01-03 10:01:12 +05:30
Muhammad Daffa c83d035fff
Seperate technology template (#3430)
* Edit magmi workflow

* Add some workflow template + edit some template

* Changing some templates

* minor update

* workflow matcher fixes

* tech update

* Seperate technology template

* Update metabase-panel.yaml

* Update lucee-detect.yaml

* Update oneblog-detect.yaml

* Update dolibarr-panel.yaml

* Update dolibarr-panel.yaml

* Update dolibarr-panel.yaml

* Update gespage-panel.yaml

* Update gespage-panel.yaml

* Update mautic-crm-panel.yaml

* Update kibana-panel.yaml

* Update metabase-panel.yaml

* Update home-assistant-detect.yaml

* Update jitsi-meet-detect.yaml

* Update lucee-detect.yaml

* Update gotmls-plugin-lfi.yaml

* Update and rename technologies/opencast-detect.yaml to exposed-panels/opencast-detect.yaml

* duplicate template - cves/2020/CVE-2020-11738.yaml

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2021-12-31 17:57:46 +05:30
Exid 80489bce76
Added wordpress-xmlrpc-brute-force.yaml (#3445)
* wp-xmlrpc-brute-force.yaml file was added

A Nuclei template for bruteforcing username and password through XMLRPC.

* wp-xmlrpc-brute-force.yaml file added

A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php

* wp-xmlrpc-brute-force.yaml file added

A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php

* Revert "wp-xmlrpc-brute-force.yaml file was added"

This reverts commit c0e4ca75a6ddbcf65e9443849a05c7b8f2625af9.

* few fixes

* Added wordpress user and pass list

* improved matcher

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-29 22:04:23 +05:30
Sandeep Singh d6da741663
IBM WebSphere Portal SSRF (#3442)
* Added IBM WebSphere Portal SSRF Detection

* Added IBM WebSphere Panel detection

* moving templates around
2021-12-29 17:32:10 +05:30
Prince Chaddha cb9fdbd7cc
Update and rename sofneta-mecdream-pacs-server-lfi.yaml to vulnerabilities/other/sofneta-mecdream-pacs-server-lfi.yaml 2021-12-29 11:28:09 +05:30
Prince Chaddha 4ba5e931cc
Update sl-studio-lfi.yaml 2021-12-29 09:20:13 +05:30
Prince Chaddha b7974b288e
Update and rename sl-studio-lfi.yaml to vulnerabilities/other/sl-studio-lfi.yaml 2021-12-29 09:16:32 +05:30
Emad Youssef ce7b60d79c
Update open-redirect.yaml (#3404)
* Update open-redirect.yaml

add new payloads

* minor update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-26 20:53:11 +05:30
Prince Chaddha 955c71fa50
Update sponip-network-system-ping-rce.yaml 2021-12-24 20:24:40 +05:30
PikPikcU 51843e1e62
Create sponip-network-system-ping-rce.yaml 2021-12-24 09:30:31 -05:00
Prince Chaddha 0ddd4c7911
Update and rename dicoogle-pacs-lfi.yaml to vulnerabilities/other/dicoogle-pacs-lfi.yaml 2021-12-24 19:23:04 +05:30
johnk3r fa99cba4b3
Create vmware-horizon-log4j-jndi-rce.yaml (#3403)
* Create vmware-horizon-log4j-jndi-rce.yaml

* Update vmware-horizon-log4j-jndi-rce.yaml

* Update vmware-horizon-log4j-jndi-rce.yaml

* minor update

* minor update

* Added VMware Horizon detection

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-23 22:30:08 +05:30
niudaii 8289e92291
Fixed h3c-imc-rce.yaml (#3401)
* Fixed h3c-imc-rce.yaml

* Update h3c-imc-rce.yaml

* Additional payload for windows

Co-authored-by: niudai <niudai@zp857s-mbp.local>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-23 20:23:42 +05:30
Sandeep Singh c57984b8f8
Added UniFi Network Log4j JNDI RCE (#3402)
Co-Authored-By: KrE80r <13027962+KrE80r@users.noreply.github.com>

Co-authored-by: KrE80r <13027962+KrE80r@users.noreply.github.com>
2021-12-23 08:57:03 +05:30
Melvin 7933cfc470
Removing extra space from raw HTTP request
Should prevent issues with parsing this request
2021-12-22 13:33:51 +01:00
Prince Chaddha a511dac237
Merge pull request #3354 from DhiyaneshGeek/master
Create wordpress-ssrf-oembed.yaml
2021-12-21 18:48:42 +05:30
Prince Chaddha 6e6349205d
Update and rename pacsone-server-6-6-2-lfi.yaml to vulnerabilities/other/pacsone-server-lfi.yaml 2021-12-21 17:32:19 +05:30
Sandeep Singh 7a5cdc2bc3
Added ServiceNow Helpdesk Credential Exposure (#3371)
* Added ServiceNow Helpdesk Credential Exposure

Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com>

* matcher update

Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com>
2021-12-19 23:42:01 +05:30
Sandeep Singh 4af3a04b3c
Apache OFBiz Log4j JNDI RCE (#3374)
* Added Apache OFBiz Log4j JNDI RCE

* fixed matcher to match hostname in both cases
2021-12-18 15:46:49 +05:30
Prince Chaddha dcf3f57bdf
Merge pull request #3373 from projectdiscovery/princechaddha-patch-2
Create global-domains-xss.yaml
2021-12-18 15:02:06 +05:30
Prince Chaddha 71027cbc79
Merge pull request #3357 from Akokonunes/patch-90
Create global-domains-lfi.yaml
2021-12-18 14:52:35 +05:30
Prince Chaddha 3b067a1aca
Create global-domains-xss.yaml 2021-12-18 14:51:08 +05:30
Prince Chaddha 0f40857119
Update and rename global-domains-lfi.yaml to vulnerabilities/other/global-domains-lfi.yaml 2021-12-18 14:43:28 +05:30
Prince Chaddha 9a4941d995
Merge pull request #3356 from Akokonunes/patch-89
Create groupoffice-lfi.yaml
2021-12-18 14:33:42 +05:30
Prince Chaddha 7b39972bfd
Merge pull request #3367 from gy741/rule-add-v80
Create oliver-library-server-lfi.yaml
2021-12-18 14:33:23 +05:30
Prince Chaddha d911551318
Merge pull request #3358 from Akokonunes/patch-91
Create asanhamayesh-cms-lfi.yaml
2021-12-18 14:32:12 +05:30
Prince Chaddha c6521085b7
Update groupoffice-lfi.yaml 2021-12-18 14:32:09 +05:30
Prince Chaddha 4747277a4e
Update and rename asanhamayesh-cms-lfi.yaml to vulnerabilities/other/asanhamayesh-lfi.yaml 2021-12-18 14:28:39 +05:30
Prince Chaddha 35faabd29f
Update and rename groupoffice-lfi.yaml to vulnerabilities/other/groupoffice-lfi.yaml 2021-12-18 14:26:46 +05:30
Prince Chaddha 8afbfdc8dc
Update and rename oliver-library-server-lfi.yaml to oliver-library-lfi.yaml 2021-12-18 14:23:57 +05:30
GwanYeong Kim 4fdb934da0 Create oliver-library-server-lfi.yaml
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-18 10:55:28 +09:00
meme-lord 09324d1be7
Added MobileIron log4j template (#3355)
* Added MobileIron log4j

* misc updates

Co-authored-by: meme-lord <17912559+meme-lord@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-16 22:37:32 +05:30
sandeep fdeb2b8500 Merge branch 'master' of https://github.com/DhiyaneshGeek/nuclei-templates into pr/3354 2021-12-16 14:32:14 +05:30
Dhiyaneshwaran 7670d1d6b8
Update wordpress-ssrf-oembed.yaml 2021-12-16 14:28:12 +05:30
sandeep 1cfc899a27 update: lint fix 2021-12-16 14:25:00 +05:30
Dhiyaneshwaran 77441c0d81
Update wordpress-ssrf-oembed.yaml 2021-12-16 14:24:56 +05:30
Dhiyaneshwaran 0047b611cf
Update wordpress-ssrf-oembed.yaml 2021-12-16 14:21:53 +05:30
Dhiyaneshwaran 499fe055bf
Create wordpress-ssrf-oembed.yaml 2021-12-16 13:48:34 +05:30
sandeep 39a71c641a update: added more reference 2021-12-15 21:20:18 +05:30
Evan Rubinstein 11fe2fdfee
Added apache-solr-log4j RCE (#3336)
* update: added apache-solr-log4j-rce

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
2021-12-15 21:15:43 +05:30
Sandeep Singh d9ed21458f
Added VMware VCenter Log4j JNDI RCE (#3340)
* Added VMware VCenter Log4j JNDI RCE

Co-Authored-By: FQ Hsu <fanqxu@gmail.com>

* update: removed static UA

Co-Authored-By: FQ Hsu <fanqxu@gmail.com>

Co-authored-by: FQ Hsu <fanqxu@gmail.com>
2021-12-14 21:27:30 +05:30
sandeep c9ddd7a0ae update: id + reference update 2021-12-14 21:07:46 +05:30
Evan Rubinstein dddb0bbb82
Added CVE-2021-24997 (#3298)
* Added CVE-39226

* Added CVE-39226

* Delete CVE-39226.yaml

* Renamed CVE-39226 to CVE-2021-39226

Fixed naming error

* Added Wp-Guppy-Information-Disclosure template

* Removed File

Found better descriptor

* Added CVE-2021-24997

Added WordPress Guppy Information Disclosure CVE

* Fixed CVE-2021-24997

Fixed YAML formatting

* Fixed Typo

URL Path had an extra double quote

* Auto Generated Templates Stats [Wed Dec  8 23:07:24 UTC 2021] 🤖

* Deleted Blank Space

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Added CVE-2021-43496

* Update CVE-2021-43496.yaml

* fix: syntax update

* Added New Vuln

* Update CVE-2021-24997.yaml

* Update CVE-2021-43496.yaml

* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml

* fix: lints update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2021-12-14 02:22:26 +05:30
sandeep 51944ab6a2 fix: lints update 2021-12-14 02:14:35 +05:30
sandeep 5bdd98f32d Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/3298 2021-12-14 02:05:35 +05:30
Prince Chaddha 6b007f48e7
Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml 2021-12-14 00:47:37 +05:30
pudsec 8cac8b5a36
Update open-redirect.yaml (#3333) 2021-12-13 20:42:06 +05:30
S Bani b76dbf91c6
Add Another Redirect Payload and Extend the Regex to Recognize it (#3299)
* Fix Open Redirect Header Regex

The regex was missing the correct escaping for special char `/`

* Add New General Open Redirect

There's another option for open redirects. I tested it in FF and Chrome.

* Update Location Redirect Regex

* update: mix changes

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-13 20:38:21 +05:30
Evan Rubinstein 030cfe89b9
Merge branch 'master' into master 2021-12-13 05:07:57 -05:00
Evan Rubinstein f52b1f0d55
Added New Vuln 2021-12-13 05:01:48 -05:00
Prince Chaddha 79a95a56d7
Update and rename pieregister-plugin-open-redirect.yaml to vulnerabilities/wordpress/pieregister-open-redirect.yaml 2021-12-12 16:59:16 +05:30
Dwi Siswanto 6a4bbdf93a
Update Grafana Arbitrary File Read (#3321)
* Add Grafana plugins wordlist

* Using payloads instead

* fix: updated variable name

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-11 11:07:55 +05:30
Prince Chaddha 0e94557017
Merge pull request #3248 from pikpikcu/patch-307
added thruk-xss
2021-12-09 22:01:56 +05:30
Prince Chaddha f476c5ff5b
Update thruk-xss.yaml 2021-12-09 21:58:15 +05:30
Prince Chaddha d35a55f7b4
Update and rename watchguard-fireware-ad-helper-component-credentials-disclosure.yaml to watchguard-credentials-disclosure.yaml 2021-12-09 21:05:13 +05:30
GwanYeong Kim bde4e1815a Create watchguard-fireware-ad-helper-component-credentials-disclosure.yaml
a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-09 16:02:48 +09:00
Sandeep Singh 2521cb62bf
Added CVE-2021-43798 (#3296)
* Added CVE-2021-43798

* updated with default plugin list

* Update grafana-file-read.yaml
2021-12-08 16:46:47 +05:30
z0ne d79b085051
add grafana file read (#3286)
* add grafana file read

* update: more reference

Co-authored-by: dev <z0ne>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-07 15:42:59 +05:30
Prince Chaddha fdcccb5938
Update and rename netsweeper-reflected-xss.yaml to netsweeper-rxss.yaml 2021-12-07 13:56:30 +05:30
Prince Chaddha ba8bad94c4
Update netsweeper-open-redirect.yaml 2021-12-07 13:43:29 +05:30
daffainfo b90d0b7e3e Add 10 templates and edit 1 workflows 2021-12-06 23:38:54 +07:00
sandeep 9da0d768a1 fix: syntax + lint 2021-12-03 10:37:42 +05:30
PikPikcU 83f6b2a153
Update thruk-xss.yaml 2021-12-02 19:07:50 +07:00
PikPikcU 435eeca764
Create thruk-xss.yaml 2021-12-02 19:02:40 +07:00
sandeep 1dabef2e6f Revert "CVE update - CVE-2021-22049"
This reverts commit 70128c2587.
2021-12-02 01:34:29 +05:30
sandeep 70128c2587 CVE update - CVE-2021-22049 2021-12-02 01:31:41 +05:30
Sandeep Singh 7ea7da8d4b
Added VMware vCenter SSRF/LFI/XSS (#3240) 2021-12-02 00:53:47 +05:30
sandeep 71143da193 Added missing tags 2021-11-28 04:13:45 +05:30
sandeep e7e8c33d64 fixed matcher + added additional matcher 2021-11-27 10:20:04 +05:30
alph4byt3 5080276f31
Update flow-flow-social-stream-xss.yaml 2021-11-26 09:48:04 +02:00
alph4byt3 f82f4d1a0b
Create flow-flow-social-stream-xss.yaml 2021-11-26 06:55:21 +02:00
Prince Chaddha 0d2a2f4e15
Merge pull request #3188 from pussycat0x/master
WordPress Themes Haberadam IDOR and Full Path Disclosure via JSON API
2021-11-24 12:14:54 +04:00
Prince Chaddha 85d79fd597
Update and rename wp-haberadam-theme-idor.yaml to wp-haberadam-idor.yaml 2021-11-24 12:09:22 +04:00
pussycat0x b7701dc7b3
Update wp-haberadam-theme-idor.yaml 2021-11-23 19:53:36 +05:30
pussycat0x e7bc254415
Update wp-haberadam-theme-idor.yaml 2021-11-23 19:50:27 +05:30
pussycat0x b3ceaffb9f
Add files via upload 2021-11-23 19:46:33 +05:30
Noam Rathaus 725782050a Add description 2021-11-23 12:09:00 +02:00
Prince Chaddha 42a9f46f94
Merge pull request #3176 from pussycat0x/master
Wordpress Revslider - Unauthenticated Arbitrary File Download
2021-11-23 09:40:48 +05:30
Prince Chaddha 2407b57779
Update wp-revslider-file-download.yaml 2021-11-23 08:09:29 +04:00
sandeep fdb0cc0277 lint fix + moving template to wp folder 2021-11-22 22:55:00 +05:30
pussycat0x ee2a766a35
Update wp-revslider-file-download.yaml 2021-11-22 20:40:38 +05:30
pussycat0x 680fffc187
Update wp-revslider-file-download.yaml 2021-11-22 20:33:29 +05:30
pussycat0x a8ee7e2ddf
Update wp-revslider-file-download.yaml 2021-11-22 20:29:59 +05:30
pussycat0x ba3d453744
Add files via upload 2021-11-21 17:00:25 +05:30
Sandeep Singh 6eea2f5ec3
Merge pull request #3170 from pussycat0x/master
new templates
2021-11-21 14:44:52 +05:30
sandeep bb5dcd79ac moved templates to correct directory/location 2021-11-21 14:40:48 +05:30
pussycat0x 41669cb8f6
Add files via upload 2021-11-21 06:45:24 +05:30
Prince Chaddha 1e31e0f76d
Update and rename eibiz-server-3-8-0-lfi.yaml to vulnerabilities/other/eibiz-lfi.yaml 2021-11-18 21:52:30 +05:30
Prince Chaddha cacf934f38
Merge pull request #3144 from DhiyaneshGeek/master
Axigen Mail Server & Squirrel Server
2021-11-16 16:09:21 +05:30
Prince Chaddha dfea5262ab
Update squirrelmail-add-xss.yaml 2021-11-16 15:30:41 +05:30
Prince Chaddha 77e5352a78
Update squirrelmail-vkeyboard-xss.yaml 2021-11-16 15:13:47 +05:30
Dhiyaneshwaran 32715528d8
Update squirrelmail-lfi.yaml 2021-11-16 00:10:15 +05:30
Dhiyaneshwaran 1905c9321a
Create squirrelmail-vkeyboard-xss.yaml 2021-11-15 23:58:18 +05:30
Dhiyaneshwaran 36c96f5dd8
Rename squirrelmail-vkeyboard-xss.yaml to squirrelmail-add-xss.yaml 2021-11-15 23:57:48 +05:30
Dhiyaneshwaran c003036a7e
Create squirrelmail-vkeyboard-xss.yaml 2021-11-15 23:44:51 +05:30
Dhiyaneshwaran fcbbb3475c
Create squirrelmail-lfi.yaml 2021-11-15 23:40:09 +05:30
sandeep fbf50f1109 format fixing 2021-11-15 21:00:17 +05:30
Prince Chaddha 4eb84d7802
Merge pull request #3131 from Akokonunes/patch-70
Create hrsale-unauthenticated-lfi.yaml
2021-11-13 23:46:11 +05:30
Prince Chaddha 9a227941a1
Rename hrsale-unauthenticated-lfi.yaml to vulnerabilities/other/hrsale-unauthenticated-lfi.yaml 2021-11-13 23:37:32 +05:30
sandeep b2aa8f9f5b misc updates 2021-11-13 23:01:53 +05:30
sandeep 35bfff6f61 Added skip-variables-check for SSTI template 2021-11-09 22:16:37 +05:30
sandeep cb74944f43 misc updates 2021-11-08 15:45:54 +05:30
Prince Chaddha c51bbf8715
Merge pull request #3099 from ImNightmaree/master
Create ecshop-sql.yaml
2021-11-08 13:44:54 +05:30
Prince Chaddha 5a6c30c7cf
Update ecshop-sqli.yaml 2021-11-08 13:42:44 +05:30
Prince Chaddha 85741bbcf9
Update and rename ecshop-sql.yaml to ecshop-sqli.yaml 2021-11-08 13:42:13 +05:30
Prince Chaddha 06bb1f444c
Update seowon-router-rce.yaml 2021-11-08 12:49:37 +05:30
Prince Chaddha 7973948360
Update seowon-router-rce.yaml 2021-11-08 12:43:14 +05:30
GwanYeong Kim 6183e248d8 Create seowon-router-rce.yaml
Execute commands without authentication as admin user, To use it in all versions, we only enter the router ip & Port(if available) in the request The result of the request is visible on the browser page

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-11-07 14:50:39 +09:00
ImNightmaree 797d9066a1
More linting 2021-11-07 02:49:07 +00:00
ImNightmaree b77df460dd
Linting 2021-11-07 02:39:21 +00:00
ImNightmaree bbecf3965a
Update ecshop-sql.yaml 2021-11-07 02:36:28 +00:00
ImNightmaree 38135df2a6
Update ecshop-sql.yaml 2021-11-07 02:30:38 +00:00
ImNightmaree f37527101c
Create ecshop-sql.yaml 2021-11-07 02:03:09 +00:00
sandeep 5fa10c4b64 cves update 2021-11-06 12:34:04 +05:30
Prince Chaddha 86f00468e1
Merge pull request #3070 from ImNightmaree/patch-2
Vanguard CMS Post-XSS
2021-11-06 00:13:58 +05:30
Prince Chaddha b66427b7c1
Update and rename wp-plugin-ad-widget-lfi.yaml to vulnerabilities/wordpress/ad-widget-lfi.yaml 2021-11-06 00:06:13 +05:30
Prince Chaddha a57cb5081a
Update vanguard-post-xss.yaml 2021-11-05 21:36:53 +05:30
sandeep eef5252cc5 file name update 2021-11-05 06:01:59 +05:30
ImNightmaree e98a1b4085
Update vanguard-post-xss 2021-11-04 16:56:40 +00:00
ImNightmaree 5a94091468
Create vanguard-post-xss 2021-11-04 15:12:47 +00:00
sandeep 915bb09a82 updating file name 2021-11-04 15:43:49 +05:30
sandeep 67f3530dbf Added meta info 2021-11-03 17:27:53 +05:30
sandeep be65921cc3 Added remediation information 2021-11-03 17:11:48 +05:30
sandeep c06cc9f690 Added Sitecore Experience Platform Pre-Auth RCE 2021-11-03 16:52:25 +05:30
sandeep e2b4d2b29c misc update 2021-11-03 02:54:23 +05:30
sandeep b83e79a8fe moving files around 2021-11-01 19:36:21 +05:30
sandeep f650961021 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into gitlab-updates 2021-11-01 19:21:55 +05:30
Prince Chaddha c4b7bb3bd2
Merge pull request #3032 from r3dg33k/wordpress-rdf-user-enum
wordpress-rdf-user-enum
2021-11-01 15:43:00 +05:30
Prince Chaddha 7b20a25fc6
Update and rename wordpress-rdf-user-enum.yaml to rdf-user-enumeration.yaml 2021-11-01 15:37:58 +05:30
Prince Chaddha a862dc3a6f
Update wordpress-rdf-user-enum.yaml 2021-11-01 15:33:06 +05:30
Prince Chaddha ff5b68a343
Update wordpress-rdf-user-enum.yaml 2021-11-01 15:30:54 +05:30
Prince Chaddha 3decaed012
Merge pull request #3036 from Akokonunes/patch-64
Create wp-theme-diarise-lfi.yaml
2021-11-01 14:54:58 +05:30
Prince Chaddha 756ed2c443
Update and rename wp-theme-diarise-lfi.yaml to vulnerabilities/wordpress/diarise-theme-lfi.yaml 2021-11-01 14:37:16 +05:30
Noam Rathaus 4381a462e2 Add description 2021-10-31 16:00:56 +02:00
Noam Rathaus d277d83c8e Add description 2021-10-31 15:58:17 +02:00
sandeep 8e27d69da4 misc update 2021-10-31 16:24:36 +05:30
Geeknik Labs 26c298ed03
Update top-xss-params.yaml
added an additional 23 parameters and matchers
2021-10-30 16:26:28 -05:00
sandeep 8c3f98c767 fixed invalid template syntax 2021-10-30 16:47:35 +05:30