Commit Graph

1800 Commits (ad6637e1d7e0eedecaede0076f79e2ad4ecaa04c)

Author SHA1 Message Date
Prince Chaddha e832a50401
Update issuu-panel-lfi.yaml 2021-09-25 00:49:53 +05:30
Prince Chaddha f35db18633
Update and rename wp-plugin-issuu-panel-lfi.yaml to vulnerabilities/wordpress/issuu-panel-lfi.yaml 2021-09-25 00:47:37 +05:30
Sandeep Singh d75bad52c7
Merge pull request #2732 from Akokonunes/patch-38
Create product-input-fields-for-woocommerce-file-download.yaml
2021-09-22 18:19:59 +05:30
sandeep a898a6c3a6 Update wp-woocommerce-file-download.yaml 2021-09-22 18:19:25 +05:30
sandeep dfa85833e2 misc update 2021-09-22 18:18:21 +05:30
Sandeep Singh 551c9127a2
Merge pull request #2733 from Akokonunes/patch-42
Create cs-cart-unauthenticated-lfi.yaml
2021-09-22 18:10:38 +05:30
sandeep 18142906f0 moving files around 2021-09-22 18:09:43 +05:30
sandeep a60e8a9d5e misc update 2021-09-22 18:08:32 +05:30
Prince Chaddha 807920c0ac clean-up 2021-09-21 17:16:53 +05:30
Sandeep Singh a5982b8f32
Merge pull request #2721 from nerrorsec/patch-1
Added a path
2021-09-21 15:32:42 +05:30
Sandeep Singh e0a8cb25bf
Merge pull request #2725 from projectdiscovery/wp-xmlrpc-pingback-detection
Added Wordpress XMLRPC Pingback detection
2021-09-21 15:29:25 +05:30
sandeep d9c5095780 fixing xmlrpc-pingback-ssrf.yaml 2021-09-21 15:21:35 +05:30
Prince Chaddha ff4811e085
Create wordpress-git-config.yaml 2021-09-21 15:21:16 +05:30
sandeep 10a6436f6f Added Wordpress XMLRPC Pingback detection 2021-09-21 15:18:49 +05:30
Prince Chaddha 8034e43e2c
Merge pull request #2711 from 0xSmiley/generic_lfi
Generic lfi
2021-09-21 00:11:59 +05:30
Prince Chaddha 8a985aa5c8
Update generic-linux-lfi.yaml 2021-09-20 23:53:49 +05:30
Prince Chaddha 6564d0fca4
Merge pull request #2708 from pussycat0x/master
New templates
2021-09-20 14:18:41 +05:30
Sandeep Singh e9e99de988
Merge pull request #2714 from pikpikcu/patch-288
Update Severity
2021-09-20 12:20:12 +05:30
PikPikcU 991963fe4a
Update Severity 2021-09-20 12:11:56 +07:00
kn1ght ffe20a273d
fix: typo error 2021-09-19 20:23:22 -03:00
Nuno 083a72b24c Generic Template Updated 2021-09-18 20:13:32 +01:00
Muhammad Daffa 50dfd3dc3d
Update Severity 2021-09-18 21:07:47 +07:00
Sandeep Singh 0f03f5ff55
Merge pull request #2692 from projectdiscovery/metadata-attribute-update 2021-09-18 18:19:07 +05:30
sandeep 8c28120218 Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 14:32:13 +05:30
sandeep fb1aee75ce Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 14:28:03 +05:30
Prince Chaddha e183b518db
Update wp-altair-listing.yaml 2021-09-18 14:11:17 +05:30
Prince Chaddha d0c5083632
Update wp-altair-listing.yaml 2021-09-18 14:09:59 +05:30
Prince Chaddha 0523d46ed2 Revert "Delete wp-altair-listing.yaml"
This reverts commit 05dd3affce.
2021-09-18 13:54:03 +05:30
Prince Chaddha 05dd3affce
Delete wp-altair-listing.yaml 2021-09-18 13:51:28 +05:30
Prince Chaddha 63cc624c4a
Update luftguitar-arbitrary-file-upload.yaml 2021-09-18 12:14:32 +05:30
Prince Chaddha 893f8d3bc6
Update wp-altair-listing.yaml 2021-09-18 12:01:47 +05:30
pussycat0x 10b3bc327d
Add files via upload 2021-09-18 10:37:16 +05:30
PikPikcU 2a1341274a
Create luftguitar-arbitrary-file-upload.yaml 2021-09-17 21:04:21 +07:00
Prince Chaddha 3deb522abc
Merge pull request #2664 from Akokonunes/patch-37
Create ecoa-building-automation-lfd.yaml
2021-09-17 16:47:54 +05:30
Prince Chaddha df59ad5670
Update and rename ecoa-building-automation-lfd.yaml to vulnerabilities/other/ecoa-building-automation-lfd.yaml 2021-09-17 16:39:09 +05:30
Prince Chaddha b00b70c150
Merge pull request #2697 from Akokonunes/patch-39
Create attitude-wp-theme-open-redirect.yaml
2021-09-17 15:12:21 +05:30
Prince Chaddha 5cac00bada
Merge pull request #2698 from Akokonunes/patch-40
Create eatery-restaurant-wp-theme-open-redirect.yaml
2021-09-17 15:12:09 +05:30
Prince Chaddha a40530d9d4
Update and rename eatery-restaurant-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/eatery-restaurant-open-redirect.yaml 2021-09-17 15:10:30 +05:30
Prince Chaddha 69e546ea4d
Update attitude-theme-open-redirect.yaml 2021-09-17 15:10:23 +05:30
Prince Chaddha c5ccf9d991
Update and rename attitude-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/attitude-theme-open-redirect.yaml 2021-09-17 15:08:59 +05:30
Prince Chaddha 2e8329b645
Update and rename weekender-newspaper-wp-theme-open-redirect.yaml to vulnerabilities/wordpress/weekender-newspaper-open-redirect.yaml 2021-09-17 15:06:13 +05:30
Geeknik Labs 03a79aa0c3
Update jenkins-script.yaml 2021-09-16 15:17:15 -05:00
sandeep 676b51d20c Metadata attribute update 2021-09-16 21:24:33 +05:30
Prince Chaddha 18879698fa
Update bullwark-momentum-lfi.yaml 2021-09-13 15:55:14 +05:30
Prince Chaddha e18cc14218
Update bullwark-momentum-lfi.yaml 2021-09-13 15:34:18 +05:30
sandeep 546bd6a038 matcher update 2021-09-13 15:28:35 +05:30
sandeep 34bba4e794 misc update 2021-09-12 17:10:52 +05:30
Noam Rathaus 46b16bcfa2 Incomplete title 2021-09-12 14:16:01 +03:00
Noam Rathaus 59525a5846 Working reference 2021-09-12 13:02:41 +03:00
Noam Rathaus e602575ae0 Working reference 2021-09-12 12:58:48 +03:00
Noam Rathaus fb2f89bc86 References 2021-09-12 12:58:43 +03:00
Noam Rathaus 624162cca7 Working reference 2021-09-12 12:50:53 +03:00
Noam Rathaus 896343be12 Clarify description 2021-09-12 12:41:33 +03:00
sandeep dde7140ff9 misc update 2021-09-11 23:46:31 +05:30
sandeep 207c140c50 moving files around 2021-09-11 21:06:36 +05:30
Philippe Delteil c41f64987b
Update wordpress-db-repair.yaml
Solves this false positive (different encoding) 

nuclei -debug -t   nuclei-templates/vulnerabilities/wordpress/wordpress-db-repair.yaml -u https://try.walmart.com

<p><code>define(&#39;WP_ALLOW_REPAIR&#39;, true);
2021-09-10 17:18:15 -03:00
Sandeep Singh cf4ef2ac5a
Merge pull request #2622 from projectdiscovery/missing-tags 2021-09-10 12:32:47 +05:30
sandeep bd24dc198e Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
Prince Chaddha 67766f381a
Merge pull request #2600 from Akokonunes/patch-35
Create phpwiki-lfi.yaml
2021-09-09 15:02:41 +05:30
Prince Chaddha 6ce33e2f47
Rename phpwiki-lfi.yaml to vulnerabilities/other/phpwiki-lfi.yaml 2021-09-09 15:01:35 +05:30
Prince Chaddha 576499034d
Update wordpress-rce-simplefilelist.yaml 2021-09-09 12:09:13 +05:30
Prince Chaddha 08dac56385
Update simple-employee-rce.yaml 2021-09-09 12:06:24 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
Prince Chaddha 9b75486616
Rename homeautomation-v3-openredirect.yaml to vulnerabilities/other/homeautomation-v3-openredirect.yaml 2021-09-07 18:07:48 +05:30
Sandeep Singh e6a71e0e80
Merge pull request #2593 from projectdiscovery/openvpn-hhi
Added OpenVPN Host Header Injection
2021-09-06 18:56:27 +05:30
Sandeep Singh e31a75af04
Merge pull request #2595 from projectdiscovery/host-header-injection
Create host-header-injection.yaml
2021-09-06 18:56:09 +05:30
Prince Chaddha 4075664390
Merge pull request #2580 from Akokonunes/patch-29
Create gSOAP-LFl.yaml
2021-09-06 17:36:18 +05:30
Prince Chaddha e9d5665383
Update gsoap-lfi.yaml 2021-09-06 17:34:51 +05:30
Prince Chaddha 1942d13ed6
Update openvpn-hhi.yaml 2021-09-06 17:15:30 +05:30
Prince Chaddha acd4624200
Create host-header-injection.yaml 2021-09-06 17:14:27 +05:30
Prince Chaddha 842f66380f Revert "Create host-header-injection.yaml"
This reverts commit 6abfcd80e1.
2021-09-06 17:13:48 +05:30
Prince Chaddha 6abfcd80e1
Create host-header-injection.yaml 2021-09-06 17:13:20 +05:30
sandeep cec54e6d51 tags update
Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com>
2021-09-06 16:15:07 +05:30
sandeep c105e41fa4 Added OpenVPN Host Header Injection
Co-Authored-By: me_dheeraj <9442273+Dheerajmadhukar@users.noreply.github.com>
2021-09-06 16:13:17 +05:30
Prince Chaddha f6e52a6739
Merge pull request #2585 from sullo/master
Updates across many templates for clarity, spelling, and grammar.
2021-09-06 15:02:52 +05:30
Prince Chaddha 7579fe98c2
Update and rename minimouse-lfi.yaml to vulnerabilities/other/minimouse-lfi.yaml 2021-09-06 14:44:39 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Prince Chaddha bf1d6374b2
Rename gSOAP-LFl.yaml to vulnerabilities/other/gsoap-lfi.yaml 2021-09-05 19:22:07 +05:30
sandeep 90f8caf302 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481 2021-09-03 14:55:30 +05:30
sandeep c266084621 Added stop-at-first-match in applicable templates 2021-09-02 17:29:10 +05:30
sandeep faf111362c Removing extra space 2021-09-01 12:37:02 +05:30
Prince Chaddha 5c5c6c3974
Update processmaker-lfi.yaml 2021-08-31 14:08:11 +05:30
Prince Chaddha 0b69ea80b2
Create processmaker-lfi.yaml 2021-08-31 14:03:47 +05:30
Noam Rathaus 86f3c08ba6 Vendor writes it as "NETGEAR" 2021-08-29 09:39:06 +03:00
Noam Rathaus 9f9970c8e9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-08-29 09:15:40 +03:00
forgedhallpass 419a957409 Fixing errors in templates
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-27 10:43:24 +03:00
forgedhallpass a4250b8f2f Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-26 15:04:14 +03:00
Sandeep Singh e66463d466
Merge pull request #2355 from G4L1T0/corsmisc
add cors-misconfig.yaml
2021-08-26 04:26:37 +05:30
sandeep 1999a9b560 Enhanced CORS checks 2021-08-26 04:24:06 +05:30
sandeep 05305904ef more strict matchers 2021-08-26 02:43:53 +05:30
socketz ed76585ed6 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-08-25 14:33:32 +02:00
socketz c766a8454d Fixed yaml linting errors 2021-08-25 14:09:42 +02:00
sandeep 8fb3c65965 template fix 2021-08-25 01:32:14 +05:30
forgedhallpass 110f9c9ddd Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-24 20:38:11 +03:00
Sandeep Singh ee37e34f54
Update wp-woocommerce-pdf-invoice-listing.yaml 2021-08-24 17:48:31 +05:30
Prince Chaddha f66f36237b
Merge pull request #2455 from gy741/rule-add-v58
Create commax-biometric-access-control-system-auth-bypass.yaml
2021-08-24 17:44:13 +05:30
Prince Chaddha 554c4a505f
Update and rename commax-biometric-access-control-system-auth-bypass.yaml to commax-biometric-auth-bypass.yaml 2021-08-24 17:17:43 +05:30
Prince Chaddha 0a4cd456bf
Update commax-biometric-access-control-system-auth-bypass.yaml 2021-08-24 17:13:17 +05:30
Prince Chaddha ba03c2b377
Update unauth-hoteldruid-panel.yaml 2021-08-24 16:46:24 +05:30
Prince Chaddha d1065cd3fc
Create unauth-hoteldruid-panel.yaml 2021-08-24 16:42:11 +05:30
PikPikcU ecd6547d05
Update thinkific-redirect.yaml 2021-08-24 14:56:21 +07:00
forgedhallpass a124e393b4 Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 19:15:14 +03:00
Prince Chaddha 647d27925a
Merge pull request #2426 from projectdiscovery/generic
Templates by geeknik
2021-08-23 19:55:32 +05:30
forgedhallpass 296edfc37b Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 14:40:33 +03:00
Sandeep Singh 04b401a8ef
Merge pull request #2456 from projectdiscovery/payloads-update
Payloads positional update to keep the request format uniform
2021-08-23 15:26:35 +05:30
sandeep 62530eafc2 Update wp-slideshow-xss.yaml 2021-08-23 15:15:26 +05:30
sandeep 2aa54304ee Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30
GwanYeong Kim cad976abda Create commax-biometric-access-control-system-auth-bypass.yaml
The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-22 18:19:34 +09:00
sandeep cbdef618f3 Update netgear-router-exposure.yaml 2021-08-21 00:38:54 +05:30
forgedhallpass dc4cc62629 Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 15:35:17 +03:00
sandeep e160acb481 misc updates 2021-08-20 16:37:22 +05:30
sandeep 0ef2106a6e Improved template 2021-08-19 23:34:16 +05:30
Sandeep Singh 0bef05c541
Merge pull request #793 from pikpikcu/patch-40
resin information disclosure
2021-08-19 23:15:42 +05:30
Sandeep Singh ab824564d3
minor updates 2021-08-19 23:11:29 +05:30
Sandeep Singh 1247fcd993
Update vulnerabilities/other/caucho-resin-info-disclosure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-08-19 23:09:26 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass 002e8db616 Moved the "vendor" custom attribute under reference
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 17:00:46 +03:00
forgedhallpass 97d4f8705b Fixed mistakes/typos
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:55 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass ffaff64565 Changes fixes/around dynamic attributes ("additional-fields")
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass 0b432b341b Added comments with URLs under the "references" field
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
forgedhallpass e68d15ab63 Fixed mistakes/typos in the templates.
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 15:30:14 +03:00
Prince Chaddha bc1bf5d919
Create comtrend-ct5367-disclosure.yaml 2021-08-19 14:47:44 +05:30
Prince Chaddha f8a8968408 Revert "Create comtrend-ct5367-disclosure.yaml"
This reverts commit 33ea2d360c.
2021-08-19 14:46:35 +05:30
Prince Chaddha 33ea2d360c
Create comtrend-ct5367-disclosure.yaml 2021-08-19 14:45:37 +05:30
Sandeep Singh ab0750b570
minor update 2021-08-19 00:43:44 +05:30
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
Prince Chaddha dd1bbe6093 Revert "Delete netgear-router-disclosure.yaml"
This reverts commit 3b969e7e0d.
2021-08-18 17:02:08 +05:30
Prince Chaddha 3b969e7e0d
Delete netgear-router-disclosure.yaml 2021-08-18 16:59:49 +05:30
forgedhallpass 4c920b2552 Rename "references" to "reference" to match the expected template info structure
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:29:20 +03:00
Prince Chaddha 0a0b5c7f74
Update netgear-router-disclosure.yaml 2021-08-18 16:56:56 +05:30
Prince Chaddha d07323e0be
Create netgear-router-disclosure.yaml 2021-08-18 16:44:28 +05:30
Prince Chaddha af15e4817f
Update netgear-router-auth-bypass.yaml 2021-08-18 16:42:34 +05:30
Prince Chaddha 067c9a8755
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 16:39:22 +05:30
Prince Chaddha fe1e7d36fb
Merge pull request #2429 from Mad-robot/patch-3
Create geovision-geowebserver-lfi.yaml
2021-08-18 16:19:49 +05:30
Prince Chaddha 0731a772d4
Update geovision-geowebserver-lfi.yaml 2021-08-18 16:18:12 +05:30
Prince Chaddha 1db2715a06
Update geovision-geowebserver-xss.yaml 2021-08-18 14:51:23 +05:30
Prince Chaddha eeb284a7ec
Update geovision-geowebserver-xss.yaml 2021-08-18 14:48:34 +05:30
SaN ThosH db4073d2b5
Update geovision-geowebserver-lfi.yaml 2021-08-18 03:54:30 +05:30
SaN ThosH d5748c95fc
Create geovision-geowebserver-lfi.yaml 2021-08-18 03:50:45 +05:30
SaN ThosH 0c24cc2f74
Create geovision-geowebserver-xss.yaml 2021-08-18 03:50:39 +05:30
Prince Chaddha f60cef447b
Update generic-blind-xxe.yaml 2021-08-17 22:57:34 +05:30
Prince Chaddha 727e73c5c3
Create solar-log-authbypass.yaml 2021-08-17 18:02:41 +05:30
Prince Chaddha c39f0e2077
Create generic-blind-xxe.yaml 2021-08-17 17:18:52 +05:30
Sandeep Singh 59b2aeda40
Merge pull request #2420 from geeknik/patch-18
Update twig-php-ssti.yaml
2021-08-17 17:12:00 +05:30
sandeep c2f87671fb strict matcher 2021-08-17 15:52:22 +05:30
sandeep 03cd55a33f severity update based on poc
We will update this again as per assigned CVE which is not available right now?
2021-08-17 15:02:47 +05:30
sandeep 4a5137b742 more tags 2021-08-17 15:00:30 +05:30
sandeep e8c3a1f9c7 Additional matchers update 2021-08-17 15:00:05 +05:30
Sanyam Chawla 5072dbbcbb
Create ms-exchange-server-reflected-xss.yaml 2021-08-17 13:55:38 +05:30
Geeknik Labs 3b9fb75fcb
Update twig-php-ssti.yaml
Another FP fix
2021-08-16 15:30:23 -05:00
Geeknik Labs d52c97c569
Update twig-php-ssti.yaml
False positive fix
2021-08-16 15:28:13 -05:00
Prince Chaddha 970bdb3ac7
Update pmb-directory-traversal.yaml 2021-08-16 16:43:47 +05:30
Prince Chaddha d45887f9f9
Delete node-nunjucks-ssti.yaml 2021-08-16 16:41:58 +05:30
Prince Chaddha d3a379e112
Update eyelock-nano-lfd.yaml 2021-08-16 16:40:42 +05:30
Prince Chaddha af4f29ab03
Update beward-ipcamera-disclosure.yaml 2021-08-16 16:37:34 +05:30
Prince Chaddha 4e498a6478
Create pmb-directory-traversal.yaml 2021-08-16 16:14:02 +05:30
Prince Chaddha 451823f887
Create node-nunjucks-ssti.yaml 2021-08-16 16:13:27 +05:30
Prince Chaddha c6927262eb
Create eyelock-nano-lfd.yaml 2021-08-16 16:12:45 +05:30
Prince Chaddha 232b187a40
Create beward-ipcamera-disclosure.yaml 2021-08-16 16:11:44 +05:30
sandeep 3ac7a756fc Added woocommerce-pdf-invoice-listing 2021-08-16 15:37:07 +05:30
Prince Chaddha b3d27f3d0c
Merge pull request #2407 from DhiyaneshGeek/master
Oracle XSS
2021-08-16 14:14:20 +05:30
Prince Chaddha 610924d55b
Update oracle-siebel-xss.yaml 2021-08-16 14:12:49 +05:30
Prince Chaddha 2875be2d82
Update simple-crm-sql-injection.yaml 2021-08-16 14:06:18 +05:30
Prince Chaddha bd865a0615
Update simple-crm-sql-injection.yaml 2021-08-16 14:03:41 +05:30
Prince Chaddha 2a448b52db
Update simple-crm-sql-injection.yaml 2021-08-16 14:03:09 +05:30
Geeknik Labs cacb2ff684
Update simple-crm-sql-injection.yaml 2021-08-15 15:28:00 -05:00
Geeknik Labs 9fb1b464b4
Create simple-crm-sql-injection.yaml 2021-08-15 15:23:38 -05:00
Dhiyaneshwaran cceb32a88b
Create oracle-siebel-xss.yaml 2021-08-15 23:18:13 +05:30
Prince Chaddha 7bce4fbb26
Update netis-info-leak.yaml 2021-08-14 16:00:00 +05:30
Prince Chaddha edffa49ca4
Update netis-info-leak.yaml 2021-08-14 15:53:30 +05:30
GwanYeong Kim 5b81af7ab4 Create netis-info-leak.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-13 13:34:28 +09:00
sandeep df65ba694b Update ewebs-arbitrary-file-reading.yaml 2021-08-12 18:19:22 +05:30
PikPikcU 65ed503022
Create ewebs-arbitrary-file-reading.yaml 2021-08-12 18:41:02 +07:00
Sandeep Singh 5ca0a70f3e
Merge pull request #2372 from projectdiscovery/buffalo
Added CVE-2021-20090 / CVE-2021-20091 / CVE-2021-20092
2021-08-12 16:07:45 +05:30
Prince Chaddha 0875847c7d
Merge pull request #2374 from gy741/rule-add-v54
Create sar2html-rce.yaml
2021-08-12 15:06:13 +05:30
Prince Chaddha cfc534af89
Update sar2html-rce.yaml 2021-08-12 15:03:49 +05:30
sandeep 98a07bd594 Added unauth config injection 2021-08-12 14:12:20 +05:30
Prince Chaddha 6ac4da7993
Merge branch 'master' into corsmisc 2021-08-11 13:17:10 +05:30
Prince Chaddha b466fce758
Update basic-cors.yaml 2021-08-11 13:15:04 +05:30
Prince Chaddha 5ac272597b
Delete cors-misconfig.yaml 2021-08-11 13:14:04 +05:30
Prince Chaddha cb94b58009
Update basic-cors.yaml 2021-08-11 13:13:45 +05:30
Prince Chaddha d49dc5f9d4
Update top-xss-params.yaml 2021-08-11 13:08:49 +05:30
Prince Chaddha c576f4317b
Update open-redirect.yaml 2021-08-11 13:08:24 +05:30
Prince Chaddha efa7319d40
Update generic-windows-lfi.yaml 2021-08-11 13:08:11 +05:30
Prince Chaddha 57b8d89815
Update generic-linux-lfi.yaml 2021-08-11 13:08:00 +05:30
Prince Chaddha cbfe76f33f
Update error-based-sql-injection.yaml 2021-08-11 13:07:46 +05:30
Prince Chaddha aa0b195c99
Update crlf-injection.yaml 2021-08-11 13:07:36 +05:30
Prince Chaddha 2165418c59
Update cache-poisoning.yaml 2021-08-11 13:07:27 +05:30
Prince Chaddha 4d4ae2edd2
Update basic-xss-prober.yaml 2021-08-11 13:07:17 +05:30
Prince Chaddha 791472aa2b
Update basic-cors.yaml 2021-08-11 13:07:05 +05:30
GwanYeong Kim 0d2b53e71d Create sar2html-rce.yaml
SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-11 14:11:25 +09:00
sandeep 8c48ca97d2 matcher + payload + regex updates 2021-08-09 21:58:28 +05:30
G4L1T0 a44324ec2f updatev2 cors-misconfig.yaml 2021-08-09 11:57:37 -03:00
G4L1T0 e98fb7179e update cors-misconfig.yaml 2021-08-09 11:56:37 -03:00
Noam Rathaus a806149864 Spelling 2021-08-09 16:31:00 +03:00
Noam Rathaus 864b209cc1 Add reference 2021-08-09 16:10:10 +03:00
Noam Rathaus 3651410d37 Provide description 2021-08-09 16:08:19 +03:00
Sandeep Singh 210c57768d
Merge pull request #2193 from gy741/rule-add-v42
Create kevinlab-hems-backdoor.yaml
2021-08-08 13:56:56 +05:30
Sandeep Singh 3918071875
Merge pull request #2348 from Akokonunes/patch-25
Create grimag-open-redirect.yaml
2021-08-08 12:38:24 +05:30
sandeep d7b8760231 minor update 2021-08-08 12:29:11 +05:30
sandeep 4c057dcb1e minor update 2021-08-08 12:26:34 +05:30
sandeep a7dcd3f317 added more tags 2021-08-08 00:27:18 +05:30
sandeep 3b6d6322ea Additional matcher 2021-08-08 00:22:55 +05:30
sandeep e690901c86 minor update 2021-08-08 00:20:56 +05:30
Sandeep Singh 0ee60c4a3e
Merge pull request #2197 from mesaglio/master
Detect azure directory traversal hosts file
2021-08-07 23:15:29 +05:30
sandeep 318aa4736e misc update 2021-08-07 23:04:27 +05:30
sandeep 2233ebf3f1 moving files around 2021-08-07 23:02:17 +05:30
sandeep ca9efec5c0 tag update 2021-08-07 15:00:29 +05:30
Dhiyaneshwaran afcbd374a9
Create sap-redirect.yaml 2021-08-07 11:31:58 +05:30
sandeep 5cddd4312b Adding additional steps to make it work 2021-08-06 23:30:34 +05:30
PikPikcU 57624f3d25
Create ruijie-eg-rce.yaml 2021-08-06 17:04:32 +07:00
Prince Chaddha 3395eff8a0
Merge pull request #2316 from gy741/rule-add-v49
Create CVE-2020-7796.yaml
2021-08-03 19:57:45 +05:30
Prince Chaddha c581a94bf4
Merge pull request #2318 from gy741/rule-add-v50
Create longjing-technology-bems-api-lfi.yaml
2021-08-03 19:56:57 +05:30
Prince Chaddha 28d568b88c
Update and rename longjing-technology-bems-api-lfi.yaml to bems-api-lfi.yaml 2021-08-03 19:55:25 +05:30
Prince Chaddha 23bc448b1b
Merge pull request #2199 from pikpikcu/patch-208
Add OpenSIS POC
2021-08-03 19:53:32 +05:30
GwanYeong Kim 5fb6332bd9 Create longjing-technology-bems-api-lfi.yaml
The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 21:52:14 +09:00
Prince Chaddha ea1ae20a82
Create zimbra-preauth-ssrf.yaml 2021-08-03 12:52:56 +05:30
Prince Chaddha 2491a6a4b7
Merge pull request #2227 from Udyz/patch-5
Create hasura-graphql-sql-exec.yaml
2021-08-02 22:25:31 +05:30
Prince Chaddha 4e976706b8
Update hasura-graphql-psql-exec.yaml 2021-08-02 22:18:41 +05:30
Prince Chaddha 204cf337c8
Update hasura-graphql-psql-exec.yaml 2021-08-02 22:15:52 +05:30
Prince Chaddha 6102421e22
Update hasura-graphql-ssrf.yaml 2021-08-02 22:03:12 +05:30
Prince Chaddha 03077a9ca2
Update tikiwiki-reflected-xss.yaml 2021-08-02 21:44:48 +05:30
Prince Chaddha 9f8d31200f
Merge pull request #2263 from pdelteil/patch-35
Create jenkins-script.yaml
2021-08-02 20:59:12 +05:30
Prince Chaddha 451aca42f9
Update jenkins-script.yaml 2021-08-02 20:57:19 +05:30
Noam Rathaus 493acb8afe Description 2021-08-02 14:30:22 +03:00
sandeep e896a8982d misc updates 2021-08-02 12:53:35 +05:30
GwanYeong Kim 27eef8c1a9 Create zhiyuan-file-upload.yaml
Zhiyuan OA is a set of office coordinating management software. Recently, Qianxin CERT monitors the relevant vulnerability information of the long OA. Since there is an unauthorized access in some interfaces, and some functions are insufficient, the attacker can upload malicious script files without logging in, so that there is no need to log in. Zhiyuan OA official has provided patches for this vulnerability. In view of the large vulnerability harm, it is recommended that users apply patch updates as soon as possible.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-02 11:07:14 +09:00
sandeep aa336ed979 matcher update 2021-07-31 23:08:46 +05:30
Sandeep Singh 918a6deead
Merge pull request #2265 from pussycat0x/master
zabbix-dashboards-access
2021-07-30 02:37:02 +05:30
sandeep 0d7dfa1713 Update wp-upload-data.yaml 2021-07-30 02:36:18 +05:30
Philippe Delteil 147ac0143a
Create jenkins-script.yaml 2021-07-29 12:29:05 -04:00
Philippe Delteil 1f6a6a8764
Update jenkins-stack-trace.yaml
file name  =  template id.
2021-07-29 02:50:35 -04:00
Prince Chaddha 6d205308ea
Merge pull request #2239 from pikpikcu/patch-236
Add Bitrix Open redirect
2021-07-29 00:16:19 +05:30
Prince Chaddha 49efd9fa07
Update bitrix-open-redirect.yaml 2021-07-29 00:13:15 +05:30
Prince Chaddha 576b42b412
Update wp-upload-data.yaml 2021-07-29 00:09:11 +05:30
pussycat0x 7038617c86
Add files via upload 2021-07-28 23:56:51 +05:30
Philippe Delteil 4b7080333a
Rename unauthenticated-jenkin-dashboard.yaml to unaunthenticated-jenkin.yaml
id - name file consistency
2021-07-28 01:17:18 -04:00
PikPikcU 783550d003
Update bitrix-open-redirect.yaml 2021-07-28 08:38:48 +07:00
PikPikcU 72fcdc20bf
Create bitrix-open-redirect.yaml 2021-07-28 08:37:25 +07:00
lulz 0c68ef5f66
Rename raw-psql-warp.yaml to hasura-graphql-psql-exec.yaml 2021-07-27 23:25:36 +07:00
lulz 0706823399
Update raw-psql-warp.yaml 2021-07-27 23:23:55 +07:00
lulz 5c931f8d00
Update raw-psql-warp.yaml 2021-07-27 22:12:41 +07:00
lulz 2219ab607e
Create raw-psql-warp.yaml 2021-07-27 21:57:59 +07:00
Prince Chaddha 9f28ff8f9b
Update qcubed-xss.yaml 2021-07-27 11:57:30 +05:30
PikPikcU a2fc63b7ac
Create qcubed-xss.yaml 2021-07-27 13:06:30 +07:00
PikPikcU 72c038bbf1
Update opensis-lfi.yaml 2021-07-27 08:07:21 +07:00
PikPikcU 29e399df87
Create opensis-lfi.yaml 2021-07-27 07:43:02 +07:00
juan mesaglio 5d5dafc6e7
Detect azure directory traversal hosts file 2021-07-26 20:12:26 -03:00
GwanYeong Kim eadc9b4dac Create kevinlab-hems-backdoor.yaml
The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-27 02:48:31 +09:00
Prince Chaddha 833ae4ae48
Merge pull request #1083 from pikpikcu/patch-123
Create dedecms-membergroup-sqli
2021-07-26 18:02:27 +05:30
Prince Chaddha 86989129d1
Update netgear-wnap320-rce.yaml 2021-07-26 13:38:38 +05:30
GwanYeong Kim c72190c4bf Create netgear-wnap320-rce.yaml
vulnerabilities in the web-based management interface of Netgear WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-26 08:35:22 +09:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
Prince Chaddha 2c0aa783c4
Merge pull request #2148 from gy741/rule-add-v34
Add KevinLAB BEMS 1.0 Multiple Vulnerabilities
2021-07-24 15:37:48 +05:30
Prince Chaddha bf7c0d3a63
Merge pull request #2122 from gy741/rule-add-v33
Create magicflow-lfi.yaml
2021-07-24 12:13:59 +05:30
Prince Chaddha ac45802ef5
Update kevinlab-bems-sqli.yaml 2021-07-24 12:10:46 +05:30
Prince Chaddha 2631f55550
Update kevinlab-bems-backdoor.yaml 2021-07-24 12:07:27 +05:30
Prince Chaddha 9a46592f71
Update kevinlab-bems-sqli.yaml 2021-07-24 11:59:35 +05:30
Prince Chaddha 87b4c2e98b
Update kevinlab-bems-sqli.yaml 2021-07-24 11:47:05 +05:30
Sandeep Singh 4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep 9617bc5815 matcher update 2021-07-24 03:25:22 +05:30
sandeep 47ea40bc55 Update kevinlab-bems-backdoor.yaml 2021-07-24 03:17:53 +05:30
Sandeep Singh b346584002
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:25:13 +05:30
Sandeep Singh 1909e3f628
Update vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:24:37 +05:30
Sandeep Singh 59f90ffffa
Merge pull request #2150 from pussycat0x/master
New templates added
2021-07-24 00:09:43 +05:30
sandeep 79e15e7123 Update wordpress-wpcourses-info-disclosure.yaml 2021-07-24 00:07:50 +05:30
sandeep 43dccef185 generic improvements 2021-07-24 00:06:13 +05:30
sandeep 97aa239d52 Merge branch 'master' of https://github.com/pussycat0x/nuclei-templates into pr/2037 2021-07-24 00:00:55 +05:30
sandeep 3960d1f295 strict matchers 2021-07-23 23:59:54 +05:30
Sandeep Singh 38c2b6d4a9
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:58 +05:30
Sandeep Singh bdfee95603
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:33 +05:30
Sandeep Singh 6ebd1a36e0
Update vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:28 +05:30
Sandeep Singh edc62d15a4
Update vulnerabilities/wordpress/wp-email-subscribers-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:20 +05:30
Sandeep Singh 5170f4962b
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:49:14 +05:30
Sandeep Singh 1feaaded28
Update vulnerabilities/wordpress/wp-idx-broker-platinum-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:26 +05:30
Sandeep Singh 750a86c500
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:14 +05:30
Sandeep Singh 04b71d9335
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:41:06 +05:30
Sandeep Singh b82ac4b3fc
Update vulnerabilities/wordpress/wp-iwp-client-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 23:40:56 +05:30
sandeep 28d7d26953 Update wp-sfwd-lms-listing.yaml 2021-07-23 23:39:46 +05:30
Prince Chaddha ca49fb21c7
Merge pull request #2154 from pdelteil/patch-25
Update coldfusion-debug-xss.yaml
2021-07-23 20:54:31 +05:30
Prince Chaddha 2dfa3d2e82
Update visual-tools-dvr-rce.yaml 2021-07-23 20:46:49 +05:30
Prince Chaddha 1dd4e3c846
Update visual-tools-dvr-rce.yaml 2021-07-23 15:15:23 +05:30
GwanYeong Kim 2c77510faa Create visual-tools-dvr-rce.yaml
vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-23 08:47:29 +09:00
Philippe Delteil abacdafb4f
Update coldfusion-debug-xss.yaml
The term adobe is more general than coldfusion. Since Coldfusion is a product of Adobe.
2021-07-22 19:44:57 -04:00
pussycat0x d3ff29daaa
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:32:13 +05:30
pussycat0x 6987e1ffee
Update vulnerabilities/wordpress/wp-arforms-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:32:05 +05:30
pussycat0x eac08288e8
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:31:33 +05:30
pussycat0x 05846a34c7
Update vulnerabilities/wordpress/wp-sfwd-lms-listing.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-23 00:31:13 +05:30
pussycat0x a81e3b53cb
Add files via upload 2021-07-22 19:42:25 +05:30
GwanYeong Kim 69db0862ee Create kevinlab-bems-backdoor.yaml
The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 22:13:00 +09:00
GwanYeong Kim a4ec6a2b11 Create kevinlab-bems-sqli.yaml
The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'input_id' POST parameter in '/http/index.php' is not properly sanitised before being returned to the user or used in SQL queries.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-22 21:46:18 +09:00
Prince Chaddha 5455222476
Merge pull request #2140 from pussycat0x/master
New templates added
2021-07-22 17:53:25 +05:30
Prince Chaddha c17763ac20
Update and rename wp-plugineasy-media-gallery-pro-listing.yaml to easy-media-gallery-pro-listing.yaml 2021-07-22 17:45:43 +05:30
pussycat0x f00f5eeaa9
Add files via upload 2021-07-22 08:04:21 +05:30
Prince Chaddha 111da22943
Update dedecms-membergroup-sqli.yaml 2021-07-21 18:34:37 +05:30
Prince Chaddha 403a73d1c7
Merge pull request #1085 from pikpikcu/patch-125
Create dedecms-carbuyaction-fileinclude.yaml
2021-07-21 18:27:45 +05:30
Prince Chaddha f5fc07dd72
Merge pull request #1581 from pikpikcu/patch-168
Create hiboss-rce
2021-07-21 18:27:38 +05:30
Prince Chaddha 08541f08c4
Update dedecms-carbuyaction-fileinclude.yaml 2021-07-21 18:26:36 +05:30
Prince Chaddha 00ce088daf
Merge pull request #1334 from projectdiscovery/princechaddha-patch-3
Create sangfor-edr-auth-bypass.yaml
2021-07-21 18:18:08 +05:30
Prince Chaddha 8d953c45ea
Update sangfor-edr-auth-bypass.yaml 2021-07-21 18:14:42 +05:30
Prince Chaddha da1ef3b031
Merge pull request #1568 from pikpikcu/patch-166
Create h3c-imc-rce
2021-07-21 18:11:11 +05:30
Dhiyaneshwaran 08f160f0e2
Create nginx-merge-slashes-path-traversal.yaml 2021-07-21 13:46:40 +05:30
GwanYeong Kim 16750fd9a2 Create magicflow-lfi.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-21 14:18:00 +09:00
Muhammad Daffa 21809132da
Renamed to CVE-2021-24340.yaml 2021-07-20 13:36:04 +07:00
sandeep 13e5528c46 duplicate update 2021-07-20 11:40:23 +05:30
Muhammad Daffa d27fb4c3b0
Renamed CVE-2020-8771.yaml 2021-07-20 12:49:16 +07:00
sandeep 4dbf36813d removing duplicate template 2021-07-20 00:43:39 +05:30
Sandeep Singh 6eee57115c
Merge pull request #2083 from projectdiscovery/fixing-xss-matchers
fixing-xss-matchers
2021-07-20 00:28:01 +05:30
sandeep 13d26d8c6d moving files around 2021-07-20 00:10:30 +05:30
Muhammad Daffa 68efee3702
Merge branch 'projectdiscovery:master' into master 2021-07-19 19:48:57 +07:00
Muhammad Daffa 7a99c2db48
Rename to CVE-2018-16283 2021-07-19 19:47:31 +07:00
sandeep 96d7a23ccd removed duplicate 2021-07-19 18:15:42 +05:30
sandeep a88710e503 Removed duplicate template 2021-07-19 16:56:45 +05:30
Prince Chaddha 574245af0d
Update wp-socialfit-xss.yaml 2021-07-19 11:43:07 +05:30
Prince Chaddha 5fcbd0e446
Update wp-slideshow-xss.yaml 2021-07-19 11:42:34 +05:30
Prince Chaddha f77f66d1e6
Update wp-phpfreechat-xss.yaml 2021-07-19 11:41:40 +05:30
Prince Chaddha 4df08a33c4
Update wp-nextgen-xss.yaml 2021-07-19 11:41:15 +05:30
Prince Chaddha 0329b1b2fb
Update wp-knews-xss.yaml 2021-07-19 11:40:45 +05:30
Prince Chaddha e14b31489b
Update wp-flagem-xss.yaml 2021-07-19 11:40:14 +05:30
Prince Chaddha 705f431c1c
Update wp-finder-xss.yaml 2021-07-19 11:39:33 +05:30
Prince Chaddha 57c3f3ec20
Update wp-custom-tables-xss.yaml 2021-07-19 11:38:50 +05:30
Prince Chaddha ac66db36f3
Update wp-church-admin-xss.yaml 2021-07-19 11:38:22 +05:30
GwanYeong Kim 19fa522fec Create mirai-unknown-rce.yaml
The unknown exploit targets the login CGI script, where a key parameter is not properly sanitized leading to a command injection.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-18 22:44:29 +09:00
sandeep 63ae086b67 Payload + matcher update 2021-07-17 23:02:43 +05:30
sandeep fc38b27176 minor update 2021-07-17 16:32:15 +05:30
Prince Chaddha 33a0ede229
Merge pull request #2009 from gy741/rule-add-v24
Create CVE-2020-26919, CVE-2020-25506, OptiLink ONT1GEW GPON RCE, CVE-2021-31755
2021-07-16 18:04:52 +05:30
Sandeep Singh fbc281f0a1
Merge pull request #2027 from projectdiscovery/yapi-rce
Added Yapi RCE
2021-07-16 17:27:37 +05:30
sandeep 6d27a6fe8e payload update 2021-07-16 00:34:38 +05:30
SaN ThosH 07db6737e5
Update wordpress-woocommerce-sqli.yaml 2021-07-16 00:08:42 +05:30
Prince Chaddha 9b7a57bf15
Update wordpress-woocommerce-sqli.yaml 2021-07-15 23:35:02 +05:30
Sandeep Singh 9286c79bc1
Rename optiLink-ont1gew-gpon-rce.yaml to optilink-ont1gew-gpon-rce.yaml 2021-07-15 23:15:45 +05:30
sandeep 6bf13454ae Update optiLink-ont1gew-gpon-rce.yaml 2021-07-15 23:15:22 +05:30
sandeep 382534fedc Update wordpress-woocommerce-sqli.yaml 2021-07-15 22:58:43 +05:30
rootxharsh ede6df8fa4 Add WooCommerce SQLi Template 2021-07-15 17:02:19 +00:00
sandeep 642f71278d Added Yapi RCE 2021-07-15 22:11:22 +05:30
sandeep 6fcbe11064 Update oscommerce-rce.yaml 2021-07-15 18:29:24 +05:30
sandeep 9e7bf184b7 minor update 2021-07-15 18:28:08 +05:30
Suman Kar e9b5b8fceb osCommerce 2.3.4.1 - Remote Code Execution 2021-07-15 18:11:26 +05:30
Prince Chaddha ba64446d08
Update nativechurch-wp-theme-lfd.yaml 2021-07-15 17:43:45 +05:30
Prince Chaddha a95133ee3d
Update and rename nativechurch-wp-theme-lfd.yaml to vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml 2021-07-15 15:16:37 +05:30
Prince Chaddha 615db88ce6
Merge pull request #2004 from daffainfo/patch-49
Create wp-custom-tables-xss.yaml
2021-07-15 14:53:41 +05:30
Prince Chaddha 7cecd5aa3e
Update wp-custom-tables-xss.yaml 2021-07-15 14:34:40 +05:30
Prince Chaddha 22ecd2a192
Merge pull request #2016 from DhiyaneshGeek/master
Severity Update
2021-07-15 14:14:38 +05:30
Prince Chaddha 887e7bcfab
Update wordpress-updraftplus-pem-key.yaml 2021-07-15 14:13:25 +05:30
Dhiyaneshwaran 69b04c8a98
Update wordpress-updraftplus-pem-key.yaml 2021-07-15 13:51:19 +05:30
GwanYeong Kim 1eb999ce02 Create optiLink-ont1gew-gpon-rce.yaml
vulnerabilities in the web-based management interface of OptiLink could allow an authenticated, remote attacker to perform command injection attacks against an affected device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 14:57:34 +09:00
Muhammad Daffa ad3f81bc95
Create wp-custom-tables-xss.yaml 2021-07-15 06:21:50 +07:00
Sandeep Singh 11dc9db49e
Merge pull request #1997 from skar4444/sassy-update
Update-sassy-social-share-xss
2021-07-14 20:56:57 +05:30
sandeep 117b0558a9 Update sassy-social-share.yaml 2021-07-14 20:55:05 +05:30
Prince Chaddha 5182b88b54
Merge pull request #1871 from projectdiscovery/huijietong-cloud-fileread
Create huijietong-cloud-fileread.yaml
2021-07-14 19:27:43 +05:30
Prince Chaddha ecd98c6403
Merge pull request #1967 from daffainfo/patch-31
Create wp-slideshow-xss.yaml
2021-07-14 19:15:07 +05:30
Prince Chaddha 55ea2242b7
Rename vulnerabilities/wp-slideshow-xss.yaml to vulnerabilities/wordpress/wp-slideshow-xss.yaml 2021-07-14 19:14:06 +05:30
Prince Chaddha 9fb7e17c0d
Merge pull request #1966 from daffainfo/patch-30
Create wp-nextgen-xss.yaml
2021-07-14 19:10:26 +05:30
Prince Chaddha 933c1d5f05
Merge pull request #1965 from daffainfo/patch-29
Create wp-flagem-xss.yaml
2021-07-14 19:09:34 +05:30
Suman Kar 00f1e65d50 Update-sassy-social-share-xss 2021-07-14 17:01:59 +05:30
sandeep 7e258fcae2 template-fix 2021-07-14 16:07:09 +05:30
Muhammad Daffa 69dd5ae8a0
Adding some path 2021-07-13 18:24:23 +07:00
Muhammad Daffa 6b8a398a76
Create wp-slideshow-xss.yaml 2021-07-13 18:20:25 +07:00
Muhammad Daffa 62cb5ce2bc
Create wp-nextgen-xss.yaml 2021-07-13 18:17:14 +07:00
Muhammad Daffa c751aca059
Create wp-flagem-xss.yaml 2021-07-13 18:15:43 +07:00
Sandeep Singh 83ee761691
Merge pull request #1957 from projectdiscovery/hasura-graphql-ssrf
Create hasura-graphql-ssrf.yaml
2021-07-13 15:58:27 +05:30
sandeep c8c49c5046 Update hasura-graphql-ssrf.yaml 2021-07-13 15:58:06 +05:30
sandeep 5fe872788f minor update 2021-07-13 15:57:10 +05:30
Sandeep Singh e167cf0ab9
Merge pull request #1937 from daffainfo/patch-20
Create wp-phpfreechat-xss.yaml
2021-07-13 15:45:53 +05:30
Sandeep Singh df0e4b7117
Merge pull request #1938 from daffainfo/patch-21
Create wp-finder-xss.yaml
2021-07-13 15:42:29 +05:30
Sandeep Singh 67a679860e
Update wp-finder-xss.yaml 2021-07-13 15:41:44 +05:30
Sandeep Singh 500f0b70f8
Merge pull request #1936 from daffainfo/patch-19
Create wp-knews-xss.yaml
2021-07-13 15:36:57 +05:30
Sandeep Singh 08f2cfea0b
Merge pull request #1924 from daffainfo/master
WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
2021-07-13 15:29:49 +05:30
sandeep a8be22ad0a Removed as it requires admin login 2021-07-13 15:28:48 +05:30
Sandeep Singh 5a2d81e578
Merge pull request #1935 from daffainfo/patch-18
Create wp-church-admin-xss.yaml
2021-07-13 15:22:31 +05:30
sandeep 06efff9ddd minor update 2021-07-13 15:21:26 +05:30
Sandeep Singh cb32c05cfa
Merge pull request #1953 from Akokonunes/patch-17
Create wordpress-wordfence-lfi.yaml
2021-07-13 15:00:01 +05:30
sandeep 47a07b533b moving files around 2021-07-13 14:59:11 +05:30
Sandeep Singh 920255635b
Merge pull request #1876 from pussycat0x/master
web-ftp
2021-07-13 01:53:15 +05:30
sandeep 8b8663970f minor update 2021-07-13 01:44:24 +05:30
sandeep 81f1f8badc minor update 2021-07-13 01:43:52 +05:30
pussycat0x a1d3678a70
Add files via upload 2021-07-12 23:24:24 +05:30
Prince Chaddha 4ef8ed8e97
Create hasura-graphql-ssrf.yaml 2021-07-12 20:49:09 +05:30
Muhammad Daffa 0e195c4138
Merge branch 'projectdiscovery:master' into master 2021-07-12 14:58:59 +07:00
pussycat0x 0f46d27b60
Add files via upload 2021-07-11 23:45:02 +05:30
Muhammad Daffa 64bdaee44e
Create wp-finder-xss.yaml 2021-07-11 13:23:51 +07:00
Muhammad Daffa d3f21f1793
Create wp-phpfreechat-xss.yaml 2021-07-11 13:19:01 +07:00
Muhammad Daffa e6272bf44c
Create wp-knews-xss.yaml 2021-07-11 13:11:03 +07:00
Muhammad Daffa 8a6e78934c
Create wp-church-admin-xss.yaml 2021-07-11 13:07:34 +07:00
Prince Chaddha 361a641483
Update wp-socialfit-xss.yaml 2021-07-11 10:16:24 +05:30
Prince Chaddha 5366b70077
Merge pull request #1931 from daffainfo/patch-16
Create wp-securimage-xss.yaml
2021-07-11 10:08:02 +05:30
Prince Chaddha b830f86384
Update wp-securimage-xss.yaml 2021-07-11 10:02:30 +05:30
Prince Chaddha b1f755466b
Update wp-ambience-xss.yaml 2021-07-11 09:57:44 +05:30
Muhammad Daffa cc165287fd
Create wp-ambience-xss.yaml 2021-07-11 09:16:13 +07:00
Muhammad Daffa ab85fd5eba
Create wp-securimage-xss.yaml 2021-07-11 09:10:35 +07:00
Muhammad Daffa d0ec1acc76
Create wp-socialfit-xss.yaml 2021-07-11 07:41:04 +07:00
Muhammad Daffa 05bc6366f3
Rename wp-supsystic-backup-lfi to wp-supsystic-backup-lfi.yaml 2021-07-11 07:24:41 +07:00
Muhammad Daffa 04e5e30051
Update and rename wp-upsystic-backup-lfi to wp-supsystic-backup-lfi 2021-07-11 07:24:27 +07:00
Muhammad Daffa e26b467c76
Create wp-upsystic-backup-lfi 2021-07-11 07:22:38 +07:00
Sandeep Singh 6a99a183cd
Merge pull request #1920 from projectdiscovery/wordpress-user-enum
Added wordpress-user-enum
2021-07-10 21:56:17 +05:30
sandeep b228b35f83 Added wordpress-user-enum 2021-07-10 21:54:31 +05:30
Prince Chaddha ba90f28231
Merge pull request #1909 from gy741/rule-add-v17
Create icewarp-webclient-rce.yaml
2021-07-10 09:23:50 +05:30
Prince Chaddha a0d643561f
Update icewarp-webclient-rce.yaml 2021-07-10 09:18:32 +05:30
Sandeep Singh c36a62a120
Update jira-unauthenticated-installed-gadgets.yaml 2021-07-10 01:28:30 +05:30
Sandeep Singh 3f46e48426
Update jira-unauthenticated-installed-gadgets.yaml 2021-07-10 01:26:45 +05:30
GwanYeong Kim ef74a354ca Create icewarp-webclient-rce.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-09 13:52:28 +09:00
Philippe Delteil 98c925a413
Create jira-unauthenticated-installed-gadgets.yaml 2021-07-08 16:55:20 -04:00
Prince Chaddha 808712f772
Update clockwatch-enterprise-rce.yaml 2021-07-08 14:20:18 +05:30
Prince Chaddha 6e6d383b6c
Update clockwatch-enterprise-rce.yaml 2021-07-08 14:00:27 +05:30
Prince Chaddha 7695526e13
Update clockwatch-enterprise-rce.yaml 2021-07-08 14:00:01 +05:30
GwanYeong Kim a722b9fff6 Create clockwatch-enterprise-rce.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-08 13:18:31 +09:00
sandeep edc0f1a775 Update opensns-rce.yaml 2021-07-07 18:30:48 +05:30
sandeep 9588eadaed minor updates 2021-07-07 18:30:15 +05:30
GwanYeong Kim c3cbee2794 Create opensns-rce.yaml
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-07 18:49:36 +09:00
Sandeep Singh 0446fe1996
Merge pull request #1844 from rwincey/maestro-unauth-rce
LISTSERV Maestro
2021-07-06 23:55:22 +05:30
sandeep d8b3cbf750 Update listserv_maestro_rce.yaml 2021-07-06 23:53:38 +05:30
sandeep b02708055d Update listserv_maestro_rce.yaml 2021-07-06 23:52:24 +05:30
sandeep 07f3f0d988 Removed extra lines and few updates 2021-07-06 23:44:06 +05:30
Sandeep Singh f683e0bade
Merge pull request #1837 from gy741/rule-add-v10
Create huawei-router-auth-bypass.yaml
2021-07-06 23:33:47 +05:30
sandeep cc4244d36c Update huawei-router-auth-bypass.yaml 2021-07-06 23:32:45 +05:30
Sandeep Singh 2373873f30
Merge pull request #1881 from johnjhacking/patch-1
Added bypass for 1.9.2
2021-07-06 12:34:07 +05:30
sandeep fc68a95803 Template Name/ID update as per assigned CVE 2021-07-06 12:07:53 +05:30
sandeep fd13654972 Merge branch 'patch-1' of https://github.com/johnjhacking/nuclei-templates into pr/1827 2021-07-06 12:04:00 +05:30
sandeep 192201c27c condition update as per new bypass 2021-07-06 12:03:51 +05:30
John Jackson a2f283c51b
CVE number was assigned
As stated.
2021-07-06 00:32:35 -06:00
John Jackson 9068a38b56
Update reference
Currently, the provided reference doesn't exist anymore. However, this tweet posted on May 9th should work as a reference.
2021-07-06 00:27:15 -06:00
John Jackson 601a192703
Added bypass for 1.9.2
Another payload was identified, as a bypass in version 1.9.2. This bypass caused the vendor to upgrade to 1.9.3

I have added the bypass and the matcher above. Let me know what you think.
2021-07-05 18:39:25 -06:00
Prince Chaddha 7c06dfaf70
Create huijietong-cloud-fileread.yaml 2021-07-05 21:59:12 +05:30
Prince Chaddha f55aef6a1b
Merge pull request #1839 from gy741/rule-add-v11
Create netgear-router-auth-bypass.yaml
2021-07-05 21:46:00 +05:30
Prince Chaddha b1e6c71d89
Merge pull request #1857 from Akokonunes/patch-16
Create wp-vault-lfi.yaml
2021-07-05 21:08:11 +05:30
Prince Chaddha ce43643e00
Update and rename wp-vault-lfi.yaml to vulnerabilities/wordpress/wp-vault-lfi.yaml 2021-07-05 21:06:50 +05:30
sandeep 457ce76e34 minor updates 2021-07-04 17:09:45 +05:30
PikPikcU ecdd86167a
Create lotuscms-rce.yaml 2021-07-04 11:11:19 +00:00
sandeep d50459eb9b Added missing matcher 2021-07-04 01:26:41 +05:30
Sandeep Singh 22421fd38e
Merge pull request #1843 from DhiyaneshGeek/master
Update AEM CRX bypass , AEM Debug XSS and Java sean debug page, Jetty showcontexts enable , jfrog-unauth-build-exposed Templates Added
2021-07-04 01:23:20 +05:30
sandeep afcbe4cfe4 minor updates 2021-07-04 01:22:08 +05:30
sandeep b137eb57d3 More edge cases
Only looking for DNS interaction is not reliable as few servers make DNS requests for host included in path or query parameter.
2021-07-04 00:41:57 +05:30
Dhiyaneshwaran 127673455a
Update coldfusion-debug-xss.yaml 2021-07-02 20:55:33 +05:30
Dhiyaneshwaran e259c3dd2f
Update jfrog-unauth-build-exposed.yaml 2021-07-02 20:53:02 +05:30
Sandeep Singh 52e0c861a1
Merge pull request #1733 from milo2012/master
Added CVE-2018-1000130/ CVE-2018-2628/ CVE-2018-2628/ CVE-2019-3401/ CVE-2020-1938/ oracle-bi-default-login/ jolokia-heap-disclosure
2021-07-02 18:27:45 +05:30
sandeep e2a0f93f79 misc updates 2021-07-02 18:24:31 +05:30
Sandeep Singh f02befc6f7
Merge pull request #1834 from pussycat0x/master
wp-plugin-1-flash-gallery.yaml
2021-07-02 13:56:53 +05:30
sandeep f983baba38 misc changes 2021-07-02 13:55:32 +05:30
Dhiyaneshwaran 2787fc01b6
Update jfrog-unauth-build-exposed.yaml 2021-07-02 08:25:40 +05:30
Dhiyaneshwaran 2fa4382ef5
Create jfrog-unauth-build-exposed.yaml 2021-07-02 08:23:42 +05:30
b0yd dad74b4738 LISTSERV Maestro 2021-07-01 12:14:33 -07:00
Dhiyaneshwaran 453b09d3ff
Create coldfusion-debug-xss.yaml 2021-07-01 22:31:01 +05:30
GwanYeong Kim c0ebf56f85 Create netgear-router-auth-bypass.yaml
NETGEAR decided to use to check if a page has “.jpg”, “.gif” or “ess_” substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”).

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-01 14:39:10 +09:00
GwanYeong Kim 4d56d47c69 Create huawei-router-auth-bypass.yaml
The default password of this router is the last 8 characters of the
device's serial number which exist in the back of the device.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-01 09:28:30 +09:00
pussycat0x 89eff74128
Add files via upload 2021-06-30 21:33:39 +05:30
sandeep 5affbf47b3 misc changes 2021-06-30 18:24:34 +05:30
Prince Chaddha 9f6b6aeb89
Update jolokia-heap-info-disclosure.yaml 2021-06-30 15:36:25 +05:30
John Jackson d2df3303c6
Add Marmoset Viewer XSS Vulnerability
Reference:
https://wordpress.org/plugins/marmoset-viewer/#developers
2021-06-30 01:12:12 -06:00
sandeep d564c257d8 Additional check add 2021-06-29 17:26:42 +05:30
Sandeep Singh b80df5756a
Merge pull request #1795 from Mad-robot/patch-1
Create multiple-theme-ssrf.yaml
2021-06-28 23:58:54 +05:30
sandeep 2a1772d78c misc changes 2021-06-28 23:58:31 +05:30
Sandeep Singh 039a41e790
Merge pull request #1774 from pikpikcu/patch-185
Create huawei-hg659-lfi.yaml
2021-06-28 21:46:51 +05:30
sandeep 24a3fab9d3 Added missing condition 2021-06-26 19:35:52 +05:30
SaN ThosH 59e24ab8a7
Create multiple-theme-ssrf.yaml 2021-06-26 13:38:26 +05:30
Sandeep Singh e84c784fa2
Merge pull request #1689 from nrathaus/master
CVE-2021-28164 and some fixes
2021-06-24 23:58:29 +05:30
PikPikcU cb18f313fd
Create huawei-hg659-lfi.yaml 2021-06-24 15:41:18 +00:00
Prince Chaddha 37261f7a2f
Update and rename vulnerabilities/jira/jira-unauthenticated-popular-filters.yaml to cves/2019/CVE-2019-3401.yaml 2021-06-24 16:52:04 +05:30
Prince Chaddha bc7e8a80db
Merge pull request #1336 from projectdiscovery/princechaddha-patch-5
Create resin-inputfile-fileread.yaml
2021-06-24 02:32:40 +05:30
Prince Chaddha ed4c5a415d
Merge pull request #1335 from projectdiscovery/princechaddha-patch-4
Create resin-viewfile-lfr.yaml
2021-06-24 02:28:47 +05:30
Prince Chaddha c45ec90d5f
Update resin-inputfile-fileread.yaml 2021-06-24 02:28:18 +05:30
Prince Chaddha b2114008ad
Merge pull request #1595 from pikpikcu/patch-173
Create jeewms-lfi
2021-06-24 02:24:41 +05:30
Prince Chaddha 89b4fdf8ed
Merge pull request #1757 from pussycat0x/master
New template added
2021-06-24 02:02:42 +05:30
Prince Chaddha c383c120b7 moved to wordpress folder 2021-06-24 01:39:09 +05:30
Prince Chaddha 3e7269f2a4
Rename ALFA_DATA.yaml to alfacgiapi-wordpress.yaml 2021-06-24 01:37:45 +05:30
Prince Chaddha 8c7e69fafd
Update ALFA_DATA.yaml 2021-06-24 01:36:47 +05:30
Prince Chaddha aeed665ff7
Update ALFA_DATA.yaml 2021-06-24 01:29:50 +05:30
Sandeep Singh 161204c20e
Rename wordpress-123ContactForm.yaml to wp-123contactform-plugin-listing.yaml 2021-06-24 01:13:42 +05:30
sandeep 8f247c03c0 Removed trailing spaces 2021-06-24 01:11:14 +05:30
sandeep a4e439024e Added missing condition 2021-06-24 01:10:33 +05:30
pussycat0x c1f5c60700
Update wordpress-123ContactForm.yaml 2021-06-23 21:31:03 +05:30
pussycat0x 418de400a7
Add files via upload 2021-06-23 21:27:43 +05:30
Keith 5e9847260a remove trailing spaces 2021-06-23 01:46:57 +08:00
Keith f48d1d8b35 Add jolokia-heap-info-disclosure.yaml 2021-06-23 01:43:31 +08:00
pussycat0x 1c1186e4da
Add files via upload 2021-06-22 20:39:40 +05:30
Prince Chaddha 1d581af4ec
Update jeewms-lfi.yaml 2021-06-22 18:28:52 +05:30
Sandeep Singh 37bf78a3a9
Merge pull request #1752 from DhiyaneshGeek/master
6 New Wordpress Template Added
2021-06-21 18:12:33 +05:30
sandeep 27287e473b Update wordpress-woocommerce-listing.yaml 2021-06-21 18:11:30 +05:30
sandeep 3844df9fc8 misc changes 2021-06-21 18:09:16 +05:30
Dhiyaneshwaran 9ba613b509
Create wordpress-gtranslate-plugin.yaml 2021-06-21 15:00:25 +05:30
Dhiyaneshwaran f5ef733bd8
Update wp-gtranslate-open-redirect.yaml 2021-06-21 14:48:53 +05:30
Dhiyaneshwaran 402d5eb9f3
Update wp-gtranslate-open-redirect.yaml 2021-06-21 14:45:43 +05:30
Dhiyaneshwaran c990105b0d
Update wp-gtranslate-open-redirect.yaml 2021-06-21 14:41:57 +05:30
Dhiyaneshwaran 401a26eefd
Update wp-gtranslate-open-redirect.yaml 2021-06-21 14:39:42 +05:30
Dhiyaneshwaran d5afd2831f
Create wp-gtranslate-open-redirect.yaml 2021-06-21 14:37:29 +05:30
Emad Youssef 38668c44e7
Update open-redirect.yaml
this payload worked for me while i was hunting.
2021-06-21 10:21:44 +02:00
Dhiyaneshwaran 2d91148f39
Create wordpress-bbpress-plugin.yaml 2021-06-21 13:50:11 +05:30
Dhiyaneshwaran 08f9cf9de6
Update wordpress-woocommerce-plugin.yaml 2021-06-21 13:48:15 +05:30
Dhiyaneshwaran b2bc8d61a1
Create wordpress-woocommerce-plugin.yaml 2021-06-21 13:03:20 +05:30
Dhiyaneshwaran fbd53598d6
Create wordpress-elementor-plugin.yaml 2021-06-21 12:29:50 +05:30
Sandeep Singh 00a0b17bf5
Merge pull request #1744 from pussycat0x/master
Add files via upload
2021-06-21 01:43:48 +05:30
sandeep 788fc31fd3 Adding additional condition 2021-06-21 01:40:01 +05:30
pussycat0x 82e23a03e3
Add files via upload 2021-06-21 00:26:48 +05:30
sandeep 0ec921ef4f misc changes 2021-06-21 00:09:04 +05:30
Dhiyaneshwaran 5d01e7b235
Create wordpress-updraftplus-pem-key.yaml 2021-06-20 23:03:52 +05:30
Dhiyaneshwaran 42c937d730
Create wpmudev-my-calender-xss.yaml 2021-06-20 22:45:15 +05:30
Dhiyaneshwaran 40dfa6d6fe
Create wpmudev-pub-keys.yaml 2021-06-20 22:38:20 +05:30
Dhiyaneshwaran dbd72a33e0
Create wordpress-redirection-listing.yaml 2021-06-20 22:26:23 +05:30
sandeep 4160cb168a misc changes to work with workflows 2021-06-20 16:35:59 +05:30
Noam Rathaus bb6fa66dd9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-20 13:56:54 +03:00
Sandeep Singh 3430bc2efd
Merge pull request #1710 from skar4444/gitlab-user-indormation-disclosed
GitLab - User Information Disclosure Via Open API
2021-06-18 13:54:24 +05:30
sandeep 351534bd1a Added reference 2021-06-18 13:52:48 +05:30
sandeep d0076b92c7 Added fuzz tags + more strict matcher 2021-06-18 13:50:34 +05:30
Prince Chaddha 62fb7fd0b9
Rename gitlab-user-information-disclosure-via-open-api.yaml to gitlab-user-open-api.yaml 2021-06-17 22:03:32 +05:30
Noam Rathaus 01b77a7ed2 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-17 16:54:18 +03:00
Prince Chaddha b50032d692
Update gitlab-user-information-disclosure-via-open-api.yaml 2021-06-17 13:31:19 +05:30
PikPikcU 9f8cae8ab5
Update tamronos-rce.yaml 2021-06-17 01:34:49 +00:00
PikPikcU 90bdede7dd
Create tamronos-rce.yaml 2021-06-17 01:31:59 +00:00
Suman Kar bd7b099e97 GitLab - User Information Disclosure Via Open API 2021-06-16 21:39:35 +05:30
Sandeep Singh bb4cdb5e3d
Merge pull request #1696 from skar4444/skar4444
GitLab User Enumeration
2021-06-16 01:25:55 +05:30
sandeep 564a0ea6ae minor changes 2021-06-16 01:23:59 +05:30
sandeep e103e7b0ff Update confluence-ssrf-sharelinks.yaml 2021-06-14 23:13:30 +05:30
Noam Rathaus a91ee941ff Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-14 14:59:58 +03:00
sandeep 26da2936eb misc updates 2021-06-14 16:13:38 +05:30
Techbrunch c164158aff Add Confluence SSRF in sharelinks 2021-06-14 11:10:56 +02:00
Suman Kar 13617d98cf GitLab User Enumeration 2021-06-14 14:20:55 +05:30
Prince Chaddha fecae7747e
Merge pull request #1691 from DhiyaneshGeek/master
2 new template
2021-06-13 20:57:19 +05:30
Prince Chaddha 1e77410799
Update wpdm-cache-session.yaml 2021-06-13 20:56:28 +05:30
Dhiyaneshwaran dab25e2df3
Create wpdm-cache-session.yaml 2021-06-13 17:43:24 +05:30
sandeep cb342f8564 misc changes 2021-06-13 17:28:10 +05:30
Noam Rathaus 3369c5a4dd Reference 2021-06-13 11:55:20 +03:00
Noam Rathaus b5bdac494b Merge branch 'master' of https://github.com/nrathaus/nuclei-templates 2021-06-13 09:54:52 +03:00
Noam Rathaus feb42e49b0 Reduce chances of FP 2021-06-13 09:53:47 +03:00
Noam Rathaus 513596d2e0 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-13 09:05:57 +03:00
Suman Kar 641e0c0672 Wordpress DB Backup 2021-06-12 20:13:29 +05:30
sandeep 962959f573 Removed invalid payload 2021-06-11 22:20:01 +05:30
Prince Chaddha 98e49295b6
Merge pull request #1672 from DhiyaneshGeek/master
CKAN DOM Based XSS , php-zerodium-backdoor-rce
2021-06-11 14:16:18 +05:30
Dhiyaneshwaran 771e55eca6
Create php-zerodium-backdoor-rce.yaml 2021-06-10 22:01:26 +05:30
sandeep 69ded42e3a Template rename / update 2021-06-10 21:57:07 +05:30
sandeep 181647cb77 Added binary matcher + max-size 2021-06-10 21:39:40 +05:30
Dhiyaneshwaran fd70f535dd
Update ckan-dom-based-xss.yaml 2021-06-10 17:27:21 +05:30
Sandeep Singh a4897080b2
Merge pull request #1668 from pikpikcu/patch-181
Create php-timeclock-xss
2021-06-10 14:57:05 +05:30
sandeep b43c8f2c93 misc update 2021-06-10 14:53:31 +05:30
sandeep 083d32c05f More validation 2021-06-10 14:37:26 +05:30
sandeep 0ebeff27a6 misc changes 2021-06-10 14:25:20 +05:30
Dhiyaneshwaran 5b2ec54d34
Create ckan-dom-based-xss.yaml 2021-06-10 13:37:33 +05:30
PikPikcU a4e714718f
Create php-timeclock-xss.yaml 2021-06-10 07:29:19 +00:00
PikPikcU c80690c829
Create mpsec-isg1000-lfi.yaml 2021-06-10 07:11:07 +00:00
Noam Rathaus 885aeadaa7 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-09 16:07:06 +03:00
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30
sandeep 23cb4c4d9f moving files around 2021-06-09 14:37:40 +05:30
Noam Rathaus 46e4d47d92 Another reference 2021-06-09 09:43:04 +03:00
Noam Rathaus 27db48cb53 Another vector 2021-06-09 09:42:41 +03:00
Noam Rathaus d39bb43848 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-09 09:07:57 +03:00
Noam Rathaus 1e0a542b21 New test 2021-06-09 09:07:03 +03:00
sandeep c273587fa9 Adding more conditions 2021-06-09 01:34:02 +05:30
Noam Rathaus 8b0c5eaee3 Spelling 2021-06-06 10:35:09 +03:00
Sandeep Singh 29e706d101
Merge pull request #1622 from pikpikcu/patch-177
Create interlib-fileread
2021-06-04 21:37:23 +05:30
sandeep 5d63b1bb05 Fixing the condition 2021-06-04 21:33:01 +05:30
sandeep 1f6334671c escape fix 2021-06-04 21:26:59 +05:30
sandeep 1fab4f8dbf Duplicate with - wordpress-directory-listing 2021-06-04 21:14:20 +05:30
sandeep 1557b782e9 Added WordPress Popup Plugin listing 2021-06-04 20:57:01 +05:30
sandeep 76bd8824a5 Added WordPress Mailchimp 4 Debug Log Exposure 2021-06-04 20:36:33 +05:30
PikPikcU bc9a760d29
Create interlib-fileread.yaml 2021-06-04 02:54:55 +00:00
sandeep 0f0ff2ee1e moving files around 2021-06-03 21:54:08 +05:30
Prince Chaddha 3202a0dd65
Merge pull request #1606 from nrathaus/master
Description / Spelling
2021-06-02 13:10:50 +05:30
sandeep 2fe2c88872 Moving files around 2021-06-02 12:22:24 +05:30
Noam Rathaus 2d52259f70 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-06-02 09:09:05 +03:00
sandeep a5ccb5f893 strict matcher 2021-06-01 16:08:41 +05:30
PikPikcU 7f5dfedf55
Create jeewms-lfi.yaml 2021-06-01 09:08:45 +00:00
Sandeep Singh 2685f492ed
Merge pull request #1580 from pikpikcu/patch-167
Create ns-asg-file-read
2021-06-01 14:10:09 +05:30
sandeep d5b9e4c7b6 Update ns-asg-file-read.yaml 2021-06-01 14:09:01 +05:30
Sandeep Singh fdd2103fa1
Merge pull request #1576 from Udyz/patch-1
Create wp-statistics-blindsql.yaml
2021-06-01 11:36:42 +05:30
sandeep bad1f52fd2 Added additional path 2021-05-31 20:05:39 +05:30
fanpan 5dd09fe02d spring 2x path 2021-05-31 19:28:31 +05:30
sandeep 8d3f2e3604 misc changes 2021-05-31 17:29:52 +05:30
Prince Chaddha 31341b547e
Update blue-ocean-excellence-lfi.yaml 2021-05-31 15:44:21 +05:30
PikPikcU f944191e7a
Create blue-ocean-excellence-lfi.yaml 2021-05-31 09:29:51 +00:00
PikPikcU 65c73dbe34
Create hiboss-rce.yaml 2021-05-31 09:08:16 +00:00
Sandeep Singh 1c559f1ba3
Merge pull request #1567 from pikpikcu/patch-165
hjtcloud poc
2021-05-31 14:27:17 +05:30
PikPikcU e56a64402c
Create ns-asg-file-read.yaml 2021-05-31 08:56:01 +00:00
sandeep 4edb345286 Merge branch 'patch-165' of https://github.com/pikpikcu/nuclei-templates into pr/1567 2021-05-31 14:20:30 +05:30
sandeep 2ad903dcf1 misc changes 2021-05-31 14:19:23 +05:30
sandeep 5fed1d3432 Improved matcher 2021-05-31 13:31:13 +05:30
lulz 2b1a39cbab
Update wp-statistics-blindsql.yaml 2021-05-31 14:39:15 +07:00
lulz e89760c89c
Create wp-statistics-blindsql.yaml 2021-05-31 14:23:44 +07:00
sandeep 1f5c65d4c0 Added Wordpress Exposed DB Repair 2021-05-31 11:35:30 +05:30
PikPikcU 76886054ce
Create h3c-imc-rce.yaml 2021-05-31 05:53:21 +00:00
PikPikcU 5f4923ddce
Create hjtcloud-arbitrary-file-read.yaml 2021-05-31 05:38:23 +00:00
Noam Rathaus 81d1180769 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-30 09:09:37 +03:00
Prince Chaddha aaae0a8214
Merge pull request #1540 from projectdiscovery/wp-lfi
Adding Wordpress Plugin LFI Templates
2021-05-28 17:03:27 +05:30
Prince Chaddha b54a107deb
Delete wp-supsystic-backup-lfi.yaml 2021-05-28 17:01:06 +05:30
Prince Chaddha b53a99109a
Delete wp-loco-translate-lfi.yaml 2021-05-28 17:00:56 +05:30
Sandeep Singh 585c649740
Merge pull request #1547 from pikpikcu/patch-162
Create natshell-rce.yaml
2021-05-28 11:13:33 +05:30
sandeep 1644eb793a misc changes 2021-05-28 11:12:36 +05:30
sandeep 2348650a50 misc changes 2021-05-28 08:41:58 +05:30
sandeep 4358f69b52 misc changes 2021-05-28 02:43:04 +05:30
PikPikcU b94ba82591
Update natshell-rce.yaml 2021-05-28 02:49:17 +07:00
PikPikcU f1726d3a1f
Create natshell-rce.yaml 2021-05-27 14:59:33 +00:00
sandeep ca83581cd2 misc updates 2021-05-27 08:58:03 +05:30
sandeep 9c1e801ade Adding Wordpress Plugin LFI Templates 2021-05-27 08:45:53 +05:30
Noam Rathaus b32eac85b1 Give description 2021-05-25 14:35:41 +03:00
sandeep 8676d8c23c Added Maian Cart 3.8 preauth RCE template 2021-05-25 05:08:52 +05:30
TheConciergeDev e1de4803f0
updated template tags
The given "moodle" tag can not be found in the referenced PDFs and it definitely is an oracle vulnerability. I guess a legacy issue
2021-05-21 15:36:55 +02:00
sandeep d7d86bbd95 More strict matcher 2021-05-20 23:15:01 +05:30
sandeep e66ce65285 Adding Fanruan related templates 2021-05-20 22:56:55 +05:30
sandeep 2906b2a3fb Improved matcher and paths 2021-05-20 19:58:57 +05:30
sandeep 3fc65caf62 misc changes 2021-05-19 05:52:07 +05:30
Prince Chaddha 3bd6843159 Revert "Merge branch 'magento-stuff' of https://github.com/Techbrunch/nuclei-templates into pr/1494"
This reverts commit 4279c8e4bc, reversing
changes made to a6059be7ce.
2021-05-18 22:30:15 +05:30
Techbrunch 2658aa1c03 Add reference to magento-2-exposed-api 2021-05-18 17:25:33 +02:00
Techbrunch 776776621a Added a few Magento related templates 2021-05-18 15:53:10 +02:00
sandeep f0879103d4 Improved matcher 2021-05-17 22:39:05 +05:30
sandeep 08ee1ad5ee matcher update 2021-05-17 19:49:24 +05:30
PikPikcU 08001381c4
Create natshell-path-traversal.yaml 2021-05-17 08:14:20 +00:00
PikPikcU 04e1fb0ef8
Create flir-path-traversal.yaml 2021-05-16 04:54:40 +00:00
Prince Chaddha 21c1dc2c70
Merge pull request #1337 from projectdiscovery/princechaddha-patch-7
Create resin-cnnvd-200705-315.yaml
2021-05-16 02:33:31 +05:30
sandeep fc66a9e076 Removing duplicate template 2021-05-11 23:48:36 +05:30
sandeep 7cd00b6145 Removing invalid paths 2021-05-11 02:15:17 +05:30
Sandeep Singh c2aad94548
Merge pull request #1458 from geeknik/patch-91
Update top-xss-params.yaml
2021-05-11 00:29:39 +05:30
sandeep 7019946599 Improved matcher 2021-05-11 00:29:01 +05:30
Geeknik Labs 37ac4c0924
Update top-xss-params.yaml
Fix more false positives.
2021-05-10 18:39:09 +00:00
Geeknik Labs dea16d4ebd
Update top-xss-params.yaml
Fixes an edge case false positive on AkamaiGhost servers
2021-05-10 18:20:48 +00:00
Prince Chaddha b4b30c95ee
Update oa-v9-uploads-file.yaml 2021-05-10 13:23:08 +05:30
Noam Rathaus 8766b537dd Add reference 2021-05-10 09:52:26 +03:00
Noam Rathaus fa7567f68e Its not really a regex 2021-05-10 09:35:36 +03:00
Noam Rathaus 4c201aa1dd It is not just a file upload 2021-05-10 09:35:10 +03:00
Noam Rathaus 1e364a6cdb Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-10 09:27:13 +03:00
Sandeep Singh 7fde950173
Merge pull request #1327 from projectdiscovery/showdoc-file-upload
Adding Showdoc < 2.8.6 File Upload RCE
2021-05-10 01:36:45 +05:30
sandeep 1f8ff83353 tags update 2021-05-10 01:34:11 +05:30
sandeep ccfb5ca4c4 regex update 2021-05-10 01:33:27 +05:30
Noam Rathaus 18dff7387c Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-09 08:32:05 +03:00
Sandeep Singh bd9997113e
Merge pull request #1430 from geeknik/patch-90
Update open-redirect.yaml
2021-05-07 16:18:32 +05:30
Sandeep Singh 311d517c05
Merge pull request #1421 from geeknik/patch-85
Update top-xss-params.yaml
2021-05-07 15:23:09 +05:30
sandeep 871a4107b5 Added complete payload and matcher 2021-05-07 15:21:59 +05:30
sandeep d950f72ff9 minor update 2021-05-07 14:56:40 +05:30
sandeep 0159c284e7 minor update 2021-05-07 14:53:34 +05:30
sandeep 8b9ec9d5fe Minor updates 2021-05-07 14:48:53 +05:30
Geeknik Labs 2f41002213
Update open-redirect.yaml 2021-05-06 22:38:09 +00:00
Geeknik Labs 565404910b
Update top-xss-params.yaml 2021-05-06 12:55:40 +00:00
Noam Rathaus 253ede65c1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-06 15:16:27 +03:00
Dhiyaneshwaran f5524e2b78
Update oracle-ebs-xss.yaml 2021-05-06 00:21:46 +05:30
Dhiyaneshwaran b7d47eb01a
Create oracle-ebs-xss.yaml 2021-05-06 00:05:07 +05:30
Dhiyaneshwaran 8274939810
Create kafdrop-xss.yaml 2021-05-05 23:51:53 +05:30
Dhiyaneshwaran 9944ef191f
Create joomla-lfi-com_fabrik.yaml 2021-05-05 23:48:57 +05:30
Prince Chaddha e87baf2967
Merge pull request #1346 from projectdiscovery/princechaddha-patch-11
Create wuzhicms-sqli.yaml
2021-05-05 23:30:36 +05:30
Prince Chaddha ae45a6b386
Merge pull request #1344 from projectdiscovery/princechaddha-patch-9
Create ueditor-file-upload.yaml
2021-05-05 23:29:11 +05:30
Noam Rathaus d5949e74d8 Add references 2021-05-05 17:32:21 +03:00
Noam Rathaus e68777d20a Alternative reference 2021-05-05 17:08:11 +03:00
Noam Rathaus 7f90af4d32 Reference is dead 2021-05-05 17:07:52 +03:00
Noam Rathaus 07c2e79fb9 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-05 17:04:59 +03:00
Sandeep Singh 0520ad05d3
Merge pull request #1351 from projectdiscovery/princechaddha-patch-16
Create ecology-filedownload-directory-traversal.yaml
2021-05-05 17:56:59 +05:30
Sandeep Singh d1f62765f9
Merge pull request #1409 from DhiyaneshGeek/master
Gogs install exposure,Gloo UI Unauthentication
2021-05-05 17:54:37 +05:30
sandeep ae13e5e44e minor updates 2021-05-05 17:53:34 +05:30
sandeep b10918510c Adding strict matcher 2021-05-05 17:39:31 +05:30
Noam Rathaus a094b38f83 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-05-05 08:46:32 +03:00
Sandeep Singh 127ac5e37c
Merge pull request #962 from pikpikcu/patch-89
add hashicorp-consul-rce
2021-05-05 00:02:57 +05:30
Noam Rathaus c95dc69495 References 2021-05-04 15:15:10 +03:00
Noam Rathaus 39290e574f Fix description 2021-05-04 15:14:40 +03:00
sandeep 819e201ebd Update concrete-xss.yaml 2021-05-04 13:36:54 +05:30
sandeep 052f1b3b7b Adding concrete-xss 2021-05-04 13:36:16 +05:30
Dhiyaneshwaran 585b651592
Update gloo-unauth.yaml 2021-05-03 18:23:30 +05:30
Dhiyaneshwaran a1fc27ca75
Create gloo-unauth.yaml 2021-05-03 18:14:44 +05:30
sandeep acf5d41ef9 Minor update 2021-05-02 17:51:44 +05:30
Sandeep Singh 4f9a142c6b
Merge pull request #1398 from pikpikcu/patch-154
Create landray-oa-fileread
2021-05-02 13:59:50 +05:30
sandeep f9559b1e21 Update landray-oa-fileread.yaml 2021-05-02 13:58:47 +05:30
sandeep a6df4754d4 Update landray-oa-fileread.yaml 2021-05-02 13:57:33 +05:30
Noam Rathaus 41f47a4fef Expose references 2021-05-02 09:19:55 +03:00
Noam Rathaus d8bd0d2744 This is a better name for the test 2021-05-02 09:07:50 +03:00
PikPikcU c5bdf6cbca
Create landray-oa-fileread.yaml 2021-05-02 04:42:37 +00:00
sandeep cc9d4eddf1 Update rce-via-java-deserialization.yaml 2021-05-01 17:22:03 +05:30
Noam Rathaus 9d66fd0ae1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-29 12:03:56 +03:00
sandeep 020c9a959c Additional payload 2021-04-29 13:38:39 +05:30
Noam Rathaus f898e4b539 Correct product name 2021-04-29 09:20:58 +03:00
Noam Rathaus 574135de9a Expose reference 2021-04-29 09:12:56 +03:00
Noam Rathaus 25a38d34ec Missing 's' 2021-04-29 09:11:35 +03:00
Noam Rathaus a7de9915c7 Removed self-reference 2021-04-29 08:58:02 +03:00
Noam Rathaus 91b6b1b175 Make references visible 2021-04-29 08:57:39 +03:00
Noam Rathaus 2860cdfb4a Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-29 08:38:11 +03:00
sandeep 2920fa9bfb matcher and payload update 2021-04-28 19:44:28 +05:30
Prince Chaddha a55db7af44
Merge pull request #1332 from projectdiscovery/princechaddha-patch-2
Create WooYun-2015-148227.yaml
2021-04-28 18:51:07 +05:30
Noam Rathaus ecb436df3e Those aren't really regexes 2021-04-28 15:07:39 +03:00
Noam Rathaus ad9314acdc Provide references to the problem (in eclipse site) and how it was fixed (and Jenkins upstream bugs related to this) 2021-04-28 14:17:47 +03:00
Noam Rathaus 9ece07bf9a Provide reference 2021-04-28 14:00:15 +03:00
Noam Rathaus e32c1bd4c1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-28 13:29:39 +03:00
Prince Chaddha 8d9d46e00a
Merge pull request #1362 from underfl0w/chamilo-lms-sqli
Chamilo 1.11.14 LMS sql injection
2021-04-28 15:55:14 +05:30
Prince Chaddha 722e305878
Update chamilo-lms-sqli.yaml 2021-04-28 15:48:34 +05:30
sandeep 5f5430a7a4 Payload and matcher fix 2021-04-28 14:42:10 +05:30
sullo be24a83a98 Simplify regex 2021-04-27 10:42:41 -04:00
sullo 1824c1df92 More flexible matching to prevent false-negatives 2021-04-27 10:38:57 -04:00
Noam Rathaus 3bdb2fdbd4 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-27 14:02:16 +03:00
Noam Rathaus f55bb45e75 Give some description 2021-04-27 14:02:08 +03:00
sandeep 3adf607b6f Matcher for DNS interaction 2021-04-27 16:24:39 +05:30
Prince Chaddha eaf70d16ab
Merge pull request #1350 from projectdiscovery/princechaddha-patch-15
Create zcms-v3-sqli.yaml
2021-04-27 16:09:32 +05:30
Prince Chaddha 427f99b0c1
Update wordpress-rce-simplefilelist.yaml 2021-04-27 15:25:28 +05:30
Noam Rathaus 1aca402bf6 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-27 09:42:50 +03:00
Noam Rathaus 4cc6b3bdb0 Reduce FP due to not actually execution of the PHP but rather it being returned as is (the content) 2021-04-27 09:42:41 +03:00
Prince Chaddha d705648dc4
Merge pull request #1343 from projectdiscovery/princechaddha-patch-8
Create spark-webui-unauth.yaml
2021-04-26 21:58:53 +05:30
Prince Chaddha 3079fce648
Update spark-webui-unauth.yaml 2021-04-26 21:57:46 +05:30
Prince Chaddha f726562445
Update spark-webui-unauth.yaml 2021-04-26 21:56:13 +05:30
Prince Chaddha 487e2300e1
Merge pull request #1331 from projectdiscovery/princechaddha-patch-1
Create unauth-spark-api.yaml
2021-04-26 21:52:22 +05:30
Prince Chaddha 5fcba18d1e
Merge pull request #1349 from projectdiscovery/princechaddha-patch-14
Create xunchi-file-read.yaml
2021-04-26 21:06:27 +05:30
Prince Chaddha ac29e9a622
Merge pull request #1348 from projectdiscovery/princechaddha-patch-13
Create xiuno-bbs-reinstallation.yaml
2021-04-26 21:05:39 +05:30
Prince Chaddha 4cc83776f3
Merge pull request #1352 from projectdiscovery/princechaddha-patch-17
Create ecology-springframework-directory-traversal.yaml
2021-04-26 20:48:30 +05:30
Noam Rathaus 2e1e0e932f Product name 2021-04-26 09:07:57 +03:00
Noam Rathaus 19a4bbc844 Correct product name, and link to the Gitee 2021-04-26 09:03:24 +03:00
Noam Rathaus 3857469468 Add reference 2021-04-26 09:01:39 +03:00
Noam Rathaus 909a0ce4dd Product seems to be called ectouch 2021-04-26 08:51:08 +03:00
Noam Rathaus bb974381b5 add references 2021-04-26 08:48:16 +03:00
Jurjen de Jonge b9ad93a3cd Reverted back to old technique
The ;INSERT method only seemed to work on my dev enviroment.
2021-04-24 22:15:57 +03:00