03999c42cd
Create apache-storm-unauth.yaml
2021-11-20 06:40:32 +07:00
8198ba6711
Merge pull request #3140 from deFr0ggy/master
...
AMPPS - Directory Listing Misconfiguration
2021-11-17 23:03:11 +05:30
0a27557981
Update ampps-dirlisting.yaml
2021-11-17 22:24:40 +05:00
887872dab2
Update ampps-dirlisting.yaml
2021-11-17 13:57:51 +05:30
f046a10576
AMPPS - Directory Listing Misconfiguration
2021-11-14 14:33:51 +05:00
7b1cc1bcd7
Merge pull request #3134 from pussycat0x/master
...
Unauthentication InfluxDB Detection
2021-11-13 14:18:20 +05:30
6dbf6233be
lint fix
2021-11-13 14:16:19 +05:30
5981681f65
misc updates
2021-11-13 14:14:06 +05:30
2051ea65ea
Add files via upload
2021-11-13 12:26:47 +05:30
878a74647c
misc updates
2021-11-11 22:04:45 +05:30
e43e20880d
Move miscellaneous/phpmyadmin-setup.yaml to misconfiguration/phpmyadmin/phpmyadmin-setup.yaml
2021-11-11 11:14:21 -05:00
02ad4e81b0
Removing misconfiguration/phpmyadmin/phpmyadmin-setup.yaml
...
in favor of miscellaneous/phpmyadmin-setup.yaml
2021-11-11 11:13:45 -05:00
d19093dcc8
Merge pull request #3117 from pussycat0x/master
...
unauthorized hp officepro printer
2021-11-11 12:51:25 +05:30
58c224e3a5
Update unauthorized-hp-officepro-printer.yaml
2021-11-11 11:14:52 +05:30
1a15d91764
Update and rename misconfiguration/unauthorized-hp-officepro-printer.yaml to misconfiguration/hp/unauthorized-hp-officepro-printer.yaml
2021-11-11 11:10:36 +05:30
f9263c047a
Update unauthorized-hp-officepro-printer.yaml
2021-11-10 17:58:59 +05:30
cb0b495fe0
Add files via upload
2021-11-10 17:46:34 +05:30
037d974e8b
Merge pull request #3095 from projectdiscovery/CVE-2020-26413
...
Create CVE-2020-26413.yaml
2021-11-06 22:38:14 +05:30
dbbb08e40c
misc updates
2021-11-06 22:36:37 +05:30
199d7061f7
Update gocd-encryption-key.yaml
2021-11-06 18:45:55 +05:30
32e666d1f0
Update gocd-encryption-key.yaml
2021-11-06 18:24:24 +05:30
a6d228ad50
misc updates
2021-11-06 16:27:38 +05:30
5fa10c4b64
cves update
2021-11-06 12:34:04 +05:30
b2eceeff1a
syntax update
2021-11-05 02:56:16 +05:30
3736a5ccc9
Update gocd-unauth-dashboard.yaml
2021-11-05 02:51:56 +05:30
2e4ca64ca7
Update gocd-server-configuration.yaml
2021-11-05 02:51:48 +05:30
2e4e27cb69
Update gocd-encryption-key.yaml
2021-11-05 02:51:39 +05:30
134c27219d
Update gocd-arbitrary-file.yaml
2021-11-05 02:51:18 +05:30
99ba23f9af
misc update
2021-11-05 02:29:38 +05:30
62a629cda9
Create gocd-unauth-dashboard.yaml
2021-11-05 02:27:08 +05:30
bb2e3b1d38
Create gocd-encryption-key.yaml
2021-11-05 02:22:06 +05:30
fd9ffceacd
Update and rename go-cd-arbitrary-file.yaml to gocd-arbitrary-file.yaml
2021-11-05 02:13:15 +05:30
5d7e8f72de
Update gocd-server-configuration.yaml
2021-11-05 02:12:33 +05:30
2e7ab374eb
Create gocd-server-configuration.yaml
2021-11-05 01:54:26 +05:30
db91642c3d
Rename pre-auth-rce-gocd.yaml to go-cd-arbitrary-file.yaml
2021-11-05 01:48:25 +05:30
7a60f45431
Update pre-auth-rce-gocd.yaml
2021-11-05 01:46:11 +05:30
0ac7e92ac9
Update pre-auth-rce-gocd.yaml
2021-11-05 01:41:25 +05:30
3eff5e541d
Create pre-auth-rce-gocd.yaml
2021-11-05 01:30:11 +05:30
421624d732
Added missing tags
2021-11-04 15:13:32 +05:30
be871b155c
Create sitecore-debug-page.yaml
2021-11-03 23:16:23 +05:30
b83e79a8fe
moving files around
2021-11-01 19:36:21 +05:30
f650961021
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into gitlab-updates
2021-11-01 19:21:55 +05:30
a229a2e822
Merge pull request #2986 from projectdiscovery/wildcard-postmessage
...
Added Wildcard postMessage detection
2021-11-01 15:46:00 +05:30
ec2907e6b0
Update wildcard-postmessage.yaml
2021-11-01 14:54:51 +05:30
4d58562095
Update umbraco-base-ssrf.yaml
2021-10-30 22:06:04 +05:30
40340c89c6
Update and rename misconfiguration/umbraco-base-ssrf.yaml to misconfiguration/vulnerabilities/other/umbraco-base-ssrf.yaml
2021-10-30 17:33:53 +05:30
9e1f9859d8
Create umbraco-base-ssrf.yaml
2021-10-30 11:03:14 +05:30
e91e2e6e27
Added missing tag
2021-10-28 17:44:58 +05:30
cd9195b7e4
Update wildcard-postmessage.yaml
2021-10-26 23:48:28 +05:30
d43c694da7
Delete docker-version-detect.yaml
2021-10-26 23:41:28 +05:30
0de8bc19f8
misc template updates
2021-10-26 17:39:26 +05:30
e4a646f9d4
Update and rename misconfiguration/unauth-securityspy-camera-detect.yaml to exposed-panels/securityspy-detect.yaml
2021-10-25 15:00:32 +05:30
a7c02f99dc
Update unauth-securityspy-camera-detect.yaml
2021-10-25 10:34:24 +05:30
2b4356dcc1
Add files via upload
2021-10-25 08:34:17 +05:30
854016684c
Add files via upload
2021-10-24 18:05:09 +05:30
80301e3f63
Added Wildcard postMessage detection
2021-10-23 23:34:49 +05:30
c849b7d51a
metadata update
2021-10-22 23:22:36 +05:30
fc1b7a658c
Merge pull request #2956 from CristiVlad25/misconfig
...
Created app.yaml Template
2021-10-22 22:38:45 +05:30
62dc0c0c31
misc update
2021-10-22 22:19:12 +05:30
444fa88b24
Create jaeger-ui-dashboard.yaml
2021-10-22 22:15:57 +05:30
8632760893
Created app.yaml Template
2021-10-22 12:17:44 +03:00
ac9f713d97
Merge PHP Errors Templates
...
There was an extra error template for PHP warnings although there was
another template holding that already.
The status code check (500) is a step that would make sense for all of
the checks. This is not limited to warnings. Though I think that error
code 500 shrinks the result set too much in this case. That's why I
would leave it out.
2021-10-21 10:46:04 +02:00
52e498506e
Update zenphoto-sensitive-info.yaml
2021-10-19 17:45:19 +05:30
69953cf73e
Update zenphoto-sensitive-info.yaml
2021-10-18 23:18:31 -03:00
33badb66d1
oob tags update
2021-10-19 02:10:26 +05:30
f86ef5382b
Merge pull request #2783 from pikpikcu/patch-295
...
Added skycaiji
2021-10-17 22:23:07 +05:30
acda6fdb53
added missing slash
2021-10-16 01:10:48 +05:30
196cc292b8
adding tags
2021-10-16 01:09:19 +05:30
5e2c52f803
Merge branch 'misconfiguration' of https://github.com/CristiVlad25/nuclei-templates into pr/2900
2021-10-16 01:07:50 +05:30
dd106dcb8f
misc update and moving files around
2021-10-16 01:06:37 +05:30
10b4076f88
misc update
2021-10-14 00:14:29 +05:30
0102fad1a9
Add hpe-system-management-anonymous.yaml
...
Detect anonymous HPE System Management instance
2021-10-12 18:11:25 -04:00
673a9107c5
misc updates
2021-10-11 01:38:44 +05:30
3e3e64c20e
Add unauthenticated-lansweeper.yaml
...
Detect unauthenticated Lansweeper instance
2021-10-10 13:03:46 -04:00
0ed37945d6
Update skycaiji-install.yaml
2021-10-08 12:06:44 +05:30
f1e4a2b15f
Added one more status page for NGINX
2021-10-06 12:12:13 +04:00
179e265f8a
Update and rename misconfiguration/iotawatt-configuration-app.yaml to iot/iotawatt-app-exposure.yaml
2021-10-06 11:07:51 +05:30
a71096bcd8
Add files via upload
2021-10-05 22:28:16 +05:30
bfb3d70662
Update and rename misconfiguration/hp-switch-default-creds.yaml to default-logins/hp/hp-switch-default-login.yaml
2021-10-05 15:19:15 +05:30
6a38a61321
Update hp-switch-default-creds.yaml
2021-10-05 01:56:47 +05:30
f0a572eae8
Update hp-switch-default-creds.yaml
2021-10-05 01:43:14 +05:30
30c447d42b
Add files via upload
2021-10-05 01:25:35 +05:30
55b0673d27
Added IBM Websphere Friendly Path Exposure
...
Co-Authored-By: clarkvoss <32307041+clarkvoss@users.noreply.github.com>
2021-10-03 16:49:06 +05:30
3878138bfe
* Added Host headers where needed (validated via disclosures/posts)
...
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
553772ab8a
Create skycaiji-install.yaml
2021-09-30 23:49:10 +07:00
807920c0ac
clean-up
2021-09-21 17:16:53 +05:30
b57620cce2
Typo and language corrections
2021-09-20 15:25:11 -04:00
6564d0fca4
Merge pull request #2708 from pussycat0x/master
...
New templates
2021-09-20 14:18:41 +05:30
27572bcc92
Update and rename service-pwd-expose.yaml to service-pwd.yaml
2021-09-18 12:11:19 +05:30
4d2d1f35d6
Update service-pwd-expose.yaml
2021-09-18 12:08:32 +05:30
6ff85169c3
Update service-pwd-expose.yaml
2021-09-18 12:03:17 +05:30
b49aee881b
Add files via upload
2021-09-18 10:38:21 +05:30
117c59094b
Merge pull request #2704 from geeknik/patch-28
...
Update shell-history.yaml
2021-09-17 23:37:56 +05:30
7223d54eea
Merge pull request #2649 from pussycat0x/master
...
Glowroot-anonymous-access
2021-09-17 22:32:06 +05:30
7f5dd080cc
Update shell-history.yaml
...
Follow-up fix for comment in #2129
2021-09-17 10:00:22 -05:00
ab4e6a4dd6
Merge pull request #2696 from DhiyaneshGeek/master
...
New Templates Added
2021-09-17 16:29:58 +05:30
5858e3a01c
Update and rename exposures/logs/database-error.yaml to misconfiguration/database-error.yaml
2021-09-17 13:33:54 +05:30
769a6ea059
Update zabbix-error.yaml
2021-09-17 13:01:57 +05:30
52162716e5
Update and rename exposures/logs/zabbix-error.yaml to misconfiguration/zabbix-error.yaml
2021-09-17 13:00:35 +05:30
317c941340
Update php-errors.yaml
2021-09-17 12:59:34 +05:30
f47c4da9e8
Merge pull request #2694 from geeknik/geeknik-patch-1
...
MIscellaneous updates
2021-09-17 02:22:26 +05:30
067247401b
Merge pull request #2442 from pdelteil/patch-38
...
Create springboot-info.yaml
2021-09-17 02:22:08 +05:30
74871a7412
Update springboot-info.yaml
2021-09-17 02:21:49 +05:30
fd768f4b2c
Update rack-mini-profiler.yaml
2021-09-16 15:18:31 -05:00
0ab82749ef
Create unauthenticated-glowroot.yaml
2021-09-15 13:28:43 +05:30
2790f5ff9f
Update glowroot-anonymous-access.yaml
2021-09-14 15:35:52 +05:30
9c5a43e25d
Glowroot-anonymous-access
2021-09-13 23:58:56 +05:30
cf4ef2ac5a
Merge pull request #2622 from projectdiscovery/missing-tags
2021-09-10 12:32:47 +05:30
bd24dc198e
Coverage for all templates using tags
2021-09-09 19:08:13 +05:30
54c9f08233
Merge pull request #2612 from projectdiscovery/cleanups
...
Removed extra headers not required for template
2021-09-09 14:50:00 +05:30
39a0ffd0a5
Update python-metrics.yaml
2021-09-08 18:19:15 +05:30
664ac52065
Update python-metrics.yaml
2021-09-08 18:09:15 +05:30
85adcd95be
Update python-metrics.yaml
2021-09-08 17:58:43 +05:30
6fee9b2b1b
Create python-metrics.yaml
2021-09-08 17:48:54 +05:30
609705f676
removed extra headers not required for template
2021-09-08 17:47:19 +05:30
7e601216b9
Added additional path
2021-09-08 13:01:42 +05:30
ef1f7c5e92
Updates across many templates for clarity, spelling, and grammar.
2021-09-05 17:13:45 -04:00
63ce5e0b77
Nextcloud templates
2021-09-05 22:52:45 +05:30
ac558b2887
Merge pull request #2568 from pussycat0x/master
...
New Templates added
2021-09-04 15:56:17 +05:30
969e08f12e
moving files around
2021-09-04 15:54:24 +05:30
4a9a339feb
misc update
2021-09-04 15:40:34 +05:30
b74dffae92
misc update
2021-09-04 15:23:49 +05:30
d10439c29f
Merge pull request #2565 from geeknik/patch-25
...
Update php-errors.yaml
2021-09-04 00:43:26 +05:30
735b1df1c5
Update php-errors.yaml
2021-09-03 12:09:59 -05:00
32fed54169
removing duplicate templates and few updates
2021-09-03 22:35:58 +05:30
d27dadb79e
updated matchers
2021-09-03 22:24:11 +05:30
6ba8cb040d
Update overview-kubernetes-resource-report.yaml
2021-09-03 22:23:59 +05:30
ac4bce9ca5
Update php-errors.yaml
...
Made better through use of regex extractors. More useful information is displayed on-screen.
2021-09-03 11:28:42 -05:00
6e2816be3e
Add files via upload
2021-09-03 20:12:53 +05:30
90f8caf302
Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481
2021-09-03 14:55:30 +05:30
c266084621
Added stop-at-first-match in applicable templates
2021-09-02 17:29:10 +05:30
bec1c542cd
Update unauthenticated-mongo-express.yaml
2021-08-31 13:32:56 +05:30
212072fad2
Update unauthenticated-mongo-express.yaml
2021-08-31 13:31:48 +05:30
419a957409
Fixing errors in templates
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-27 10:43:24 +03:00
ddd3ef8493
Merge branch 'master' of github.com:socketz/nuclei-templates
2021-08-25 14:32:22 +02:00
c766a8454d
Fixed yaml linting errors
2021-08-25 14:09:42 +02:00
0ef631dce1
Update http-missing-security-headers.yaml
2021-08-25 16:52:35 +05:30
de76c65d01
Merge branch 'projectdiscovery:master' into master
2021-08-24 13:10:56 +02:00
296edfc37b
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-23 14:40:33 +03:00
76c9bbee20
minor update
2021-08-21 15:53:06 +05:30
b013ef69df
Create springboot-threaddump.yaml
...
Testing
nuclei -t springboot-threaddump.yaml -u https://folhaponto.cmm.pr.gov.br/
nuclei -t springboot-threaddump.yaml -u https://ctacte.realechile.cl/
2021-08-21 00:42:49 -04:00
d3552cc6e3
Update springboot-info.yaml
2021-08-21 01:20:10 +05:30
dc4cc62629
Merge remote-tracking branch 'origin/master' into dynamic_attributes
2021-08-20 15:35:17 +03:00
a5c7f36781
Update springboot-env.yaml
2021-08-20 03:12:53 -04:00
e6029630f4
Create springboot-info.yaml
2021-08-20 03:08:19 -04:00
3f803deb28
more updates
2021-08-20 02:14:42 +05:30
20d1f0a54f
Added intrusive tag
...
Added intrusive tag for identification / exclusion as discussed here - https://github.com/projectdiscovery/nuclei/discussions/551
2021-08-19 22:59:45 +05:30
4f1e61f021
Adding unique prefix for identification
2021-08-19 22:39:56 +05:30
247b07a76a
Added grafana-public-signup
2021-08-19 22:11:11 +05:30
77103bc629
Satisfying the linter (all errors and warnings)
...
* whitespace modifications only
2021-08-19 17:44:46 +03:00
f55d6b75e1
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
7b29be739e
Merge branch 'master' into dynamic_attributes
2021-08-19 16:23:26 +03:00
ffaff64565
Changes fixes/around dynamic attributes ("additional-fields")
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
6a8d9e0687
Update and rename misconfiguration/sidekiq-dashboard.yaml to exposed-panels/sidekiq-dashboard.yaml
...
Added references.
Moved template to exposed-panels.
2021-08-18 14:44:12 -05:00
cdf9451158
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
8c48ca97d2
matcher + payload + regex updates
2021-08-09 21:58:28 +05:30
c4f9a2e32d
Merge pull request #2325 from pussycat0x/master
...
springboot Actuator
2021-08-06 21:05:54 +05:30
1a043cc846
minor update
2021-08-06 21:02:50 +05:30
32709de987
misc updates
2021-08-06 20:48:32 +05:30
b20ba6754d
minor update
2021-08-05 16:31:01 +05:30
1140b9117a
updated matchers
2021-08-05 16:29:52 +05:30
dbab8fb57a
Create office365-open-redirect.yaml
2021-08-05 15:25:08 +05:30
2ad4805bcd
Add files via upload
2021-08-04 22:43:45 +05:30
ed8ba1451d
Update springboot-metrics.yaml
2021-08-04 22:17:33 +05:30
cb63ec5176
Update springboot-dump.yaml
2021-08-04 22:17:01 +05:30
4715314c2b
Add files via upload
2021-08-04 22:08:47 +05:30
89ce8da31c
template update
2021-08-02 16:10:05 +05:30
ee06aea64d
Merge pull request #2262 from DhiyaneshGeek/master
...
New Template
2021-07-31 22:50:25 +05:30
83a1769c04
Added Open Akamai ARL XSS Detection
2021-07-31 00:53:25 +05:30
918a6deead
Merge pull request #2265 from pussycat0x/master
...
zabbix-dashboards-access
2021-07-30 02:37:02 +05:30
6b02fb31ed
updated matcher
2021-07-30 02:33:01 +05:30
3caeca71ab
Add files via upload
2021-07-29 23:36:59 +05:30
c8e11b8254
Create viewpoint-system-status.yaml
2021-07-29 19:08:40 +05:30
c49a4b32f1
Update android-debug-database-exposed.yaml
2021-07-29 10:47:01 +05:30
9f93ea0eba
Update android-debug-database-exposed.yaml
2021-07-28 21:37:19 +05:30
71a27da891
Added security headers templates
2021-07-28 14:40:20 +02:00
bbc34b011b
Create android-debug-database-exposed.yaml
2021-07-28 17:46:31 +05:30
1b437d300a
Additional matcher for Symfony debug mode
2021-07-26 17:21:46 +05:30
bfd40054e4
matcher update
2021-07-26 15:18:10 +05:30
934d899f5e
Reduce false positives
2021-07-26 12:53:34 +07:00
a57bcda074
Merge pull request #2111 from pikpikcu/patch-203
...
Update hadoop-unauth.yaml
2021-07-26 01:35:34 +05:30
3fc8626874
Update hadoop-unauth.yaml
2021-07-26 01:33:02 +05:30
b905a91cdc
Merge pull request #2129 from geeknik/patch-6
...
Update shell-history.yaml
2021-07-26 01:08:46 +05:30
bb8a22401b
Separating service detection + SSRF detection
2021-07-25 15:22:09 +05:30
cff60a04b5
Fix false positive
2021-07-25 12:14:24 +07:00
6ccc5f8792
matcher update to handle edge cases
2021-07-25 03:05:55 +05:30
4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
...
17 New Templates Added
2021-07-24 03:26:09 +05:30
b1d8ab1193
more matchers update
2021-07-24 03:13:09 +05:30
327819a037
Update misconfiguration/clockwork-dashboard-exposure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:24 +05:30
f8a1c2c2b5
Update misconfiguration/clockwork-dashboard-exposure.yaml
...
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:09 +05:30
1754aecb5e
Update wamp-server-configuration.yaml
2021-07-22 17:54:19 +05:30
d354d50bb9
Update shell-history.yaml
...
fix false positive
2021-07-21 12:26:20 -05:00
ff374372e0
Update clockwork-dashboard-exposure.yaml
2021-07-21 17:23:40 +05:30
c9852b62dd
Create clockwork-dashboard-exposure.yaml
2021-07-21 11:02:36 +05:30
9c8e154b5a
Update hadoop-unauth.yaml
2021-07-20 19:29:10 +07:00
525ffdefcc
Update unauthenticated-popup-upload.yaml
2021-07-15 13:52:06 +05:30
6dd92167eb
minor updates
2021-07-13 19:35:58 +05:30
4822208487
Merge pull request #71 from projectdiscovery/master
...
Updation
2021-07-13 14:54:00 +05:30
51d6477505
Create unauthenticated-alert-manager.yaml
2021-07-13 14:10:37 +05:30
920255635b
Merge pull request #1876 from pussycat0x/master
...
web-ftp
2021-07-13 01:53:15 +05:30
8ec1767561
Rename hp-printer-unanuthorized-access.yaml to unauthorized-hp-printer.yaml
2021-07-13 01:45:40 +05:30
567096e97f
matcher update
2021-07-13 01:42:15 +05:30
3b13abc7f2
matcher update
2021-07-13 01:30:58 +05:30
647677f0ab
Update hp-printer-unanuthorized-access.yaml
2021-07-11 23:49:17 +05:30
09b002134d
Add files via upload
2021-07-11 23:44:34 +05:30
22421fd38e
Merge pull request #1843 from DhiyaneshGeek/master
...
Update AEM CRX bypass , AEM Debug XSS and Java sean debug page, Jetty showcontexts enable , jfrog-unauth-build-exposed Templates Added
2021-07-04 01:23:20 +05:30
afcbe4cfe4
minor updates
2021-07-04 01:22:08 +05:30
a5f8175017
Update unauthorized-plastic-scm.yaml
2021-07-03 16:39:59 +05:30
5d7388f0ae
Added Unauthorized Access to Plastic Admin Console
2021-07-03 16:37:11 +05:30
31a10ebfb7
Update jetty-showcontexts-enable.yaml
2021-07-02 20:50:15 +05:30
5b91ef07a6
Update unauthenticated-glances.yaml
2021-07-02 17:15:32 +05:30
db61d85e75
minor updates
2021-07-02 17:14:03 +05:30
5f779266bc
Create jetty-showcontexts-enable.yaml
2021-07-02 08:16:57 +05:30
39eb91a582
Update aem-crx-bypass.yaml
2021-07-01 22:23:08 +05:30
7c39ab8c79
Check if json.
2021-06-30 12:03:47 +00:00
e8ffd4ea06
Update aem-crx-bypass.yaml
2021-06-28 20:45:41 +05:30
eaa5d7600f
Added more strict matchers
2021-06-28 20:44:24 +05:30
e53b262283
Update aem-crx-bypass.yaml
2021-06-28 20:23:11 +05:30
91b673ad17
Create aem-crx-bypass.yaml
2021-06-28 20:20:58 +05:30
2a7d45fa1f
more strict matcher
2021-06-26 19:42:11 +05:30
89b4fdf8ed
Merge pull request #1757 from pussycat0x/master
...
New template added
2021-06-24 02:02:42 +05:30
5fa51dd043
Update phpmyadmin-sql.php-server.yaml
2021-06-24 01:26:51 +05:30
134a23aeab
Some fixes (WIP)
...
- Added missing matcher condition
- Updated severity to lowercase, as it's case sensitive
2021-06-24 01:03:41 +05:30
2dd0ce2664
Update phpmyadmin-sql.php-server.yaml
2021-06-23 21:37:14 +05:30
5ae899a66f
Update phpmyadmin-sql.php-server.yaml
2021-06-23 21:34:13 +05:30
bb251938c8
Add files via upload
2021-06-22 20:40:53 +05:30
49f9b67827
Added reference
2021-06-20 16:39:47 +05:30
bd4b43bbce
Merge pull request #995 from pikpikcu/patch-101
...
Create zhiyuan-oa-unauthorized
2021-06-19 12:53:24 +05:30
5463655627
Update zhiyuan-oa-unauthorized.yaml
2021-06-19 12:52:35 +05:30
f0b67ef56b
Few template updates
2021-06-18 15:53:49 +05:30
6081edd83f
Added reference
2021-06-18 12:16:27 +05:30
f9d068a105
Added ssrf-via-oauth-misconfig
2021-06-18 12:15:13 +05:30
b1e401ff9c
Delete adobe-connect-xss.yaml
2021-06-15 15:54:19 +05:30
891e8374b1
misc changes
2021-06-14 20:32:21 +05:30
629b655ef1
Create adobe-connect-xss.yaml
2021-06-13 23:54:48 +05:30
afec528d82
Create adobe-connect-version.yaml
2021-06-13 23:40:58 +05:30
6e727805c1
Create adobe-connect-username-exposure.yaml
2021-06-13 23:25:39 +05:30
8d35960831
Strict matchers
2021-06-10 21:18:38 +05:30
13090ace75
Merge pull request #1659 from WillD96/IIS-Internal-IP-Disclosure
...
Created IIS Internal IP Disclosure Template
2021-06-10 00:02:02 +05:30
aa9e899dd2
Added conditional word in body
...
I found this be a valid finding /actuator/env on a production host but was missing additional words to check which was causing a false negative. 'activeProfiles' allows this test to pass on the instance that I came across.
2021-06-09 11:36:54 -06:00
3c6aa9da0c
misc updates
2021-06-09 22:15:55 +05:30
cd06c6137f
Fixed trailing spaces
2021-06-09 16:04:53 +01:00
ad8d064bf9
Fixed linting error.
2021-06-09 15:40:06 +01:00
6279e1fb70
Added template for IIS Internal IP Disclosure
...
By sending a HTTP 1.0 request to the root of the webserver, sometimes an internal IP address is disclosed in the Location header of the 302 response.
2021-06-09 15:30:59 +01:00
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
0013f94807
Merge pull request #1631 from projectdiscovery/sap_update
...
SAP NetWeaver update
2021-06-09 14:17:51 +05:30
1851068721
Updated matcher
2021-06-08 00:33:06 +05:30
0fe0d327b0
moving files around
2021-06-07 19:57:59 +05:30
52adac2e12
Create firebase-urls.yaml
2021-06-06 19:38:51 +05:30
158914d4db
Create artifactory-anonymous-deploy.yaml
2021-06-06 19:37:32 +05:30
1d07ace8a5
Merge pull request #1634 from DhiyaneshGeek/master
...
Exposed jQuery File Upload
2021-06-06 17:58:25 +05:30
6649abf131
Update exposed-jquery-file-upload.yaml
2021-06-06 17:55:05 +05:30
fae9755374
Merge pull request #1639 from pdelteil/patch-9
...
Update shell-history.yaml
2021-06-06 13:40:47 +05:30
0cf8ffdc57
misc changes
2021-06-06 13:39:16 +05:30
e2eaedc6a1
misc updates
2021-06-06 13:19:01 +05:30
652da29f9a
Update shell-history.yaml
...
There are two problems with this template, it only checks for chmod commands but most importantly doesn't check for html tags. A real history file the response doesn't include html tags at all.
So, I'm adding two rules: Check for another possible commands (from real example) and adding a negative rule to discard false positives like this one:
nuclei -debug -t /home/kali/nuclei-templates/misconfiguration/shell-history.yaml -u http://777.urbanup.com
2021-06-05 22:06:30 -04:00
9014a4b0a2
Update aws-object-listing.yaml
...
Added extractor that retrieves the name of the s3 bucket.
Test
nuclei -t nuclei-templates/misconfiguration/aws-object-listing.yaml -u http://img.secnews.gr
[2021-06-06 01:19:10] [aws-object-listing] [http] [low] http://imgcdn.secnews.gr [img.secnews.gr]
2021-06-05 21:27:44 -04:00
0d82660f90
Create exposed-jquery-file-upload.yaml
2021-06-05 22:04:09 +05:30
a85c1dd35a
Moving files around + duplicate remove
2021-06-05 15:57:13 +05:30
ae8c130668
Moving files around
2021-06-05 15:55:01 +05:30
edcc35d604
Added Private key exposure via helper detector
2021-06-04 20:46:19 +05:30
0c436e35aa
Added airflow-debug
2021-06-03 19:39:51 +05:30
0c4f75d3ad
Duplicate template
2021-06-03 18:44:50 +05:30
bdc803fd4b
Added CVE-2020-13927
2021-06-03 14:23:34 +05:30
f63cd48c79
Update alibaba-mongoshake-unauth.yaml
2021-06-02 01:16:41 +05:30
9f8852572e
Create alibaba-mongoshake-unauth.yaml
2021-06-01 10:53:26 +00:00
cf0a3f69c6
Update kubernetes-pods.yaml
2021-05-27 02:45:50 +05:30
8d65ab7958
Update exposed-docker-api.yaml
2021-05-27 02:44:54 +05:30
da49c78c7c
Update docker-registry.yaml
2021-05-27 02:44:33 +05:30
0ed9fe6fa3
Update misconfigured-docker.yaml
2021-05-27 02:42:11 +05:30
6e23c0c207
Merge pull request #1528 from projectdiscovery/DhiyaneshGeek/master
...
Dhiyanesh geek/master
2021-05-24 01:28:15 +05:30
8a182ff0cc
misc changes
2021-05-24 01:26:48 +05:30
22812d2112
Create cx-cloud-upload-detect.yaml
2021-05-23 17:07:30 +05:30
c83785f916
Update server-status-localhost.yaml
...
OCD
2021-05-22 13:46:31 -05:00
7499faff02
Create kubeflow-dashboard-unauth.yaml
2021-05-22 20:05:32 +05:30
4fc7bd61fe
Create pinpoint-unauth.yaml
2021-05-22 20:01:28 +05:30
a1c283da87
Update java-melody-exposed.yaml
2021-05-21 15:42:46 +02:00
8e5255c407
updated tags
...
The affected technology is JavaMelody - the given services in the tag help to mitigate the problem, however are not the affected technology themselves.
Ref: https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
2021-05-21 15:42:29 +02:00
842d62bb40
Create springboot-beans.yaml
2021-05-20 01:39:21 +05:30
aabf384e39
Update springboot-httptrace.yaml
...
It can be accessed via a path like /httptrace also.
2021-05-19 12:36:42 +05:30
0f13cd506c
misc changes
2021-05-16 21:04:58 +05:30
b01fc7c9d7
Create tensorflow-unauth.yaml
2021-05-16 18:34:43 +05:30
5488370527
Handling edge cases
2021-05-16 15:19:19 +05:30
ffe61049e7
Merge pull request #1465 from geeknik/patch-92
...
Create apache-filename-brute-force.yaml
2021-05-14 21:24:21 +05:30
3203754361
Workflow and tags update
2021-05-14 19:37:13 +05:30
450254cd3d
Adding "max-size" to avoid timeout error due to response size
2021-05-14 19:22:08 +05:30
92c742a890
severity updates
2021-05-14 18:55:06 +05:30
f5771466c1
Update apache-filename-brute-force.yaml
2021-05-12 20:31:52 +00:00
00af677408
Create apache-filename-brute-force.yaml
2021-05-12 20:30:15 +00:00
27ed8be9dd
Merge pull request #1444 from DhiyaneshGeek/master
...
PHP Debug bar,SAP Directory Listing,Unauthenticated Netdata,Zippkin Unauth
2021-05-11 23:07:35 +05:30
915501175a
file updates
2021-05-11 21:14:40 +05:30
5b102e02ef
Improved matcher
2021-05-11 21:12:10 +05:30
a854fec546
Improved matcher
2021-05-11 21:09:56 +05:30
f495d36958
minor update
2021-05-09 20:36:52 +05:30
252e4dc2fa
Adding cloudflare-image-ssrf
2021-05-09 20:26:24 +05:30
a53286b201
Create zippkin-unauth.yaml
2021-05-09 12:47:14 +05:30
8093e13f63
Create sap-directory-listing.yaml
2021-05-09 12:20:03 +05:30
ab93cda4ae
Create unauth-netdata.yaml
2021-05-09 11:47:58 +05:30
c062651789
minor update
2021-05-07 14:41:52 +05:30
103df33af8
Create exposed-kafdrop.yaml
2021-05-06 00:23:22 +05:30
b10918510c
Adding strict matcher
2021-05-05 17:39:31 +05:30
500ce9544b
Merge pull request #1411 from geeknik/patch-82
...
Create nginx-vhost-traffic-status.yaml
2021-05-05 14:29:26 +05:30
e0c99aea6a
misc changes
2021-05-05 14:28:46 +05:30
399fc675a6
improved matcher
2021-05-04 16:32:53 +05:30
20a67faa4a
Description
2021-05-02 09:13:37 +03:00
c5f24e5692
misc updates
2021-04-28 15:50:24 +05:30
269cc168c5
Improved matcher
2021-04-28 15:13:16 +05:30
06c5cd45fa
minor update
2021-04-27 16:13:28 +05:30
d9c8057fe2
Create aem-login-status.yaml
2021-04-26 22:09:26 +05:30
21cf3a8e27
Create aem-bg-servlet.yaml
2021-04-26 22:08:54 +05:30
d59cf643a9
Create spidercontrol-scada-server-info.yaml
2021-04-24 17:22:22 +00:00
17d556feeb
Create unauthenticated-popup-upload.yaml
2021-04-22 02:11:41 +05:30
4637798845
Merge pull request #1196 from notsoevilweasel/add-laravel-debug
...
Added new check for Laravel debug mode enabled.
2021-04-18 21:14:27 +05:30
acdad9f812
tags and name update
2021-04-18 21:11:40 +05:30
8c791c59dd
moving files around
2021-04-17 22:25:22 +05:30
11e515daad
Update drupal-user-enum-ajax.yaml
2021-04-17 22:23:49 +05:30
6dff922033
Improved path
2021-04-17 19:05:45 +05:30
8338edcb59
Update java-melody-exposed.yaml
...
Fix trailing whitespace
2021-04-14 18:19:31 +02:00
70fa457a16
Update java-melody-exposed.yaml
...
Add description, references and tags
2021-04-14 18:15:35 +02:00
5aa52a1760
Rename phpMyAdmin-setup.yaml to phpmyadmin-setup.yaml
2021-04-14 17:49:18 +05:30
e9b036a4f7
duplicate of CVE-2009-1151
2021-04-14 17:48:33 +05:30
829ab1e3a6
Update sonarqube-public-projects.yaml
2021-04-14 15:58:18 +05:30
baf3132a71
Update sonarqube-public-projects.yaml
2021-04-14 15:54:40 +05:30
a5977604a4
Added sonarqube-public-projects
2021-04-14 15:49:06 +05:30
e0387a7c5d
typo
2021-04-14 13:48:46 +05:30
c604dc07d7
Update aem-userinfo-servlet.yaml
2021-04-14 02:01:02 +05:30
e049fd7281
Merge pull request #1273 from DhiyaneshGeek/master
...
7 AEM new Templates and AEM workflow added
2021-04-14 01:29:42 +05:30
88037019ce
Minor improvements
2021-04-14 01:24:00 +05:30
c329b35af2
Update aem-gql-servlet.yaml
...
Mades some changes in matcher to reduce false positive
2021-04-13 14:45:17 +05:30
88633dd011
Create aem-wcm-suggestions-servlet.yaml
2021-04-13 14:20:43 +05:30
ea51a4f891
Create aem-userinfo-servlet.yaml
2021-04-13 14:20:14 +05:30
2a7cc19767
Create aem-merge-metadata-servlet.yaml
2021-04-13 14:19:49 +05:30
ac72ee76a9
Create aem-querybuilder-json-servlet.yaml
2021-04-13 14:19:23 +05:30
8efb2cf408
Create aem-gql-servlet.yaml
2021-04-13 14:18:59 +05:30
d0af9ae01e
Create aem-default-get-servlet.yaml
2021-04-13 14:18:34 +05:30
295ae55058
Create aem-querybuilder-feed-servlet.yaml
2021-04-13 14:17:44 +05:30
0d85374b64
Update unautneicated-cache-purge.yaml
2021-04-11 21:13:24 +05:30
bae3ee19e6
template update
2021-04-11 20:50:42 +05:30
9a4d880b88
Update aws-object-listing.yaml
2021-04-07 17:45:49 +05:30
76dcebcf85
Added AWS Bucket Object listing detection
2021-04-07 17:45:12 +05:30
0db4abb862
Added word matchers
2021-04-07 06:22:28 +12:00
c19ad562fc
lint fix
2021-04-06 14:20:26 +05:30
8fdfc64e54
misc tag updates
2021-04-06 12:16:11 +05:30
7427eb2e50
Merge pull request #1204 from DhiyaneshGeek/master
...
AEM internal File read
2021-04-05 23:56:20 +05:30
d34ca6773b
misc changes
2021-04-05 23:55:18 +05:30
a73d7f855c
Merge pull request #1200 from pikpikcu/patch-138
...
Create gitlab-infoleak
2021-04-05 23:46:11 +05:30
a0d6838672
Minor updates and Gitlab workflow
2021-04-05 23:45:14 +05:30
a395f7cd60
Create aem-querybuilder-internal-path-read.yaml
2021-04-05 23:12:25 +05:30
477a783790
Added aem-jcr-querybuilder
2021-04-05 22:45:48 +05:30
db580f47c8
Update aem-hash-querybuilder.yaml
2021-04-05 22:37:57 +05:30
PikPikcU
Prince Chaddha
Frog Man
Sandeep Singh
pussycat0x
Sullo
Pradeepch99
Dhiyaneshwaran
Prince Chaddha
Cristi Vlad
Sufijen Bani
Philippe Delteil
Divya
Roman Ananyev
Sullo
Geeknik Labs
forgedhallpass
socketz
Pham Sy Minh
sandeep
Petko D. Petkov
r3naissance
Will Davison
TheConciergeDev
Ajaysen R
Noam Rathaus
Techbrunch
notsoevilweasel