daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,895 Commits
17 Branches
0 Tags
160 MiB
Commit Graph

1222 Commits (3e25576d375ca985fae3df87ab3a37edb9d9b48d)

Author SHA1 Message Date
Prince Chaddha 9e25b4871e
Update fatpipe-networks-warp-backdoor.yaml 2021-09-30 16:13:19 +05:30
GwanYeong Kim 606d2b5ea4 Create fatpipe-networks-warp-backdoor.yaml 
The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-09-30 13:38:01 +09:00
GwanYeong Kim 263cadaacf Create fatpipe-networks-warp-auth-bypass.yaml 
Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-09-30 11:07:24 +09:00
Sandeep Singh e9f81943b6
Merge pull request #2759 from projectdiscovery/generic-ssrf 
generic-ssrf
 2021-09-30 03:31:52 +05:30
sandeep 553a7a2480 Update request-based-interaction.yaml 2021-09-30 03:31:03 +05:30
sandeep be297d732b misc update 2021-09-30 03:26:16 +05:30
Prince Chaddha 5c80f9dc4c
Update and rename wp-church-admin-lfi.yaml to vulnerabilities/wordpress/church-admin-lfi.yaml 2021-09-28 15:38:03 +05:30
Prince Chaddha cee46ca968
Update and rename request-interaction-oob.yaml to request-based-interaction.yaml 2021-09-28 15:22:30 +05:30
Prince Chaddha 97ef8f00e2
Update and rename generic-oob-param-based-interaction.yaml to oob-param-based-interaction.yaml 2021-09-28 15:21:41 +05:30
Prince Chaddha 25a971efd4
Update and rename generic-oob-header-based-interaction.yaml to oob-header-based-interaction.yaml 2021-09-28 15:21:27 +05:30
Prince Chaddha 8042d1233e
Create request-interaction-oob.yaml 2021-09-28 15:18:26 +05:30
Prince Chaddha 52a5e33556
Create generic-oob-param-based-interaction.yaml 2021-09-28 15:17:21 +05:30
Prince Chaddha 1a4f6754b4
Create generic-oob-header-based-interaction.yaml 2021-09-28 15:15:57 +05:30
Prince Chaddha 8d7e5b2d24
Merge pull request #2748 from gy741/rule-add-v60 
Create commax-cctv-rtsp-credentials-disclosure.yaml
 2021-09-25 11:49:18 +05:30
Prince Chaddha 2808f46429
Update and rename commax-cctv-rtsp-credentials-disclosure.yaml to commax-credentials-disclosure.yaml 2021-09-25 11:32:31 +05:30
Prince Chaddha 2e7e35eb70
Update and rename ecoa-building-directory-traversal.yaml to ecoa-building-lfi.yaml 2021-09-25 11:22:48 +05:30
GwanYeong Kim fac7f96b34 Create ecoa-building-directory-traversal.yaml 
The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-09-25 08:58:58 +09:00
GwanYeong Kim 59e0eb7ad3 Create commax-cctv-rtsp-credentials-disclosure.yaml 
The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
to disclose RTSP credentials in plain-text.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-09-25 08:43:18 +09:00
Prince Chaddha 93b6f3a799
Merge pull request #2743 from Akokonunes/patch-43 
Create wp-brandfolder-plugin-open-redirect.yaml
 2021-09-25 00:55:20 +05:30
Prince Chaddha d0ee5cbe02
Merge pull request #2744 from Akokonunes/patch-44 
Create wp-brandfolder-plugin-lfi.yaml
 2021-09-25 00:54:30 +05:30
Prince Chaddha f70cc70c26
Update and rename wp-brandfolder-plugin-open-redirect.yaml to vulnerabilities/wordpress/brandfolder-open-redirect.yaml 2021-09-25 00:54:03 +05:30
Prince Chaddha 624c722c5a
Update and rename wp-brandfolder-plugin-lfi.yaml to vulnerabilities/wordpress/brandfolder-lfi.yaml 2021-09-25 00:51:56 +05:30
Prince Chaddha e832a50401
Update issuu-panel-lfi.yaml 2021-09-25 00:49:53 +05:30
Prince Chaddha f35db18633
Update and rename wp-plugin-issuu-panel-lfi.yaml to vulnerabilities/wordpress/issuu-panel-lfi.yaml 2021-09-25 00:47:37 +05:30
Sandeep Singh d75bad52c7
Merge pull request #2732 from Akokonunes/patch-38 
Create product-input-fields-for-woocommerce-file-download.yaml
 2021-09-22 18:19:59 +05:30
sandeep a898a6c3a6 Update wp-woocommerce-file-download.yaml 2021-09-22 18:19:25 +05:30
sandeep dfa85833e2 misc update 2021-09-22 18:18:21 +05:30
Sandeep Singh 551c9127a2
Merge pull request #2733 from Akokonunes/patch-42 
Create cs-cart-unauthenticated-lfi.yaml
 2021-09-22 18:10:38 +05:30
sandeep 18142906f0 moving files around 2021-09-22 18:09:43 +05:30
sandeep a60e8a9d5e misc update 2021-09-22 18:08:32 +05:30
Prince Chaddha 807920c0ac clean-up 2021-09-21 17:16:53 +05:30
Sandeep Singh a5982b8f32
Merge pull request #2721 from nerrorsec/patch-1 
Added a path
 2021-09-21 15:32:42 +05:30
Sandeep Singh e0a8cb25bf
Merge pull request #2725 from projectdiscovery/wp-xmlrpc-pingback-detection 
Added Wordpress XMLRPC Pingback detection
 2021-09-21 15:29:25 +05:30
sandeep d9c5095780 fixing xmlrpc-pingback-ssrf.yaml 2021-09-21 15:21:35 +05:30
Prince Chaddha ff4811e085
Create wordpress-git-config.yaml 2021-09-21 15:21:16 +05:30
sandeep 10a6436f6f Added Wordpress XMLRPC Pingback detection 2021-09-21 15:18:49 +05:30
Prince Chaddha 8034e43e2c
Merge pull request #2711 from 0xSmiley/generic_lfi 
Generic lfi
 2021-09-21 00:11:59 +05:30
Prince Chaddha 8a985aa5c8
Update generic-linux-lfi.yaml 2021-09-20 23:53:49 +05:30
Prince Chaddha 6564d0fca4
Merge pull request #2708 from pussycat0x/master 
New templates
 2021-09-20 14:18:41 +05:30
Sandeep Singh e9e99de988
Merge pull request #2714 from pikpikcu/patch-288 
Update Severity
 2021-09-20 12:20:12 +05:30
PikPikcU 991963fe4a
Update Severity 2021-09-20 12:11:56 +07:00
kn1ght ffe20a273d
fix: typo error 2021-09-19 20:23:22 -03:00
Nuno 083a72b24c Generic Template Updated 2021-09-18 20:13:32 +01:00
Muhammad Daffa 50dfd3dc3d
Update Severity 2021-09-18 21:07:47 +07:00
Sandeep Singh 0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update 2021-09-18 18:19:07 +05:30
sandeep 8c28120218 Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 14:32:13 +05:30
sandeep fb1aee75ce Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 14:28:03 +05:30
Prince Chaddha e183b518db
Update wp-altair-listing.yaml 2021-09-18 14:11:17 +05:30
Prince Chaddha d0c5083632
Update wp-altair-listing.yaml 2021-09-18 14:09:59 +05:30
Prince Chaddha 0523d46ed2 Revert "Delete wp-altair-listing.yaml" 
This reverts commit 05dd3affce.
 2021-09-18 13:54:03 +05:30
Prince Chaddha 05dd3affce
Delete wp-altair-listing.yaml 2021-09-18 13:51:28 +05:30
Prince Chaddha 63cc624c4a
Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 12:14:32 +05:30
Prince Chaddha 893f8d3bc6
Update wp-altair-listing.yaml 2021-09-18 12:01:47 +05:30
pussycat0x 10b3bc327d
Add files via upload 2021-09-18 10:37:16 +05:30
PikPikcU 2a1341274a
Create luftguitar-arbitrary-file-upload.yaml 2021-09-17 21:04:21 +07:00
Prince Chaddha 3deb522abc
Merge pull request #2664 from Akokonunes/patch-37 
Create ecoa-building-automation-lfd.yaml
 2021-09-17 16:47:54 +05:30
Prince Chaddha df59ad5670
Update and rename ecoa-building-automation-lfd.yaml to vulnerabilities/other/ecoa-building-automation-lfd.yaml 2021-09-17 16:39:09 +05:30
Prince Chaddha b00b70c150
Merge pull request #2697 from Akokonunes/patch-39 
Create attitude-wp-theme-open-redirect.yaml
 2021-09-17 15:12:21 +05:30
Prince Chaddha 5cac00bada
Merge pull request #2698 from Akokonunes/patch-40 
Create eatery-restaurant-wp-theme-open-redirect.yaml
 2021-09-17 15:12:09 +05:30
Prince Chaddha a40530d9d4
Update and rename eatery-restaurant-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml 2021-09-17 15:10:30 +05:30
Prince Chaddha 69e546ea4d
Update attitude-theme-open-redirect.yaml 2021-09-17 15:10:23 +05:30
Prince Chaddha c5ccf9d991
Update and rename attitude-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/attitude-theme-open-redirect.yaml 2021-09-17 15:08:59 +05:30
Prince Chaddha 2e8329b645
Update and rename weekender-newspaper-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml 2021-09-17 15:06:13 +05:30
Geeknik Labs 03a79aa0c3
Update jenkins-script.yaml 2021-09-16 15:17:15 -05:00
sandeep 676b51d20c Metadata attribute update 2021-09-16 21:24:33 +05:30
Prince Chaddha 18879698fa
Update bullwark-momentum-lfi.yaml 2021-09-13 15:55:14 +05:30
Prince Chaddha e18cc14218
Update bullwark-momentum-lfi.yaml 2021-09-13 15:34:18 +05:30
sandeep 546bd6a038 matcher update 2021-09-13 15:28:35 +05:30
sandeep 34bba4e794 misc update 2021-09-12 17:10:52 +05:30
Noam Rathaus 46b16bcfa2 Incomplete title 2021-09-12 14:16:01 +03:00
Noam Rathaus 59525a5846 Working reference 2021-09-12 13:02:41 +03:00
Noam Rathaus e602575ae0 Working reference 2021-09-12 12:58:48 +03:00
Noam Rathaus fb2f89bc86 References 2021-09-12 12:58:43 +03:00
Noam Rathaus 624162cca7 Working reference 2021-09-12 12:50:53 +03:00
Noam Rathaus 896343be12 Clarify description 2021-09-12 12:41:33 +03:00
sandeep dde7140ff9 misc update 2021-09-11 23:46:31 +05:30
sandeep 207c140c50 moving files around 2021-09-11 21:06:36 +05:30
Philippe Delteil c41f64987b
Update wordpress-db-repair.yaml 
Solves this false positive (different encoding) 

nuclei -debug -t   nuclei-templates/vulnerabilities/wordpress/wordpress-db-repair.yaml -u https://try.walmart.com

<p><code>define(&#39;WP_ALLOW_REPAIR&#39;, true);
 2021-09-10 17:18:15 -03:00
Sandeep Singh cf4ef2ac5a
Merge pull request #2622 from projectdiscovery/missing-tags 2021-09-10 12:32:47 +05:30
sandeep bd24dc198e Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
Prince Chaddha 67766f381a
Merge pull request #2600 from Akokonunes/patch-35 
Create phpwiki-lfi.yaml
 2021-09-09 15:02:41 +05:30
Prince Chaddha 6ce33e2f47
Rename phpwiki-lfi.yaml to vulnerabilities/other/phpwiki-lfi.yaml 2021-09-09 15:01:35 +05:30
Prince Chaddha 576499034d
Update wordpress-rce-simplefilelist.yaml 2021-09-09 12:09:13 +05:30
Prince Chaddha 08dac56385
Update simple-employee-rce.yaml 2021-09-09 12:06:24 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
Prince Chaddha 9b75486616
Rename homeautomation-v3-openredirect.yaml to vulnerabilities/other/homeautomation-v3-openredirect.yaml 2021-09-07 18:07:48 +05:30
Sandeep Singh e6a71e0e80
Merge pull request #2593 from projectdiscovery/openvpn-hhi 
Added OpenVPN Host Header Injection
 2021-09-06 18:56:27 +05:30
Sandeep Singh e31a75af04
Merge pull request #2595 from projectdiscovery/host-header-injection 
Create host-header-injection.yaml
 2021-09-06 18:56:09 +05:30
Prince Chaddha 4075664390
Merge pull request #2580 from Akokonunes/patch-29 
Create gSOAP-LFl.yaml
 2021-09-06 17:36:18 +05:30
Prince Chaddha e9d5665383
Update gsoap-lfi.yaml 2021-09-06 17:34:51 +05:30
Prince Chaddha 1942d13ed6
Update openvpn-hhi.yaml 2021-09-06 17:15:30 +05:30
Prince Chaddha acd4624200
Create host-header-injection.yaml 2021-09-06 17:14:27 +05:30
Prince Chaddha 842f66380f Revert "Create host-header-injection.yaml" 
This reverts commit 6abfcd80e1.
 2021-09-06 17:13:48 +05:30
Prince Chaddha 6abfcd80e1
Create host-header-injection.yaml 2021-09-06 17:13:20 +05:30
sandeep cec54e6d51 tags update 
Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com>
 2021-09-06 16:15:07 +05:30
sandeep c105e41fa4 Added OpenVPN Host Header Injection 
Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com>
 2021-09-06 16:13:17 +05:30
Prince Chaddha f6e52a6739
Merge pull request #2585 from sullo/master 
Updates across many templates for clarity, spelling, and grammar.
 2021-09-06 15:02:52 +05:30
Prince Chaddha 7579fe98c2
Update and rename minimouse-lfi.yaml to vulnerabilities/other/minimouse-lfi.yaml 2021-09-06 14:44:39 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Prince Chaddha bf1d6374b2
Rename gSOAP-LFl.yaml to vulnerabilities/other/gsoap-lfi.yaml 2021-09-05 19:22:07 +05:30