daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,668 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

20668 Commits (44a0a5c09b7580b7323cd8bfaea17422f488e558)

Author SHA1 Message Date
Ritik Chaddha 44a0a5c09b
updated header 2023-02-10 14:21:09 +05:30
Ritik Chaddha 70d9e4e175
updated matcher part 2023-02-01 14:23:01 +05:30
Ayden Colby 1adc897f3f
Update cache-poisoning-fuzz.yaml 
Proposed fixes to cache-poisoning-fuzz.yaml based on issue #5070

What I believe was wrong before:
 - The author of this template used the {{uniq}} in three places in the template, however, all three values are different with each pair of requests. This means that the cache buster query changes between request 1 and request 2, causing cache poisoning detection to not work properly. 

Implemented fixes:
 - Changed the cache buster query to be the same for request 1 and request 2, allowing for proper cache poisoning detection
 - Used the consistent {{randstr}} preprocessor as the value for headers, since {{uniq}} would not be detected in the matchers as it changes every call
 - Used the same User-Agent for each request, as having user agents change between request 1 and request 2 could cause a cache to miss
 - Added a matching condition for {{randstr}} to exist in both responses to avoid false positives
 - Added reference to portswigger's web cache poisoning lesson

Side notes:
 - The tag "fuzz" for some reason caused errors on my nuclei instance, but "fuzzing" would not. However, I left it alone in case it is just a local issue
 - Template tested on and properly detected web cache poisoning for https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws/lab-web-cache-poisoning-targeted-using-an-unknown-header
 2022-10-02 19:35:04 -04:00
GitHub Action 7633a5e287 Auto Generated New Template Addition List [Sun Oct 2 19:06:31 UTC 2022] 🤖 2022-10-02 19:06:31 +00:00
sandeep ff5614ea6c moving template around 2022-10-03 00:36:08 +05:30
GitHub Action 0d87023706 Auto README Update [Sat Oct 1 18:56:33 UTC 2022] 🤖 2022-10-01 18:56:33 +00:00
GitHub Action d220094c70 Auto Generated Templates Stats [Sat Oct 1 18:56:15 UTC 2022] 🤖 2022-10-01 18:56:15 +00:00
GitHub Action 5f4b77f3a7 Auto Generated New Template Addition List [Sat Oct 1 18:48:44 UTC 2022] 🤖 2022-10-01 18:48:44 +00:00
Prince Chaddha aab1f89784
Update oracle-access-manager-detect.yaml 2022-10-02 00:18:28 +05:30
GitHub Action 43f172f5e2 Auto Generated New Template Addition List [Sat Oct 1 18:46:50 UTC 2022] 🤖 2022-10-01 18:46:50 +00:00
Prince Chaddha fb077b2d8c
Update aem-dump-contentnode.yaml 2022-10-02 00:16:29 +05:30
GitHub Action ab62d37287 Auto Generated New Template Addition List [Sat Oct 1 15:32:29 UTC 2022] 🤖 2022-10-01 15:32:29 +00:00
Prince Chaddha 1b62167c54
Merge pull request #5524 from tess-ss/patch-15 
Create unauthenticated-duplicator-disclosure.yaml
 2022-10-01 21:02:11 +05:30
Prince Chaddha 66059c01e2
Update unauthenticated-duplicator-disclosure.yaml 2022-10-01 20:59:50 +05:30
GitHub Action b2f853b914 Auto Generated CVE annotations [Sat Oct 1 10:06:27 UTC 2022] 🤖 2022-10-01 10:06:27 +00:00
GitHub Action 657b46762d Auto Generated New Template Addition List [Sat Oct 1 09:49:02 UTC 2022] 🤖 2022-10-01 09:49:02 +00:00
Prince Chaddha e961340d84
Merge pull request #5514 from edoardottt/CVE-2020-20285 
Add CVE-2020-20285
 2022-10-01 15:18:43 +05:30
Prince Chaddha b47f1de97b
Update CVE-2020-20285.yaml 2022-10-01 15:15:15 +05:30
Prince Chaddha 06c2254f2f
Update CVE-2020-20285.yaml 2022-10-01 14:57:54 +05:30
GitHub Action 024a8a3b57 Auto Generated New Template Addition List [Sat Oct 1 09:15:21 UTC 2022] 🤖 2022-10-01 09:15:21 +00:00
Prince Chaddha bbf623b071
Merge pull request #5501 from johnk3r/master 
Create prtg-weak-login.yaml
 2022-10-01 14:45:03 +05:30
GitHub Action 7e334f698c Auto Generated New Template Addition List [Sat Oct 1 09:14:45 UTC 2022] 🤖 2022-10-01 09:14:45 +00:00
Prince Chaddha 97573f38c9
Merge pull request #5526 from daffainfo/patch-9 
fix: false negative xenforo-detect template
 2022-10-01 14:44:27 +05:30
Prince Chaddha 130621e483
Update xenforo-detect.yaml 2022-10-01 14:41:27 +05:30
Prince Chaddha b6e02546c5
Update xenforo-detect.yaml 2022-10-01 14:41:12 +05:30
GitHub Action c33ce0fa4f Auto Generated CVE annotations [Sat Oct 1 08:54:02 UTC 2022] 🤖 2022-10-01 08:54:02 +00:00
Prince Chaddha 222d9f638d
Update and rename prtg-weak-login.yaml to prtg-default-login.yaml 2022-10-01 14:19:54 +05:30
GitHub Action f320723145 Auto Generated New Template Addition List [Sat Oct 1 08:41:06 UTC 2022] 🤖 2022-10-01 08:41:06 +00:00
Prince Chaddha 8216005cc7
Merge pull request #5509 from edoardottt/CVE-2022-38553 
Add CVE-2022-38553
 2022-10-01 14:10:48 +05:30
Prince Chaddha 4aa1040202
Update CVE-2022-38553.yaml 2022-10-01 14:09:15 +05:30
GitHub Action 9588d0c2f9 Auto Generated New Template Addition List [Sat Oct 1 08:37:27 UTC 2022] 🤖 2022-10-01 08:37:27 +00:00
Prince Chaddha a5edc79cf3
Merge pull request #5508 from pussycat0x/master 
Unauthenticated kubecost detect
 2022-10-01 14:07:08 +05:30
GitHub Action c6d2176f73 Auto Generated New Template Addition List [Sat Oct 1 08:34:44 UTC 2022] 🤖 2022-10-01 08:34:44 +00:00
Prince Chaddha 42f3df9055
Merge pull request #5505 from edoardottt/gitea-signup 
Add Gitea Signup
 2022-10-01 14:04:24 +05:30
Prince Chaddha 1f4b5fe377
Update unauth-kubecost.yaml 2022-10-01 14:04:08 +05:30
GitHub Action 1f06cafe08 Auto Generated New Template Addition List [Sat Oct 1 08:30:31 UTC 2022] 🤖 2022-10-01 08:30:32 +00:00
Prince Chaddha 06f38b6eb3
Merge pull request #5503 from tess-ss/patch-14 
Create remedy-axis-login.yaml
 2022-10-01 14:00:13 +05:30
Prince Chaddha ef2fbc14a5
Update gitea-public-signup.yaml 2022-10-01 13:59:34 +05:30
Prince Chaddha 5ee3af04a5
Update remedy-axis-login.yaml 2022-10-01 13:50:22 +05:30
GitHub Action 1212455659 Auto Generated New Template Addition List [Sat Oct 1 08:08:58 UTC 2022] 🤖 2022-10-01 08:08:58 +00:00
Prince Chaddha 703465f3fc
Merge pull request #5487 from gy741/rule-add-v128 
Update fingerprinthub-web-fingerprints
 2022-10-01 13:38:38 +05:30
GitHub Action 7bdc5bda70 Auto Generated New Template Addition List [Sat Oct 1 08:08:14 UTC 2022] 🤖 2022-10-01 08:08:14 +00:00
GitHub Action 0e4ff9f2c8 Auto Generated New Template Addition List [Sat Oct 1 08:07:56 UTC 2022] 🤖 2022-10-01 08:07:56 +00:00
Prince Chaddha a40f5ec56d
Merge pull request #5481 from gy741/rule-add-v124 
Create somansa-dlp-detect
 2022-10-01 13:37:50 +05:30
Prince Chaddha d69feb60c5
Merge pull request #5482 from gy741/rule-add-v125 
Update hp-color-laserjet-detect.yaml
 2022-10-01 13:37:35 +05:30
Prince Chaddha fa67fe2255
Update somansa-dlp-detect.yaml 2022-10-01 13:36:13 +05:30
Muhammad Daffa 22deaa2dac
fix: false negative xenforo-detect template 
- Move the folder from `exposed-panels` to `technologies`
- Change the word matcher to prevent false negative
- Added status matcher
 2022-10-01 11:38:19 +07:00
Ritik Chaddha 6f2f9abaa8
Update unauthenticated-duplicator-disclosure.yaml 2022-10-01 02:56:16 +05:30
Arman d19b29dc55
Create unauthenticated-duplicator-disclosure.yaml 2022-09-30 17:06:18 -04:00
GitHub Action 170dbb21c1 Auto Generated New Template Addition List [Fri Sep 30 20:02:20 UTC 2022] 🤖 2022-09-30 20:02:20 +00:00