daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,568 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

222 Commits (b1e401ff9c2212d9956150e61ed3c2b3d265fadc)

Author SHA1 Message Date
sandeep b1e401ff9c Delete adobe-connect-xss.yaml 2021-06-15 15:54:19 +05:30
sandeep 891e8374b1 misc changes 2021-06-14 20:32:21 +05:30
Dhiyaneshwaran 629b655ef1
Create adobe-connect-xss.yaml 2021-06-13 23:54:48 +05:30
Dhiyaneshwaran afec528d82
Create adobe-connect-version.yaml 2021-06-13 23:40:58 +05:30
Dhiyaneshwaran 6e727805c1
Create adobe-connect-username-exposure.yaml 2021-06-13 23:25:39 +05:30
sandeep 8d35960831 Strict matchers 2021-06-10 21:18:38 +05:30
Sandeep Singh 13090ace75
Merge pull request #1659 from WillD96/IIS-Internal-IP-Disclosure 
Created IIS Internal IP Disclosure Template
 2021-06-10 00:02:02 +05:30
r3naissance aa9e899dd2
Added conditional word in body 
I found this be a valid finding /actuator/env on a production host but was missing additional words to check which was causing a false negative. 'activeProfiles' allows this test to pass on the instance that I came across.
 2021-06-09 11:36:54 -06:00
sandeep 3c6aa9da0c misc updates 2021-06-09 22:15:55 +05:30
Will Davison cd06c6137f Fixed trailing spaces 2021-06-09 16:04:53 +01:00
Will Davison ad8d064bf9 Fixed linting error. 2021-06-09 15:40:06 +01:00
Will Davison 6279e1fb70 Added template for IIS Internal IP Disclosure 
By sending a HTTP 1.0 request to the root of the webserver, sometimes an internal IP address is disclosed in the Location header of the 302 response.
 2021-06-09 15:30:59 +01:00
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30
Prince Chaddha 0013f94807
Merge pull request #1631 from projectdiscovery/sap_update 
SAP NetWeaver update
 2021-06-09 14:17:51 +05:30
sandeep 1851068721 Updated matcher 2021-06-08 00:33:06 +05:30
sandeep 0fe0d327b0 moving files around 2021-06-07 19:57:59 +05:30
Dhiyaneshwaran 52adac2e12
Create firebase-urls.yaml 2021-06-06 19:38:51 +05:30
Dhiyaneshwaran 158914d4db
Create artifactory-anonymous-deploy.yaml 2021-06-06 19:37:32 +05:30
Prince Chaddha 1d07ace8a5
Merge pull request #1634 from DhiyaneshGeek/master 
Exposed jQuery File Upload
 2021-06-06 17:58:25 +05:30
Prince Chaddha 6649abf131
Update exposed-jquery-file-upload.yaml 2021-06-06 17:55:05 +05:30
Sandeep Singh fae9755374
Merge pull request #1639 from pdelteil/patch-9 
Update shell-history.yaml
 2021-06-06 13:40:47 +05:30
sandeep 0cf8ffdc57 misc changes 2021-06-06 13:39:16 +05:30
sandeep e2eaedc6a1 misc updates 2021-06-06 13:19:01 +05:30
Philippe Delteil 652da29f9a
Update shell-history.yaml 
There are two problems with this template, it only checks for chmod commands but most importantly doesn't check for html tags. A real history file the response doesn't include html tags at all. 

So, I'm adding two rules: Check for another possible commands (from real example) and adding a negative rule to discard false positives like this one:

nuclei -debug -t /home/kali/nuclei-templates/misconfiguration/shell-history.yaml -u http://777.urbanup.com
 2021-06-05 22:06:30 -04:00
Philippe Delteil 9014a4b0a2
Update aws-object-listing.yaml 
Added extractor that retrieves the name of the s3 bucket. 

Test
nuclei -t nuclei-templates/misconfiguration/aws-object-listing.yaml -u http://img.secnews.gr


[2021-06-06 01:19:10] [aws-object-listing] [http] [low] http://imgcdn.secnews.gr [img.secnews.gr]
 2021-06-05 21:27:44 -04:00
Dhiyaneshwaran 0d82660f90
Create exposed-jquery-file-upload.yaml 2021-06-05 22:04:09 +05:30
sandeep a85c1dd35a Moving files around + duplicate remove 2021-06-05 15:57:13 +05:30
sandeep ae8c130668 Moving files around 2021-06-05 15:55:01 +05:30
sandeep edcc35d604 Added Private key exposure via helper detector 2021-06-04 20:46:19 +05:30
sandeep 0c436e35aa Added airflow-debug 2021-06-03 19:39:51 +05:30
sandeep 0c4f75d3ad Duplicate template 2021-06-03 18:44:50 +05:30
sandeep bdc803fd4b Added CVE-2020-13927 2021-06-03 14:23:34 +05:30
Prince Chaddha f63cd48c79
Update alibaba-mongoshake-unauth.yaml 2021-06-02 01:16:41 +05:30
PikPikcU 9f8852572e
Create alibaba-mongoshake-unauth.yaml 2021-06-01 10:53:26 +00:00
Prince Chaddha cf0a3f69c6
Update kubernetes-pods.yaml 2021-05-27 02:45:50 +05:30
Prince Chaddha 8d65ab7958
Update exposed-docker-api.yaml 2021-05-27 02:44:54 +05:30
Prince Chaddha da49c78c7c
Update docker-registry.yaml 2021-05-27 02:44:33 +05:30
Prince Chaddha 0ed9fe6fa3
Update misconfigured-docker.yaml 2021-05-27 02:42:11 +05:30
Sandeep Singh 6e23c0c207
Merge pull request #1528 from projectdiscovery/DhiyaneshGeek/master 
Dhiyanesh geek/master
 2021-05-24 01:28:15 +05:30
sandeep 8a182ff0cc misc changes 2021-05-24 01:26:48 +05:30
Dhiyaneshwaran 22812d2112
Create cx-cloud-upload-detect.yaml 2021-05-23 17:07:30 +05:30
Geeknik Labs c83785f916
Update server-status-localhost.yaml 
OCD
 2021-05-22 13:46:31 -05:00
Dhiyaneshwaran 7499faff02
Create kubeflow-dashboard-unauth.yaml 2021-05-22 20:05:32 +05:30
Dhiyaneshwaran 4fc7bd61fe
Create pinpoint-unauth.yaml 2021-05-22 20:01:28 +05:30
TheConciergeDev a1c283da87
Update java-melody-exposed.yaml 2021-05-21 15:42:46 +02:00
TheConciergeDev 8e5255c407
updated tags 
The affected technology is JavaMelody - the given services in the tag help to mitigate the problem, however are not the affected technology themselves. 

Ref: https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
 2021-05-21 15:42:29 +02:00
Ajaysen R 842d62bb40
Create springboot-beans.yaml 2021-05-20 01:39:21 +05:30
Ajaysen R aabf384e39
Update springboot-httptrace.yaml 
It can be accessed via a path like /httptrace also.
 2021-05-19 12:36:42 +05:30
sandeep 0f13cd506c misc changes 2021-05-16 21:04:58 +05:30
Dhiyaneshwaran b01fc7c9d7
Create tensorflow-unauth.yaml 2021-05-16 18:34:43 +05:30