daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,922 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

693 Commits (97aa239d52cb0c327dca8ae459c0f6a781f100a7)

Author SHA1 Message Date
sandeep 5d63b1bb05 Fixing the condition 2021-06-04 21:33:01 +05:30
sandeep 1f6334671c escape fix 2021-06-04 21:26:59 +05:30
sandeep 1fab4f8dbf Duplicate with - wordpress-directory-listing 2021-06-04 21:14:20 +05:30
sandeep 1557b782e9 Added WordPress Popup Plugin listing 2021-06-04 20:57:01 +05:30
sandeep 76bd8824a5 Added WordPress Mailchimp 4 Debug Log Exposure 2021-06-04 20:36:33 +05:30
PikPikcU bc9a760d29
Create interlib-fileread.yaml 2021-06-04 02:54:55 +00:00
sandeep 0f0ff2ee1e moving files around 2021-06-03 21:54:08 +05:30
Prince Chaddha 3202a0dd65
Merge pull request #1606 from nrathaus/master 
Description / Spelling
 2021-06-02 13:10:50 +05:30
sandeep 2fe2c88872 Moving files around 2021-06-02 12:22:24 +05:30
Noam Rathaus 2d52259f70 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-02 09:09:05 +03:00
sandeep a5ccb5f893 strict matcher 2021-06-01 16:08:41 +05:30
PikPikcU 7f5dfedf55
Create jeewms-lfi.yaml 2021-06-01 09:08:45 +00:00
Sandeep Singh 2685f492ed
Merge pull request #1580 from pikpikcu/patch-167 
Create ns-asg-file-read
 2021-06-01 14:10:09 +05:30
sandeep d5b9e4c7b6 Update ns-asg-file-read.yaml 2021-06-01 14:09:01 +05:30
Sandeep Singh fdd2103fa1
Merge pull request #1576 from Udyz/patch-1 
Create wp-statistics-blindsql.yaml
 2021-06-01 11:36:42 +05:30
sandeep bad1f52fd2 Added additional path 2021-05-31 20:05:39 +05:30
fanpan 5dd09fe02d spring 2x path 2021-05-31 19:28:31 +05:30
sandeep 8d3f2e3604 misc changes 2021-05-31 17:29:52 +05:30
Prince Chaddha 31341b547e
Update blue-ocean-excellence-lfi.yaml 2021-05-31 15:44:21 +05:30
PikPikcU f944191e7a
Create blue-ocean-excellence-lfi.yaml 2021-05-31 09:29:51 +00:00
Sandeep Singh 1c559f1ba3
Merge pull request #1567 from pikpikcu/patch-165 
hjtcloud poc
 2021-05-31 14:27:17 +05:30
PikPikcU e56a64402c
Create ns-asg-file-read.yaml 2021-05-31 08:56:01 +00:00
sandeep 4edb345286 Merge branch 'patch-165' of https://github.com/pikpikcu/nuclei-templates into pr/1567 2021-05-31 14:20:30 +05:30
sandeep 2ad903dcf1 misc changes 2021-05-31 14:19:23 +05:30
sandeep 5fed1d3432 Improved matcher 2021-05-31 13:31:13 +05:30
lulz 2b1a39cbab
Update wp-statistics-blindsql.yaml 2021-05-31 14:39:15 +07:00
lulz e89760c89c
Create wp-statistics-blindsql.yaml 2021-05-31 14:23:44 +07:00
sandeep 1f5c65d4c0 Added Wordpress Exposed DB Repair 2021-05-31 11:35:30 +05:30
PikPikcU 5f4923ddce
Create hjtcloud-arbitrary-file-read.yaml 2021-05-31 05:38:23 +00:00
Noam Rathaus 81d1180769 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-30 09:09:37 +03:00
Prince Chaddha aaae0a8214
Merge pull request #1540 from projectdiscovery/wp-lfi 
Adding Wordpress Plugin LFI Templates
 2021-05-28 17:03:27 +05:30
Prince Chaddha b54a107deb
Delete wp-supsystic-backup-lfi.yaml 2021-05-28 17:01:06 +05:30
Prince Chaddha b53a99109a
Delete wp-loco-translate-lfi.yaml 2021-05-28 17:00:56 +05:30
Sandeep Singh 585c649740
Merge pull request #1547 from pikpikcu/patch-162 
Create natshell-rce.yaml
 2021-05-28 11:13:33 +05:30
sandeep 1644eb793a misc changes 2021-05-28 11:12:36 +05:30
sandeep 2348650a50 misc changes 2021-05-28 08:41:58 +05:30
sandeep 4358f69b52 misc changes 2021-05-28 02:43:04 +05:30
PikPikcU b94ba82591
Update natshell-rce.yaml 2021-05-28 02:49:17 +07:00
PikPikcU f1726d3a1f
Create natshell-rce.yaml 2021-05-27 14:59:33 +00:00
sandeep ca83581cd2 misc updates 2021-05-27 08:58:03 +05:30
sandeep 9c1e801ade Adding Wordpress Plugin LFI Templates 2021-05-27 08:45:53 +05:30
Noam Rathaus b32eac85b1 Give description 2021-05-25 14:35:41 +03:00
sandeep 8676d8c23c Added Maian Cart 3.8 preauth RCE template 2021-05-25 05:08:52 +05:30
TheConciergeDev e1de4803f0
updated template tags 
The given "moodle" tag can not be found in the referenced PDFs and it definitely is an oracle vulnerability. I guess a legacy issue
 2021-05-21 15:36:55 +02:00
sandeep d7d86bbd95 More strict matcher 2021-05-20 23:15:01 +05:30
sandeep e66ce65285 Adding Fanruan related templates 2021-05-20 22:56:55 +05:30
sandeep 2906b2a3fb Improved matcher and paths 2021-05-20 19:58:57 +05:30
sandeep 3fc65caf62 misc changes 2021-05-19 05:52:07 +05:30
Prince Chaddha 3bd6843159 Revert "Merge branch 'magento-stuff' of https://github.com/Techbrunch/nuclei-templates into pr/1494" 
This reverts commit 4279c8e4bc, reversing
changes made to a6059be7ce.
 2021-05-18 22:30:15 +05:30
Techbrunch 2658aa1c03 Add reference to magento-2-exposed-api 2021-05-18 17:25:33 +02:00
Techbrunch 776776621a Added a few Magento related templates 2021-05-18 15:53:10 +02:00
sandeep f0879103d4 Improved matcher 2021-05-17 22:39:05 +05:30
sandeep 08ee1ad5ee matcher update 2021-05-17 19:49:24 +05:30
PikPikcU 08001381c4
Create natshell-path-traversal.yaml 2021-05-17 08:14:20 +00:00
PikPikcU 04e1fb0ef8
Create flir-path-traversal.yaml 2021-05-16 04:54:40 +00:00
Prince Chaddha 21c1dc2c70
Merge pull request #1337 from projectdiscovery/princechaddha-patch-7 
Create resin-cnnvd-200705-315.yaml
 2021-05-16 02:33:31 +05:30
sandeep fc66a9e076 Removing duplicate template 2021-05-11 23:48:36 +05:30
sandeep 7cd00b6145 Removing invalid paths 2021-05-11 02:15:17 +05:30
Sandeep Singh c2aad94548
Merge pull request #1458 from geeknik/patch-91 
Update top-xss-params.yaml
 2021-05-11 00:29:39 +05:30
sandeep 7019946599 Improved matcher 2021-05-11 00:29:01 +05:30
Geeknik Labs 37ac4c0924
Update top-xss-params.yaml 
Fix more false positives.
 2021-05-10 18:39:09 +00:00
Geeknik Labs dea16d4ebd
Update top-xss-params.yaml 
Fixes an edge case false positive on AkamaiGhost servers
 2021-05-10 18:20:48 +00:00
Prince Chaddha b4b30c95ee
Update oa-v9-uploads-file.yaml 2021-05-10 13:23:08 +05:30
Noam Rathaus 8766b537dd Add reference 2021-05-10 09:52:26 +03:00
Noam Rathaus fa7567f68e Its not really a regex 2021-05-10 09:35:36 +03:00
Noam Rathaus 4c201aa1dd It is not just a file upload 2021-05-10 09:35:10 +03:00
Noam Rathaus 1e364a6cdb Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-10 09:27:13 +03:00
Sandeep Singh 7fde950173
Merge pull request #1327 from projectdiscovery/showdoc-file-upload 
Adding Showdoc < 2.8.6 File Upload RCE
 2021-05-10 01:36:45 +05:30
sandeep 1f8ff83353 tags update 2021-05-10 01:34:11 +05:30
sandeep ccfb5ca4c4 regex update 2021-05-10 01:33:27 +05:30
Noam Rathaus 18dff7387c Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-09 08:32:05 +03:00
Sandeep Singh bd9997113e
Merge pull request #1430 from geeknik/patch-90 
Update open-redirect.yaml
 2021-05-07 16:18:32 +05:30
Sandeep Singh 311d517c05
Merge pull request #1421 from geeknik/patch-85 
Update top-xss-params.yaml
 2021-05-07 15:23:09 +05:30
sandeep 871a4107b5 Added complete payload and matcher 2021-05-07 15:21:59 +05:30
sandeep d950f72ff9 minor update 2021-05-07 14:56:40 +05:30
sandeep 0159c284e7 minor update 2021-05-07 14:53:34 +05:30
sandeep 8b9ec9d5fe Minor updates 2021-05-07 14:48:53 +05:30
Geeknik Labs 2f41002213
Update open-redirect.yaml 2021-05-06 22:38:09 +00:00
Geeknik Labs 565404910b
Update top-xss-params.yaml 2021-05-06 12:55:40 +00:00
Noam Rathaus 253ede65c1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-06 15:16:27 +03:00
Dhiyaneshwaran f5524e2b78
Update oracle-ebs-xss.yaml 2021-05-06 00:21:46 +05:30
Dhiyaneshwaran b7d47eb01a
Create oracle-ebs-xss.yaml 2021-05-06 00:05:07 +05:30
Dhiyaneshwaran 8274939810
Create kafdrop-xss.yaml 2021-05-05 23:51:53 +05:30
Dhiyaneshwaran 9944ef191f
Create joomla-lfi-com_fabrik.yaml 2021-05-05 23:48:57 +05:30
Prince Chaddha e87baf2967
Merge pull request #1346 from projectdiscovery/princechaddha-patch-11 
Create wuzhicms-sqli.yaml
 2021-05-05 23:30:36 +05:30
Prince Chaddha ae45a6b386
Merge pull request #1344 from projectdiscovery/princechaddha-patch-9 
Create ueditor-file-upload.yaml
 2021-05-05 23:29:11 +05:30
Noam Rathaus d5949e74d8 Add references 2021-05-05 17:32:21 +03:00
Noam Rathaus e68777d20a Alternative reference 2021-05-05 17:08:11 +03:00
Noam Rathaus 7f90af4d32 Reference is dead 2021-05-05 17:07:52 +03:00
Noam Rathaus 07c2e79fb9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-05 17:04:59 +03:00
Sandeep Singh 0520ad05d3
Merge pull request #1351 from projectdiscovery/princechaddha-patch-16 
Create ecology-filedownload-directory-traversal.yaml
 2021-05-05 17:56:59 +05:30
Sandeep Singh d1f62765f9
Merge pull request #1409 from DhiyaneshGeek/master 
Gogs install exposure,Gloo UI Unauthentication
 2021-05-05 17:54:37 +05:30
sandeep ae13e5e44e minor updates 2021-05-05 17:53:34 +05:30
sandeep b10918510c Adding strict matcher 2021-05-05 17:39:31 +05:30
Noam Rathaus a094b38f83 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-05 08:46:32 +03:00
Sandeep Singh 127ac5e37c
Merge pull request #962 from pikpikcu/patch-89 
add hashicorp-consul-rce
 2021-05-05 00:02:57 +05:30
Noam Rathaus c95dc69495 References 2021-05-04 15:15:10 +03:00
Noam Rathaus 39290e574f Fix description 2021-05-04 15:14:40 +03:00
sandeep 819e201ebd Update concrete-xss.yaml 2021-05-04 13:36:54 +05:30
sandeep 052f1b3b7b Adding concrete-xss 2021-05-04 13:36:16 +05:30
Dhiyaneshwaran 585b651592
Update gloo-unauth.yaml 2021-05-03 18:23:30 +05:30
Dhiyaneshwaran a1fc27ca75
Create gloo-unauth.yaml 2021-05-03 18:14:44 +05:30
sandeep acf5d41ef9 Minor update 2021-05-02 17:51:44 +05:30
Sandeep Singh 4f9a142c6b
Merge pull request #1398 from pikpikcu/patch-154 
Create landray-oa-fileread
 2021-05-02 13:59:50 +05:30
sandeep f9559b1e21 Update landray-oa-fileread.yaml 2021-05-02 13:58:47 +05:30
sandeep a6df4754d4 Update landray-oa-fileread.yaml 2021-05-02 13:57:33 +05:30
Noam Rathaus 41f47a4fef Expose references 2021-05-02 09:19:55 +03:00
Noam Rathaus d8bd0d2744 This is a better name for the test 2021-05-02 09:07:50 +03:00
PikPikcU c5bdf6cbca
Create landray-oa-fileread.yaml 2021-05-02 04:42:37 +00:00
sandeep cc9d4eddf1 Update rce-via-java-deserialization.yaml 2021-05-01 17:22:03 +05:30
Noam Rathaus 9d66fd0ae1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-29 12:03:56 +03:00
sandeep 020c9a959c Additional payload 2021-04-29 13:38:39 +05:30
Noam Rathaus f898e4b539 Correct product name 2021-04-29 09:20:58 +03:00
Noam Rathaus 574135de9a Expose reference 2021-04-29 09:12:56 +03:00
Noam Rathaus 25a38d34ec Missing 's' 2021-04-29 09:11:35 +03:00
Noam Rathaus a7de9915c7 Removed self-reference 2021-04-29 08:58:02 +03:00
Noam Rathaus 91b6b1b175 Make references visible 2021-04-29 08:57:39 +03:00
Noam Rathaus 2860cdfb4a Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-29 08:38:11 +03:00
sandeep 2920fa9bfb matcher and payload update 2021-04-28 19:44:28 +05:30
Prince Chaddha a55db7af44
Merge pull request #1332 from projectdiscovery/princechaddha-patch-2 
Create WooYun-2015-148227.yaml
 2021-04-28 18:51:07 +05:30
Noam Rathaus ecb436df3e Those aren't really regexes 2021-04-28 15:07:39 +03:00
Noam Rathaus ad9314acdc Provide references to the problem (in eclipse site) and how it was fixed (and Jenkins upstream bugs related to this) 2021-04-28 14:17:47 +03:00
Noam Rathaus 9ece07bf9a Provide reference 2021-04-28 14:00:15 +03:00
Noam Rathaus e32c1bd4c1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-28 13:29:39 +03:00
Prince Chaddha 8d9d46e00a
Merge pull request #1362 from underfl0w/chamilo-lms-sqli 
Chamilo 1.11.14 LMS sql injection
 2021-04-28 15:55:14 +05:30
Prince Chaddha 722e305878
Update chamilo-lms-sqli.yaml 2021-04-28 15:48:34 +05:30
sandeep 5f5430a7a4 Payload and matcher fix 2021-04-28 14:42:10 +05:30
sullo be24a83a98 Simplify regex 2021-04-27 10:42:41 -04:00
sullo 1824c1df92 More flexible matching to prevent false-negatives 2021-04-27 10:38:57 -04:00
Noam Rathaus 3bdb2fdbd4 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-27 14:02:16 +03:00
Noam Rathaus f55bb45e75 Give some description 2021-04-27 14:02:08 +03:00
sandeep 3adf607b6f Matcher for DNS interaction 2021-04-27 16:24:39 +05:30
Prince Chaddha eaf70d16ab
Merge pull request #1350 from projectdiscovery/princechaddha-patch-15 
Create zcms-v3-sqli.yaml
 2021-04-27 16:09:32 +05:30
Prince Chaddha 427f99b0c1
Update wordpress-rce-simplefilelist.yaml 2021-04-27 15:25:28 +05:30
Noam Rathaus 1aca402bf6 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-27 09:42:50 +03:00
Noam Rathaus 4cc6b3bdb0 Reduce FP due to not actually execution of the PHP but rather it being returned as is (the content) 2021-04-27 09:42:41 +03:00
Prince Chaddha d705648dc4
Merge pull request #1343 from projectdiscovery/princechaddha-patch-8 
Create spark-webui-unauth.yaml
 2021-04-26 21:58:53 +05:30
Prince Chaddha 3079fce648
Update spark-webui-unauth.yaml 2021-04-26 21:57:46 +05:30
Prince Chaddha f726562445
Update spark-webui-unauth.yaml 2021-04-26 21:56:13 +05:30
Prince Chaddha 487e2300e1
Merge pull request #1331 from projectdiscovery/princechaddha-patch-1 
Create unauth-spark-api.yaml
 2021-04-26 21:52:22 +05:30
Prince Chaddha 5fcba18d1e
Merge pull request #1349 from projectdiscovery/princechaddha-patch-14 
Create xunchi-file-read.yaml
 2021-04-26 21:06:27 +05:30
Prince Chaddha ac29e9a622
Merge pull request #1348 from projectdiscovery/princechaddha-patch-13 
Create xiuno-bbs-reinstallation.yaml
 2021-04-26 21:05:39 +05:30
Prince Chaddha 4cc83776f3
Merge pull request #1352 from projectdiscovery/princechaddha-patch-17 
Create ecology-springframework-directory-traversal.yaml
 2021-04-26 20:48:30 +05:30
Noam Rathaus 2e1e0e932f Product name 2021-04-26 09:07:57 +03:00
Noam Rathaus 19a4bbc844 Correct product name, and link to the Gitee 2021-04-26 09:03:24 +03:00
Noam Rathaus 3857469468 Add reference 2021-04-26 09:01:39 +03:00
Noam Rathaus 909a0ce4dd Product seems to be called ectouch 2021-04-26 08:51:08 +03:00
Noam Rathaus bb974381b5 add references 2021-04-26 08:48:16 +03:00
Jurjen de Jonge b9ad93a3cd Reverted back to old technique 
The ;INSERT method only seemed to work on my dev enviroment.
 2021-04-24 22:15:57 +03:00
Jurjen de Jonge 5f264c9891 Updated chamilo-lms-sqli.yaml 
Uses SQL injection to insert data into the database, then checks to see
if this data has been added;
 2021-04-24 21:41:38 +03:00