Commit Graph

1429 Commits (6a4bbdf93a83c5f6270ef3f20061465538f195b9)

Author SHA1 Message Date
Noam Rathaus d5038b7520 Add description 2021-10-13 12:00:55 +03:00
Noam Rathaus ab008edc5b Add description 2021-10-13 12:00:39 +03:00
Noam Rathaus b86a987030 Dead link 2021-10-13 12:00:36 +03:00
Noam Rathaus a3608c32f4 Add description 2021-10-13 11:56:10 +03:00
Sandeep Singh 9273a765c0
Merge branch 'master' into more-fixes 2021-10-13 13:48:52 +05:30
sandeep dc2d9485a9 additional matcher 2021-10-12 12:07:05 +05:30
sandeep 9d1f7fb627 more tags 2021-10-12 11:28:49 +05:30
sandeep 6e6601a462 more templates 2021-10-12 11:27:50 +05:30
Prince Chaddha 843c688505
Merge pull request #2867 from Akokonunes/patch-54
Create advanced-access-manager-plugin-lfi.yaml
2021-10-11 16:55:58 +05:30
Prince Chaddha da08f02913
Update and rename advanced-access-manager-plugin-lfi.yaml to vulnerabilities/wordpress/advanced-access-manager-lfi.yaml 2021-10-11 16:52:28 +05:30
sandeep 86f52501a5 Added Fastjson 1.2.47 Deserialization RCE 2021-10-11 04:23:52 +05:30
sandeep 16ea26b295 Added Fastjson 1.2.24 Deserialization RCE 2021-10-11 01:16:37 +05:30
sandeep 5072932509 more updates 2021-10-10 06:43:30 +05:30
sandeep 9b1c57506b Updating CVE-2021-41773 / CVE-2021-42013 to include RCE check 2021-10-10 06:00:43 +05:30
sandeep 6205415bbd Update keycloak-xss.yaml
Updating severity as this XSS is not exploitable directly.
2021-10-09 08:46:17 +05:30
Sandeep Singh 0c8e813c15
Merge pull request #2854 from Akokonunes/patch-52
Create wp-oxygen-theme-lfi.yaml
2021-10-08 19:20:54 +05:30
sandeep ecca8374fc moving file around 2021-10-08 19:19:29 +05:30
Sandeep Singh 95305667c0
Merge pull request #2852 from pdelteil/patch-65
Update qcubed-xss.yaml
2021-10-08 19:14:41 +05:30
sandeep 6a00b9245c Update qcubed-xss.yaml 2021-10-08 19:14:26 +05:30
sandeep de0a0ff3c1 misc update 2021-10-08 19:10:03 +05:30
Philippe Delteil 60a3b6f4a4
Update qcubed-xss.yaml 2021-10-08 03:46:49 -03:00
Philippe Delteil 888c703a3c
Update pmb-directory-traversal.yaml 2021-10-08 03:33:40 -03:00
sandeep 53fc9bcb3f misc fixes 2021-10-07 05:23:20 +05:30
Sandeep Singh 634e215433
Merge pull request #2840 from projectdiscovery/apache-httpd-rce
Added Apache HTTPd - 2.4.49 (CGI enabled) RCE
2021-10-06 19:50:18 +05:30
sandeep 8dfa5ce9b4 Added Lucee Unauthenticated Reflected XSS 2021-10-06 16:38:23 +05:30
sandeep 856b96a084 lint update 2021-10-06 15:56:00 +05:30
sandeep 796dd93113 Added Apache HTTPd - 2.4.49 (CGI enabled) RCE 2021-10-06 15:53:31 +05:30
Prince Chaddha 3ce3718a5e
Merge pull request #2835 from Akokonunes/patch-49
Create ultimatemember-plugin-open-redirect.yaml
2021-10-06 11:04:54 +05:30
Prince Chaddha 183af8b95b
Update and rename ultimatemember-plugin-open-redirect.yaml to vulnerabilities/wordpress/ultimatemember-open-redirect.yaml 2021-10-06 10:59:48 +05:30
Prince Chaddha f1130595ce
Update and rename wptouch-plugin-open-redirect.yaml to vulnerabilities/wordpress/wptouch-open-redirect.yaml 2021-10-06 10:46:16 +05:30
Prince Chaddha 5b5e764b48
Merge pull request #2787 from mr-rizwan-syed/master
wp-config-file and aws-s3-access-key-leak
2021-10-05 18:25:04 +05:30
Prince Chaddha 6e7b91f6dc
Update wordpress-accessible-wpconfig.yaml 2021-10-05 18:02:50 +05:30
Sandeep Singh 478a7ef833
Merge pull request #2808 from pdelteil/patch-61
Update wp-plugin-1-flashgallery-listing.yaml
2021-10-02 17:59:10 +05:30
Sandeep Singh 47853b869b
Update metinfo-lfi.yaml 2021-10-02 17:57:59 +05:30
Sandeep Singh f43b256e6e
Update metinfo-lfi.yaml 2021-10-02 17:57:33 +05:30
Philippe Delteil 8fc91de606
Update metinfo-lfi.yaml 2021-10-02 03:42:22 -03:00
Philippe Delteil e3947fbfeb
Update wp-plugin-1-flashgallery-listing.yaml 2021-10-02 03:29:17 -03:00
Prince Chaddha 4dc168520c
Merge pull request #2791 from pdelteil/patch-59
Update and rename wordpress-emails-verification-for-woocommerce.yaml …
2021-10-01 16:33:44 +05:30
Prince Chaddha d7e6cb313e
Update wp-woocommerce-email-verification.yaml 2021-10-01 16:31:50 +05:30
Prince Chaddha 58fd372498
Update and rename qihang-media-web-lfi.yaml to qihang-media-lfi.yaml 2021-10-01 16:28:20 +05:30
Prince Chaddha ea71661d79
Update and rename qihang-media-web-credentials-disclosure.yaml to qihang-media-disclosure.yaml 2021-10-01 16:26:25 +05:30
GwanYeong Kim f750bf5ba5 Create qihang-media-web-credentials-disclosure.yaml
The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-01 15:42:48 +09:00
GwanYeong Kim 90138f44d1 Create qihang-media-web-lfi.yaml
The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the filename parameter when using the download action or thru path parameter when using the getAll action is not properly verified before being used. This can be exploited to disclose contents of files and directories from local resources.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-01 15:35:12 +09:00
Philippe Delteil 145f1a643d
Update and rename wordpress-emails-verification-for-woocommerce.yaml to wp-woocommerce-email-verification.yaml
- name changed to match template id. 
- added  stop-at-first-match condition.
2021-09-30 22:49:21 -03:00
Sullo 7adfd01163 Moving listserv_maestro_rce.yaml to cves folder 2021-09-30 15:39:45 -04:00
Sullo d34e6c1145 Add information for CVE-2010-1870 2021-09-30 15:38:59 -04:00
Sullo 3c012b137d Break CVE-2016-4975 into its own template 2021-09-30 15:35:17 -04:00
Rizwan Syed 4065f6a493
Update wordpress-accessible-wpconfig.yaml 2021-09-30 23:15:18 +05:30
Sullo c9a374bed5 renamed: simple-employee-rce.yaml -> ../../cves/2019/CVE-2019-20183.yaml 2021-09-30 13:06:46 -04:00
Sullo 28def083f6 Merge branch 'master' of https://github.com/sullo/nuclei-templates
Fix typo for cvss
2021-09-30 13:03:09 -04:00
Sullo 3878138bfe * Added Host headers where needed (validated via disclosures/posts)
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
sullo 66cad3ff35 Revert "* Added CVE info & moved simple-employee-rce.yaml to cves/2019/CVE-2019-20183.yaml"
incorrect push to master repo

This reverts commit 7191aee570.
2021-09-30 12:25:22 -04:00
Sullo 7191aee570 * Added CVE info & moved simple-employee-rce.yaml to cves/2019/CVE-2019-20183.yaml
* Added missing {{Hostname}} to some raw requests (confirmed that hostname is allowed in exploits)
* Minor cleanup in the modified plugins
2021-09-30 12:20:54 -04:00
sandeep e90e3b49bc Added more unique matchers 2021-09-30 20:22:53 +05:30
sandeep 88f6bba576 Added thinkphp keyword from response to avoid false positive 2021-09-30 18:35:14 +05:30
Prince Chaddha f839f628b6
Update and rename fatpipe-networks-warp-backdoor.yaml to fatpipe-backdoor.yaml 2021-09-30 17:18:45 +05:30
Prince Chaddha b65719103f
Update and rename fatpipe-networks-warp-auth-bypass.yaml to fatpipe-auth-bypass.yaml 2021-09-30 17:18:21 +05:30
Prince Chaddha 9e25b4871e
Update fatpipe-networks-warp-backdoor.yaml 2021-09-30 16:13:19 +05:30
GwanYeong Kim 606d2b5ea4 Create fatpipe-networks-warp-backdoor.yaml
The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-30 13:38:01 +09:00
GwanYeong Kim 263cadaacf Create fatpipe-networks-warp-auth-bypass.yaml
Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-30 11:07:24 +09:00
Sandeep Singh e9f81943b6
Merge pull request #2759 from projectdiscovery/generic-ssrf
generic-ssrf
2021-09-30 03:31:52 +05:30
sandeep 553a7a2480 Update request-based-interaction.yaml 2021-09-30 03:31:03 +05:30
sandeep be297d732b misc update 2021-09-30 03:26:16 +05:30
Prince Chaddha 5c80f9dc4c
Update and rename wp-church-admin-lfi.yaml to vulnerabilities/wordpress/church-admin-lfi.yaml 2021-09-28 15:38:03 +05:30
Prince Chaddha cee46ca968
Update and rename request-interaction-oob.yaml to request-based-interaction.yaml 2021-09-28 15:22:30 +05:30
Prince Chaddha 97ef8f00e2
Update and rename generic-oob-param-based-interaction.yaml to oob-param-based-interaction.yaml 2021-09-28 15:21:41 +05:30
Prince Chaddha 25a971efd4
Update and rename generic-oob-header-based-interaction.yaml to oob-header-based-interaction.yaml 2021-09-28 15:21:27 +05:30
Prince Chaddha 8042d1233e
Create request-interaction-oob.yaml 2021-09-28 15:18:26 +05:30
Prince Chaddha 52a5e33556
Create generic-oob-param-based-interaction.yaml 2021-09-28 15:17:21 +05:30
Prince Chaddha 1a4f6754b4
Create generic-oob-header-based-interaction.yaml 2021-09-28 15:15:57 +05:30
Prince Chaddha 8d7e5b2d24
Merge pull request #2748 from gy741/rule-add-v60
Create commax-cctv-rtsp-credentials-disclosure.yaml
2021-09-25 11:49:18 +05:30
Prince Chaddha 2808f46429
Update and rename commax-cctv-rtsp-credentials-disclosure.yaml to commax-credentials-disclosure.yaml 2021-09-25 11:32:31 +05:30
Prince Chaddha 2e7e35eb70
Update and rename ecoa-building-directory-traversal.yaml to ecoa-building-lfi.yaml 2021-09-25 11:22:48 +05:30
GwanYeong Kim fac7f96b34 Create ecoa-building-directory-traversal.yaml
The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-25 08:58:58 +09:00
GwanYeong Kim 59e0eb7ad3 Create commax-cctv-rtsp-credentials-disclosure.yaml
The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
to disclose RTSP credentials in plain-text.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-25 08:43:18 +09:00
Prince Chaddha 93b6f3a799
Merge pull request #2743 from Akokonunes/patch-43
Create wp-brandfolder-plugin-open-redirect.yaml
2021-09-25 00:55:20 +05:30
Prince Chaddha d0ee5cbe02
Merge pull request #2744 from Akokonunes/patch-44
Create wp-brandfolder-plugin-lfi.yaml
2021-09-25 00:54:30 +05:30
Prince Chaddha f70cc70c26
Update and rename wp-brandfolder-plugin-open-redirect.yaml to vulnerabilities/wordpress/brandfolder-open-redirect.yaml 2021-09-25 00:54:03 +05:30
Prince Chaddha 624c722c5a
Update and rename wp-brandfolder-plugin-lfi.yaml to vulnerabilities/wordpress/brandfolder-lfi.yaml 2021-09-25 00:51:56 +05:30
Prince Chaddha e832a50401
Update issuu-panel-lfi.yaml 2021-09-25 00:49:53 +05:30
Prince Chaddha f35db18633
Update and rename wp-plugin-issuu-panel-lfi.yaml to vulnerabilities/wordpress/issuu-panel-lfi.yaml 2021-09-25 00:47:37 +05:30
Sandeep Singh d75bad52c7
Merge pull request #2732 from Akokonunes/patch-38
Create product-input-fields-for-woocommerce-file-download.yaml
2021-09-22 18:19:59 +05:30
sandeep a898a6c3a6 Update wp-woocommerce-file-download.yaml 2021-09-22 18:19:25 +05:30
sandeep dfa85833e2 misc update 2021-09-22 18:18:21 +05:30
Sandeep Singh 551c9127a2
Merge pull request #2733 from Akokonunes/patch-42
Create cs-cart-unauthenticated-lfi.yaml
2021-09-22 18:10:38 +05:30
sandeep 18142906f0 moving files around 2021-09-22 18:09:43 +05:30
sandeep a60e8a9d5e misc update 2021-09-22 18:08:32 +05:30
Prince Chaddha 807920c0ac clean-up 2021-09-21 17:16:53 +05:30
Sandeep Singh a5982b8f32
Merge pull request #2721 from nerrorsec/patch-1
Added a path
2021-09-21 15:32:42 +05:30
Sandeep Singh e0a8cb25bf
Merge pull request #2725 from projectdiscovery/wp-xmlrpc-pingback-detection
Added Wordpress XMLRPC Pingback detection
2021-09-21 15:29:25 +05:30
sandeep d9c5095780 fixing xmlrpc-pingback-ssrf.yaml 2021-09-21 15:21:35 +05:30
Prince Chaddha ff4811e085
Create wordpress-git-config.yaml 2021-09-21 15:21:16 +05:30
sandeep 10a6436f6f Added Wordpress XMLRPC Pingback detection 2021-09-21 15:18:49 +05:30
Prince Chaddha 8034e43e2c
Merge pull request #2711 from 0xSmiley/generic_lfi
Generic lfi
2021-09-21 00:11:59 +05:30
Prince Chaddha 8a985aa5c8
Update generic-linux-lfi.yaml 2021-09-20 23:53:49 +05:30
Prince Chaddha 6564d0fca4
Merge pull request #2708 from pussycat0x/master
New templates
2021-09-20 14:18:41 +05:30
Sandeep Singh e9e99de988
Merge pull request #2714 from pikpikcu/patch-288
Update Severity
2021-09-20 12:20:12 +05:30
PikPikcU 991963fe4a
Update Severity 2021-09-20 12:11:56 +07:00
kn1ght ffe20a273d
fix: typo error 2021-09-19 20:23:22 -03:00
Nuno 083a72b24c Generic Template Updated 2021-09-18 20:13:32 +01:00
Muhammad Daffa 50dfd3dc3d
Update Severity 2021-09-18 21:07:47 +07:00
Sandeep Singh 0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update 2021-09-18 18:19:07 +05:30
sandeep 8c28120218 Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 14:32:13 +05:30
sandeep fb1aee75ce Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 14:28:03 +05:30
Prince Chaddha e183b518db
Update wp-altair-listing.yaml 2021-09-18 14:11:17 +05:30
Prince Chaddha d0c5083632
Update wp-altair-listing.yaml 2021-09-18 14:09:59 +05:30
Prince Chaddha 0523d46ed2 Revert "Delete wp-altair-listing.yaml"
This reverts commit 05dd3affce.
2021-09-18 13:54:03 +05:30
Prince Chaddha 05dd3affce
Delete wp-altair-listing.yaml 2021-09-18 13:51:28 +05:30
Prince Chaddha 63cc624c4a
Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 12:14:32 +05:30
Prince Chaddha 893f8d3bc6
Update wp-altair-listing.yaml 2021-09-18 12:01:47 +05:30
pussycat0x 10b3bc327d
Add files via upload 2021-09-18 10:37:16 +05:30
PikPikcU 2a1341274a
Create luftguitar-arbitrary-file-upload.yaml 2021-09-17 21:04:21 +07:00
Prince Chaddha 3deb522abc
Merge pull request #2664 from Akokonunes/patch-37
Create ecoa-building-automation-lfd.yaml
2021-09-17 16:47:54 +05:30
Prince Chaddha df59ad5670
Update and rename ecoa-building-automation-lfd.yaml to vulnerabilities/other/ecoa-building-automation-lfd.yaml 2021-09-17 16:39:09 +05:30
Prince Chaddha b00b70c150
Merge pull request #2697 from Akokonunes/patch-39
Create attitude-wp-theme-open-redirect.yaml
2021-09-17 15:12:21 +05:30
Prince Chaddha 5cac00bada
Merge pull request #2698 from Akokonunes/patch-40
Create eatery-restaurant-wp-theme-open-redirect.yaml
2021-09-17 15:12:09 +05:30
Prince Chaddha a40530d9d4
Update and rename eatery-restaurant-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml 2021-09-17 15:10:30 +05:30
Prince Chaddha 69e546ea4d
Update attitude-theme-open-redirect.yaml 2021-09-17 15:10:23 +05:30
Prince Chaddha c5ccf9d991
Update and rename attitude-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/attitude-theme-open-redirect.yaml 2021-09-17 15:08:59 +05:30
Prince Chaddha 2e8329b645
Update and rename weekender-newspaper-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml 2021-09-17 15:06:13 +05:30
Geeknik Labs 03a79aa0c3
Update jenkins-script.yaml 2021-09-16 15:17:15 -05:00
sandeep 676b51d20c Metadata attribute update 2021-09-16 21:24:33 +05:30
Prince Chaddha 18879698fa
Update bullwark-momentum-lfi.yaml 2021-09-13 15:55:14 +05:30
Prince Chaddha e18cc14218
Update bullwark-momentum-lfi.yaml 2021-09-13 15:34:18 +05:30
sandeep 546bd6a038 matcher update 2021-09-13 15:28:35 +05:30
sandeep 34bba4e794 misc update 2021-09-12 17:10:52 +05:30
Noam Rathaus 46b16bcfa2 Incomplete title 2021-09-12 14:16:01 +03:00
Noam Rathaus 59525a5846 Working reference 2021-09-12 13:02:41 +03:00
Noam Rathaus e602575ae0 Working reference 2021-09-12 12:58:48 +03:00
Noam Rathaus fb2f89bc86 References 2021-09-12 12:58:43 +03:00
Noam Rathaus 624162cca7 Working reference 2021-09-12 12:50:53 +03:00
Noam Rathaus 896343be12 Clarify description 2021-09-12 12:41:33 +03:00
sandeep dde7140ff9 misc update 2021-09-11 23:46:31 +05:30
sandeep 207c140c50 moving files around 2021-09-11 21:06:36 +05:30
Philippe Delteil c41f64987b
Update wordpress-db-repair.yaml
Solves this false positive (different encoding) 

nuclei -debug -t   nuclei-templates/vulnerabilities/wordpress/wordpress-db-repair.yaml -u https://try.walmart.com

<p><code>define(&#39;WP_ALLOW_REPAIR&#39;, true);
2021-09-10 17:18:15 -03:00
Sandeep Singh cf4ef2ac5a
Merge pull request #2622 from projectdiscovery/missing-tags 2021-09-10 12:32:47 +05:30
sandeep bd24dc198e Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
Prince Chaddha 67766f381a
Merge pull request #2600 from Akokonunes/patch-35
Create phpwiki-lfi.yaml
2021-09-09 15:02:41 +05:30
Prince Chaddha 6ce33e2f47
Rename phpwiki-lfi.yaml to vulnerabilities/other/phpwiki-lfi.yaml 2021-09-09 15:01:35 +05:30
Prince Chaddha 576499034d
Update wordpress-rce-simplefilelist.yaml 2021-09-09 12:09:13 +05:30
Prince Chaddha 08dac56385
Update simple-employee-rce.yaml 2021-09-09 12:06:24 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
Prince Chaddha 9b75486616
Rename homeautomation-v3-openredirect.yaml to vulnerabilities/other/homeautomation-v3-openredirect.yaml 2021-09-07 18:07:48 +05:30
Sandeep Singh e6a71e0e80
Merge pull request #2593 from projectdiscovery/openvpn-hhi
Added OpenVPN Host Header Injection
2021-09-06 18:56:27 +05:30
Sandeep Singh e31a75af04
Merge pull request #2595 from projectdiscovery/host-header-injection
Create host-header-injection.yaml
2021-09-06 18:56:09 +05:30
Prince Chaddha 4075664390
Merge pull request #2580 from Akokonunes/patch-29
Create gSOAP-LFl.yaml
2021-09-06 17:36:18 +05:30
Prince Chaddha e9d5665383
Update gsoap-lfi.yaml 2021-09-06 17:34:51 +05:30
Prince Chaddha 1942d13ed6
Update openvpn-hhi.yaml 2021-09-06 17:15:30 +05:30
Prince Chaddha acd4624200
Create host-header-injection.yaml 2021-09-06 17:14:27 +05:30
Prince Chaddha 842f66380f Revert "Create host-header-injection.yaml"
This reverts commit 6abfcd80e1.
2021-09-06 17:13:48 +05:30
Prince Chaddha 6abfcd80e1
Create host-header-injection.yaml 2021-09-06 17:13:20 +05:30
sandeep cec54e6d51 tags update
Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com>
2021-09-06 16:15:07 +05:30
sandeep c105e41fa4 Added OpenVPN Host Header Injection
Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com>
2021-09-06 16:13:17 +05:30
Prince Chaddha f6e52a6739
Merge pull request #2585 from sullo/master
Updates across many templates for clarity, spelling, and grammar.
2021-09-06 15:02:52 +05:30
Prince Chaddha 7579fe98c2
Update and rename minimouse-lfi.yaml to vulnerabilities/other/minimouse-lfi.yaml 2021-09-06 14:44:39 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Prince Chaddha bf1d6374b2
Rename gSOAP-LFl.yaml to vulnerabilities/other/gsoap-lfi.yaml 2021-09-05 19:22:07 +05:30
sandeep 90f8caf302 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481 2021-09-03 14:55:30 +05:30
sandeep c266084621 Added stop-at-first-match in applicable templates 2021-09-02 17:29:10 +05:30
sandeep faf111362c Removing extra space 2021-09-01 12:37:02 +05:30
Prince Chaddha 5c5c6c3974
Update processmaker-lfi.yaml 2021-08-31 14:08:11 +05:30
Prince Chaddha 0b69ea80b2
Create processmaker-lfi.yaml 2021-08-31 14:03:47 +05:30
Noam Rathaus 86f3c08ba6 Vendor writes it as "NETGEAR" 2021-08-29 09:39:06 +03:00
Noam Rathaus 9f9970c8e9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-08-29 09:15:40 +03:00
forgedhallpass 419a957409 Fixing errors in templates
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-27 10:43:24 +03:00
forgedhallpass a4250b8f2f Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-26 15:04:14 +03:00
Sandeep Singh e66463d466
Merge pull request #2355 from G4L1T0/corsmisc
add cors-misconfig.yaml
2021-08-26 04:26:37 +05:30
sandeep 1999a9b560 Enhanced CORS checks 2021-08-26 04:24:06 +05:30
sandeep 05305904ef more strict matchers 2021-08-26 02:43:53 +05:30
socketz ed76585ed6 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-08-25 14:33:32 +02:00
socketz c766a8454d Fixed yaml linting errors 2021-08-25 14:09:42 +02:00
sandeep 8fb3c65965 template fix 2021-08-25 01:32:14 +05:30
forgedhallpass 110f9c9ddd Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-24 20:38:11 +03:00
Sandeep Singh ee37e34f54
Update wp-woocommerce-pdf-invoice-listing.yaml 2021-08-24 17:48:31 +05:30
Prince Chaddha f66f36237b
Merge pull request #2455 from gy741/rule-add-v58
Create commax-biometric-access-control-system-auth-bypass.yaml
2021-08-24 17:44:13 +05:30
Prince Chaddha 554c4a505f
Update and rename commax-biometric-access-control-system-auth-bypass.yaml to commax-biometric-auth-bypass.yaml 2021-08-24 17:17:43 +05:30
Prince Chaddha 0a4cd456bf
Update commax-biometric-access-control-system-auth-bypass.yaml 2021-08-24 17:13:17 +05:30
Prince Chaddha ba03c2b377
Update unauth-hoteldruid-panel.yaml 2021-08-24 16:46:24 +05:30
Prince Chaddha d1065cd3fc
Create unauth-hoteldruid-panel.yaml 2021-08-24 16:42:11 +05:30
PikPikcU ecd6547d05
Update thinkific-redirect.yaml 2021-08-24 14:56:21 +07:00
forgedhallpass a124e393b4 Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 19:15:14 +03:00
Prince Chaddha 647d27925a
Merge pull request #2426 from projectdiscovery/generic
Templates by geeknik
2021-08-23 19:55:32 +05:30
forgedhallpass 296edfc37b Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 14:40:33 +03:00
Sandeep Singh 04b401a8ef
Merge pull request #2456 from projectdiscovery/payloads-update
Payloads positional update to keep the request format uniform
2021-08-23 15:26:35 +05:30
sandeep 62530eafc2 Update wp-slideshow-xss.yaml 2021-08-23 15:15:26 +05:30
sandeep 2aa54304ee Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30
GwanYeong Kim cad976abda Create commax-biometric-access-control-system-auth-bypass.yaml
The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-22 18:19:34 +09:00
sandeep cbdef618f3 Update netgear-router-exposure.yaml 2021-08-21 00:38:54 +05:30
forgedhallpass dc4cc62629 Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 15:35:17 +03:00
sandeep e160acb481 misc updates 2021-08-20 16:37:22 +05:30
sandeep 0ef2106a6e Improved template 2021-08-19 23:34:16 +05:30
Sandeep Singh 0bef05c541
Merge pull request #793 from pikpikcu/patch-40
resin information disclosure
2021-08-19 23:15:42 +05:30
Sandeep Singh ab824564d3
minor updates 2021-08-19 23:11:29 +05:30
Sandeep Singh 1247fcd993
Update vulnerabilities/other/caucho-resin-info-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-19 23:09:26 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass 002e8db616 Moved the "vendor" custom attribute under reference
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 17:00:46 +03:00
forgedhallpass 97d4f8705b Fixed mistakes/typos
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass ffaff64565 Changes fixes/around dynamic attributes ("additional-fields")
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass 0b432b341b Added comments with URLs under the "references" field
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
forgedhallpass e68d15ab63 Fixed mistakes/typos in the templates.
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 15:30:14 +03:00
Prince Chaddha bc1bf5d919
Create comtrend-ct5367-disclosure.yaml 2021-08-19 14:47:44 +05:30
Prince Chaddha f8a8968408 Revert "Create comtrend-ct5367-disclosure.yaml"
This reverts commit 33ea2d360c.
2021-08-19 14:46:35 +05:30
Prince Chaddha 33ea2d360c
Create comtrend-ct5367-disclosure.yaml 2021-08-19 14:45:37 +05:30
Sandeep Singh ab0750b570
minor update 2021-08-19 00:43:44 +05:30
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
Prince Chaddha dd1bbe6093 Revert "Delete netgear-router-disclosure.yaml"
This reverts commit 3b969e7e0d.
2021-08-18 17:02:08 +05:30
Prince Chaddha 3b969e7e0d
Delete netgear-router-disclosure.yaml 2021-08-18 16:59:49 +05:30
forgedhallpass 4c920b2552 Rename "references" to "reference" to match the expected template info structure
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
Prince Chaddha 0a0b5c7f74
Update netgear-router-disclosure.yaml 2021-08-18 16:56:56 +05:30
Prince Chaddha d07323e0be
Create netgear-router-disclosure.yaml 2021-08-18 16:44:28 +05:30
Prince Chaddha af15e4817f
Update netgear-router-auth-bypass.yaml 2021-08-18 16:42:34 +05:30
Prince Chaddha 067c9a8755
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 16:39:22 +05:30
Prince Chaddha fe1e7d36fb
Merge pull request #2429 from Mad-robot/patch-3
Create geovision-geowebserver-lfi.yaml
2021-08-18 16:19:49 +05:30
Prince Chaddha 0731a772d4
Update geovision-geowebserver-lfi.yaml 2021-08-18 16:18:12 +05:30
Prince Chaddha 1db2715a06
Update geovision-geowebserver-xss.yaml 2021-08-18 14:51:23 +05:30
Prince Chaddha eeb284a7ec
Update geovision-geowebserver-xss.yaml 2021-08-18 14:48:34 +05:30
SaN ThosH db4073d2b5
Update geovision-geowebserver-lfi.yaml 2021-08-18 03:54:30 +05:30
SaN ThosH d5748c95fc
Create geovision-geowebserver-lfi.yaml 2021-08-18 03:50:45 +05:30
SaN ThosH 0c24cc2f74
Create geovision-geowebserver-xss.yaml 2021-08-18 03:50:39 +05:30
Prince Chaddha f60cef447b
Update generic-blind-xxe.yaml 2021-08-17 22:57:34 +05:30
Prince Chaddha 727e73c5c3
Create solar-log-authbypass.yaml 2021-08-17 18:02:41 +05:30
Prince Chaddha c39f0e2077
Create generic-blind-xxe.yaml 2021-08-17 17:18:52 +05:30
Sandeep Singh 59b2aeda40
Merge pull request #2420 from geeknik/patch-18
Update twig-php-ssti.yaml
2021-08-17 17:12:00 +05:30
sandeep c2f87671fb strict matcher 2021-08-17 15:52:22 +05:30
sandeep 03cd55a33f severity update based on poc
We will update this again as per assigned CVE which is not available right now?
2021-08-17 15:02:47 +05:30
sandeep 4a5137b742 more tags 2021-08-17 15:00:30 +05:30
sandeep e8c3a1f9c7 Additional matchers update 2021-08-17 15:00:05 +05:30
Sanyam Chawla 5072dbbcbb
Create ms-exchange-server-reflected-xss.yaml 2021-08-17 13:55:38 +05:30
Geeknik Labs 3b9fb75fcb
Update twig-php-ssti.yaml
Another FP fix
2021-08-16 15:30:23 -05:00
Geeknik Labs d52c97c569
Update twig-php-ssti.yaml
False positive fix
2021-08-16 15:28:13 -05:00
Prince Chaddha 970bdb3ac7
Update pmb-directory-traversal.yaml 2021-08-16 16:43:47 +05:30
Prince Chaddha d45887f9f9
Delete node-nunjucks-ssti.yaml 2021-08-16 16:41:58 +05:30
Prince Chaddha d3a379e112
Update eyelock-nano-lfd.yaml 2021-08-16 16:40:42 +05:30
Prince Chaddha af4f29ab03
Update beward-ipcamera-disclosure.yaml 2021-08-16 16:37:34 +05:30
Prince Chaddha 4e498a6478
Create pmb-directory-traversal.yaml 2021-08-16 16:14:02 +05:30
Prince Chaddha 451823f887
Create node-nunjucks-ssti.yaml 2021-08-16 16:13:27 +05:30
Prince Chaddha c6927262eb
Create eyelock-nano-lfd.yaml 2021-08-16 16:12:45 +05:30
Prince Chaddha 232b187a40
Create beward-ipcamera-disclosure.yaml 2021-08-16 16:11:44 +05:30
sandeep 3ac7a756fc Added woocommerce-pdf-invoice-listing 2021-08-16 15:37:07 +05:30
Prince Chaddha b3d27f3d0c
Merge pull request #2407 from DhiyaneshGeek/master
Oracle XSS
2021-08-16 14:14:20 +05:30
Prince Chaddha 610924d55b
Update oracle-siebel-xss.yaml 2021-08-16 14:12:49 +05:30
Prince Chaddha 2875be2d82
Update simple-crm-sql-injection.yaml 2021-08-16 14:06:18 +05:30
Prince Chaddha bd865a0615
Update simple-crm-sql-injection.yaml 2021-08-16 14:03:41 +05:30
Prince Chaddha 2a448b52db
Update simple-crm-sql-injection.yaml 2021-08-16 14:03:09 +05:30
Geeknik Labs cacb2ff684
Update simple-crm-sql-injection.yaml 2021-08-15 15:28:00 -05:00
Geeknik Labs 9fb1b464b4
Create simple-crm-sql-injection.yaml 2021-08-15 15:23:38 -05:00
Dhiyaneshwaran cceb32a88b
Create oracle-siebel-xss.yaml 2021-08-15 23:18:13 +05:30
Prince Chaddha 7bce4fbb26
Update netis-info-leak.yaml 2021-08-14 16:00:00 +05:30