Commit Graph

1108 Commits (5b9495b51cc40937bf58a149456ddc0e21eca911)

Author SHA1 Message Date
Prince Chaddha 615db88ce6
Merge pull request #2004 from daffainfo/patch-49
Create wp-custom-tables-xss.yaml
2021-07-15 14:53:41 +05:30
Prince Chaddha 7cecd5aa3e
Update wp-custom-tables-xss.yaml 2021-07-15 14:34:40 +05:30
Prince Chaddha 22ecd2a192
Merge pull request #2016 from DhiyaneshGeek/master
Severity Update
2021-07-15 14:14:38 +05:30
Prince Chaddha 887e7bcfab
Update wordpress-updraftplus-pem-key.yaml 2021-07-15 14:13:25 +05:30
Dhiyaneshwaran 69b04c8a98
Update wordpress-updraftplus-pem-key.yaml 2021-07-15 13:51:19 +05:30
GwanYeong Kim 1eb999ce02 Create optiLink-ont1gew-gpon-rce.yaml
vulnerabilities in the web-based management interface of OptiLink could allow an authenticated, remote attacker to perform command injection attacks against an affected device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 14:57:34 +09:00
Muhammad Daffa ad3f81bc95
Create wp-custom-tables-xss.yaml 2021-07-15 06:21:50 +07:00
Sandeep Singh 11dc9db49e
Merge pull request #1997 from skar4444/sassy-update
Update-sassy-social-share-xss
2021-07-14 20:56:57 +05:30
sandeep 117b0558a9 Update sassy-social-share.yaml 2021-07-14 20:55:05 +05:30
Prince Chaddha 5182b88b54
Merge pull request #1871 from projectdiscovery/huijietong-cloud-fileread
Create huijietong-cloud-fileread.yaml
2021-07-14 19:27:43 +05:30
Prince Chaddha ecd98c6403
Merge pull request #1967 from daffainfo/patch-31
Create wp-slideshow-xss.yaml
2021-07-14 19:15:07 +05:30
Prince Chaddha 55ea2242b7
Rename vulnerabilities/wp-slideshow-xss.yaml to vulnerabilities/wordpress/wp-slideshow-xss.yaml 2021-07-14 19:14:06 +05:30
Prince Chaddha 9fb7e17c0d
Merge pull request #1966 from daffainfo/patch-30
Create wp-nextgen-xss.yaml
2021-07-14 19:10:26 +05:30
Prince Chaddha 933c1d5f05
Merge pull request #1965 from daffainfo/patch-29
Create wp-flagem-xss.yaml
2021-07-14 19:09:34 +05:30
Suman Kar 00f1e65d50 Update-sassy-social-share-xss 2021-07-14 17:01:59 +05:30
sandeep 7e258fcae2 template-fix 2021-07-14 16:07:09 +05:30
Muhammad Daffa 69dd5ae8a0
Adding some path 2021-07-13 18:24:23 +07:00
Muhammad Daffa 6b8a398a76
Create wp-slideshow-xss.yaml 2021-07-13 18:20:25 +07:00
Muhammad Daffa 62cb5ce2bc
Create wp-nextgen-xss.yaml 2021-07-13 18:17:14 +07:00
Muhammad Daffa c751aca059
Create wp-flagem-xss.yaml 2021-07-13 18:15:43 +07:00
Sandeep Singh 83ee761691
Merge pull request #1957 from projectdiscovery/hasura-graphql-ssrf
Create hasura-graphql-ssrf.yaml
2021-07-13 15:58:27 +05:30
sandeep c8c49c5046 Update hasura-graphql-ssrf.yaml 2021-07-13 15:58:06 +05:30
sandeep 5fe872788f minor update 2021-07-13 15:57:10 +05:30
Sandeep Singh e167cf0ab9
Merge pull request #1937 from daffainfo/patch-20
Create wp-phpfreechat-xss.yaml
2021-07-13 15:45:53 +05:30
Sandeep Singh df0e4b7117
Merge pull request #1938 from daffainfo/patch-21
Create wp-finder-xss.yaml
2021-07-13 15:42:29 +05:30
Sandeep Singh 67a679860e
Update wp-finder-xss.yaml 2021-07-13 15:41:44 +05:30
Sandeep Singh 500f0b70f8
Merge pull request #1936 from daffainfo/patch-19
Create wp-knews-xss.yaml
2021-07-13 15:36:57 +05:30
Sandeep Singh 08f2cfea0b
Merge pull request #1924 from daffainfo/master
WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
2021-07-13 15:29:49 +05:30
sandeep a8be22ad0a Removed as it requires admin login 2021-07-13 15:28:48 +05:30
Sandeep Singh 5a2d81e578
Merge pull request #1935 from daffainfo/patch-18
Create wp-church-admin-xss.yaml
2021-07-13 15:22:31 +05:30
sandeep 06efff9ddd minor update 2021-07-13 15:21:26 +05:30
Sandeep Singh cb32c05cfa
Merge pull request #1953 from Akokonunes/patch-17
Create wordpress-wordfence-lfi.yaml
2021-07-13 15:00:01 +05:30
sandeep 47a07b533b moving files around 2021-07-13 14:59:11 +05:30
Sandeep Singh 920255635b
Merge pull request #1876 from pussycat0x/master
web-ftp
2021-07-13 01:53:15 +05:30
sandeep 8b8663970f minor update 2021-07-13 01:44:24 +05:30
sandeep 81f1f8badc minor update 2021-07-13 01:43:52 +05:30
pussycat0x a1d3678a70
Add files via upload 2021-07-12 23:24:24 +05:30
Prince Chaddha 4ef8ed8e97
Create hasura-graphql-ssrf.yaml 2021-07-12 20:49:09 +05:30
Muhammad Daffa 0e195c4138
Merge branch 'projectdiscovery:master' into master 2021-07-12 14:58:59 +07:00
pussycat0x 0f46d27b60
Add files via upload 2021-07-11 23:45:02 +05:30
Muhammad Daffa 64bdaee44e
Create wp-finder-xss.yaml 2021-07-11 13:23:51 +07:00
Muhammad Daffa d3f21f1793
Create wp-phpfreechat-xss.yaml 2021-07-11 13:19:01 +07:00
Muhammad Daffa e6272bf44c
Create wp-knews-xss.yaml 2021-07-11 13:11:03 +07:00
Muhammad Daffa 8a6e78934c
Create wp-church-admin-xss.yaml 2021-07-11 13:07:34 +07:00
Prince Chaddha 361a641483
Update wp-socialfit-xss.yaml 2021-07-11 10:16:24 +05:30
Prince Chaddha 5366b70077
Merge pull request #1931 from daffainfo/patch-16
Create wp-securimage-xss.yaml
2021-07-11 10:08:02 +05:30
Prince Chaddha b830f86384
Update wp-securimage-xss.yaml 2021-07-11 10:02:30 +05:30
Prince Chaddha b1f755466b
Update wp-ambience-xss.yaml 2021-07-11 09:57:44 +05:30
Muhammad Daffa cc165287fd
Create wp-ambience-xss.yaml 2021-07-11 09:16:13 +07:00
Muhammad Daffa ab85fd5eba
Create wp-securimage-xss.yaml 2021-07-11 09:10:35 +07:00
Muhammad Daffa d0ec1acc76
Create wp-socialfit-xss.yaml 2021-07-11 07:41:04 +07:00
Muhammad Daffa 05bc6366f3
Rename wp-supsystic-backup-lfi to wp-supsystic-backup-lfi.yaml 2021-07-11 07:24:41 +07:00
Muhammad Daffa 04e5e30051
Update and rename wp-upsystic-backup-lfi to wp-supsystic-backup-lfi 2021-07-11 07:24:27 +07:00
Muhammad Daffa e26b467c76
Create wp-upsystic-backup-lfi 2021-07-11 07:22:38 +07:00
Sandeep Singh 6a99a183cd
Merge pull request #1920 from projectdiscovery/wordpress-user-enum
Added wordpress-user-enum
2021-07-10 21:56:17 +05:30
sandeep b228b35f83 Added wordpress-user-enum 2021-07-10 21:54:31 +05:30
Prince Chaddha ba90f28231
Merge pull request #1909 from gy741/rule-add-v17
Create icewarp-webclient-rce.yaml
2021-07-10 09:23:50 +05:30
Prince Chaddha a0d643561f
Update icewarp-webclient-rce.yaml 2021-07-10 09:18:32 +05:30
Sandeep Singh c36a62a120
Update jira-unauthenticated-installed-gadgets.yaml 2021-07-10 01:28:30 +05:30
Sandeep Singh 3f46e48426
Update jira-unauthenticated-installed-gadgets.yaml 2021-07-10 01:26:45 +05:30
GwanYeong Kim ef74a354ca Create icewarp-webclient-rce.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-09 13:52:28 +09:00
Philippe Delteil 98c925a413
Create jira-unauthenticated-installed-gadgets.yaml 2021-07-08 16:55:20 -04:00
Prince Chaddha 808712f772
Update clockwatch-enterprise-rce.yaml 2021-07-08 14:20:18 +05:30
Prince Chaddha 6e6d383b6c
Update clockwatch-enterprise-rce.yaml 2021-07-08 14:00:27 +05:30
Prince Chaddha 7695526e13
Update clockwatch-enterprise-rce.yaml 2021-07-08 14:00:01 +05:30
GwanYeong Kim a722b9fff6 Create clockwatch-enterprise-rce.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-08 13:18:31 +09:00
sandeep edc0f1a775 Update opensns-rce.yaml 2021-07-07 18:30:48 +05:30
sandeep 9588eadaed minor updates 2021-07-07 18:30:15 +05:30
GwanYeong Kim c3cbee2794 Create opensns-rce.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-07 18:49:36 +09:00
Sandeep Singh 0446fe1996
Merge pull request #1844 from rwincey/maestro-unauth-rce
LISTSERV Maestro
2021-07-06 23:55:22 +05:30
sandeep d8b3cbf750 Update listserv_maestro_rce.yaml 2021-07-06 23:53:38 +05:30
sandeep b02708055d Update listserv_maestro_rce.yaml 2021-07-06 23:52:24 +05:30
sandeep 07f3f0d988 Removed extra lines and few updates 2021-07-06 23:44:06 +05:30
Sandeep Singh f683e0bade
Merge pull request #1837 from gy741/rule-add-v10
Create huawei-router-auth-bypass.yaml
2021-07-06 23:33:47 +05:30
sandeep cc4244d36c Update huawei-router-auth-bypass.yaml 2021-07-06 23:32:45 +05:30
Sandeep Singh 2373873f30
Merge pull request #1881 from johnjhacking/patch-1
Added bypass for 1.9.2
2021-07-06 12:34:07 +05:30
sandeep fc68a95803 Template Name/ID update as per assigned CVE 2021-07-06 12:07:53 +05:30
sandeep fd13654972 Merge branch 'patch-1' of https://github.com/johnjhacking/nuclei-templates into pr/1827 2021-07-06 12:04:00 +05:30
sandeep 192201c27c condition update as per new bypass 2021-07-06 12:03:51 +05:30
John Jackson a2f283c51b
CVE number was assigned
As stated.
2021-07-06 00:32:35 -06:00
John Jackson 9068a38b56
Update reference
Currently, the provided reference doesn't exist anymore. However, this tweet posted on May 9th should work as a reference.
2021-07-06 00:27:15 -06:00
John Jackson 601a192703
Added bypass for 1.9.2
Another payload was identified, as a bypass in version 1.9.2. This bypass caused the vendor to upgrade to 1.9.3

I have added the bypass and the matcher above. Let me know what you think.
2021-07-05 18:39:25 -06:00
Prince Chaddha 7c06dfaf70
Create huijietong-cloud-fileread.yaml 2021-07-05 21:59:12 +05:30
Prince Chaddha f55aef6a1b
Merge pull request #1839 from gy741/rule-add-v11
Create netgear-router-auth-bypass.yaml
2021-07-05 21:46:00 +05:30
Prince Chaddha b1e6c71d89
Merge pull request #1857 from Akokonunes/patch-16
Create wp-vault-lfi.yaml
2021-07-05 21:08:11 +05:30
Prince Chaddha ce43643e00
Update and rename wp-vault-lfi.yaml to vulnerabilities/wordpress/wp-vault-lfi.yaml 2021-07-05 21:06:50 +05:30
sandeep 457ce76e34 minor updates 2021-07-04 17:09:45 +05:30
PikPikcU ecdd86167a
Create lotuscms-rce.yaml 2021-07-04 11:11:19 +00:00
sandeep d50459eb9b Added missing matcher 2021-07-04 01:26:41 +05:30
Sandeep Singh 22421fd38e
Merge pull request #1843 from DhiyaneshGeek/master
Update AEM CRX bypass , AEM Debug XSS and Java sean debug page, Jetty showcontexts enable , jfrog-unauth-build-exposed Templates Added
2021-07-04 01:23:20 +05:30
sandeep afcbe4cfe4 minor updates 2021-07-04 01:22:08 +05:30
sandeep b137eb57d3 More edge cases
Only looking for DNS interaction is not reliable as few servers make DNS requests for host included in path or query parameter.
2021-07-04 00:41:57 +05:30
Dhiyaneshwaran 127673455a
Update coldfusion-debug-xss.yaml 2021-07-02 20:55:33 +05:30
Dhiyaneshwaran e259c3dd2f
Update jfrog-unauth-build-exposed.yaml 2021-07-02 20:53:02 +05:30
Sandeep Singh 52e0c861a1
Merge pull request #1733 from milo2012/master
Added CVE-2018-1000130/ CVE-2018-2628/ CVE-2018-2628/ CVE-2019-3401/ CVE-2020-1938/ oracle-bi-default-login/ jolokia-heap-disclosure
2021-07-02 18:27:45 +05:30
sandeep e2a0f93f79 misc updates 2021-07-02 18:24:31 +05:30
Sandeep Singh f02befc6f7
Merge pull request #1834 from pussycat0x/master
wp-plugin-1-flash-gallery.yaml
2021-07-02 13:56:53 +05:30
sandeep f983baba38 misc changes 2021-07-02 13:55:32 +05:30
Dhiyaneshwaran 2787fc01b6
Update jfrog-unauth-build-exposed.yaml 2021-07-02 08:25:40 +05:30
Dhiyaneshwaran 2fa4382ef5
Create jfrog-unauth-build-exposed.yaml 2021-07-02 08:23:42 +05:30
b0yd dad74b4738 LISTSERV Maestro 2021-07-01 12:14:33 -07:00
Dhiyaneshwaran 453b09d3ff
Create coldfusion-debug-xss.yaml 2021-07-01 22:31:01 +05:30
GwanYeong Kim c0ebf56f85 Create netgear-router-auth-bypass.yaml
NETGEAR decided to use to check if a page has “.jpg”, “.gif” or “ess_” substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”).

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-01 14:39:10 +09:00
GwanYeong Kim 4d56d47c69 Create huawei-router-auth-bypass.yaml
The default password of this router is the last 8 characters of the
device's serial number which exist in the back of the device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-01 09:28:30 +09:00
pussycat0x 89eff74128
Add files via upload 2021-06-30 21:33:39 +05:30
sandeep 5affbf47b3 misc changes 2021-06-30 18:24:34 +05:30
Prince Chaddha 9f6b6aeb89
Update jolokia-heap-info-disclosure.yaml 2021-06-30 15:36:25 +05:30
John Jackson d2df3303c6
Add Marmoset Viewer XSS Vulnerability
Reference:
https://wordpress.org/plugins/marmoset-viewer/#developers
2021-06-30 01:12:12 -06:00
sandeep d564c257d8 Additional check add 2021-06-29 17:26:42 +05:30
Sandeep Singh b80df5756a
Merge pull request #1795 from Mad-robot/patch-1
Create multiple-theme-ssrf.yaml
2021-06-28 23:58:54 +05:30
sandeep 2a1772d78c misc changes 2021-06-28 23:58:31 +05:30
Sandeep Singh 039a41e790
Merge pull request #1774 from pikpikcu/patch-185
Create huawei-hg659-lfi.yaml
2021-06-28 21:46:51 +05:30
sandeep 24a3fab9d3 Added missing condition 2021-06-26 19:35:52 +05:30
SaN ThosH 59e24ab8a7
Create multiple-theme-ssrf.yaml 2021-06-26 13:38:26 +05:30
Sandeep Singh e84c784fa2
Merge pull request #1689 from nrathaus/master
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
PikPikcU cb18f313fd
Create huawei-hg659-lfi.yaml 2021-06-24 15:41:18 +00:00
Prince Chaddha 37261f7a2f
Update and rename vulnerabilities/jira/jira-unauthenticated-popular-filters.yaml to cves/2019/CVE-2019-3401.yaml 2021-06-24 16:52:04 +05:30
Prince Chaddha bc7e8a80db
Merge pull request #1336 from projectdiscovery/princechaddha-patch-5
Create resin-inputfile-fileread.yaml
2021-06-24 02:32:40 +05:30
Prince Chaddha ed4c5a415d
Merge pull request #1335 from projectdiscovery/princechaddha-patch-4
Create resin-viewfile-lfr.yaml
2021-06-24 02:28:47 +05:30
Prince Chaddha c45ec90d5f
Update resin-inputfile-fileread.yaml 2021-06-24 02:28:18 +05:30
Prince Chaddha b2114008ad
Merge pull request #1595 from pikpikcu/patch-173
Create jeewms-lfi
2021-06-24 02:24:41 +05:30
Prince Chaddha 89b4fdf8ed
Merge pull request #1757 from pussycat0x/master
New template added
2021-06-24 02:02:42 +05:30
Prince Chaddha c383c120b7 moved to wordpress folder 2021-06-24 01:39:09 +05:30
Prince Chaddha 3e7269f2a4
Rename ALFA_DATA.yaml to alfacgiapi-wordpress.yaml 2021-06-24 01:37:45 +05:30
Prince Chaddha 8c7e69fafd
Update ALFA_DATA.yaml 2021-06-24 01:36:47 +05:30
Prince Chaddha aeed665ff7
Update ALFA_DATA.yaml 2021-06-24 01:29:50 +05:30
Sandeep Singh 161204c20e
Rename wordpress-123ContactForm.yaml to wp-123contactform-plugin-listing.yaml 2021-06-24 01:13:42 +05:30
sandeep 8f247c03c0 Removed trailing spaces 2021-06-24 01:11:14 +05:30
sandeep a4e439024e Added missing condition 2021-06-24 01:10:33 +05:30
pussycat0x c1f5c60700
Update wordpress-123ContactForm.yaml 2021-06-23 21:31:03 +05:30
pussycat0x 418de400a7
Add files via upload 2021-06-23 21:27:43 +05:30
Keith 5e9847260a remove trailing spaces 2021-06-23 01:46:57 +08:00
Keith f48d1d8b35 Add jolokia-heap-info-disclosure.yaml 2021-06-23 01:43:31 +08:00
pussycat0x 1c1186e4da
Add files via upload 2021-06-22 20:39:40 +05:30
Prince Chaddha 1d581af4ec
Update jeewms-lfi.yaml 2021-06-22 18:28:52 +05:30
Sandeep Singh 37bf78a3a9
Merge pull request #1752 from DhiyaneshGeek/master
6 New Wordpress Template Added
2021-06-21 18:12:33 +05:30
sandeep 27287e473b Update wordpress-woocommerce-listing.yaml 2021-06-21 18:11:30 +05:30
sandeep 3844df9fc8 misc changes 2021-06-21 18:09:16 +05:30
Dhiyaneshwaran 9ba613b509
Create wordpress-gtranslate-plugin.yaml 2021-06-21 15:00:25 +05:30
Dhiyaneshwaran f5ef733bd8
Update wp-gtranslate-open-redirect.yaml 2021-06-21 14:48:53 +05:30
Dhiyaneshwaran 402d5eb9f3
Update wp-gtranslate-open-redirect.yaml 2021-06-21 14:45:43 +05:30
Dhiyaneshwaran c990105b0d
Update wp-gtranslate-open-redirect.yaml 2021-06-21 14:41:57 +05:30
Dhiyaneshwaran 401a26eefd
Update wp-gtranslate-open-redirect.yaml 2021-06-21 14:39:42 +05:30
Dhiyaneshwaran d5afd2831f
Create wp-gtranslate-open-redirect.yaml 2021-06-21 14:37:29 +05:30
Emad Youssef 38668c44e7
Update open-redirect.yaml
this payload worked for me while i was hunting.
2021-06-21 10:21:44 +02:00
Dhiyaneshwaran 2d91148f39
Create wordpress-bbpress-plugin.yaml 2021-06-21 13:50:11 +05:30
Dhiyaneshwaran 08f9cf9de6
Update wordpress-woocommerce-plugin.yaml 2021-06-21 13:48:15 +05:30
Dhiyaneshwaran b2bc8d61a1
Create wordpress-woocommerce-plugin.yaml 2021-06-21 13:03:20 +05:30
Dhiyaneshwaran fbd53598d6
Create wordpress-elementor-plugin.yaml 2021-06-21 12:29:50 +05:30
Sandeep Singh 00a0b17bf5
Merge pull request #1744 from pussycat0x/master
Add files via upload
2021-06-21 01:43:48 +05:30
sandeep 788fc31fd3 Adding additional condition 2021-06-21 01:40:01 +05:30
pussycat0x 82e23a03e3
Add files via upload 2021-06-21 00:26:48 +05:30
sandeep 0ec921ef4f misc changes 2021-06-21 00:09:04 +05:30
Dhiyaneshwaran 5d01e7b235
Create wordpress-updraftplus-pem-key.yaml 2021-06-20 23:03:52 +05:30
Dhiyaneshwaran 42c937d730
Create wpmudev-my-calender-xss.yaml 2021-06-20 22:45:15 +05:30
Dhiyaneshwaran 40dfa6d6fe
Create wpmudev-pub-keys.yaml 2021-06-20 22:38:20 +05:30
Dhiyaneshwaran dbd72a33e0
Create wordpress-redirection-listing.yaml 2021-06-20 22:26:23 +05:30
sandeep 4160cb168a misc changes to work with workflows 2021-06-20 16:35:59 +05:30
Noam Rathaus bb6fa66dd9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-20 13:56:54 +03:00
Sandeep Singh 3430bc2efd
Merge pull request #1710 from skar4444/gitlab-user-indormation-disclosed
GitLab - User Information Disclosure Via Open API
2021-06-18 13:54:24 +05:30
sandeep 351534bd1a Added reference 2021-06-18 13:52:48 +05:30
sandeep d0076b92c7 Added fuzz tags + more strict matcher 2021-06-18 13:50:34 +05:30
Prince Chaddha 62fb7fd0b9
Rename gitlab-user-information-disclosure-via-open-api.yaml to gitlab-user-open-api.yaml 2021-06-17 22:03:32 +05:30
Noam Rathaus 01b77a7ed2 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-17 16:54:18 +03:00
Prince Chaddha b50032d692
Update gitlab-user-information-disclosure-via-open-api.yaml 2021-06-17 13:31:19 +05:30
PikPikcU 9f8cae8ab5
Update tamronos-rce.yaml 2021-06-17 01:34:49 +00:00
PikPikcU 90bdede7dd
Create tamronos-rce.yaml 2021-06-17 01:31:59 +00:00
Suman Kar bd7b099e97 GitLab - User Information Disclosure Via Open API 2021-06-16 21:39:35 +05:30
Sandeep Singh bb4cdb5e3d
Merge pull request #1696 from skar4444/skar4444
GitLab User Enumeration
2021-06-16 01:25:55 +05:30
sandeep 564a0ea6ae minor changes 2021-06-16 01:23:59 +05:30
sandeep e103e7b0ff Update confluence-ssrf-sharelinks.yaml 2021-06-14 23:13:30 +05:30
Noam Rathaus a91ee941ff Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-14 14:59:58 +03:00
sandeep 26da2936eb misc updates 2021-06-14 16:13:38 +05:30
Techbrunch c164158aff Add Confluence SSRF in sharelinks 2021-06-14 11:10:56 +02:00
Suman Kar 13617d98cf GitLab User Enumeration 2021-06-14 14:20:55 +05:30
Prince Chaddha fecae7747e
Merge pull request #1691 from DhiyaneshGeek/master
2 new template
2021-06-13 20:57:19 +05:30
Prince Chaddha 1e77410799
Update wpdm-cache-session.yaml 2021-06-13 20:56:28 +05:30
Dhiyaneshwaran dab25e2df3
Create wpdm-cache-session.yaml 2021-06-13 17:43:24 +05:30
sandeep cb342f8564 misc changes 2021-06-13 17:28:10 +05:30
Noam Rathaus 3369c5a4dd Reference 2021-06-13 11:55:20 +03:00
Noam Rathaus b5bdac494b Merge branch 'master' of https://github.com/nrathaus/nuclei-templates 2021-06-13 09:54:52 +03:00
Noam Rathaus feb42e49b0 Reduce chances of FP 2021-06-13 09:53:47 +03:00
Noam Rathaus 513596d2e0 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-13 09:05:57 +03:00
Suman Kar 641e0c0672 Wordpress DB Backup 2021-06-12 20:13:29 +05:30
sandeep 962959f573 Removed invalid payload 2021-06-11 22:20:01 +05:30
Prince Chaddha 98e49295b6
Merge pull request #1672 from DhiyaneshGeek/master
CKAN DOM Based XSS , php-zerodium-backdoor-rce
2021-06-11 14:16:18 +05:30
Dhiyaneshwaran 771e55eca6
Create php-zerodium-backdoor-rce.yaml 2021-06-10 22:01:26 +05:30
sandeep 69ded42e3a Template rename / update 2021-06-10 21:57:07 +05:30
sandeep 181647cb77 Added binary matcher + max-size 2021-06-10 21:39:40 +05:30
Dhiyaneshwaran fd70f535dd
Update ckan-dom-based-xss.yaml 2021-06-10 17:27:21 +05:30
Sandeep Singh a4897080b2
Merge pull request #1668 from pikpikcu/patch-181
Create php-timeclock-xss
2021-06-10 14:57:05 +05:30
sandeep b43c8f2c93 misc update 2021-06-10 14:53:31 +05:30
sandeep 083d32c05f More validation 2021-06-10 14:37:26 +05:30
sandeep 0ebeff27a6 misc changes 2021-06-10 14:25:20 +05:30
Dhiyaneshwaran 5b2ec54d34
Create ckan-dom-based-xss.yaml 2021-06-10 13:37:33 +05:30
PikPikcU a4e714718f
Create php-timeclock-xss.yaml 2021-06-10 07:29:19 +00:00
PikPikcU c80690c829
Create mpsec-isg1000-lfi.yaml 2021-06-10 07:11:07 +00:00
Noam Rathaus 885aeadaa7 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-09 16:07:06 +03:00
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30
sandeep 23cb4c4d9f moving files around 2021-06-09 14:37:40 +05:30
Noam Rathaus 46e4d47d92 Another reference 2021-06-09 09:43:04 +03:00
Noam Rathaus 27db48cb53 Another vector 2021-06-09 09:42:41 +03:00
Noam Rathaus d39bb43848 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-09 09:07:57 +03:00
Noam Rathaus 1e0a542b21 New test 2021-06-09 09:07:03 +03:00
sandeep c273587fa9 Adding more conditions 2021-06-09 01:34:02 +05:30
Noam Rathaus 8b0c5eaee3 Spelling 2021-06-06 10:35:09 +03:00
Sandeep Singh 29e706d101
Merge pull request #1622 from pikpikcu/patch-177
Create interlib-fileread
2021-06-04 21:37:23 +05:30
sandeep 5d63b1bb05 Fixing the condition 2021-06-04 21:33:01 +05:30
sandeep 1f6334671c escape fix 2021-06-04 21:26:59 +05:30
sandeep 1fab4f8dbf Duplicate with - wordpress-directory-listing 2021-06-04 21:14:20 +05:30
sandeep 1557b782e9 Added WordPress Popup Plugin listing 2021-06-04 20:57:01 +05:30
sandeep 76bd8824a5 Added WordPress Mailchimp 4 Debug Log Exposure 2021-06-04 20:36:33 +05:30
PikPikcU bc9a760d29
Create interlib-fileread.yaml 2021-06-04 02:54:55 +00:00
sandeep 0f0ff2ee1e moving files around 2021-06-03 21:54:08 +05:30
Prince Chaddha 3202a0dd65
Merge pull request #1606 from nrathaus/master
Description / Spelling
2021-06-02 13:10:50 +05:30
sandeep 2fe2c88872 Moving files around 2021-06-02 12:22:24 +05:30
Noam Rathaus 2d52259f70 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-02 09:09:05 +03:00
sandeep a5ccb5f893 strict matcher 2021-06-01 16:08:41 +05:30
PikPikcU 7f5dfedf55
Create jeewms-lfi.yaml 2021-06-01 09:08:45 +00:00
Sandeep Singh 2685f492ed
Merge pull request #1580 from pikpikcu/patch-167
Create ns-asg-file-read
2021-06-01 14:10:09 +05:30
sandeep d5b9e4c7b6 Update ns-asg-file-read.yaml 2021-06-01 14:09:01 +05:30
Sandeep Singh fdd2103fa1
Merge pull request #1576 from Udyz/patch-1
Create wp-statistics-blindsql.yaml
2021-06-01 11:36:42 +05:30
sandeep bad1f52fd2 Added additional path 2021-05-31 20:05:39 +05:30
fanpan 5dd09fe02d spring 2x path 2021-05-31 19:28:31 +05:30
sandeep 8d3f2e3604 misc changes 2021-05-31 17:29:52 +05:30
Prince Chaddha 31341b547e
Update blue-ocean-excellence-lfi.yaml 2021-05-31 15:44:21 +05:30
PikPikcU f944191e7a
Create blue-ocean-excellence-lfi.yaml 2021-05-31 09:29:51 +00:00
PikPikcU 65c73dbe34
Create hiboss-rce.yaml 2021-05-31 09:08:16 +00:00
Sandeep Singh 1c559f1ba3
Merge pull request #1567 from pikpikcu/patch-165
hjtcloud poc
2021-05-31 14:27:17 +05:30
PikPikcU e56a64402c
Create ns-asg-file-read.yaml 2021-05-31 08:56:01 +00:00
sandeep 4edb345286 Merge branch 'patch-165' of https://github.com/pikpikcu/nuclei-templates into pr/1567 2021-05-31 14:20:30 +05:30
sandeep 2ad903dcf1 misc changes 2021-05-31 14:19:23 +05:30
sandeep 5fed1d3432 Improved matcher 2021-05-31 13:31:13 +05:30
lulz 2b1a39cbab
Update wp-statistics-blindsql.yaml 2021-05-31 14:39:15 +07:00
lulz e89760c89c
Create wp-statistics-blindsql.yaml 2021-05-31 14:23:44 +07:00
sandeep 1f5c65d4c0 Added Wordpress Exposed DB Repair 2021-05-31 11:35:30 +05:30
PikPikcU 76886054ce
Create h3c-imc-rce.yaml 2021-05-31 05:53:21 +00:00
PikPikcU 5f4923ddce
Create hjtcloud-arbitrary-file-read.yaml 2021-05-31 05:38:23 +00:00
Noam Rathaus 81d1180769 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-30 09:09:37 +03:00
Prince Chaddha aaae0a8214
Merge pull request #1540 from projectdiscovery/wp-lfi
Adding Wordpress Plugin LFI Templates
2021-05-28 17:03:27 +05:30
Prince Chaddha b54a107deb
Delete wp-supsystic-backup-lfi.yaml 2021-05-28 17:01:06 +05:30
Prince Chaddha b53a99109a
Delete wp-loco-translate-lfi.yaml 2021-05-28 17:00:56 +05:30
Sandeep Singh 585c649740
Merge pull request #1547 from pikpikcu/patch-162
Create natshell-rce.yaml
2021-05-28 11:13:33 +05:30
sandeep 1644eb793a misc changes 2021-05-28 11:12:36 +05:30
sandeep 2348650a50 misc changes 2021-05-28 08:41:58 +05:30
sandeep 4358f69b52 misc changes 2021-05-28 02:43:04 +05:30
PikPikcU b94ba82591
Update natshell-rce.yaml 2021-05-28 02:49:17 +07:00
PikPikcU f1726d3a1f
Create natshell-rce.yaml 2021-05-27 14:59:33 +00:00
sandeep ca83581cd2 misc updates 2021-05-27 08:58:03 +05:30
sandeep 9c1e801ade Adding Wordpress Plugin LFI Templates 2021-05-27 08:45:53 +05:30
Noam Rathaus b32eac85b1 Give description 2021-05-25 14:35:41 +03:00
sandeep 8676d8c23c Added Maian Cart 3.8 preauth RCE template 2021-05-25 05:08:52 +05:30
TheConciergeDev e1de4803f0
updated template tags
The given "moodle" tag can not be found in the referenced PDFs and it definitely is an oracle vulnerability. I guess a legacy issue
2021-05-21 15:36:55 +02:00
sandeep d7d86bbd95 More strict matcher 2021-05-20 23:15:01 +05:30
sandeep e66ce65285 Adding Fanruan related templates 2021-05-20 22:56:55 +05:30
sandeep 2906b2a3fb Improved matcher and paths 2021-05-20 19:58:57 +05:30
sandeep 3fc65caf62 misc changes 2021-05-19 05:52:07 +05:30
Prince Chaddha 3bd6843159 Revert "Merge branch 'magento-stuff' of https://github.com/Techbrunch/nuclei-templates into pr/1494"
This reverts commit 4279c8e4bc, reversing
changes made to a6059be7ce.
2021-05-18 22:30:15 +05:30
Techbrunch 2658aa1c03 Add reference to magento-2-exposed-api 2021-05-18 17:25:33 +02:00
Techbrunch 776776621a Added a few Magento related templates 2021-05-18 15:53:10 +02:00
sandeep f0879103d4 Improved matcher 2021-05-17 22:39:05 +05:30
sandeep 08ee1ad5ee matcher update 2021-05-17 19:49:24 +05:30
PikPikcU 08001381c4
Create natshell-path-traversal.yaml 2021-05-17 08:14:20 +00:00
PikPikcU 04e1fb0ef8
Create flir-path-traversal.yaml 2021-05-16 04:54:40 +00:00
Prince Chaddha 21c1dc2c70
Merge pull request #1337 from projectdiscovery/princechaddha-patch-7
Create resin-cnnvd-200705-315.yaml
2021-05-16 02:33:31 +05:30
sandeep fc66a9e076 Removing duplicate template 2021-05-11 23:48:36 +05:30
sandeep 7cd00b6145 Removing invalid paths 2021-05-11 02:15:17 +05:30
Sandeep Singh c2aad94548
Merge pull request #1458 from geeknik/patch-91
Update top-xss-params.yaml
2021-05-11 00:29:39 +05:30
sandeep 7019946599 Improved matcher 2021-05-11 00:29:01 +05:30
Geeknik Labs 37ac4c0924
Update top-xss-params.yaml
Fix more false positives.
2021-05-10 18:39:09 +00:00
Geeknik Labs dea16d4ebd
Update top-xss-params.yaml
Fixes an edge case false positive on AkamaiGhost servers
2021-05-10 18:20:48 +00:00
Prince Chaddha b4b30c95ee
Update oa-v9-uploads-file.yaml 2021-05-10 13:23:08 +05:30
Noam Rathaus 8766b537dd Add reference 2021-05-10 09:52:26 +03:00
Noam Rathaus fa7567f68e Its not really a regex 2021-05-10 09:35:36 +03:00
Noam Rathaus 4c201aa1dd It is not just a file upload 2021-05-10 09:35:10 +03:00
Noam Rathaus 1e364a6cdb Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-10 09:27:13 +03:00
Sandeep Singh 7fde950173
Merge pull request #1327 from projectdiscovery/showdoc-file-upload
Adding Showdoc < 2.8.6 File Upload RCE
2021-05-10 01:36:45 +05:30
sandeep 1f8ff83353 tags update 2021-05-10 01:34:11 +05:30
sandeep ccfb5ca4c4 regex update 2021-05-10 01:33:27 +05:30
Noam Rathaus 18dff7387c Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-09 08:32:05 +03:00
Sandeep Singh bd9997113e
Merge pull request #1430 from geeknik/patch-90
Update open-redirect.yaml
2021-05-07 16:18:32 +05:30
Sandeep Singh 311d517c05
Merge pull request #1421 from geeknik/patch-85
Update top-xss-params.yaml
2021-05-07 15:23:09 +05:30
sandeep 871a4107b5 Added complete payload and matcher 2021-05-07 15:21:59 +05:30
sandeep d950f72ff9 minor update 2021-05-07 14:56:40 +05:30
sandeep 0159c284e7 minor update 2021-05-07 14:53:34 +05:30
sandeep 8b9ec9d5fe Minor updates 2021-05-07 14:48:53 +05:30
Geeknik Labs 2f41002213
Update open-redirect.yaml 2021-05-06 22:38:09 +00:00
Geeknik Labs 565404910b
Update top-xss-params.yaml 2021-05-06 12:55:40 +00:00
Noam Rathaus 253ede65c1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-06 15:16:27 +03:00
Dhiyaneshwaran f5524e2b78
Update oracle-ebs-xss.yaml 2021-05-06 00:21:46 +05:30
Dhiyaneshwaran b7d47eb01a
Create oracle-ebs-xss.yaml 2021-05-06 00:05:07 +05:30
Dhiyaneshwaran 8274939810
Create kafdrop-xss.yaml 2021-05-05 23:51:53 +05:30
Dhiyaneshwaran 9944ef191f
Create joomla-lfi-com_fabrik.yaml 2021-05-05 23:48:57 +05:30
Prince Chaddha e87baf2967
Merge pull request #1346 from projectdiscovery/princechaddha-patch-11
Create wuzhicms-sqli.yaml
2021-05-05 23:30:36 +05:30
Prince Chaddha ae45a6b386
Merge pull request #1344 from projectdiscovery/princechaddha-patch-9
Create ueditor-file-upload.yaml
2021-05-05 23:29:11 +05:30
Noam Rathaus d5949e74d8 Add references 2021-05-05 17:32:21 +03:00
Noam Rathaus e68777d20a Alternative reference 2021-05-05 17:08:11 +03:00
Noam Rathaus 7f90af4d32 Reference is dead 2021-05-05 17:07:52 +03:00
Noam Rathaus 07c2e79fb9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-05 17:04:59 +03:00
Sandeep Singh 0520ad05d3
Merge pull request #1351 from projectdiscovery/princechaddha-patch-16
Create ecology-filedownload-directory-traversal.yaml
2021-05-05 17:56:59 +05:30
Sandeep Singh d1f62765f9
Merge pull request #1409 from DhiyaneshGeek/master
Gogs install exposure,Gloo UI Unauthentication
2021-05-05 17:54:37 +05:30
sandeep ae13e5e44e minor updates 2021-05-05 17:53:34 +05:30
sandeep b10918510c Adding strict matcher 2021-05-05 17:39:31 +05:30
Noam Rathaus a094b38f83 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-05 08:46:32 +03:00
Sandeep Singh 127ac5e37c
Merge pull request #962 from pikpikcu/patch-89
add hashicorp-consul-rce
2021-05-05 00:02:57 +05:30
Noam Rathaus c95dc69495 References 2021-05-04 15:15:10 +03:00
Noam Rathaus 39290e574f Fix description 2021-05-04 15:14:40 +03:00
sandeep 819e201ebd Update concrete-xss.yaml 2021-05-04 13:36:54 +05:30
sandeep 052f1b3b7b Adding concrete-xss 2021-05-04 13:36:16 +05:30
Dhiyaneshwaran 585b651592
Update gloo-unauth.yaml 2021-05-03 18:23:30 +05:30
Dhiyaneshwaran a1fc27ca75
Create gloo-unauth.yaml 2021-05-03 18:14:44 +05:30
sandeep acf5d41ef9 Minor update 2021-05-02 17:51:44 +05:30
Sandeep Singh 4f9a142c6b
Merge pull request #1398 from pikpikcu/patch-154
Create landray-oa-fileread
2021-05-02 13:59:50 +05:30
sandeep f9559b1e21 Update landray-oa-fileread.yaml 2021-05-02 13:58:47 +05:30
sandeep a6df4754d4 Update landray-oa-fileread.yaml 2021-05-02 13:57:33 +05:30
Noam Rathaus 41f47a4fef Expose references 2021-05-02 09:19:55 +03:00
Noam Rathaus d8bd0d2744 This is a better name for the test 2021-05-02 09:07:50 +03:00
PikPikcU c5bdf6cbca
Create landray-oa-fileread.yaml 2021-05-02 04:42:37 +00:00
sandeep cc9d4eddf1 Update rce-via-java-deserialization.yaml 2021-05-01 17:22:03 +05:30
Noam Rathaus 9d66fd0ae1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-29 12:03:56 +03:00
sandeep 020c9a959c Additional payload 2021-04-29 13:38:39 +05:30
Noam Rathaus f898e4b539 Correct product name 2021-04-29 09:20:58 +03:00
Noam Rathaus 574135de9a Expose reference 2021-04-29 09:12:56 +03:00
Noam Rathaus 25a38d34ec Missing 's' 2021-04-29 09:11:35 +03:00
Noam Rathaus a7de9915c7 Removed self-reference 2021-04-29 08:58:02 +03:00
Noam Rathaus 91b6b1b175 Make references visible 2021-04-29 08:57:39 +03:00
Noam Rathaus 2860cdfb4a Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-29 08:38:11 +03:00
sandeep 2920fa9bfb matcher and payload update 2021-04-28 19:44:28 +05:30
Prince Chaddha a55db7af44
Merge pull request #1332 from projectdiscovery/princechaddha-patch-2
Create WooYun-2015-148227.yaml
2021-04-28 18:51:07 +05:30
Noam Rathaus ecb436df3e Those aren't really regexes 2021-04-28 15:07:39 +03:00
Noam Rathaus ad9314acdc Provide references to the problem (in eclipse site) and how it was fixed (and Jenkins upstream bugs related to this) 2021-04-28 14:17:47 +03:00
Noam Rathaus 9ece07bf9a Provide reference 2021-04-28 14:00:15 +03:00
Noam Rathaus e32c1bd4c1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-28 13:29:39 +03:00
Prince Chaddha 8d9d46e00a
Merge pull request #1362 from underfl0w/chamilo-lms-sqli
Chamilo 1.11.14 LMS sql injection
2021-04-28 15:55:14 +05:30
Prince Chaddha 722e305878
Update chamilo-lms-sqli.yaml 2021-04-28 15:48:34 +05:30
sandeep 5f5430a7a4 Payload and matcher fix 2021-04-28 14:42:10 +05:30
sullo be24a83a98 Simplify regex 2021-04-27 10:42:41 -04:00
sullo 1824c1df92 More flexible matching to prevent false-negatives 2021-04-27 10:38:57 -04:00
Noam Rathaus 3bdb2fdbd4 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-27 14:02:16 +03:00
Noam Rathaus f55bb45e75 Give some description 2021-04-27 14:02:08 +03:00
sandeep 3adf607b6f Matcher for DNS interaction 2021-04-27 16:24:39 +05:30
Prince Chaddha eaf70d16ab
Merge pull request #1350 from projectdiscovery/princechaddha-patch-15
Create zcms-v3-sqli.yaml
2021-04-27 16:09:32 +05:30
Prince Chaddha 427f99b0c1
Update wordpress-rce-simplefilelist.yaml 2021-04-27 15:25:28 +05:30
Noam Rathaus 1aca402bf6 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-27 09:42:50 +03:00
Noam Rathaus 4cc6b3bdb0 Reduce FP due to not actually execution of the PHP but rather it being returned as is (the content) 2021-04-27 09:42:41 +03:00
Prince Chaddha d705648dc4
Merge pull request #1343 from projectdiscovery/princechaddha-patch-8
Create spark-webui-unauth.yaml
2021-04-26 21:58:53 +05:30
Prince Chaddha 3079fce648
Update spark-webui-unauth.yaml 2021-04-26 21:57:46 +05:30
Prince Chaddha f726562445
Update spark-webui-unauth.yaml 2021-04-26 21:56:13 +05:30
Prince Chaddha 487e2300e1
Merge pull request #1331 from projectdiscovery/princechaddha-patch-1
Create unauth-spark-api.yaml
2021-04-26 21:52:22 +05:30
Prince Chaddha 5fcba18d1e
Merge pull request #1349 from projectdiscovery/princechaddha-patch-14
Create xunchi-file-read.yaml
2021-04-26 21:06:27 +05:30