Commit Graph

1231 Commits (55d45baf57d3be45287dadd1b26f9139835cae22)

Author SHA1 Message Date
Prince Chaddha 5fcba18d1e
Merge pull request #1349 from projectdiscovery/princechaddha-patch-14
Create xunchi-file-read.yaml
2021-04-26 21:06:27 +05:30
Prince Chaddha ac29e9a622
Merge pull request #1348 from projectdiscovery/princechaddha-patch-13
Create xiuno-bbs-reinstallation.yaml
2021-04-26 21:05:39 +05:30
Prince Chaddha 4cc83776f3
Merge pull request #1352 from projectdiscovery/princechaddha-patch-17
Create ecology-springframework-directory-traversal.yaml
2021-04-26 20:48:30 +05:30
Noam Rathaus 2e1e0e932f Product name 2021-04-26 09:07:57 +03:00
Noam Rathaus 19a4bbc844 Correct product name, and link to the Gitee 2021-04-26 09:03:24 +03:00
Noam Rathaus 3857469468 Add reference 2021-04-26 09:01:39 +03:00
Noam Rathaus 909a0ce4dd Product seems to be called ectouch 2021-04-26 08:51:08 +03:00
Noam Rathaus bb974381b5 add references 2021-04-26 08:48:16 +03:00
Jurjen de Jonge b9ad93a3cd Reverted back to old technique
The ;INSERT method only seemed to work on my dev enviroment.
2021-04-24 22:15:57 +03:00
Jurjen de Jonge 5f264c9891 Updated chamilo-lms-sqli.yaml
Uses SQL injection to insert data into the database, then checks to see
if this data has been added;
2021-04-24 21:41:38 +03:00
Jurjen de Jonge d4e8720797 Chamilo 1.11.14 LMS sql injection
YAML file is now indented correctly
2021-04-24 19:35:29 +03:00
Jurjen de Jonge 2f7746fe3d Chamilo 1.11.14 LMS sql injection 2021-04-24 19:11:58 +03:00
Prince Chaddha 71e25fa42d
Create ecology-springframework-directory-traversal.yaml 2021-04-23 18:52:08 +05:30
Prince Chaddha 85bc6464cb
Create ecology-filedownload-directory-traversal.yaml 2021-04-23 18:50:11 +05:30
Prince Chaddha 2aa7764e58
Create zcms-v3-sqli.yaml 2021-04-23 18:48:00 +05:30
Prince Chaddha 525475ea2e
Create xunchi-file-read.yaml 2021-04-23 18:45:02 +05:30
Prince Chaddha 3527ffcd5c
Update xiuno-bbs-reinstallation.yaml 2021-04-23 18:41:15 +05:30
Prince Chaddha bfa6113b45
Create xiuno-bbs-reinstallation.yaml 2021-04-23 18:40:17 +05:30
Prince Chaddha 9341841862
Create wuzhicms-sqli.yaml 2021-04-23 18:26:43 +05:30
Prince Chaddha bfae33ab72
Create ueditor-file-upload.yaml 2021-04-23 17:45:09 +05:30
Prince Chaddha fcb93ad108
Create spark-webui-unauth.yaml 2021-04-23 17:37:19 +05:30
sandeep f7875a24d6 Adding Apache Solr <= 8.8.1 Arbitrary File Read 2021-04-23 15:48:04 +05:30
Prince Chaddha ed1f462a3c
Create resin-cnnvd-200705-315.yaml 2021-04-22 19:37:30 +05:30
Prince Chaddha 376e8ec590
Create resin-inputfile-fileread.yaml 2021-04-22 19:16:56 +05:30
Prince Chaddha edbe48cdf7
Update resin-viewfile-lfr.yaml 2021-04-22 19:14:41 +05:30
Prince Chaddha bafc6d146a
Update resin-viewfile-lfr.yaml 2021-04-22 19:13:46 +05:30
Prince Chaddha 175bd1780d
Create resin-viewfile-lfr.yaml 2021-04-22 14:46:29 +05:30
Prince Chaddha b9e013caec
Create sangfor-edr-auth-bypass.yaml 2021-04-22 14:37:32 +05:30
Prince Chaddha 7b051a70a9
Create WooYun-2015-148227.yaml 2021-04-22 14:29:47 +05:30
Prince Chaddha af89aaf731
Update unauth-spark-api.yaml 2021-04-22 14:23:08 +05:30
Prince Chaddha 6c80ff0b68
Update unauth-spark-api.yaml 2021-04-22 13:48:03 +05:30
Prince Chaddha c89872228c
Update unauth-spark-api.yaml 2021-04-22 13:46:18 +05:30
Prince Chaddha 22ddf02690
Create unauth-spark-api.yaml 2021-04-22 13:45:01 +05:30
sandeep 333c7965ad Adding Showdoc < 2.8.6 File Upload RCE 2021-04-22 01:04:21 +05:30
Prince Chaddha d8ccf26cc5
Merge pull request #1222 from projectdiscovery/princechaddha-patch-7
Create feifeicms-lfr.yaml
2021-04-21 23:56:37 +05:30
Prince Chaddha 89dd2b02a6
Merge pull request #1210 from projectdiscovery/princechaddha-patch-1
Create 74cms-sqli.yaml
2021-04-21 23:54:00 +05:30
Prince Chaddha 8d53d57728
Merge pull request #1243 from projectdiscovery/princechaddha-patch-12
Create maccmsv10-backdoor.yaml
2021-04-21 23:49:17 +05:30
Prince Chaddha 41b35fe99b
Merge pull request #1242 from projectdiscovery/princechaddha-patch-11
Create myucms-lfr.yaml
2021-04-21 23:48:16 +05:30
Prince Chaddha 63effa3f1f
Merge pull request #1279 from projectdiscovery/princechaddha-patch-16
Create nuuo-file-inclusion.yaml
2021-04-21 23:41:50 +05:30
Noam Rathaus e5e995e909 Usually matchers is under requests and not at top level 2021-04-20 18:40:55 +03:00
Prince Chaddha 3fa6b9fb74
Create nuuo-file-inclusion.yaml 2021-04-14 01:57:44 +05:30
sandeep 9302d0397b Update eyou-email-rce.yaml 2021-04-14 01:54:06 +05:30
sandeep 19553cf671 matcher improvements 2021-04-14 01:53:24 +05:30
PikPikcU 98af0ce0cc
Create erp-nc-directory-traversal.yaml 2021-04-13 07:18:15 +00:00
PikPikcU c19e8aa1cc
Create qi-anxin-netkang-next-generation-firewall-rce.yaml 2021-04-13 07:13:07 +00:00
PikPikcU 9583b3bbd5
Create oa-v9-uploads-file.yaml 2021-04-13 07:06:02 +00:00
PikPikcU 52f5496134
Create core-chuangtian-cloud-rce.yaml 2021-04-13 06:53:27 +00:00
PikPikcU fb3b481ae8
Create eyou-email-rce.yaml 2021-04-13 06:40:20 +00:00
sandeep d96746d193 minor update 2021-04-11 17:24:54 +05:30
PikPikcU cdac8b34a6
Create turbocrm-xss.yaml 2021-04-11 00:22:56 +00:00
Prince Chaddha 1df35d4f32
Create maccmsv10-backdoor.yaml 2021-04-10 03:30:22 +05:30
Prince Chaddha 939b8bee6c
Create myucms-lfr.yaml 2021-04-10 03:10:57 +05:30
Prince Chaddha 03c6126f60
Create etouch-v2-sqli.yaml 2021-04-07 22:03:17 +05:30
Prince Chaddha 797098e7fc
Create feifeicms-lfr.yaml 2021-04-07 19:54:35 +05:30
Prince Chaddha 220a6461fb
Create 74cms-sqli.yaml 2021-04-06 23:59:29 +05:30
sandeep 8fdfc64e54 misc tag updates 2021-04-06 12:16:11 +05:30
sandeep d34ca6773b misc changes 2021-04-05 23:55:18 +05:30
sandeep e934241101 Update empirecms-xss.yaml 2021-04-05 22:13:16 +05:30
PikPikcU d789177b06
Create empirecms-xss.yaml 2021-04-05 08:16:27 +00:00
PD-Team 59574cc701
Revert "Create apache-spark-rce" 2021-03-26 00:16:29 +05:30
sandeep 28bf41830f Merge branch 'patch-104' of https://github.com/pikpikcu/nuclei-templates into pikpikcu-patch-104 2021-03-25 22:37:34 +05:30
Mzack9999 351167e91f removing redundant boolean check 2021-03-25 00:28:50 +01:00
PD-Team 1e541d324f
Merge pull request #1116 from pikpikcu/patch-127
Create tpshop-directory-traversal.yaml
2021-03-21 21:04:43 +05:30
sandeep 7af81a3ce8 Update tpshop-directory-traversal.yaml 2021-03-21 21:04:33 +05:30
PikPikcU 7674824c98
Create xdcms-sqli.yaml 2021-03-21 10:15:44 +00:00
PikPikcU ce51bfee06
Create tpshop-directory-traversal.yaml 2021-03-21 02:53:52 +00:00
sandeep d2115fa8f6 Update hashicorp-consul-rce.yaml 2021-03-18 18:37:43 +05:30
sandeep 4e16407c52 Update hashicorp-consul-rce.yaml 2021-03-18 18:36:13 +05:30
sandeep 3c8432686c Update viewlinc-crlf-injection.yaml 2021-03-16 14:05:20 +05:30
Geeknik Labs e951c75c59
Update viewlinc-crlf-injection.yaml 2021-03-15 20:04:37 +00:00
Geeknik Labs 0068d7ae0c
Create viewlinc-crlf-injection.yaml
This was discovered whilst participating in a private Hacker0x01 bug bounty program.
2021-03-15 20:00:56 +00:00
PikPikcU 6689aa0a81
Create dedecms-carbuyaction-fileinclude.yaml 2021-03-15 08:40:45 +00:00
PikPikcU 332ccbdb36
Create dedecms-membergroup-sqli.yaml 2021-03-15 08:01:47 +00:00
PD-Team fb65d9341b
Merge branch 'master' into patch-4 2021-03-15 00:30:30 +05:30
sandeep ffae74a6a8 Updated to openam-detection 2021-03-15 00:27:59 +05:30
PD-Team 47a7ea85e0
Merge pull request #1066 from r3naissance/master
Add teacherease-xss and parentlink-xss to /vulnerabilities/other/
2021-03-14 17:12:05 +05:30
sandeep e18b34cc64 few updates 2021-03-14 17:07:52 +05:30
Dhiyaneshwaran ed87cc42a8
Create pmb-local-file-disclosure.yaml 2021-03-12 22:42:45 +05:30
sandeep a0785510f5 Update apache-flink-unauth-rce.yaml 2021-03-12 12:42:17 +05:30
sandeep db18f137e6 linting updates 2021-03-12 12:40:16 +05:30
Chapman Schleiss 655308b864
Added reference 2021-03-11 09:50:26 -07:00
sandeep 86faa863f6 Added some reference 2021-03-11 20:33:36 +05:30
Chapman Schleiss 881cedaabc Adding teacherease-xss 2021-03-10 12:36:44 -07:00
Chapman Schleiss 8a015fe306 Adding parentlink-xss 2021-03-10 12:36:08 -07:00
sandeep ed91c0813e more typos 2021-03-10 19:45:41 +05:30
sandeep 04cc9c44fb xss matchers update 2021-03-04 21:32:34 +05:30
sandeep e9c9c4822f misc update 2021-03-04 21:04:06 +05:30
PikPikcU 4e31596426
Fix 🛠️ 2021-03-03 22:07:46 +07:00
PikPikcU 8a2f8ca4ee
Fix name 🛠️ 2021-03-03 22:03:52 +07:00
PikPikcU b831644c7e
Update apache-sprak-rce.yaml 2021-03-03 21:49:11 +07:00
PikPikcU 0389429c1f
Create apache-sprak-rce.yaml 2021-03-03 11:02:51 +00:00
sandeep fdd015042f Update simple-employee-rce.yaml 2021-03-02 21:42:00 +05:30
PikPikcU 0e78ce0a5b
Create simple-employee-rce.yaml 2021-03-01 11:40:03 +00:00
PikPikcU b9d3325fc6
Create ruijie-networks-lfi.yaml 2021-03-01 10:21:32 +00:00
sandeep 4c319fc79f Update ruijie-networks-rce.yaml 2021-03-01 13:37:10 +05:30
PikPikcU 7ec42cf499
Update ruijie-networks-rce.yaml 2021-03-01 06:57:32 +00:00
PikPikcU c55692e01c
Create ruijie-networks-rce.yaml 2021-03-01 06:56:46 +00:00
PikPikcU 6a4bd45625
Add tags 2021-02-27 00:39:28 +07:00
PikPikcU 481ba6aba1
Create duomicms-sql-injection.yaml 2021-02-26 22:44:31 +07:00
sandeep e29525ecf7 Update hashicorp-consul-rce.yaml 2021-02-26 17:32:50 +05:30
sandeep a15fad8cb7 Update hashicorp-consul-rce.yaml 2021-02-26 17:01:59 +05:30
PikPikcU d926680125
Update hashicorp-consul-rce.yaml 2021-02-26 11:29:22 +00:00
PikPikcU 52f6fab37b
Update hashicorp-consul-rce.yaml 2021-02-26 11:06:28 +00:00
PikPikcU 50f5c91edf
Create hashicorp-consul-rce.yaml 2021-02-26 09:02:50 +00:00
sandeep 1355185b45 improved matcher 2021-02-25 23:04:21 +05:30
PD-Team 237b268e31
Merge pull request #937 from pikpikcu/patch-82
Create weiphp-path-traversal
2021-02-25 18:43:18 +05:30
sandeep 1dbd3b082b matcher update 2021-02-25 18:29:49 +05:30
PikPikcU 277f7c21d6
Delete weiphp-sql-injection.yaml 2021-02-25 12:37:44 +00:00
PikPikcU bf11f5889f
Update weiphp-sql-injection.yaml 2021-02-25 12:02:35 +00:00
sandeep 609ac0e098 Update rockmongo-xss.yaml 2021-02-25 17:16:33 +05:30
sandeep 3ea4c3a826 Update rockmongo-xss.yaml 2021-02-25 17:15:21 +05:30
PikPikcU 63a71afa62
Create rockmongo-xss.yaml 2021-02-25 11:28:40 +00:00
sandeep c2982994a4 Update weiphp-sql-injection.yaml 2021-02-25 16:36:57 +05:30
sandeep 30483cf1e5 Update weiphp-path-traversal.yaml 2021-02-25 16:18:18 +05:30
PikPikcU 4a55ac7128
Update weiphp-sql-injection.yaml 2021-02-25 10:02:04 +00:00
PikPikcU e81b961873
Update weiphp-sql-injection.yaml 2021-02-25 09:51:58 +00:00
PikPikcU fe995933bc
Create weiphp-sql-injection.yaml 2021-02-25 09:49:18 +00:00
sandeep 48f55d25d0 Update weiphp-path-traversal.yaml 2021-02-25 15:03:56 +05:30
PikPikcU f0f11568c0
Update weiphp-path-traversal.yaml 2021-02-25 09:07:26 +00:00
PikPikcU b18c68674c
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00
PD-Team 9e9aa20646
Merge pull request #929 from pikpikcu/patch-80
zhiyuan-oa session leak
2021-02-24 23:24:28 +05:30
sandeep a0175f96c4 Update zhiyuan-oa-info-leak.yaml 2021-02-24 23:22:23 +05:30
sandeep 00abdb4732 Update yarn-resourcemanager-rce.yaml 2021-02-24 21:29:13 +05:30
sandeep 99b1ae2d46 Improved matcher 2021-02-24 21:28:48 +05:30
PikPikcU 2f39160e65
Create zhiyuan-oa-info-leak.yaml 2021-02-24 08:07:57 +00:00
PikPikcU b86a406d26
Create zhiyuan-oa-session-leak.yaml 2021-02-24 08:06:28 +00:00
sandeep cd2a3a7a77 Update dedecms-openredirect.yaml 2021-02-20 23:12:14 +05:30
PikPikcU d118e3e8cf
Create dedecms-openredirect.yaml 2021-02-21 00:35:47 +07:00
sandeep 6f74d31e0b few updates 2021-02-20 22:41:54 +05:30
PikPikcU 6ace5ab376
Create finereport-path-traversal.yaml 2021-02-20 23:36:48 +07:00
sandeep 5ffc1aa211 Update metinfo-lfi.yaml 2021-02-20 19:24:20 +05:30
PikPikcU 6e19a6eb45
Create metinfo-lfi.yaml 2021-02-20 07:25:43 +07:00
sandeep d77862ef7b adding tags 2021-02-19 13:51:21 +05:30
PikPikcU e537b279a0
Create cisco-webui-rce.yaml 2021-02-19 14:39:32 +07:00
sandeep b538a7f481 Update seacms-rce.yaml 2021-02-18 20:38:50 +05:30
PikPikcU 15bff234ef
Create seacms-rce.yaml 2021-02-18 20:05:35 +07:00
sandeep b4a9d2ec68 Update cacti-weathermap-file-write.yaml 2021-02-16 02:17:45 +05:30
PikPikcU ef6b416535
Create cacti-weathermap-file-write.yaml 2021-02-15 04:39:47 +00:00
sandeep eb50c32a64 Update rails6-xss.yaml 2021-02-15 04:27:45 +05:30
sandeep 58835cfc59 Update oa-tongda-path-traversal.yaml 2021-02-14 20:24:12 +05:30
PikPikcU 9362086705
Create oa-tongda-path-traversal.yaml 2021-02-14 12:22:51 +00:00
sandeep 0e5a07232f misc changes 2021-02-14 16:29:41 +05:30
PikPikcU 197bf2286e
Create powercreator-cms-rce.yaml 2021-02-14 08:40:45 +00:00
sandeep 768c05a9df Update rce-shellshock-user-agent.yaml 2021-02-13 10:25:02 +05:30
sandeep ec7a29957d Adding tags to vulnerabilities and workflows 2021-02-12 11:23:01 +05:30
Khaled Mohamed e7c6731d1a
Update
Edit after update from Mohamed elbadry @melbadry9
2021-02-11 22:53:19 +02:00
sandeep 5c419acb32 misc updates 2021-02-12 02:03:38 +05:30
PikPikcU 82acc49390
Update and rename thinkcmf-shell-write.yaml to thinkcmf-rce.yaml 2021-02-11 17:49:03 +00:00
PikPikcU 29eda8d1ab
Create thinkcmf-shell-write.yaml 2021-02-11 17:31:25 +00:00
sandeep e6c31e6512 Update thinkcmf-lfi.yaml 2021-02-11 22:23:14 +05:30
PikPikcU 2b8c738e03
Create thinkcmf-lfi.yaml 2021-02-11 15:46:20 +00:00
PikPikcU f27418b7ba
Added apache-flink-rce (#810) 2021-02-10 20:48:24 +05:30
PD-Team 83fb22a81b
Merge pull request #801 from pikpikcu/patch-42
Adding sangfor-edr-rce
2021-02-03 17:30:11 +05:30
PD-Team 3a28f79400 Update chamilo-lms-xss.yaml 2021-02-03 16:58:43 +05:30
PikPikcU c21acfa7a0
Create sangfor-edr-rce.yaml 2021-02-03 04:40:07 +00:00
Geeknik Labs 26f1e7d857
Create chamilo-lms-xss.yaml 2021-02-01 20:54:21 +00:00
PD-Team fa732d4565
Merge pull request #787 from pikpikcu/patch-36
Create dlink-dir-850l-info-leak
2021-02-01 23:12:23 +05:30
PD-Team b476243f85 misc changes 2021-02-01 23:11:29 +05:30
PD-Team de3338ebb7 Update caucho-resin-info-disclosure.yaml 2021-02-01 23:03:11 +05:30
PD-Team fc3eb4e73e few updates 2021-02-01 23:02:39 +05:30
PD-Team c649ff4a85 Added key-cloak xss and admin panel 2021-02-01 22:17:31 +05:30
PikPikcU 3a2a99cd63
Create caucho-resin-information-disclosure.yaml 2021-02-01 15:43:29 +00:00
PD-Team 6101f8e537 misc update 2021-01-31 12:54:53 +05:30
PikPikcU ed4b717d65
Create wooyun-path-traversal.yaml 2021-01-30 21:37:05 +00:00
PD-Team f6ccec48ed Update CNVD-2020-62422.yaml 2021-01-30 18:33:26 +05:30
PikPikcU 64209dca7d
Create CNVD-2020-62422.yaml 2021-01-30 10:45:17 +00:00
PD-Team a887ebe289 few updates 2021-01-26 20:01:01 +05:30
PR3R00T 7f1abf1e4b
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:45:15 +00:00
PR3R00T 1712d10086
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:44:17 +00:00
PR3R00T 4782898579
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:40:48 +00:00
PR3R00T f4529d02c5
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:37:18 +00:00
PR3R00T abe3f04402
Update sonicwall-sslvpn-shellshock.yml 2021-01-26 10:34:17 +00:00
PR3R00T 45d26b875e
New Sonicwall 0day Exploit test 2021-01-26 10:20:46 +00:00
PD-Team c762044d29 updating incorrect file permissions 2021-01-21 23:28:32 +05:30
Khaled Mohamed 5c2eabbebc
Create openam-ldap-injection.yaml
reference: https://blog.cybercastle.io/ldap-injection-in-openam/

The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email.
2021-01-13 23:36:19 +02:00
team-projectdiscovery 106da77fc3 Preparing for request clustering 2021-01-13 13:01:46 +05:30
team-projectdiscovery c62dfd2b53 adding few from masters 2021-01-11 12:28:56 +05:30
team-projectdiscovery b80ca7732d linting errors 2021-01-11 03:31:24 +05:30
team-projectdiscovery a52ffe5c4e fixes and updates 2021-01-10 19:45:36 +05:30
team-projectdiscovery a90d047991 Massive template checks addition 🎉 🎉 2021-01-10 18:41:25 +05:30
team-projectdiscovery 187e4a5feb moving more files around 2021-01-09 18:32:04 +05:30