Commit Graph

43241 Commits (39891ed558c897e01de4dd66525e73cd54dd5109)

Author SHA1 Message Date
med pro c40cd5259f
Create CVE-2019-15043.yaml 2020-07-04 14:05:56 +01:00
bauthard 84f05e3fec
Update s3-subtakeover.yaml 2020-07-04 17:00:35 +05:30
bauthard b8e86d44f7
Merge pull request #183 from secureITmania/master
S3 takeover pattern
2020-07-04 16:57:49 +05:30
secureITmania 54140411ce
S3 takeover pattern 2020-07-04 16:40:36 +05:30
secureITmania 30cebddb8a
Delete s3-takeover.yaml
YAML format error
2020-07-04 16:38:46 +05:30
secureITmania e2e9261db0
Update s3-takeover.yaml
YAML-formatter validate
2020-07-04 14:57:49 +05:30
secureITmania 86e4b5a478
S3 takeover pattern
I recently identified a subdomain takeover in one of Bug Bounty programs. I notice this pattern was not defined in the old templates. So I added this pattern 
Happy Hunting
2020-07-04 13:41:27 +05:30
bauthard 765b15d79a
Update ntlm-directories.yaml 2020-07-04 10:58:15 +05:30
bauthard 6004fdeb88
Merge pull request #181 from manuelbua/ntlm-dirs-fixes
NTLM directories detection fixes
2020-07-04 10:57:41 +05:30
Manuel Bua cd4da8998a Perform comparison on the normalized header name 2020-07-03 23:07:32 +02:00
Manuel Bua ec5b66a941 Remove duplicate entries 2020-07-03 23:06:50 +02:00
bauthard 243e478cdd
Merge pull request #178 from dwisiswant0/add-cves
Add CVEs (CVE-2020-9757, CVE-2020-8982, CVE-2020-8091, CVE-2020-8982)
2020-07-03 23:45:43 +05:30
dw1 fc3bc06f65 🔥 Add SEOmatic SSTI (CVE-2020-9757) 2020-07-04 00:56:51 +07:00
dw1 53a9952dc7 🔥 Add Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read (CVE-2020-8982) 2020-07-04 00:56:16 +07:00
dw1 b427cfc641 🔥 TYPO3 XSS (CVE-2020-8091) 2020-07-04 00:55:17 +07:00
dw1 919d657c41 🔥 Add Liferay Portal Unauthenticated RCE (CVE-2020-8982) 2020-07-04 00:54:34 +07:00
dw1 c173cb357b 🔧 Update Liferay Portal Detection 2020-07-04 00:53:46 +07:00
bauthard d1eb7d3f68
Merge pull request #177 from dwisiswant0/add-cve-2020-9484
Add CVE-2020-9484
2020-07-03 12:00:19 +05:30
bauthard 3914856fab
Merge pull request #176 from dwisiswant0/development
Update conditions & regexes for exposed-svn
2020-07-03 11:56:08 +05:30
dw1 5756349c14 Add Apache Tomcat RCE by deserialization - CVE-2020-9484 2020-07-03 12:39:02 +07:00
dw1 7760d4f172 🔨 Update conditions & regexes for exposed-svn. Fixes #175 2020-07-03 10:26:33 +07:00
bauthard 72f3939981 syntax updates 2020-07-02 18:11:53 +00:00
bauthard 991376c439
Merge pull request #174 from dwisiswant0/development
Adding Spring Boot Actuators (Jolokia) XXE
2020-07-02 23:07:34 +05:30
dw1 ecd295aff4 🔥 Add Springboot Actuators (Jolokia) XXE Vulnerability 2020-07-02 23:15:33 +07:00
dw1 c167a31784 🔧 Add path requests & matchers for Springboot Actuators 2020-07-02 23:14:39 +07:00
bauthard 6914ef1d5e
Merge pull request #173 from organiccrap/master
updates
2020-07-02 19:33:19 +05:30
organiccrap 2d8c78c263 updates 2020-07-02 21:53:41 +08:00
bauthard 29722f8547
Merge pull request #171 from dwisiswant0/development
Update exposed-svn matchers due to False Positive Results
2020-07-02 17:36:31 +05:30
dw1 43c90fc616 ✏️ Fix misplaced regex & escaping regexes 2020-07-02 18:56:51 +07:00
dw1 4a140eaeec 🔧 Update exposed-svn regexes & request paths 2020-07-02 18:31:10 +07:00
dw1 19cbaad130 🔧 Update exposed-svn matchers 2020-07-02 18:26:21 +07:00
bauthard 94416fe939
Merge pull request #170 from dwisiswant0/fix-cve-2018-16341-false-positives
Fix for false-positive CVE-2018-16341 results
2020-07-02 16:21:35 +05:30
dw1 caf833c28e 🔧 Fix for false-positive CVE-2018-16341 results 2020-07-02 17:45:29 +07:00
bauthard bd1146d77d
Update chained-workflow-multiple-templates.yaml 2020-07-02 15:47:20 +05:30
bauthard 179edf7914
removing extra spaces 2020-07-02 15:43:03 +05:30
bauthard 14494ba4d3
Update CVE-2019-8449.yaml 2020-07-02 15:36:11 +05:30
bauthard b369c971dc
Update and rename tomcat.yaml to public-tomcat-instance.yaml 2020-07-01 11:36:04 +05:30
bauthard 0678eb620c
Update GUIDE.md 2020-07-01 02:36:31 +05:30
bauthard fd0da2c344
Merge pull request #163 from bauthard/master
updating information for chained workflow
2020-07-01 02:13:36 +05:30
bauthard 98267729d8 adding tomcat manager bruteforce 2020-06-30 15:08:39 +00:00
bauthard f2862538ba
Update chained-workflow-multiple-templates.yaml 2020-06-30 18:59:39 +05:30
bauthard b8f26dd6ba
Update chained-workflow-multiple-templates.yaml 2020-06-30 17:20:26 +05:30
bauthard ef2f7352e5
Create chained-workflow-multiple-templates.yaml 2020-06-30 17:15:14 +05:30
bauthard 757bea2468
adding wordpress-directory-listing 2020-06-30 17:06:10 +05:30
bauthard 906e6e918d
Update CVE-2017-7529.yaml 2020-06-30 16:54:48 +05:30
bauthard 737d128c11
Merge pull request #162 from harsh-bothra/patch-3
Create CVE-2017-7529.yaml
2020-06-30 16:53:44 +05:30
bauthard 0801439e54
Update GUIDE.md 2020-06-30 16:46:31 +05:30
Harsh Bothra dbaa71a763
Create CVE-2017-7529.yaml
Remote Integer Overflow in Nginx allows an attacker to extract sensitive information from memory buffer by triggering specially crafted requests.
2020-06-30 16:44:33 +05:30
bauthard 8c3ac9b4a9
Update GUIDE.md 2020-06-30 16:33:05 +05:30
bauthard 2f59c74b28
Update CVE-2019-8449.yaml 2020-06-30 16:31:20 +05:30