daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,702 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

1072 Commits (94ba01f60d7d37557003564aef426d3ecd799fe0)

Author SHA1 Message Date
Prince Chaddha dd1bbe6093 Revert "Delete netgear-router-disclosure.yaml" 
This reverts commit 3b969e7e0d.
 2021-08-18 17:02:08 +05:30
Prince Chaddha 3b969e7e0d
Delete netgear-router-disclosure.yaml 2021-08-18 16:59:49 +05:30
forgedhallpass 4c920b2552 Rename "references" to "reference" to match the expected template info structure 
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
 2021-08-18 14:29:20 +03:00
Prince Chaddha 0a0b5c7f74
Update netgear-router-disclosure.yaml 2021-08-18 16:56:56 +05:30
Prince Chaddha d07323e0be
Create netgear-router-disclosure.yaml 2021-08-18 16:44:28 +05:30
Prince Chaddha af15e4817f
Update netgear-router-auth-bypass.yaml 2021-08-18 16:42:34 +05:30
Prince Chaddha 067c9a8755
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 16:39:22 +05:30
Prince Chaddha fe1e7d36fb
Merge pull request #2429 from Mad-robot/patch-3 
Create geovision-geowebserver-lfi.yaml
 2021-08-18 16:19:49 +05:30
Prince Chaddha 0731a772d4
Update geovision-geowebserver-lfi.yaml 2021-08-18 16:18:12 +05:30
Prince Chaddha 1db2715a06
Update geovision-geowebserver-xss.yaml 2021-08-18 14:51:23 +05:30
Prince Chaddha eeb284a7ec
Update geovision-geowebserver-xss.yaml 2021-08-18 14:48:34 +05:30
SaN ThosH db4073d2b5
Update geovision-geowebserver-lfi.yaml 2021-08-18 03:54:30 +05:30
SaN ThosH d5748c95fc
Create geovision-geowebserver-lfi.yaml 2021-08-18 03:50:45 +05:30
SaN ThosH 0c24cc2f74
Create geovision-geowebserver-xss.yaml 2021-08-18 03:50:39 +05:30
Prince Chaddha f60cef447b
Update generic-blind-xxe.yaml 2021-08-17 22:57:34 +05:30
Prince Chaddha 727e73c5c3
Create solar-log-authbypass.yaml 2021-08-17 18:02:41 +05:30
Prince Chaddha c39f0e2077
Create generic-blind-xxe.yaml 2021-08-17 17:18:52 +05:30
Sandeep Singh 59b2aeda40
Merge pull request #2420 from geeknik/patch-18 
Update twig-php-ssti.yaml
 2021-08-17 17:12:00 +05:30
sandeep c2f87671fb strict matcher 2021-08-17 15:52:22 +05:30
sandeep 03cd55a33f severity update based on poc 
We will update this again as per assigned CVE which is not available right now?
 2021-08-17 15:02:47 +05:30
sandeep 4a5137b742 more tags 2021-08-17 15:00:30 +05:30
sandeep e8c3a1f9c7 Additional matchers update 2021-08-17 15:00:05 +05:30
Sanyam Chawla 5072dbbcbb
Create ms-exchange-server-reflected-xss.yaml 2021-08-17 13:55:38 +05:30
Geeknik Labs 3b9fb75fcb
Update twig-php-ssti.yaml 
Another FP fix
 2021-08-16 15:30:23 -05:00
Geeknik Labs d52c97c569
Update twig-php-ssti.yaml 
False positive fix
 2021-08-16 15:28:13 -05:00
Prince Chaddha 970bdb3ac7
Update pmb-directory-traversal.yaml 2021-08-16 16:43:47 +05:30
Prince Chaddha d45887f9f9
Delete node-nunjucks-ssti.yaml 2021-08-16 16:41:58 +05:30
Prince Chaddha d3a379e112
Update eyelock-nano-lfd.yaml 2021-08-16 16:40:42 +05:30
Prince Chaddha af4f29ab03
Update beward-ipcamera-disclosure.yaml 2021-08-16 16:37:34 +05:30
Prince Chaddha 4e498a6478
Create pmb-directory-traversal.yaml 2021-08-16 16:14:02 +05:30
Prince Chaddha 451823f887
Create node-nunjucks-ssti.yaml 2021-08-16 16:13:27 +05:30
Prince Chaddha c6927262eb
Create eyelock-nano-lfd.yaml 2021-08-16 16:12:45 +05:30
Prince Chaddha 232b187a40
Create beward-ipcamera-disclosure.yaml 2021-08-16 16:11:44 +05:30
sandeep 3ac7a756fc Added woocommerce-pdf-invoice-listing 2021-08-16 15:37:07 +05:30
Prince Chaddha b3d27f3d0c
Merge pull request #2407 from DhiyaneshGeek/master 
Oracle XSS
 2021-08-16 14:14:20 +05:30
Prince Chaddha 610924d55b
Update oracle-siebel-xss.yaml 2021-08-16 14:12:49 +05:30
Prince Chaddha 2875be2d82
Update simple-crm-sql-injection.yaml 2021-08-16 14:06:18 +05:30
Prince Chaddha bd865a0615
Update simple-crm-sql-injection.yaml 2021-08-16 14:03:41 +05:30
Prince Chaddha 2a448b52db
Update simple-crm-sql-injection.yaml 2021-08-16 14:03:09 +05:30
Geeknik Labs cacb2ff684
Update simple-crm-sql-injection.yaml 2021-08-15 15:28:00 -05:00
Geeknik Labs 9fb1b464b4
Create simple-crm-sql-injection.yaml 2021-08-15 15:23:38 -05:00
Dhiyaneshwaran cceb32a88b
Create oracle-siebel-xss.yaml 2021-08-15 23:18:13 +05:30
Prince Chaddha 7bce4fbb26
Update netis-info-leak.yaml 2021-08-14 16:00:00 +05:30
Prince Chaddha edffa49ca4
Update netis-info-leak.yaml 2021-08-14 15:53:30 +05:30
GwanYeong Kim 5b81af7ab4 Create netis-info-leak.yaml 
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-13 13:34:28 +09:00
sandeep df65ba694b Update ewebs-arbitrary-file-reading.yaml 2021-08-12 18:19:22 +05:30
PikPikcU 65ed503022
Create ewebs-arbitrary-file-reading.yaml 2021-08-12 18:41:02 +07:00
Sandeep Singh 5ca0a70f3e
Merge pull request #2372 from projectdiscovery/buffalo 
Added CVE-2021-20090 / CVE-2021-20091 / CVE-2021-20092
 2021-08-12 16:07:45 +05:30
Prince Chaddha 0875847c7d
Merge pull request #2374 from gy741/rule-add-v54 
Create sar2html-rce.yaml
 2021-08-12 15:06:13 +05:30
Prince Chaddha cfc534af89
Update sar2html-rce.yaml 2021-08-12 15:03:49 +05:30
sandeep 98a07bd594 Added unauth config injection 2021-08-12 14:12:20 +05:30
Prince Chaddha 6ac4da7993
Merge branch 'master' into corsmisc 2021-08-11 13:17:10 +05:30
Prince Chaddha b466fce758
Update basic-cors.yaml 2021-08-11 13:15:04 +05:30
Prince Chaddha 5ac272597b
Delete cors-misconfig.yaml 2021-08-11 13:14:04 +05:30
Prince Chaddha cb94b58009
Update basic-cors.yaml 2021-08-11 13:13:45 +05:30
Prince Chaddha d49dc5f9d4
Update top-xss-params.yaml 2021-08-11 13:08:49 +05:30
Prince Chaddha c576f4317b
Update open-redirect.yaml 2021-08-11 13:08:24 +05:30
Prince Chaddha efa7319d40
Update generic-windows-lfi.yaml 2021-08-11 13:08:11 +05:30
Prince Chaddha 57b8d89815
Update generic-linux-lfi.yaml 2021-08-11 13:08:00 +05:30
Prince Chaddha cbfe76f33f
Update error-based-sql-injection.yaml 2021-08-11 13:07:46 +05:30
Prince Chaddha aa0b195c99
Update crlf-injection.yaml 2021-08-11 13:07:36 +05:30
Prince Chaddha 2165418c59
Update cache-poisoning.yaml 2021-08-11 13:07:27 +05:30
Prince Chaddha 4d4ae2edd2
Update basic-xss-prober.yaml 2021-08-11 13:07:17 +05:30
Prince Chaddha 791472aa2b
Update basic-cors.yaml 2021-08-11 13:07:05 +05:30
GwanYeong Kim 0d2b53e71d Create sar2html-rce.yaml 
SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-11 14:11:25 +09:00
sandeep 8c48ca97d2 matcher + payload + regex updates 2021-08-09 21:58:28 +05:30
G4L1T0 a44324ec2f updatev2 cors-misconfig.yaml 2021-08-09 11:57:37 -03:00
G4L1T0 e98fb7179e update cors-misconfig.yaml 2021-08-09 11:56:37 -03:00
Noam Rathaus a806149864 Spelling 2021-08-09 16:31:00 +03:00
Noam Rathaus 864b209cc1 Add reference 2021-08-09 16:10:10 +03:00
Noam Rathaus 3651410d37 Provide description 2021-08-09 16:08:19 +03:00
Sandeep Singh 210c57768d
Merge pull request #2193 from gy741/rule-add-v42 
Create kevinlab-hems-backdoor.yaml
 2021-08-08 13:56:56 +05:30
Sandeep Singh 3918071875
Merge pull request #2348 from Akokonunes/patch-25 
Create grimag-open-redirect.yaml
 2021-08-08 12:38:24 +05:30
sandeep d7b8760231 minor update 2021-08-08 12:29:11 +05:30
sandeep 4c057dcb1e minor update 2021-08-08 12:26:34 +05:30
sandeep a7dcd3f317 added more tags 2021-08-08 00:27:18 +05:30
sandeep 3b6d6322ea Additional matcher 2021-08-08 00:22:55 +05:30
sandeep e690901c86 minor update 2021-08-08 00:20:56 +05:30
Sandeep Singh 0ee60c4a3e
Merge pull request #2197 from mesaglio/master 
Detect azure directory traversal hosts file
 2021-08-07 23:15:29 +05:30
sandeep 318aa4736e misc update 2021-08-07 23:04:27 +05:30
sandeep 2233ebf3f1 moving files around 2021-08-07 23:02:17 +05:30
sandeep ca9efec5c0 tag update 2021-08-07 15:00:29 +05:30
Dhiyaneshwaran afcbd374a9
Create sap-redirect.yaml 2021-08-07 11:31:58 +05:30
sandeep 5cddd4312b Adding additional steps to make it work 2021-08-06 23:30:34 +05:30
PikPikcU 57624f3d25
Create ruijie-eg-rce.yaml 2021-08-06 17:04:32 +07:00
Prince Chaddha 3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49 
Create CVE-2020-7796.yaml
 2021-08-03 19:57:45 +05:30
Prince Chaddha c581a94bf4
Merge pull request #2318 from gy741/rule-add-v50 
Create longjing-technology-bems-api-lfi.yaml
 2021-08-03 19:56:57 +05:30
Prince Chaddha 28d568b88c
Update and rename longjing-technology-bems-api-lfi.yaml to bems-api-lfi.yaml 2021-08-03 19:55:25 +05:30
Prince Chaddha 23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208 
Add OpenSIS POC
 2021-08-03 19:53:32 +05:30
GwanYeong Kim 5fb6332bd9 Create longjing-technology-bems-api-lfi.yaml 
The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-08-03 21:52:14 +09:00
Prince Chaddha ea1ae20a82
Create zimbra-preauth-ssrf.yaml 2021-08-03 12:52:56 +05:30
Prince Chaddha 2491a6a4b7
Merge pull request #2227 from Udyz/patch-5 
Create hasura-graphql-sql-exec.yaml
 2021-08-02 22:25:31 +05:30
Prince Chaddha 4e976706b8
Update hasura-graphql-psql-exec.yaml 2021-08-02 22:18:41 +05:30
Prince Chaddha 204cf337c8
Update hasura-graphql-psql-exec.yaml 2021-08-02 22:15:52 +05:30
Prince Chaddha 6102421e22
Update hasura-graphql-ssrf.yaml 2021-08-02 22:03:12 +05:30
Prince Chaddha 03077a9ca2
Update tikiwiki-reflected-xss.yaml 2021-08-02 21:44:48 +05:30
Prince Chaddha 9f8d31200f
Merge pull request #2263 from pdelteil/patch-35 
Create jenkins-script.yaml
 2021-08-02 20:59:12 +05:30
Prince Chaddha 451aca42f9
Update jenkins-script.yaml 2021-08-02 20:57:19 +05:30
Noam Rathaus 493acb8afe Description 2021-08-02 14:30:22 +03:00
sandeep e896a8982d misc updates 2021-08-02 12:53:35 +05:30