Commit Graph

603 Commits (bab022cfe0a3074e632db6c68e72c2c5afabc70a)

Author SHA1 Message Date
pussycat0x a7c02f99dc
Update unauth-securityspy-camera-detect.yaml 2021-10-25 10:34:24 +05:30
pussycat0x 2b4356dcc1
Add files via upload 2021-10-25 08:34:17 +05:30
pussycat0x 854016684c
Add files via upload 2021-10-24 18:05:09 +05:30
sandeep 80301e3f63 Added Wildcard postMessage detection 2021-10-23 23:34:49 +05:30
sandeep c849b7d51a metadata update 2021-10-22 23:22:36 +05:30
Sandeep Singh fc1b7a658c
Merge pull request #2956 from CristiVlad25/misconfig
Created app.yaml Template
2021-10-22 22:38:45 +05:30
sandeep 62dc0c0c31 misc update 2021-10-22 22:19:12 +05:30
Dhiyaneshwaran 444fa88b24
Create jaeger-ui-dashboard.yaml 2021-10-22 22:15:57 +05:30
Cristi Vlad 8632760893 Created app.yaml Template 2021-10-22 12:17:44 +03:00
Sufijen Bani ac9f713d97 Merge PHP Errors Templates
There was an extra error template for PHP warnings although there was
another template holding that already.

The status code check (500) is a step that would make sense for all of
the checks. This is not limited to warnings. Though I think that error
code 500 shrinks the result set too much in this case. That's why I
would leave it out.
2021-10-21 10:46:04 +02:00
Prince Chaddha 52e498506e
Update zenphoto-sensitive-info.yaml 2021-10-19 17:45:19 +05:30
Philippe Delteil 69953cf73e
Update zenphoto-sensitive-info.yaml 2021-10-18 23:18:31 -03:00
sandeep 33badb66d1 oob tags update 2021-10-19 02:10:26 +05:30
Prince Chaddha f86ef5382b
Merge pull request #2783 from pikpikcu/patch-295
Added skycaiji
2021-10-17 22:23:07 +05:30
sandeep acda6fdb53 added missing slash 2021-10-16 01:10:48 +05:30
sandeep 196cc292b8 adding tags 2021-10-16 01:09:19 +05:30
sandeep 5e2c52f803 Merge branch 'misconfiguration' of https://github.com/CristiVlad25/nuclei-templates into pr/2900 2021-10-16 01:07:50 +05:30
sandeep dd106dcb8f misc update and moving files around 2021-10-16 01:06:37 +05:30
sandeep 10b4076f88 misc update 2021-10-14 00:14:29 +05:30
Divya 0102fad1a9
Add hpe-system-management-anonymous.yaml
Detect anonymous HPE System Management instance
2021-10-12 18:11:25 -04:00
sandeep 673a9107c5 misc updates 2021-10-11 01:38:44 +05:30
Divya 3e3e64c20e
Add unauthenticated-lansweeper.yaml
Detect unauthenticated Lansweeper instance
2021-10-10 13:03:46 -04:00
Prince Chaddha 0ed37945d6
Update skycaiji-install.yaml 2021-10-08 12:06:44 +05:30
Roman Ananyev f1e4a2b15f
Added one more status page for NGINX 2021-10-06 12:12:13 +04:00
Prince Chaddha 179e265f8a
Update and rename misconfiguration/iotawatt-configuration-app.yaml to iot/iotawatt-app-exposure.yaml 2021-10-06 11:07:51 +05:30
pussycat0x a71096bcd8
Add files via upload 2021-10-05 22:28:16 +05:30
Prince Chaddha bfb3d70662
Update and rename misconfiguration/hp-switch-default-creds.yaml to default-logins/hp/hp-switch-default-login.yaml 2021-10-05 15:19:15 +05:30
pussycat0x 6a38a61321
Update hp-switch-default-creds.yaml 2021-10-05 01:56:47 +05:30
pussycat0x f0a572eae8
Update hp-switch-default-creds.yaml 2021-10-05 01:43:14 +05:30
pussycat0x 30c447d42b
Add files via upload 2021-10-05 01:25:35 +05:30
sandeep 55b0673d27 Added IBM Websphere Friendly Path Exposure
Co-Authored-By: clarkvoss <32307041+clarkvoss@users.noreply.github.com>
2021-10-03 16:49:06 +05:30
Sullo 3878138bfe * Added Host headers where needed (validated via disclosures/posts)
* Added CVE simple-employee-rce.yaml
2021-09-30 12:52:05 -04:00
PikPikcU 553772ab8a
Create skycaiji-install.yaml 2021-09-30 23:49:10 +07:00
Prince Chaddha 807920c0ac clean-up 2021-09-21 17:16:53 +05:30
sullo b57620cce2 Typo and language corrections 2021-09-20 15:25:11 -04:00
Prince Chaddha 6564d0fca4
Merge pull request #2708 from pussycat0x/master
New templates
2021-09-20 14:18:41 +05:30
Prince Chaddha 27572bcc92
Update and rename service-pwd-expose.yaml to service-pwd.yaml 2021-09-18 12:11:19 +05:30
Prince Chaddha 4d2d1f35d6
Update service-pwd-expose.yaml 2021-09-18 12:08:32 +05:30
Prince Chaddha 6ff85169c3
Update service-pwd-expose.yaml 2021-09-18 12:03:17 +05:30
pussycat0x b49aee881b
Add files via upload 2021-09-18 10:38:21 +05:30
Sandeep Singh 117c59094b
Merge pull request #2704 from geeknik/patch-28
Update shell-history.yaml
2021-09-17 23:37:56 +05:30
Prince Chaddha 7223d54eea
Merge pull request #2649 from pussycat0x/master
Glowroot-anonymous-access
2021-09-17 22:32:06 +05:30
Geeknik Labs 7f5dd080cc
Update shell-history.yaml
Follow-up fix for comment in #2129
2021-09-17 10:00:22 -05:00
Prince Chaddha ab4e6a4dd6
Merge pull request #2696 from DhiyaneshGeek/master
New Templates Added
2021-09-17 16:29:58 +05:30
Prince Chaddha 5858e3a01c
Update and rename exposures/logs/database-error.yaml to misconfiguration/database-error.yaml 2021-09-17 13:33:54 +05:30
Prince Chaddha 769a6ea059
Update zabbix-error.yaml 2021-09-17 13:01:57 +05:30
Prince Chaddha 52162716e5
Update and rename exposures/logs/zabbix-error.yaml to misconfiguration/zabbix-error.yaml 2021-09-17 13:00:35 +05:30
Prince Chaddha 317c941340
Update php-errors.yaml 2021-09-17 12:59:34 +05:30
Sandeep Singh f47c4da9e8
Merge pull request #2694 from geeknik/geeknik-patch-1
MIscellaneous updates
2021-09-17 02:22:26 +05:30
Sandeep Singh 067247401b
Merge pull request #2442 from pdelteil/patch-38
Create springboot-info.yaml
2021-09-17 02:22:08 +05:30
sandeep 74871a7412 Update springboot-info.yaml 2021-09-17 02:21:49 +05:30
Geeknik Labs fd768f4b2c
Update rack-mini-profiler.yaml 2021-09-16 15:18:31 -05:00
Sandeep Singh 0ab82749ef
Create unauthenticated-glowroot.yaml 2021-09-15 13:28:43 +05:30
Prince Chaddha 2790f5ff9f
Update glowroot-anonymous-access.yaml 2021-09-14 15:35:52 +05:30
pussycat0x 9c5a43e25d
Glowroot-anonymous-access 2021-09-13 23:58:56 +05:30
Sandeep Singh cf4ef2ac5a
Merge pull request #2622 from projectdiscovery/missing-tags 2021-09-10 12:32:47 +05:30
sandeep bd24dc198e Coverage for all templates using tags 2021-09-09 19:08:13 +05:30
Sandeep Singh 54c9f08233
Merge pull request #2612 from projectdiscovery/cleanups
Removed extra headers not required for template
2021-09-09 14:50:00 +05:30
sandeep 39a0ffd0a5 Update python-metrics.yaml 2021-09-08 18:19:15 +05:30
Dhiyaneshwaran 664ac52065
Update python-metrics.yaml 2021-09-08 18:09:15 +05:30
Dhiyaneshwaran 85adcd95be
Update python-metrics.yaml 2021-09-08 17:58:43 +05:30
Dhiyaneshwaran 6fee9b2b1b
Create python-metrics.yaml 2021-09-08 17:48:54 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
sandeep 7e601216b9 Added additional path 2021-09-08 13:01:42 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
sandeep 63ce5e0b77 Nextcloud templates 2021-09-05 22:52:45 +05:30
Sandeep Singh ac558b2887
Merge pull request #2568 from pussycat0x/master
New Templates added
2021-09-04 15:56:17 +05:30
sandeep 969e08f12e moving files around 2021-09-04 15:54:24 +05:30
sandeep 4a9a339feb misc update 2021-09-04 15:40:34 +05:30
sandeep b74dffae92 misc update 2021-09-04 15:23:49 +05:30
Sandeep Singh d10439c29f
Merge pull request #2565 from geeknik/patch-25
Update php-errors.yaml
2021-09-04 00:43:26 +05:30
Geeknik Labs 735b1df1c5
Update php-errors.yaml 2021-09-03 12:09:59 -05:00
sandeep 32fed54169 removing duplicate templates and few updates 2021-09-03 22:35:58 +05:30
sandeep d27dadb79e updated matchers 2021-09-03 22:24:11 +05:30
pussycat0x 6ba8cb040d
Update overview-kubernetes-resource-report.yaml 2021-09-03 22:23:59 +05:30
Geeknik Labs ac4bce9ca5
Update php-errors.yaml
Made better through use of regex extractors. More useful information is displayed on-screen.
2021-09-03 11:28:42 -05:00
pussycat0x 6e2816be3e
Add files via upload 2021-09-03 20:12:53 +05:30
sandeep 90f8caf302 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates into pr/2481 2021-09-03 14:55:30 +05:30
sandeep c266084621 Added stop-at-first-match in applicable templates 2021-09-02 17:29:10 +05:30
Prince Chaddha bec1c542cd
Update unauthenticated-mongo-express.yaml 2021-08-31 13:32:56 +05:30
Prince Chaddha 212072fad2
Update unauthenticated-mongo-express.yaml 2021-08-31 13:31:48 +05:30
forgedhallpass 419a957409 Fixing errors in templates
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-27 10:43:24 +03:00
socketz ddd3ef8493 Merge branch 'master' of github.com:socketz/nuclei-templates 2021-08-25 14:32:22 +02:00
socketz c766a8454d Fixed yaml linting errors 2021-08-25 14:09:42 +02:00
Prince Chaddha 0ef631dce1
Update http-missing-security-headers.yaml 2021-08-25 16:52:35 +05:30
socketz de76c65d01
Merge branch 'projectdiscovery:master' into master 2021-08-24 13:10:56 +02:00
forgedhallpass 296edfc37b Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 14:40:33 +03:00
sandeep 76c9bbee20 minor update 2021-08-21 15:53:06 +05:30
Philippe Delteil b013ef69df
Create springboot-threaddump.yaml
Testing 

nuclei -t springboot-threaddump.yaml -u https://folhaponto.cmm.pr.gov.br/
nuclei -t springboot-threaddump.yaml -u https://ctacte.realechile.cl/
2021-08-21 00:42:49 -04:00
sandeep d3552cc6e3 Update springboot-info.yaml 2021-08-21 01:20:10 +05:30
forgedhallpass dc4cc62629 Merge remote-tracking branch 'origin/master' into dynamic_attributes 2021-08-20 15:35:17 +03:00
Philippe Delteil a5c7f36781
Update springboot-env.yaml 2021-08-20 03:12:53 -04:00
Philippe Delteil e6029630f4
Create springboot-info.yaml 2021-08-20 03:08:19 -04:00
sandeep 3f803deb28 more updates 2021-08-20 02:14:42 +05:30
sandeep 20d1f0a54f Added intrusive tag
Added intrusive tag for identification / exclusion as discussed here - https://github.com/projectdiscovery/nuclei/discussions/551
2021-08-19 22:59:45 +05:30
sandeep 4f1e61f021 Adding unique prefix for identification 2021-08-19 22:39:56 +05:30
sandeep 247b07a76a Added grafana-public-signup 2021-08-19 22:11:11 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass ffaff64565 Changes fixes/around dynamic attributes ("additional-fields")
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
Geeknik Labs 6a8d9e0687
Update and rename misconfiguration/sidekiq-dashboard.yaml to exposed-panels/sidekiq-dashboard.yaml
Added references.
Moved template to exposed-panels.
2021-08-18 14:44:12 -05:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
sandeep 8c48ca97d2 matcher + payload + regex updates 2021-08-09 21:58:28 +05:30
Sandeep Singh c4f9a2e32d
Merge pull request #2325 from pussycat0x/master
springboot Actuator
2021-08-06 21:05:54 +05:30
sandeep 1a043cc846 minor update 2021-08-06 21:02:50 +05:30
sandeep 32709de987 misc updates 2021-08-06 20:48:32 +05:30
sandeep b20ba6754d minor update 2021-08-05 16:31:01 +05:30
sandeep 1140b9117a updated matchers 2021-08-05 16:29:52 +05:30
Dhiyaneshwaran dbab8fb57a
Create office365-open-redirect.yaml 2021-08-05 15:25:08 +05:30
pussycat0x 2ad4805bcd
Add files via upload 2021-08-04 22:43:45 +05:30
pussycat0x ed8ba1451d
Update springboot-metrics.yaml 2021-08-04 22:17:33 +05:30
pussycat0x cb63ec5176
Update springboot-dump.yaml 2021-08-04 22:17:01 +05:30
pussycat0x 4715314c2b
Add files via upload 2021-08-04 22:08:47 +05:30
sandeep 89ce8da31c template update 2021-08-02 16:10:05 +05:30
Sandeep Singh ee06aea64d
Merge pull request #2262 from DhiyaneshGeek/master
New Template
2021-07-31 22:50:25 +05:30
sandeep 83a1769c04 Added Open Akamai ARL XSS Detection 2021-07-31 00:53:25 +05:30
Sandeep Singh 918a6deead
Merge pull request #2265 from pussycat0x/master
zabbix-dashboards-access
2021-07-30 02:37:02 +05:30
sandeep 6b02fb31ed updated matcher 2021-07-30 02:33:01 +05:30
pussycat0x 3caeca71ab
Add files via upload 2021-07-29 23:36:59 +05:30
Dhiyaneshwaran c8e11b8254
Create viewpoint-system-status.yaml 2021-07-29 19:08:40 +05:30
Prince Chaddha c49a4b32f1
Update android-debug-database-exposed.yaml 2021-07-29 10:47:01 +05:30
Dhiyaneshwaran 9f93ea0eba
Update android-debug-database-exposed.yaml 2021-07-28 21:37:19 +05:30
socketz 71a27da891 Added security headers templates 2021-07-28 14:40:20 +02:00
Dhiyaneshwaran bbc34b011b
Create android-debug-database-exposed.yaml 2021-07-28 17:46:31 +05:30
sandeep 1b437d300a Additional matcher for Symfony debug mode 2021-07-26 17:21:46 +05:30
sandeep bfd40054e4 matcher update 2021-07-26 15:18:10 +05:30
Pham Sy Minh 934d899f5e
Reduce false positives 2021-07-26 12:53:34 +07:00
Sandeep Singh a57bcda074
Merge pull request #2111 from pikpikcu/patch-203
Update hadoop-unauth.yaml
2021-07-26 01:35:34 +05:30
sandeep 3fc8626874 Update hadoop-unauth.yaml 2021-07-26 01:33:02 +05:30
Sandeep Singh b905a91cdc
Merge pull request #2129 from geeknik/patch-6
Update shell-history.yaml
2021-07-26 01:08:46 +05:30
sandeep bb8a22401b Separating service detection + SSRF detection 2021-07-25 15:22:09 +05:30
Pham Sy Minh cff60a04b5
Fix false positive 2021-07-25 12:14:24 +07:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
Sandeep Singh 4b444af3c4
Merge pull request #2125 from DhiyaneshGeek/master
17 New Templates Added
2021-07-24 03:26:09 +05:30
sandeep b1d8ab1193 more matchers update 2021-07-24 03:13:09 +05:30
Sandeep Singh 327819a037
Update misconfiguration/clockwork-dashboard-exposure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:24 +05:30
Sandeep Singh f8a1c2c2b5
Update misconfiguration/clockwork-dashboard-exposure.yaml
Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com>
2021-07-24 00:52:09 +05:30
Prince Chaddha 1754aecb5e
Update wamp-server-configuration.yaml 2021-07-22 17:54:19 +05:30
Geeknik Labs d354d50bb9
Update shell-history.yaml
fix false positive
2021-07-21 12:26:20 -05:00
Prince Chaddha ff374372e0
Update clockwork-dashboard-exposure.yaml 2021-07-21 17:23:40 +05:30
Dhiyaneshwaran c9852b62dd
Create clockwork-dashboard-exposure.yaml 2021-07-21 11:02:36 +05:30
PikPikcU 9c8e154b5a
Update hadoop-unauth.yaml 2021-07-20 19:29:10 +07:00
Dhiyaneshwaran 525ffdefcc
Update unauthenticated-popup-upload.yaml 2021-07-15 13:52:06 +05:30
sandeep 6dd92167eb minor updates 2021-07-13 19:35:58 +05:30
Dhiyaneshwaran 4822208487
Merge pull request #71 from projectdiscovery/master
Updation
2021-07-13 14:54:00 +05:30
Dhiyaneshwaran 51d6477505
Create unauthenticated-alert-manager.yaml 2021-07-13 14:10:37 +05:30
Sandeep Singh 920255635b
Merge pull request #1876 from pussycat0x/master
web-ftp
2021-07-13 01:53:15 +05:30
Sandeep Singh 8ec1767561
Rename hp-printer-unanuthorized-access.yaml to unauthorized-hp-printer.yaml 2021-07-13 01:45:40 +05:30
sandeep 567096e97f matcher update 2021-07-13 01:42:15 +05:30
sandeep 3b13abc7f2 matcher update 2021-07-13 01:30:58 +05:30
pussycat0x 647677f0ab
Update hp-printer-unanuthorized-access.yaml 2021-07-11 23:49:17 +05:30
pussycat0x 09b002134d
Add files via upload 2021-07-11 23:44:34 +05:30
Sandeep Singh 22421fd38e
Merge pull request #1843 from DhiyaneshGeek/master
Update AEM CRX bypass , AEM Debug XSS and Java sean debug page, Jetty showcontexts enable , jfrog-unauth-build-exposed Templates Added
2021-07-04 01:23:20 +05:30
sandeep afcbe4cfe4 minor updates 2021-07-04 01:22:08 +05:30
sandeep a5f8175017 Update unauthorized-plastic-scm.yaml 2021-07-03 16:39:59 +05:30
sandeep 5d7388f0ae Added Unauthorized Access to Plastic Admin Console 2021-07-03 16:37:11 +05:30
Dhiyaneshwaran 31a10ebfb7
Update jetty-showcontexts-enable.yaml 2021-07-02 20:50:15 +05:30
sandeep 5b91ef07a6 Update unauthenticated-glances.yaml 2021-07-02 17:15:32 +05:30
sandeep db61d85e75 minor updates 2021-07-02 17:14:03 +05:30
Dhiyaneshwaran 5f779266bc
Create jetty-showcontexts-enable.yaml 2021-07-02 08:16:57 +05:30
Dhiyaneshwaran 39eb91a582
Update aem-crx-bypass.yaml 2021-07-01 22:23:08 +05:30
Petko D. Petkov 7c39ab8c79 Check if json. 2021-06-30 12:03:47 +00:00
sandeep e8ffd4ea06 Update aem-crx-bypass.yaml 2021-06-28 20:45:41 +05:30
sandeep eaa5d7600f Added more strict matchers 2021-06-28 20:44:24 +05:30
Dhiyaneshwaran e53b262283
Update aem-crx-bypass.yaml 2021-06-28 20:23:11 +05:30
Dhiyaneshwaran 91b673ad17
Create aem-crx-bypass.yaml 2021-06-28 20:20:58 +05:30
sandeep 2a7d45fa1f more strict matcher 2021-06-26 19:42:11 +05:30
Prince Chaddha 89b4fdf8ed
Merge pull request #1757 from pussycat0x/master
New template added
2021-06-24 02:02:42 +05:30
Prince Chaddha 5fa51dd043
Update phpmyadmin-sql.php-server.yaml 2021-06-24 01:26:51 +05:30
sandeep 134a23aeab Some fixes (WIP)
- Added missing matcher condition
- Updated severity to lowercase, as it's case sensitive
2021-06-24 01:03:41 +05:30
pussycat0x 2dd0ce2664
Update phpmyadmin-sql.php-server.yaml 2021-06-23 21:37:14 +05:30
pussycat0x 5ae899a66f
Update phpmyadmin-sql.php-server.yaml 2021-06-23 21:34:13 +05:30
pussycat0x bb251938c8
Add files via upload 2021-06-22 20:40:53 +05:30
sandeep 49f9b67827 Added reference 2021-06-20 16:39:47 +05:30
Prince Chaddha bd4b43bbce
Merge pull request #995 from pikpikcu/patch-101
Create zhiyuan-oa-unauthorized
2021-06-19 12:53:24 +05:30
Prince Chaddha 5463655627
Update zhiyuan-oa-unauthorized.yaml 2021-06-19 12:52:35 +05:30
sandeep f0b67ef56b Few template updates 2021-06-18 15:53:49 +05:30
sandeep 6081edd83f Added reference 2021-06-18 12:16:27 +05:30
sandeep f9d068a105 Added ssrf-via-oauth-misconfig 2021-06-18 12:15:13 +05:30
sandeep b1e401ff9c Delete adobe-connect-xss.yaml 2021-06-15 15:54:19 +05:30
sandeep 891e8374b1 misc changes 2021-06-14 20:32:21 +05:30
Dhiyaneshwaran 629b655ef1
Create adobe-connect-xss.yaml 2021-06-13 23:54:48 +05:30
Dhiyaneshwaran afec528d82
Create adobe-connect-version.yaml 2021-06-13 23:40:58 +05:30
Dhiyaneshwaran 6e727805c1
Create adobe-connect-username-exposure.yaml 2021-06-13 23:25:39 +05:30
sandeep 8d35960831 Strict matchers 2021-06-10 21:18:38 +05:30
Sandeep Singh 13090ace75
Merge pull request #1659 from WillD96/IIS-Internal-IP-Disclosure
Created IIS Internal IP Disclosure Template
2021-06-10 00:02:02 +05:30
r3naissance aa9e899dd2
Added conditional word in body
I found this be a valid finding /actuator/env on a production host but was missing additional words to check which was causing a false negative. 'activeProfiles' allows this test to pass on the instance that I came across.
2021-06-09 11:36:54 -06:00
sandeep 3c6aa9da0c misc updates 2021-06-09 22:15:55 +05:30
Will Davison cd06c6137f Fixed trailing spaces 2021-06-09 16:04:53 +01:00
Will Davison ad8d064bf9 Fixed linting error. 2021-06-09 15:40:06 +01:00
Will Davison 6279e1fb70 Added template for IIS Internal IP Disclosure
By sending a HTTP 1.0 request to the root of the webserver, sometimes an internal IP address is disclosed in the Location header of the 302 response.
2021-06-09 15:30:59 +01:00
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30
Prince Chaddha 0013f94807
Merge pull request #1631 from projectdiscovery/sap_update
SAP NetWeaver update
2021-06-09 14:17:51 +05:30
sandeep 1851068721 Updated matcher 2021-06-08 00:33:06 +05:30
sandeep 0fe0d327b0 moving files around 2021-06-07 19:57:59 +05:30
Dhiyaneshwaran 52adac2e12
Create firebase-urls.yaml 2021-06-06 19:38:51 +05:30
Dhiyaneshwaran 158914d4db
Create artifactory-anonymous-deploy.yaml 2021-06-06 19:37:32 +05:30
Prince Chaddha 1d07ace8a5
Merge pull request #1634 from DhiyaneshGeek/master
Exposed jQuery File Upload
2021-06-06 17:58:25 +05:30
Prince Chaddha 6649abf131
Update exposed-jquery-file-upload.yaml 2021-06-06 17:55:05 +05:30
Sandeep Singh fae9755374
Merge pull request #1639 from pdelteil/patch-9
Update shell-history.yaml
2021-06-06 13:40:47 +05:30
sandeep 0cf8ffdc57 misc changes 2021-06-06 13:39:16 +05:30
sandeep e2eaedc6a1 misc updates 2021-06-06 13:19:01 +05:30
Philippe Delteil 652da29f9a
Update shell-history.yaml
There are two problems with this template, it only checks for chmod commands but most importantly doesn't check for html tags. A real history file the response doesn't include html tags at all. 

So, I'm adding two rules: Check for another possible commands (from real example) and adding a negative rule to discard false positives like this one:

nuclei -debug -t /home/kali/nuclei-templates/misconfiguration/shell-history.yaml -u http://777.urbanup.com
2021-06-05 22:06:30 -04:00
Philippe Delteil 9014a4b0a2
Update aws-object-listing.yaml
Added extractor that retrieves the name of the s3 bucket. 

Test
nuclei -t nuclei-templates/misconfiguration/aws-object-listing.yaml -u http://img.secnews.gr


[2021-06-06 01:19:10] [aws-object-listing] [http] [low] http://imgcdn.secnews.gr [img.secnews.gr]
2021-06-05 21:27:44 -04:00
Dhiyaneshwaran 0d82660f90
Create exposed-jquery-file-upload.yaml 2021-06-05 22:04:09 +05:30
sandeep a85c1dd35a Moving files around + duplicate remove 2021-06-05 15:57:13 +05:30
sandeep ae8c130668 Moving files around 2021-06-05 15:55:01 +05:30
sandeep edcc35d604 Added Private key exposure via helper detector 2021-06-04 20:46:19 +05:30
sandeep 0c436e35aa Added airflow-debug 2021-06-03 19:39:51 +05:30
sandeep 0c4f75d3ad Duplicate template 2021-06-03 18:44:50 +05:30
sandeep bdc803fd4b Added CVE-2020-13927 2021-06-03 14:23:34 +05:30
Prince Chaddha f63cd48c79
Update alibaba-mongoshake-unauth.yaml 2021-06-02 01:16:41 +05:30
PikPikcU 9f8852572e
Create alibaba-mongoshake-unauth.yaml 2021-06-01 10:53:26 +00:00
Prince Chaddha cf0a3f69c6
Update kubernetes-pods.yaml 2021-05-27 02:45:50 +05:30
Prince Chaddha 8d65ab7958
Update exposed-docker-api.yaml 2021-05-27 02:44:54 +05:30
Prince Chaddha da49c78c7c
Update docker-registry.yaml 2021-05-27 02:44:33 +05:30
Prince Chaddha 0ed9fe6fa3
Update misconfigured-docker.yaml 2021-05-27 02:42:11 +05:30
Sandeep Singh 6e23c0c207
Merge pull request #1528 from projectdiscovery/DhiyaneshGeek/master
Dhiyanesh geek/master
2021-05-24 01:28:15 +05:30
sandeep 8a182ff0cc misc changes 2021-05-24 01:26:48 +05:30
Dhiyaneshwaran 22812d2112
Create cx-cloud-upload-detect.yaml 2021-05-23 17:07:30 +05:30
Geeknik Labs c83785f916
Update server-status-localhost.yaml
OCD
2021-05-22 13:46:31 -05:00
Dhiyaneshwaran 7499faff02
Create kubeflow-dashboard-unauth.yaml 2021-05-22 20:05:32 +05:30
Dhiyaneshwaran 4fc7bd61fe
Create pinpoint-unauth.yaml 2021-05-22 20:01:28 +05:30
TheConciergeDev a1c283da87
Update java-melody-exposed.yaml 2021-05-21 15:42:46 +02:00
TheConciergeDev 8e5255c407
updated tags
The affected technology is JavaMelody - the given services in the tag help to mitigate the problem, however are not the affected technology themselves. 

Ref: https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
2021-05-21 15:42:29 +02:00
Ajaysen R 842d62bb40
Create springboot-beans.yaml 2021-05-20 01:39:21 +05:30
Ajaysen R aabf384e39
Update springboot-httptrace.yaml
It can be accessed via a path like /httptrace also.
2021-05-19 12:36:42 +05:30
sandeep 0f13cd506c misc changes 2021-05-16 21:04:58 +05:30
Dhiyaneshwaran b01fc7c9d7
Create tensorflow-unauth.yaml 2021-05-16 18:34:43 +05:30
sandeep 5488370527 Handling edge cases 2021-05-16 15:19:19 +05:30
Sandeep Singh ffe61049e7
Merge pull request #1465 from geeknik/patch-92
Create apache-filename-brute-force.yaml
2021-05-14 21:24:21 +05:30
sandeep 3203754361 Workflow and tags update 2021-05-14 19:37:13 +05:30
sandeep 450254cd3d Adding "max-size" to avoid timeout error due to response size 2021-05-14 19:22:08 +05:30
sandeep 92c742a890 severity updates 2021-05-14 18:55:06 +05:30
Geeknik Labs f5771466c1
Update apache-filename-brute-force.yaml 2021-05-12 20:31:52 +00:00
Geeknik Labs 00af677408
Create apache-filename-brute-force.yaml 2021-05-12 20:30:15 +00:00
Sandeep Singh 27ed8be9dd
Merge pull request #1444 from DhiyaneshGeek/master
PHP Debug bar,SAP Directory Listing,Unauthenticated Netdata,Zippkin Unauth
2021-05-11 23:07:35 +05:30
sandeep 915501175a file updates 2021-05-11 21:14:40 +05:30
sandeep 5b102e02ef Improved matcher 2021-05-11 21:12:10 +05:30
sandeep a854fec546 Improved matcher 2021-05-11 21:09:56 +05:30
sandeep f495d36958 minor update 2021-05-09 20:36:52 +05:30
sandeep 252e4dc2fa Adding cloudflare-image-ssrf 2021-05-09 20:26:24 +05:30
Dhiyaneshwaran a53286b201
Create zippkin-unauth.yaml 2021-05-09 12:47:14 +05:30
Dhiyaneshwaran 8093e13f63
Create sap-directory-listing.yaml 2021-05-09 12:20:03 +05:30
Dhiyaneshwaran ab93cda4ae
Create unauth-netdata.yaml 2021-05-09 11:47:58 +05:30
sandeep c062651789 minor update 2021-05-07 14:41:52 +05:30
Dhiyaneshwaran 103df33af8
Create exposed-kafdrop.yaml 2021-05-06 00:23:22 +05:30
sandeep b10918510c Adding strict matcher 2021-05-05 17:39:31 +05:30
Sandeep Singh 500ce9544b
Merge pull request #1411 from geeknik/patch-82
Create nginx-vhost-traffic-status.yaml
2021-05-05 14:29:26 +05:30