daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,551 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

1686 Commits (613a5800aef51bcd10f9e4c882c694d12e6bcc12)

Author SHA1 Message Date
Muhammad Daffa 613a5800ae
Create amministrazione-aperta-lfi.yaml 2022-03-29 19:55:33 +07:00
sandeep e82f14ee67 additional reference + path update 2022-03-28 22:28:04 +05:30
Sandeep Singh 5f28041069
Added Spring Boot Log4j Remote Code Injection (#3993) 
* Added Spring Boot Log4j Remote Code Injection

* minor improvements to CVE-2021-44228

* URI based payload update to catch injection point
 2022-03-28 01:46:50 +05:30
gy741 04ec5b6b6d
Create netgear-wac124-router-auth-bypass.yaml (#3986) 
* Create netgear-wac124-router-auth-bypass.yaml

This vulnerability allows network-adjacent attackers to bypass authentication on affected of WAC124, AC2000 routers. Authentication is not required to exploit this vulnerability.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>

* misc update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-03-27 20:40:41 +05:30
东方有鱼名为咸 38a902317f
add springcloud-function-spel-rce (#3991) 
* add springcloud-function-spel-rce

* misc updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-03-27 20:17:28 +05:30
Sandeep Singh eeff6b26b8
more strict matchers (#3987) 2022-03-26 16:45:50 +05:30
Prince Chaddha 948ceb8b11
Create oracle-fatwire-lfi.yaml (#3975) 
* Create oracle-fatwire-lfi.yaml

* Update oracle-fatwire-lfi.yaml

* Update oracle-fatwire-lfi.yaml

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
 2022-03-26 14:56:13 +05:30
MostInterestingBotInTheWorld eb23e6e44e
Dashboard Content Enhancements (#3980) 
Dashboard Content Enhancements
 2022-03-25 10:16:18 -04:00
MostInterestingBotInTheWorld 814d07fb7d
Dashboard Content Enhancements (#3961) 
* Enhancement: default-logins/viewpoint/trilithic-viewpoint-login.yaml by mp

* Enhancement: default-logins/visionhub/visionhub-default-login.yaml by mp

* Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp

* Enhancement: default-logins/wifisky/wifisky-default-login.yaml by mp

* Enhancement: default-logins/wso2/wso2-default-login.yaml by mp

* Enhancement: default-logins/xerox/xerox7-default-login.yaml by mp

* Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp

* Enhancement: default-logins/zabbix/zabbix-default-login.yaml by mp

* Enhancement: default-logins/zmanda/zmanda-default-login.yaml by mp

* Enhancement: dns/azure-takeover-detection.yaml by mp

* Enhancement: dns/cname-fingerprint.yaml by mp

* Enhancement: dns/cname-service-detection.yaml by mp

* Enhancement: dns/detect-dangling-cname.yaml by mp

* Enhancement: dns/dns-waf-detect.yaml by mp

* Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp

* Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp

* Enhancement: dns/dnssec-detection.yaml by mp

* Enhancement: dns/ec2-detection.yaml by mp

* Add CVSS/CWE

* Trailing space

* Linting error on comment indentation

* Typo

* Enhancement: dns/elasticbeantalk-takeover.yaml by mp

* Enhancement: cves/2020/CVE-2020-23517.yaml by mp

* Enhancement: dns/elasticbeantalk-takeover.yaml by mp

* Enhancement: dns/mx-fingerprint.yaml by mp

* Enhancement: dns/mx-service-detector.yaml by mp

* Enhancement: dns/nameserver-fingerprint.yaml by mp

* Enhancement: dns/ptr-fingerprint.yaml by mp

* Enhancement: dns/servfail-refused-hosts.yaml by mp

* Enhancement: dns/spoofable-spf-records-ptr.yaml by mp

* Enhancement: dns/txt-fingerprint.yaml by mp

* Enhancement: dns/worksites-detection.yaml by mp

* Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp

* Enhancement: exposed-panels/acemanager-login.yaml by mp

* Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp

* Enhancement: dns/mx-fingerprint.yaml by mp

* Enhancement: dns/mx-service-detector.yaml by mp

* Enhancement: dns/ptr-fingerprint.yaml by mp

* Enhancement: dns/servfail-refused-hosts.yaml by mp

* Enhancement: dns/spoofable-spf-records-ptr.yaml by mp

* Enhancement: cves/2021/CVE-2021-39501.yaml by mp

* Enhancement: cves/2021/CVE-2021-40323.yaml by mp

* Enhancement: cves/2021/CVE-2021-40539.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: cves/2021/CVE-2021-40856.yaml by mp

* Enhancement: cves/2021/CVE-2021-40859.yaml by mp

* Enhancement: cves/2021/CVE-2021-40323.yaml by mp

* Enhancement: cves/2021/CVE-2021-40539.yaml by mp

* Enhancement: cves/2010/CVE-2010-1875.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/akamai-cloudtest.yaml by mp

* Enhancement: exposed-panels/alfresco-detect.yaml by mp

* Enhancement: exposed-panels/alienvault-usm.yaml by mp

* Enhancement: exposed-panels/ambari-exposure.yaml by mp

* Enhancement: exposed-panels/amcrest-login.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: exposed-panels/alienvault-usm.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/ambari-exposure.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp

* Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp

* Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp

* Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp

* Enhancement: exposed-panels/ampps-panel.yaml by mp

* Enhancement: exposed-panels/ampps-admin-panel.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: cves/2010/CVE-2010-1878.yaml by mp

* Fix encoded chars

* trailing space

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: exposed-panels/apiman-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1873.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp

* Enhancement: exposed-panels/argocd-login.yaml by mp

* Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp

* Enhancement: exposed-panels/atvise-login.yaml by mp

* Enhancement: exposed-panels/avantfax-panel.yaml by mp

* Enhancement: exposed-panels/avatier-password-management.yaml by mp

* Enhancement: exposed-panels/axigen-webadmin.yaml by mp

* Enhancement: exposed-panels/axigen-webmail.yaml by mp

* Enhancement: exposed-panels/azkaban-web-client.yaml by mp

* Enhancement: exposed-panels/acunetix-panel.yaml by mp

* Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp

* Enhancement: exposed-panels/adminer-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1870.yaml by mp

* Enhancement: exposed-panels/adminset-panel.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp

* Enhancement: exposed-panels/advance-setup.yaml by mp

* Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* spacing issues

* Spacing

* HTML codes improperly interpreted
Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Enhancement: technologies/waf-detect.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: network/exposed-adb.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp

* Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp

* Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp

* indentation issue

* Character encoding issue fix

* Enhancement: default-logins/alibaba/canal-default-login.yaml by mp

* Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Enhancement: default-logins/apache/airflow-default-login.yaml by mp

* Enhancement: default-logins/apache/apisix-default-login.yaml by mp

* Enhancement: default-logins/apollo/apollo-default-login.yaml by mp

* Enhancement: default-logins/arl/arl-default-login.yaml by mp

* Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp

* Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp

* Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp

* Enhancement: dns/caa-fingerprint.yaml by mp

* Enhancement: exposed-panels/active-admin-exposure.yaml by mp

* Enhancement: exposed-panels/activemq-panel.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Restore & stomped by dashboard

* Enhancement: cves/2010/CVE-2010-1653.yaml by mp

* Enhancement: cves/2021/CVE-2021-38751.yaml by mp

* Enhancement: cves/2021/CVE-2021-39320.yaml by mp

* Enhancement: cves/2021/CVE-2021-39322.yaml by mp

* Enhancement: cves/2021/CVE-2021-39327.yaml by mp

* Enhancement: cves/2021/CVE-2021-39350.yaml by mp

* Enhancement: cves/2021/CVE-2021-39433.yaml by mp

* Enhancement: cves/2021/CVE-2021-41192.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp

* Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp

* Enhancement: exposed-panels/aviatrix-panel.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Enhancement: exposed-panels/blue-iris-login.yaml by mp

* Enhancement: exposed-panels/bigbluebutton-login.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Spacing issues
Add cve-id field

* fix & stomping

* Enhancement: cves/2016/CVE-2016-1000141.yaml by mp

* Enhancement: cves/2020/CVE-2020-24912.yaml by mp

* Enhancement: cves/2021/CVE-2021-35265.yaml by mp

* Enhancement: cves/2022/CVE-2022-0437.yaml by mp

* Enhancement: cves/2010/CVE-2010-1601.yaml by mp

* Enhancement: technologies/teradici-pcoip.yaml by mp

* Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: exposed-panels/epson-web-control-detect.yaml by mp

* Enhancement: exposed-panels/epson-access-detect.yaml by mp

* Enhancement: cves/2020/CVE-2020-29453.yaml by mp

* Fix spacing

Co-authored-by: sullo <sullo@cirt.net>
 2022-03-25 17:15:10 +05:30
Prince Chaddha a69887bb85
Update wordpress-wp-cron.yaml 2022-03-25 12:09:19 +05:30
sandeep 52d58896a1 fixed len condition 2022-03-24 18:23:32 +05:30
Prince Chaddha 3253a2a723
Update wordpress-wp-cron.yaml 2022-03-24 16:56:50 +05:30
Prince Chaddha 8956a91f51
Update wordpress-wp-cron.yaml 2022-03-24 16:23:59 +05:30
Prince Chaddha ad8b1a77c3
Update wordpress-wp-cron.yaml 2022-03-24 16:20:45 +05:30
Prince Chaddha b494dd3f94
Update wordpress-wp-cron.yaml 2022-03-24 14:49:46 +05:30
Pathtaga 122c200f76 Added wp-cron.php wordpress template 2022-03-23 18:20:58 +01:00
Prince Chaddha 95d9b7f30c
Merge pull request #3953 from projectdiscovery/regex-update 
Updated "/etc/passwd" regex to avoid possible false positive results.
 2022-03-23 00:23:06 +05:30
sandeep ec99241f0e Updated "/etc/passwd" regex to avoid possible false positive results. 2022-03-22 13:31:31 +05:30
Sandeep Singh c513d88d0d
Merge branch 'master' into rule-add-v102 2022-03-22 13:23:38 +05:30
MostInterestingBotInTheWorld 9663595dd1
Dashboard Text Enhancements (#3948) 
Dashboard content enhancements
 2022-03-21 23:48:47 -04:00
Prince Chaddha 0adf4452f8
Merge pull request #3934 from Akokonunes/patch-130 
Create huawei-hg255s-lfi.yaml
 2022-03-21 16:47:27 +05:30
Prince Chaddha 66927bff20
Update tekon-info-leak.yaml 2022-03-21 16:36:39 +05:30
Prince Chaddha c8118bc79f
Update and rename huawei-hg255s-lfi.yaml to vulnerabilities/huawei/huawei-hg255s-lfi.yaml 2022-03-20 13:14:34 +05:30
Sandeep Singh ec2246ee22
added confluence metadata and minor matcher updates (#3929) 2022-03-19 16:12:08 +05:30
sandeep 218b87a384 removing duplicate template 2022-03-18 21:09:34 +05:30
Muhammad Daffa b17a49d4e4
Create CNVD-2021-28277.yaml (#3892) 
* Create CNVD-2021-28277.yaml

* misc update

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-03-18 20:35:35 +05:30
Sandeep Singh 5e1fb187e4
Added negative content type check (#3932) 2022-03-18 19:52:29 +05:30
GwanYeong Kim bb7dbc4f0c Create tekon-info-leak.yaml 
A vulnerability in Tekon allows remote unauthenticated users to disclose the Log of the remote device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2022-03-18 19:38:44 +09:00
Prince Chaddha fd3a1efd51
Update cache-poisoning.yaml 2022-03-17 16:49:43 +05:30
Adam Crosser aa47b1d97b
Added 23 Nuclei Templates (#3909) 
* Added 23 Nuclei Templates

* Update cofense-vision-detection.yml

* Update sophos-mobile-panel-detection.yml

* Update cofense-vision-detection.yml

* Update httpbin-open-redirect.yml

* Update httpbin-xss.yml

* Update ansible-semaphore-panel.yml

* Rename ansible-semaphore-panel.yml to ansible-semaphore-panel.yaml

* Update and rename avatier_password_management.yml to avatier-password-management.yaml

* Update and rename buddy-panel.yml to buddy-panel.yaml

* Update and rename buildbot-panel.yml to buildbot-panel.yaml

* Update and rename cofense-vision-detection.yml to cofense-vision-panel.yaml

* Update and rename concourse-ci-panel.yml to concourse-ci-panel.yaml

* Update and rename drone-ci-panel.yml to drone-ci-panel.yaml

* Update and rename flowci-detection.yml to flowci-panel.yaml

* Update and rename gradle-enterprise-build-cache-detect.yml to gradle-cache-node-detect.yaml

* Update and rename exposed-panels/gradle-cache-node-detect.yaml to exposed-panels/gradle/gradle-cache-node-detect.yaml

* Update and rename exposed-panels/gradle-enterprise-panel.yml to exposed-panels/gradle/gradle-enterprise-panel.yaml

* Update and rename httpbin-detection.yml to httpbin-panel.yaml

* Update and rename leostream-detection.yml to leostream-panel.yaml

* Delete redash-detection.yml

* Update and rename sophos-mobile-panel-detection.yml to sophos-mobile-panel.yaml

* Update and rename splunk-enterprise-login-panel.yml to splunk-enterprise-panel.yaml

* Update splunk-enterprise-panel.yaml

* Update and rename stridercd-detection.yml to stridercd-panel.yaml

* Update and rename zuul-panel.yml to zuul-panel.yaml

* Update and rename zentral-detection.yml to zentral-panel.yaml

* Update and rename api-fastly.yml to api-fastly.yaml

* Update and rename api-gitlab.yml to api-gitlab.yaml

* Update and rename httpbin-xss.yml to httpbin-xss.yaml

* Update and rename httpbin-open-redirect.yml to httpbin-open-redirect.yaml

* Update and rename log4j-code42-rce.yml to code42-log4j-rce.yaml

* minor matcher fixes

* added missing hostname variable

* meta data update

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2022-03-16 18:47:58 +05:30
Prince Chaddha 9b0c2bb854
Update dzs-zoomsounds-listing.yaml 2022-03-15 17:21:27 +05:30
sandeep 795dbfdecc Added Kiwi TCMS JSON-RPC misconfig 2022-03-13 17:50:38 +05:30
Prince Chaddha 713c8d87cf
Merge pull request #3877 from projectdiscovery/dixell-xweb500-file-write 
Create dixell-xweb500-file-write.yaml
 2022-03-11 16:34:36 +05:30
Prince Chaddha 5bd8cb0f89
Update and rename dixell-xweb500-file-write.yaml to dixell-xweb500-filewrite.yaml 2022-03-11 16:30:02 +05:30
Prince Chaddha 030c9484b9
Update and rename unisharp-laravel-file-manager.yaml to laravel-filemanager-lfi.yaml 2022-03-11 15:57:07 +05:30
Prince Chaddha b7cc60c53d
Update dixell-xweb500-file-write.yaml 2022-03-11 02:00:55 +05:30
Prince Chaddha d7b8f35d9f
Create unisharp-laravel-file-manager.yaml 2022-03-11 02:00:23 +05:30
Prince Chaddha a5713235f2
Create dixell-xweb500-file-write.yaml 2022-03-11 01:57:31 +05:30
MostInterestingBotInTheWorld 21d872d42c
Merge branch 'projectdiscovery:master' into dashboard 2022-03-07 08:10:22 -05:00
sandeep ac26863c5d template id/name update 2022-03-07 15:46:57 +05:30
Surya 1b814c3d07
Create vrealize-operations-tenant-app-log4j-rce.yaml 2022-03-07 04:43:20 -05:00
sullo 6378a1ab1a Update CVSS information and text content 2022-03-04 15:58:39 -05:00
sandeep 3a6c69df71 template name updates 2022-03-04 22:12:30 +05:30
MostInterestingBotInTheWorld 66f1023114
Merge branch 'projectdiscovery:master' into dashboard 2022-03-03 08:52:54 -05:00
MostInterestingBotInTheWorld d5556d3a75 Enhancement: default-logins/cobbler/cobbler-default-login.yaml by mp 2022-03-03 08:27:48 -05:00
Prince Chaddha a05b7d098e
Merge pull request #3819 from manasmbellani/cisco-ucm-uds-api-userenum 
Cisco UCM UDS API Unauthenticated User Enumeration
 2022-03-03 17:02:46 +05:30
Prince Chaddha 869638c91a
Update and rename exposures/apis/cisco-ucm-uds-api-username-enumeration.yaml to vulnerabilities/cisco/cucm-username-enumeration.yaml 2022-03-03 17:00:45 +05:30
Prince Chaddha b0e13cb19d
Merge pull request #3791 from pussycat0x/master 
New Template Added
 2022-03-03 16:44:20 +05:30
Prince Chaddha a55ae538d1
Update and rename wordpress-plugins-dzs-zoomsounds.yaml to dzs-zoomsounds-listing.yaml 2022-03-03 16:42:30 +05:30
Prince Chaddha 64670366a1
Update and rename wordpress-plugins-qards.yaml to wp-qards-listing.yaml 2022-03-03 16:41:00 +05:30