63effa3f1f
Merge pull request #1279 from projectdiscovery/princechaddha-patch-16
...
Create nuuo-file-inclusion.yaml
2021-04-21 23:41:50 +05:30
e9a13c2018
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates
2021-04-20 18:41:10 +03:00
e5e995e909
Usually matchers is under requests and not at top level
2021-04-20 18:40:55 +03:00
5b4c21c7fa
Update wordpress-wordfence-waf-bypass-xss.yaml
2021-04-20 15:25:04 +05:30
36195f82a0
Added wordpress-wordfence-waf-bypass-xss
2021-04-20 15:23:05 +05:30
38b3359803
reference
2021-04-18 16:11:49 +03:00
ba15cabf57
Uncomment description and reference
2021-04-18 16:11:30 +03:00
bea9027bde
Reference and description
2021-04-18 16:09:44 +03:00
29caaefe8d
No need for "
2021-04-18 16:09:38 +03:00
ed9965095c
Update moodle-xss.yaml
2021-04-14 02:15:17 +05:30
3fa6b9fb74
Create nuuo-file-inclusion.yaml
2021-04-14 01:57:44 +05:30
93bb29bf9e
Merge pull request #1272 from pikpikcu/patch-143
...
Add POC
2021-04-14 01:54:24 +05:30
9302d0397b
Update eyou-email-rce.yaml
2021-04-14 01:54:06 +05:30
19553cf671
matcher improvements
2021-04-14 01:53:24 +05:30
ccb620bf73
Update wordpress-rce-simplefilelist.yaml
2021-04-13 18:26:30 +05:30
98af0ce0cc
Create erp-nc-directory-traversal.yaml
2021-04-13 07:18:15 +00:00
c19e8aa1cc
Create qi-anxin-netkang-next-generation-firewall-rce.yaml
2021-04-13 07:13:07 +00:00
9583b3bbd5
Create oa-v9-uploads-file.yaml
2021-04-13 07:06:02 +00:00
52f5496134
Create core-chuangtian-cloud-rce.yaml
2021-04-13 06:53:27 +00:00
fb3b481ae8
Create eyou-email-rce.yaml
2021-04-13 06:40:20 +00:00
17d836b2c4
Adding moodle-xss
2021-04-12 23:55:06 +05:30
020fdc5e0a
Merge pull request #1253 from pikpikcu/patch-141
...
Create turbocrm-xss.yaml
2021-04-11 17:25:49 +05:30
d96746d193
minor update
2021-04-11 17:24:54 +05:30
b0595790cb
Rename vulnerabilities/rockethcat/unauth-message-read.yaml to vulnerabilities/rocketchat/unauth-message-read.yaml
2021-04-10 22:27:51 -03:00
cdac8b34a6
Create turbocrm-xss.yaml
2021-04-11 00:22:56 +00:00
b36ec072d6
template update
2021-04-10 13:10:29 +05:30
ab46a9b2f0
Update basic-cors.yaml
...
Severity should be info.
2021-04-10 01:01:09 +03:00
1df35d4f32
Create maccmsv10-backdoor.yaml
2021-04-10 03:30:22 +05:30
939b8bee6c
Create myucms-lfr.yaml
2021-04-10 03:10:57 +05:30
03c6126f60
Create etouch-v2-sqli.yaml
2021-04-07 22:03:17 +05:30
797098e7fc
Create feifeicms-lfr.yaml
2021-04-07 19:54:35 +05:30
220a6461fb
Create 74cms-sqli.yaml
2021-04-06 23:59:29 +05:30
0c243d188a
tags improvements
2021-04-06 13:45:46 +05:30
e4b9397b06
Adding missing wordpress tags
2021-04-06 13:19:32 +05:30
8fdfc64e54
misc tag updates
2021-04-06 12:16:11 +05:30
d34ca6773b
misc changes
2021-04-05 23:55:18 +05:30
e934241101
Update empirecms-xss.yaml
2021-04-05 22:13:16 +05:30
d789177b06
Create empirecms-xss.yaml
2021-04-05 08:16:27 +00:00
40fb0066c3
more reference
2021-04-02 21:38:35 +05:30
3daa03c799
Update cache-poisoning.yaml
2021-04-02 19:19:50 +05:30
5eb1e78503
Create cache-poisoning.yaml
2021-04-02 15:14:09 +02:00
532dc4cf0c
Added more info and strict matcher
2021-03-29 17:05:11 +05:30
82fbfcf962
Create unauth-message-read.yaml
2021-03-28 23:42:11 -07:00
59574cc701
Revert "Create apache-spark-rce"
2021-03-26 00:16:29 +05:30
28bf41830f
Merge branch 'patch-104' of https://github.com/pikpikcu/nuclei-templates into pikpikcu-patch-104
2021-03-25 22:37:34 +05:30
2aa7c97e40
Update apache-spark-rce.yaml
2021-03-25 21:25:59 +05:30
b5c4ed0e2e
Update wordpress-rce-simplefilelist.yaml
2021-03-25 19:21:30 +05:30
351167e91f
removing redundant boolean check
2021-03-25 00:28:50 +01:00
9a750ba944
Merge pull request #1136 from pikpikcu/patch-134
...
Create thinkcmf-arbitrary-code-execution.yaml
2021-03-24 17:22:58 +05:30
915aeb93bb
Update thinkcmf-arbitrary-code-execution.yaml
2021-03-24 17:21:31 +05:30
356856a983
Create thinkcmf-arbitrary-code-execution.yaml
2021-03-24 01:10:20 +00:00
568a795319
Update thinkcmf-lfi.yaml
2021-03-24 00:42:53 +00:00
1e541d324f
Merge pull request #1116 from pikpikcu/patch-127
...
Create tpshop-directory-traversal.yaml
2021-03-21 21:04:43 +05:30
7af81a3ce8
Update tpshop-directory-traversal.yaml
2021-03-21 21:04:33 +05:30
0c20bbf8b5
Merge pull request #1119 from pikpikcu/patch-130
...
Create xdcms-sqli
2021-03-21 20:43:51 +05:30
8fd55de534
Update error-based-sql-injection.yaml
2021-03-21 20:28:22 +05:30
7674824c98
Create xdcms-sqli.yaml
2021-03-21 10:15:44 +00:00
ce51bfee06
Create tpshop-directory-traversal.yaml
2021-03-21 02:53:52 +00:00
a3d7047521
Update error-based-sql-injection.yaml
...
Reverting back to raw http request. Sending encoded requests using net/http were missing blatant SQL injections.
Before:
[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[INF] No results found. Better luck next time!
After:
[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[2021-03-20 14:48:59] [error-based-sql-injection:MariaDB] [http] [high] https://REDACTED/ ') [check the manual that corresponds to your MariaDB server version]
2021-03-20 19:52:48 +00:00
c04d699985
wordpress-infinitewp-auth-bypass
2021-03-19 02:10:02 +05:30
d2115fa8f6
Update hashicorp-consul-rce.yaml
2021-03-18 18:37:43 +05:30
4e16407c52
Update hashicorp-consul-rce.yaml
2021-03-18 18:36:13 +05:30
75cd16f667
Merge pull request #1100 from geeknik/patch-51
...
Create error-based-sql-injection.yaml
2021-03-18 14:06:56 +05:30
0c602a56e7
Update error-based-sql-injection.yaml
2021-03-18 14:05:19 +05:30
ad84ecb792
tag improvements
2021-03-18 13:24:36 +05:30
988d0c75c9
Update error-based-sql-injection.yaml
2021-03-17 20:39:57 +00:00
019a193aec
Update error-based-sql-injection.yaml
2021-03-17 19:31:08 +00:00
be020357e8
Update error-based-sql-injection.yaml
2021-03-17 19:25:02 +00:00
99bb91c255
Update error-based-sql-injection.yaml
2021-03-17 19:19:27 +00:00
8fe5f4e1ff
Create error-based-sql-injection.yaml
...
🎉 OMG 🎉
Detect Error Based SQL Injection
Includes regex matchers + extractors for 29 Database Engines
💥 https://buymeacoffee.com/geeknik 💥
2021-03-17 17:30:53 +00:00
3c8432686c
Update viewlinc-crlf-injection.yaml
2021-03-16 14:05:20 +05:30
e951c75c59
Update viewlinc-crlf-injection.yaml
2021-03-15 20:04:37 +00:00
0068d7ae0c
Create viewlinc-crlf-injection.yaml
...
This was discovered whilst participating in a private Hacker0x01 bug bounty program.
2021-03-15 20:00:56 +00:00
6689aa0a81
Create dedecms-carbuyaction-fileinclude.yaml
2021-03-15 08:40:45 +00:00
332ccbdb36
Create dedecms-membergroup-sqli.yaml
2021-03-15 08:01:47 +00:00
fb65d9341b
Merge branch 'master' into patch-4
2021-03-15 00:30:30 +05:30
ffae74a6a8
Updated to openam-detection
2021-03-15 00:27:59 +05:30
47a7ea85e0
Merge pull request #1066 from r3naissance/master
...
Add teacherease-xss and parentlink-xss to /vulnerabilities/other/
2021-03-14 17:12:05 +05:30
e18b34cc64
few updates
2021-03-14 17:07:52 +05:30
ed87cc42a8
Create pmb-local-file-disclosure.yaml
2021-03-12 22:42:45 +05:30
9ff6adff73
Update wordpress-accessible-wpconfig.yaml
2021-03-12 17:58:35 +05:30
28b0636f2d
syntax update
2021-03-12 17:32:16 +05:30
c35ed8a408
Merge branch 'master' into wordpress-cves
2021-03-12 17:25:27 +05:30
a0785510f5
Update apache-flink-unauth-rce.yaml
2021-03-12 12:42:17 +05:30
db18f137e6
linting updates
2021-03-12 12:40:16 +05:30
bee7bbdac0
Merge pull request #1037 from PurushottamanR/master
...
Moodle jitsi plugin XSS detection
2021-03-12 01:13:37 +05:30
830cc84899
Update moodle-jitsi-plugin-xss.yaml
2021-03-12 01:08:56 +05:30
48dc97b6fe
Update moodle-jitsi-plugin-xss.yaml
2021-03-12 01:06:37 +05:30
655308b864
Added reference
2021-03-11 09:50:26 -07:00
86faa863f6
Added some reference
2021-03-11 20:33:36 +05:30
881cedaabc
Adding teacherease-xss
2021-03-10 12:36:44 -07:00
8a015fe306
Adding parentlink-xss
2021-03-10 12:36:08 -07:00
ed91c0813e
more typos
2021-03-10 19:45:41 +05:30
06945d56a8
fixing typos
2021-03-10 19:33:49 +05:30
de3b1d27ea
added templates
2021-03-10 17:06:11 +05:30
ce919375eb
Create wordpress-auth-bypass-wptimecapsule.yaml
2021-03-10 12:29:08 +05:30
79ebf9b5bd
Update moodle-jitsi-plugin-xss.yaml
2021-03-07 14:28:07 +05:30
944493d343
wip
2021-03-07 13:48:33 +05:30
d67648b6d7
Update moodle-jitsi-plugin-xss.yaml
2021-03-07 13:43:48 +05:30
17a4f315e7
moodle jitsi plugin XSS detection
2021-03-06 13:52:35 -05:00
7ab99e908a
moodle jitsi plugin XSS detection
2021-03-06 13:25:44 -05:00
04cc9c44fb
xss matchers update
2021-03-04 21:32:34 +05:30
e9c9c4822f
misc update
2021-03-04 21:04:06 +05:30
4e31596426
Fix 🛠️
2021-03-03 22:07:46 +07:00
8a2f8ca4ee
Fix name 🛠️
2021-03-03 22:03:52 +07:00
b831644c7e
Update apache-sprak-rce.yaml
2021-03-03 21:49:11 +07:00
0389429c1f
Create apache-sprak-rce.yaml
2021-03-03 11:02:51 +00:00
fdd015042f
Update simple-employee-rce.yaml
2021-03-02 21:42:00 +05:30
0e78ce0a5b
Create simple-employee-rce.yaml
2021-03-01 11:40:03 +00:00
b9d3325fc6
Create ruijie-networks-lfi.yaml
2021-03-01 10:21:32 +00:00
4c319fc79f
Update ruijie-networks-rce.yaml
2021-03-01 13:37:10 +05:30
7ec42cf499
Update ruijie-networks-rce.yaml
2021-03-01 06:57:32 +00:00
c55692e01c
Create ruijie-networks-rce.yaml
2021-03-01 06:56:46 +00:00
6a4bd45625
Add tags
2021-02-27 00:39:28 +07:00
481ba6aba1
Create duomicms-sql-injection.yaml
2021-02-26 22:44:31 +07:00
e29525ecf7
Update hashicorp-consul-rce.yaml
2021-02-26 17:32:50 +05:30
a15fad8cb7
Update hashicorp-consul-rce.yaml
2021-02-26 17:01:59 +05:30
d926680125
Update hashicorp-consul-rce.yaml
2021-02-26 11:29:22 +00:00
52f6fab37b
Update hashicorp-consul-rce.yaml
2021-02-26 11:06:28 +00:00
50f5c91edf
Create hashicorp-consul-rce.yaml
2021-02-26 09:02:50 +00:00
4fb3b338a0
Merge pull request #954 from daffainfo/patch-2
...
Update wordpress-user-enumeration.yaml
2021-02-26 11:22:23 +05:30
36694ceec9
wp workflow update
2021-02-26 11:21:15 +05:30
1f3b105490
Update wordpress-user-enumeration.yaml
2021-02-26 08:36:34 +07:00
3a22ab23c0
Merge pull request #938 from gano3s/master
...
Improvement of the regex in open redirection template
2021-02-26 01:20:40 +05:30
5241e0f960
Update open-redirect.yaml
2021-02-26 01:16:45 +05:30
acd1ab4735
misc changes
2021-02-26 00:21:07 +05:30
2e3aa4355f
Merge pull request #18 from projectdiscovery/master
...
improved matcher
2021-02-25 23:42:45 +05:30
9bcd36338e
improved matcher
2021-02-25 23:38:40 +05:30
b24a1eecae
Create wordpress-affiliatewp-allowed-products.yaml
2021-02-25 23:21:42 +05:30
1355185b45
improved matcher
2021-02-25 23:04:21 +05:30
237b268e31
Merge pull request #937 from pikpikcu/patch-82
...
Create weiphp-path-traversal
2021-02-25 18:43:18 +05:30
1dbd3b082b
matcher update
2021-02-25 18:29:49 +05:30
277f7c21d6
Delete weiphp-sql-injection.yaml
2021-02-25 12:37:44 +00:00
bf11f5889f
Update weiphp-sql-injection.yaml
2021-02-25 12:02:35 +00:00
609ac0e098
Update rockmongo-xss.yaml
2021-02-25 17:16:33 +05:30
3ea4c3a826
Update rockmongo-xss.yaml
2021-02-25 17:15:21 +05:30
63a71afa62
Create rockmongo-xss.yaml
2021-02-25 11:28:40 +00:00
c2982994a4
Update weiphp-sql-injection.yaml
2021-02-25 16:36:57 +05:30
30483cf1e5
Update weiphp-path-traversal.yaml
2021-02-25 16:18:18 +05:30
8927253cb3
Improvement of the regex in open redirection template
2021-02-25 11:13:01 +01:00
4a55ac7128
Update weiphp-sql-injection.yaml
2021-02-25 10:02:04 +00:00
e81b961873
Update weiphp-sql-injection.yaml
2021-02-25 09:51:58 +00:00
fe995933bc
Create weiphp-sql-injection.yaml
2021-02-25 09:49:18 +00:00
48f55d25d0
Update weiphp-path-traversal.yaml
2021-02-25 15:03:56 +05:30
f0f11568c0
Update weiphp-path-traversal.yaml
2021-02-25 09:07:26 +00:00
b18c68674c
Create weiphp-path-traversal.yaml
2021-02-25 08:59:17 +00:00
9e9aa20646
Merge pull request #929 from pikpikcu/patch-80
...
zhiyuan-oa session leak
2021-02-24 23:24:28 +05:30
a0175f96c4
Update zhiyuan-oa-info-leak.yaml
2021-02-24 23:22:23 +05:30
00abdb4732
Update yarn-resourcemanager-rce.yaml
2021-02-24 21:29:13 +05:30
99b1ae2d46
Improved matcher
2021-02-24 21:28:48 +05:30
2f39160e65
Create zhiyuan-oa-info-leak.yaml
2021-02-24 08:07:57 +00:00
b86a406d26
Create zhiyuan-oa-session-leak.yaml
2021-02-24 08:06:28 +00:00
f6042d3d43
Update wordpress-accessible-wpconfig.yaml
2021-02-22 09:51:01 +07:00
cd2a3a7a77
Update dedecms-openredirect.yaml
2021-02-20 23:12:14 +05:30
d118e3e8cf
Create dedecms-openredirect.yaml
2021-02-21 00:35:47 +07:00
6f74d31e0b
few updates
2021-02-20 22:41:54 +05:30
6ace5ab376
Create finereport-path-traversal.yaml
2021-02-20 23:36:48 +07:00
5ffc1aa211
Update metinfo-lfi.yaml
2021-02-20 19:24:20 +05:30
6e19a6eb45
Create metinfo-lfi.yaml
2021-02-20 07:25:43 +07:00
d77862ef7b
adding tags
2021-02-19 13:51:21 +05:30
e537b279a0
Create cisco-webui-rce.yaml
2021-02-19 14:39:32 +07:00
b538a7f481
Update seacms-rce.yaml
2021-02-18 20:38:50 +05:30
15bff234ef
Create seacms-rce.yaml
2021-02-18 20:05:35 +07:00
0ca299e92b
adding wp template and workflow
2021-02-17 17:33:03 +05:30
86243622cc
tag updates
2021-02-16 22:32:57 +05:30
6d88f03e08
moving files around
2021-02-16 14:54:04 +05:30
a9769ed11b
Update oracle-glassfish-lfi.yaml
2021-02-16 14:25:42 +05:30
b38e84957e
Update oracle-glassfish-lfi.yaml
2021-02-16 08:41:11 +00:00
35e0b8e2f4
Create oracle-glassfish-lfi.yaml
2021-02-16 08:38:42 +00:00
a772670227
Merge pull request #866 from pikpikcu/patch-66
...
Create cacti-weathermap-file-write
2021-02-16 02:19:45 +05:30
b4a9d2ec68
Update cacti-weathermap-file-write.yaml
2021-02-16 02:17:45 +05:30
f165b4bef4
Merge pull request #867 from Mad-robot/master
...
Create Zebra_Form_XSS.yaml
2021-02-16 00:30:09 +05:30
3bb6b81dc5
misc changes
2021-02-16 00:28:11 +05:30
07eb454de6
Update open-redirect.yaml
...
Seems a bit rude to add a production website like test.com to a template like this will generate a ton of unexpected traffic for a company who might not be expecting it or appreciating it.
2021-02-15 17:42:57 +00:00
55b6b33e93
misc changes
2021-02-15 21:29:12 +05:30
18fde04cb7
Update Zebra_Form_XSS.yaml
2021-02-15 17:54:22 +05:30
1655381ae6
Update Zebra_Form_XSS.yaml
2021-02-15 17:53:52 +05:30
68ffcca822
Update Zebra_Form_XSS.yaml
2021-02-15 17:42:09 +05:30
91768dc160
Create Zebra_Form_XSS.yaml
2021-02-15 16:13:31 +05:30
3f3f9b9f43
Create samsung-wlan-ap-rce.yaml
2021-02-15 06:17:07 +00:00
50c0d50d3d
Create samsung-wlan-ap-xss.yaml
2021-02-15 05:53:18 +00:00
ef6b416535
Create cacti-weathermap-file-write.yaml
2021-02-15 04:39:47 +00:00
9daed142be
Create samsung-wlan-ap-lfi.yaml
2021-02-15 04:30:32 +00:00
eb50c32a64
Update rails6-xss.yaml
2021-02-15 04:27:45 +05:30
4d8510a60d
Update rails6-xss.yaml
2021-02-15 00:31:40 +05:30
f577b9c91e
Merge pull request #860 from Mad-robot/master
...
Update rails6-xss.yaml
2021-02-15 00:17:02 +05:30
6222b9fe49
Added working poc as comment
2021-02-15 00:15:07 +05:30
58835cfc59
Update oa-tongda-path-traversal.yaml
2021-02-14 20:24:12 +05:30
ccd53e0677
Update rails6-xss.yaml
2021-02-14 19:04:20 +05:30
9362086705
Create oa-tongda-path-traversal.yaml
2021-02-14 12:22:51 +00:00
483161371b
Merge pull request #857 from afaq1337/patch-2
...
added new signatures for URL Redirect
2021-02-14 17:13:59 +05:30
0c82bbb53c
Update open-redirect.yaml
2021-02-14 17:12:34 +05:30
0ee8b53fb4
payload updates
2021-02-14 17:11:51 +05:30
0e5a07232f
misc changes
2021-02-14 16:29:41 +05:30
197bf2286e
Create powercreator-cms-rce.yaml
2021-02-14 08:40:45 +00:00
dea2fd28dc
update name
2021-02-14 13:35:57 +05:00
01535dd36a
added new signatures for URL Redirect
...
Update double quotes with single quotes against escaping, and added new signatures
2021-02-14 13:29:18 +05:00
768c05a9df
Update rce-shellshock-user-agent.yaml
2021-02-13 10:25:02 +05:30
ec7a29957d
Adding tags to vulnerabilities and workflows
2021-02-12 11:23:01 +05:30
16f23c84be
improved matcher
2021-02-12 10:29:05 +05:30
e7c6731d1a
Update
...
Edit after update from Mohamed elbadry @melbadry9
2021-02-11 22:53:19 +02:00
5c419acb32
misc updates
2021-02-12 02:03:38 +05:30
82acc49390
Update and rename thinkcmf-shell-write.yaml to thinkcmf-rce.yaml
2021-02-11 17:49:03 +00:00
29eda8d1ab
Create thinkcmf-shell-write.yaml
2021-02-11 17:31:25 +00:00
e6c31e6512
Update thinkcmf-lfi.yaml
2021-02-11 22:23:14 +05:30
2b8c738e03
Create thinkcmf-lfi.yaml
2021-02-11 15:46:20 +00:00
aefbc1db67
misc changes
2021-02-10 22:07:17 +05:30
f27418b7ba
Added apache-flink-rce ( #810 )
2021-02-10 20:48:24 +05:30
e02cba08c8
Create jira-unauthenticated-projectcategories.yaml
2021-02-10 02:59:28 +05:30
41cb45656c
Create jira-unauthenticated-adminprojects.yaml
2021-02-10 02:51:14 +05:30
557f0113ff
Create jira-unauthenticated-resolutions.yaml ( #830 )
2021-02-10 02:35:12 +05:30
0a82b1920f
Added tags to wordpress templates.
2021-02-05 14:53:55 +05:30
83fb22a81b
Merge pull request #801 from pikpikcu/patch-42
...
Adding sangfor-edr-rce
2021-02-03 17:30:11 +05:30
3a28f79400
Update chamilo-lms-xss.yaml
2021-02-03 16:58:43 +05:30
c21acfa7a0
Create sangfor-edr-rce.yaml
2021-02-03 04:40:07 +00:00
26f1e7d857
Create chamilo-lms-xss.yaml
2021-02-01 20:54:21 +00:00
fa732d4565
Merge pull request #787 from pikpikcu/patch-36
...
Create dlink-dir-850l-info-leak
2021-02-01 23:12:23 +05:30
b476243f85
misc changes
2021-02-01 23:11:29 +05:30
de3338ebb7
Update caucho-resin-info-disclosure.yaml
2021-02-01 23:03:11 +05:30
fc3eb4e73e
few updates
2021-02-01 23:02:39 +05:30
c649ff4a85
Added key-cloak xss and admin panel
2021-02-01 22:17:31 +05:30
3a2a99cd63
Create caucho-resin-information-disclosure.yaml
2021-02-01 15:43:29 +00:00
6101f8e537
misc update
2021-01-31 12:54:53 +05:30
ed4b717d65
Create wooyun-path-traversal.yaml
2021-01-30 21:37:05 +00:00
f6ccec48ed
Update CNVD-2020-62422.yaml
2021-01-30 18:33:26 +05:30
64209dca7d
Create CNVD-2020-62422.yaml
2021-01-30 10:45:17 +00:00
a887ebe289
few updates
2021-01-26 20:01:01 +05:30
7f1abf1e4b
Update sonicwall-sslvpn-shellshock.yml
2021-01-26 10:45:15 +00:00
1712d10086
Update sonicwall-sslvpn-shellshock.yml
2021-01-26 10:44:17 +00:00
4782898579
Update sonicwall-sslvpn-shellshock.yml
2021-01-26 10:40:48 +00:00
f4529d02c5
Update sonicwall-sslvpn-shellshock.yml
2021-01-26 10:37:18 +00:00
abe3f04402
Update sonicwall-sslvpn-shellshock.yml
2021-01-26 10:34:17 +00:00
45d26b875e
New Sonicwall 0day Exploit test
2021-01-26 10:20:46 +00:00
c762044d29
updating incorrect file permissions
2021-01-21 23:28:32 +05:30
a98c2c6bb1
moving files
2021-01-21 23:11:15 +05:30
de09cbbd43
updating template
2021-01-21 20:17:20 +05:30
1a14ff8c44
syntax update
2021-01-19 12:33:48 +05:30
58ebf59035
Added ThinkPHP templates and signature.
2021-01-19 01:16:59 -03:00
dc24595935
BaseURL updates
2021-01-14 20:11:56 +05:30
5c2eabbebc
Create openam-ldap-injection.yaml
...
reference: https://blog.cybercastle.io/ldap-injection-in-openam/
The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email.
2021-01-13 23:36:19 +02:00
106da77fc3
Preparing for request clustering
2021-01-13 13:01:46 +05:30
b5159893d0
removing duplicate template
2021-01-13 12:40:31 +05:30
0b4c49e485
misc
2021-01-11 13:24:57 +05:30
c62dfd2b53
adding few from masters
2021-01-11 12:28:56 +05:30
1468d8a52c
matcher updates
2021-01-11 12:14:22 +05:30
b5dd30abf5
fixes
2021-01-11 04:09:54 +05:30
b80ca7732d
linting errors
2021-01-11 03:31:24 +05:30
a52ffe5c4e
fixes and updates
2021-01-10 19:45:36 +05:30
a90d047991
Massive template checks addition 🎉 🎉
2021-01-10 18:41:25 +05:30
187e4a5feb
moving more files around
2021-01-09 18:32:04 +05:30
95d784d9b7
moving folder/files around
2021-01-08 22:25:54 +05:30
9a1c93c1c0
Update thinkific-redirect.yaml
2020-12-29 11:30:30 +05:30
c5838760fe
Create thinkific-redirect.yaml
2020-12-29 00:51:40 +02:00
fb3b2551df
Removing as this is same as cve-2020-11738
2020-12-23 19:31:29 +05:30
441c1d2c40
updated rails6-xss
2020-12-23 14:54:03 +05:30
280ad158a5
Merge pull request #682 from PR3R00T/patch-6
...
Linux appliance version of vmware-vcenter-lfi.yaml
2020-12-15 01:14:33 +05:30
6690a49299
Update vmware-vcenter-lfi-linux.yaml
2020-12-15 01:14:06 +05:30
961977a1d4
Update easy-wp-smtp-listing.yaml
2020-12-14 19:04:51 +05:30
9d6d6bbd70
Linux appliance version of vmware-vcenter-lfi.yaml
...
Looking into the references in vmware-vcenter-lfi.yaml, Twitter comments also mentioned it affecting the Linux appliance version (VMWare PSC).
I created this template and tested it on vulnerable PSCs.
2020-12-13 20:30:05 +00:00
76e8315c3f
Create easy-wp-smtp-listing.yaml
2020-12-13 20:05:21 +00:00
d0df82d928
Adding content type checks for XSS templates
2020-12-14 00:54:23 +05:30
0d103fe950
✏️ Update description
2020-12-09 15:53:20 +07:00
711053cfa5
🔥 Add McAfee ePO RCE vulnerability
2020-12-09 15:33:35 +07:00
9d51cec01e
Reference update
2020-11-23 23:56:36 +05:30
beb578cdf0
Marker updates to payloads
...
Adding § marker to variable names to avoid any confusion with real data and variable name, supported from nuclei v2.2.0
2020-11-21 12:25:49 +05:30
bc398cf3e3
Update open-redirect.yaml
...
Add `langTo` parameter.
2020-11-16 17:02:48 +00:00
a2243cbf30
Update open-redirect.yaml
...
Add missing host to `RequestURI`. 👍🏻
2020-11-16 16:52:13 +00:00
4f746684c8
Encoding updates
2020-11-10 19:43:51 +05:30
377a7df758
Adding NUUO NVRmini2 3.0.8 - Remote Code Execution
2020-11-09 16:09:50 +05:30
e55d12c8de
Merge pull request #587 from dwisiswant0/add-vuln/wordpress-wpcourses-info-disclosure
...
Add wordpress-wpcourses-info-disclosure
2020-10-23 02:16:07 +05:30
c11b53eedb
Update sassy-social-share.yaml
2020-10-23 02:08:55 +05:30
4e09270571
🔥 Add wordpress-wpcourses-info-disclosure
2020-10-20 23:46:12 +07:00
6a1ade3566
Create sassy-social-share.yaml
2020-10-20 16:28:01 +01:00
ec50c8519e
Merge pull request #574 from dwisiswant0/add/vpms-auth-bypass
...
Add Vehicle Parking Management System 1.0 - Authentication Bypass
2020-10-16 13:23:21 +05:30
5885f7b7cc
🔥 Add VPMS Auth Bypass
2020-10-16 02:42:37 +07:00
8903773275
📝 Add more regex patterns
2020-10-16 02:32:52 +07:00
c098675c01
🔥 Add ZMS Auth Bypass
2020-10-16 02:30:42 +07:00
f899b78fa8
🔥 Add rConfig RCE
2020-10-16 00:26:11 +07:00
29ec4777e2
Update vmware-vcenter-lfi.yaml
2020-10-13 21:34:12 +05:30
aa83f5e443
Update vmware-vcenter-lfi.yaml
2020-10-13 21:32:26 +05:30
7b662fbaee
🔨 Update regex pattern
2020-10-13 22:51:29 +07:00
ac8c5c98b4
🔨 Using paths as payloads
2020-10-13 21:55:29 +07:00
e0afe64ec1
📝 Remove additional matchers based on docs.vmware.com
2020-10-13 21:34:08 +07:00
e238af244b
🔥 Add VMware vCenter Unauthenticated Arbitrary File Read
2020-10-13 21:24:30 +07:00
1a01b49bd5
Removed host-header-injection
...
Removing as this template look for reflection and not HTTP interaction, that is also not possible to detect for now.
2020-10-12 21:19:32 +05:30
901f8d4483
Rename Symantec-Messaging-Gateway.yaml to symantec-messaging-gateway.yaml
2020-10-08 16:01:14 +05:30
072adb6681
template update
2020-10-08 03:49:59 +05:30
4b42f6852a
Add Oracle-EBS LFI
2020-10-07 21:59:39 +00:00
1c602223fb
template update
2020-10-06 19:38:59 +05:30
53c296c49a
Create w3c-total-cache.yaml
2020-10-06 10:45:54 +01:00
2ae545cab4
some updates
2020-10-02 22:28:16 +05:30
864c0781b4
Merge pull request #394 from sushant-kamble/master
...
[fuzzing][wip] new template in vulnerability
2020-10-02 22:23:42 +05:30
471daf1bfd
Update arbitrary-file-read.yaml
2020-10-02 22:22:52 +05:30
bcf83e3191
Update open-redirect.yaml
2020-10-01 20:49:01 +05:30
6045c00987
wordpress workflow update
2020-09-27 13:22:13 +05:30
debc3c846a
Update wordpress-social-metrics-tracker.yaml
2020-09-27 13:14:52 +05:30
dae1c4af79
Update wordpress-social-metrics-tracker.yaml
2020-09-27 13:12:57 +05:30
0a92a6acc4
Create wordpress-social-metrics-tracker.yaml
2020-09-26 09:20:15 +01:00
dbfa0fca2d
severity updates
2020-09-20 18:27:43 +05:30
2febdea3ec
Merge pull request #476 from al3xdelarge/master
...
Replace /etc/shadow by /etc/passwd
2020-09-17 14:04:13 +05:30
ac0df32184
Fix malformed yaml
2020-09-17 10:30:45 +02:00
7140ca2430
Fix malformed yaml
2020-09-17 10:24:16 +02:00
3deec15ad1
Fix malformed yaml
2020-09-17 10:23:00 +02:00
7d434171fc
Adapt matcher to passwd
2020-09-17 10:15:41 +02:00
0f7b226f69
Replace shadow by passwd
2020-09-17 10:13:19 +02:00
a33439106d
Update Symantec-Messaging-Gateway.yaml
2020-09-16 17:56:22 +05:30
67bd041417
Create Symantec-Messaging-Gateway.yaml
2020-09-16 12:13:10 +01:00
ffef121561
Normalized id fields to match schema regex
2020-09-16 00:55:55 +05:30
d0b47926dc
Merge pull request #453 from dwisiswant0/springboot/h2-db-rce
...
Add Spring Boot H2 Database RCE
2020-09-13 21:33:14 +05:30
9fbcc70b37
🔥 Add Spring Boot H2 Database RCE
2020-09-13 22:33:07 +07:00
0a49f1255e
Update open-redirect.yaml
2020-09-13 20:45:16 +08:00
52b5f5bb13
Merge pull request #429 from random-robbie/patch-5
...
Create wordpress-emails-verification-for-woocommerce.yaml
2020-09-10 19:26:37 +05:30
74ca1daede
✏️ Replace em-dash with dash
2020-09-09 22:08:12 +07:00
8e645bff19
Update wordpress-emails-verification-for-woocommerce.yaml
2020-09-08 23:57:06 +05:30
31b049898e
Update wordpress-emails-verification-for-woocommerce.yaml
2020-09-08 12:25:55 +01:00
07c84b347e
Create wordpress-emails-verification-for-woocommerce.yaml
2020-09-08 12:12:53 +01:00
9c6f45a08a
Create mida-eframework-xss.yaml
2020-09-08 09:45:12 +00:00
450df94e3d
Update bullwark-momentum-series-directory-traversal.yaml
2020-09-07 02:16:06 +05:30
67f72d11e6
Create bullwark-momentum-series-directory-traversal.yaml
2020-09-05 14:58:51 +00:00
21c8656c12
False positive on XSS templates
...
Encode XSS payload to prevent false positives when the Query string is returned AS IS by the server. Recent browsers will always send the parameters encoded.
2020-09-03 10:56:31 -05:00
25fd4da110
new template
2020-09-02 17:22:30 -05:00
ca4dbf605b
🔡 Justifying id's
2020-09-01 09:25:25 +07:00
9bf0b6dbaf
uniform format
2020-09-01 00:04:29 +05:30
6abc3c9429
Merge pull request #369 from projectdiscovery/wems-manager-xss
...
Create wems-manager-xss.yaml
2020-08-30 11:11:18 +05:30
140716bac8
Create wems-manager-xss.yaml
2020-08-30 11:10:09 +05:30
62cbf524aa
Merge pull request #368 from projectdiscovery/eclipse-help-system-xss
...
Create eclipse-help-system-xss.yaml
2020-08-30 10:39:19 +05:30
01d055aa1f
Update eclipse-help-system-xss.yaml
2020-08-30 10:38:28 +05:30
5a860c63ed
Create eclipse-help-system-xss.yaml
2020-08-30 10:35:28 +05:30
1d8b3f71a0
Update sick-beard-xss.yaml
2020-08-29 02:33:17 +05:30
99c83642fa
Create sick-beard-xss.yaml
2020-08-29 02:25:56 +05:30
747aa48d09
Merge pull request #345 from aqme/master
...
Add *description* property to nuclei-templates
2020-08-28 01:09:39 +05:30
8cc901ced0
comment reference field
2020-08-27 21:05:33 +02:00
146e114a3b
fix minor yamllint issues
...
Fix minor yamllint issues to move forward.
2020-08-25 22:18:58 +02:00
ddb9a608ff
Update rce-via-java-deserialization.yaml
2020-08-26 01:22:50 +05:30
79ccce2ae4
add few descriptions
...
add few descriptions and references on /vulnerabilities/ templates.
2020-08-25 21:43:43 +02:00
9990d326e4
CRLF injection
...
update description
2020-08-25 18:46:19 +02:00
79e826d782
CouchDB Admin Party
...
update description
2020-08-25 17:29:11 +02:00
532072c677
Update crlf-injection.yaml
2020-08-11 14:58:53 +02:00
f4ebffa1bc
Improve shellshock payload
2020-08-06 10:03:58 +02:00
03eb473c7b
Update rce-via-java-deserialization.yaml
...
Add rce-via-java-deserialization id
2020-08-05 22:57:52 -05:00
f5d35e3fad
minor fixs
2020-08-01 02:18:24 +05:30
99d78127ea
Nginx virtual host traffic status module XSS
...
https://github.com/vozlt/nginx-module-vts/issues/174
2020-07-31 23:18:14 +05:30
b44f47c502
matcher updates
2020-07-31 23:12:34 +05:30
a46612e7b7
Create tikiwiki-reflected-xss.yam
2020-07-31 22:55:41 +05:30
d6930042a9
trailing-spaces
2020-07-31 15:32:19 +05:30
9be9a16bbc
Merge pull request #269 from eugui/patch-4
...
Update open-redirect.yaml
2020-07-28 21:16:58 +05:30
e23e6767fd
updating template
2020-07-28 20:44:22 +05:30
318a78ebef
Update open-redirect.yaml
2020-07-28 14:29:36 +01:00
6e8b732d57
Update oracle-ebs-bispgraph-file-access-vulnerability(rce).yaml
2020-07-27 12:37:21 +03:00
5340a96e4c
Oracle EBS Bispgraph File Access Vulnerability
...
A test to check whether you can read the etc/password file on a vulnerable Oracle Enterprise Business Suite instance
2020-07-27 12:25:15 +03:00
4651a012cd
Rename RCE-via-java-deserialization.yaml to rce-via-java-deserialization.yaml
2020-07-24 15:02:04 +05:30
55ccaba797
Update RCE-via-java-deserialization.yaml
2020-07-24 14:59:46 +05:30
5e26af7cfc
Update RCE-via-java-deserialization.yaml
2020-07-24 14:54:31 +05:30
41f25f0fc2
rce via java deserialization
2020-07-24 14:45:31 +05:30
0153c765a9
Update open-redirect.yaml
2020-07-21 13:32:10 +05:30
ed4e9e7feb
Fixed default condition OR to AND in false-positives
2020-07-08 17:08:57 +05:30
3d7f039cbd
Rename ibm-infoprint-directory-traversal to ibm-infoprint-directory-traversal.yaml
2020-07-07 17:41:34 +05:30
97db04d90e
Create ibm-infoprint-directory-traversal
...
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
2020-07-07 17:40:48 +05:30
3381eed789
Update open-redirect.yaml
2020-07-06 16:21:43 +02:00
d2f024dc32
Update crlf-injection.yaml
2020-07-06 16:16:27 +02:00
e255561721
Update crlf-injection.yaml
2020-07-06 16:11:29 +02:00
6d498a6054
syntax update
2020-07-06 13:57:46 +05:30
991376c439
Merge pull request #174 from dwisiswant0/development
...
Adding Spring Boot Actuators (Jolokia) XXE
2020-07-02 23:07:34 +05:30
ecd295aff4
🔥 Add Springboot Actuators (Jolokia) XXE Vulnerability
2020-07-02 23:15:33 +07:00
2d8c78c263
updates
2020-07-02 21:53:41 +08:00
e9c23dffe0
Merge pull request #126 from projectdiscovery/iceman-regex-fix
...
Regex issues fix by simplifying and fixing some edge cases
2020-06-22 08:36:29 -07:00
7df644ed6a
Handle more spacing edge-cases, anchor at end of line
2020-06-22 13:15:01 +02:00
15fa8f2244
Switch to multiline matching to avoid false positives
2020-06-22 12:26:30 +02:00
c7262c3ee7
Handle spaces in non-standard response headers
2020-06-22 10:55:52 +02:00
4ec258bd16
Handle protocol-relative URL in redirects
2020-06-22 10:02:43 +02:00
c08676116c
Handle some more edge cases
2020-06-21 23:04:37 +02:00
1ccc5d2b53
Update rce-shellshock-user-agent.yaml
2020-06-03 05:38:36 +05:30
b390ffa076
Create rce-shellshock-user-agent.yaml
2020-05-28 17:20:00 +02:00
4480395e5c
Update open-redirect.yaml
2020-05-27 22:24:32 +05:30
1a558c820b
Update crlf-injection.yaml
2020-05-27 21:40:32 +05:30
0ae2fe3c85
Better regex for CRLF injection that catches whitespaces
2020-05-27 21:38:40 +05:30
1758728197
Linting refactor to make yamllint happy
2020-05-25 17:22:12 +05:30
3dfc2f99db
Update syntax
2020-05-25 10:24:39 +02:00
4404138e70
Fix syntax
2020-05-25 00:19:21 +02:00
8b6bd2f717
Update crlf-injection.yaml
2020-05-24 14:22:35 +02:00
6e495e41e7
Merge pull request #88 from Pxmme/master
...
Updating open redirect detection with regex + more payloads
2020-05-17 04:11:36 +05:30
6961c63659
Adding @ for Twitter handles cause Andi bitched about it
2020-05-16 23:39:47 +02:00
22c85b660f
Updating authors with Twitter handles + forgot Andi for giving me a few path based payloads
2020-05-16 23:32:21 +02:00
42e05c89b5
Forgot to add fisher who gave me the GET param list!
2020-05-16 23:28:20 +02:00
7c25948a33
Update open-redirect.yaml
2020-05-16 23:25:31 +02:00
e33d72e4f2
Update and rename path-based-open-redirect-1.yaml to open-redirect.yaml
2020-05-16 23:25:16 +02:00
0d5b682e94
updating cve names
2020-05-08 18:40:02 +00:00
5caa7cecb9
Reduce false-positives for Moodle XSS
2020-05-07 21:50:17 -07:00
73d4a18752
CRLF injection
...
CRLF injection with normal encoding and unicode bypass encoding https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection
2020-05-04 17:53:49 +02:00
4a1d217c9a
Create cached-aem-pages.yaml
2020-04-25 20:08:27 +05:30
f708589c91
updating template ID.
2020-04-22 15:24:04 +05:30
b9a7f2b384
Create x-forwarded-host-injection.yaml
2020-04-22 07:05:14 +02:00
82f2a9dfa6
Update twig-php-ssti.yaml
2020-04-20 17:44:59 +05:30
6ea37ba7e5
fixing the template.
2020-04-09 19:06:44 +05:30
c3af1e5cd2
fixing the format
2020-04-09 18:11:59 +05:30
634db637af
Update and rename Moodle filter_jmol lfi.yaml to moodle-filter-jmol-lfi.yaml
2020-04-08 22:29:16 +05:30
99f56328a5
Update and rename Moodle filter_jmol XSS.yaml to moodle-filter-jmol-xss.yaml
2020-04-08 22:22:17 +05:30
1f53153ef3
Update and rename PDF Signer v3.0 - SSTI to RCE via CSRF Cookie.yaml to pdf-signer-ssti-to-rce.yaml
2020-04-08 22:20:31 +05:30
eee4ed9198
Update and rename WordPress Wordfence 7.4.6 XSS.yaml to wordpress-wordfence-xss.yaml
2020-04-08 22:19:00 +05:30
27a44abdba
Update and rename WordPress duplicator Path Traversal.yaml to wordpress-duplicator-path-traversal.yaml
2020-04-08 22:17:56 +05:30
27f29ab484
adding twig-php-ssti
2020-04-08 22:00:10 +05:30
1431ca6265
Create discourse-xss.yaml
2020-04-08 21:40:51 +05:30
e0a4f22bc0
Update WordPress duplicator Path Traversal.yaml
2020-04-08 18:58:11 +05:30
366688b5d8
Update WordPress Wordfence 7.4.6 XSS.yaml
2020-04-08 18:57:59 +05:30
15a27df85f
Update Moodle filter_jmol XSS.yaml
2020-04-08 18:57:52 +05:30
29a58d9465
Update and rename Moodle filter_jmol multiple vulnerabilities.yaml to Moodle filter_jmol lfi.yaml
2020-04-08 18:20:43 +05:30
1b346644e7
Create Moodle filter_jmol XSS.yaml
2020-04-08 18:18:06 +05:30
f5eddff072
Create Moodle filter_jmol multiple vulnerabilities.yaml
2020-04-08 18:17:16 +05:30
be72ce2889
Create PDF Signer v3.0 - SSTI to RCE via CSRF Cookie.yaml
2020-04-08 18:15:37 +05:30
fb3b4ed44d
Create WordPress duplicator Path Traversal.yaml
2020-04-08 17:43:25 +05:30
bd7a74ae84
Update WordPress Wordfence 7.4.6 XSS.yaml
2020-04-08 17:37:15 +05:30
edc7a1ed8c
Create WordPress Wordfence 7.4.6 XSS.yaml
2020-04-08 17:36:42 +05:30
a3935196cf
more updates.
2020-04-06 17:58:53 +05:30
1d75ccaa2c
updating the id and name for better understanding
2020-04-06 17:56:14 +05:30
16ded6d47e
Create open-redirect.yaml
2020-04-06 14:12:30 +02:00
Prince Chaddha
Noam Rathaus
sandeep
PD-Team
PikPikcU
LuskaBol
Gal Nagli
Mohamed Elbadry
Rojan Rijal
Mzack9999
Geeknik Labs
Dhiyaneshwaran
Chapman Schleiss
Chapman Schleiss
purushottamanr
sandeep
Muhammad Daffa
ganoes
SaN ThosH
Afaq
Khaled Mohamed
PR3R00T
parrot
PD-Team
Dwi Siswanto
Robbie
Hacker2202
mohammedshine
aron
Ice3man543
flag007
un-fmunozs
sushant-kamble
toufik-airane
Aron Molnar
d[-_-]b
Alfie Njeru
uhnysh
Harsh Bothra
organiccrap
Manuel Bua
Aditya Soni
Fabian Affolter
Pxmme
bauthard
Michael Blake
Nadino92
Mohamed Elbadry
MMrhassel