Muhammad Daffa
c83d035fff
Seperate technology template ( #3430 )
...
* Edit magmi workflow
* Add some workflow template + edit some template
* Changing some templates
* minor update
* workflow matcher fixes
* tech update
* Seperate technology template
* Update metabase-panel.yaml
* Update lucee-detect.yaml
* Update oneblog-detect.yaml
* Update dolibarr-panel.yaml
* Update dolibarr-panel.yaml
* Update dolibarr-panel.yaml
* Update gespage-panel.yaml
* Update gespage-panel.yaml
* Update mautic-crm-panel.yaml
* Update kibana-panel.yaml
* Update metabase-panel.yaml
* Update home-assistant-detect.yaml
* Update jitsi-meet-detect.yaml
* Update lucee-detect.yaml
* Update gotmls-plugin-lfi.yaml
* Update and rename technologies/opencast-detect.yaml to exposed-panels/opencast-detect.yaml
* duplicate template - cves/2020/CVE-2020-11738.yaml
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2021-12-31 17:57:46 +05:30
Exid
80489bce76
Added wordpress-xmlrpc-brute-force.yaml ( #3445 )
...
* wp-xmlrpc-brute-force.yaml file was added
A Nuclei template for bruteforcing username and password through XMLRPC.
* wp-xmlrpc-brute-force.yaml file added
A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php
* wp-xmlrpc-brute-force.yaml file added
A Nuclei template for wordpress username and password Bruteforcing throught xmlrpc.php
* Revert "wp-xmlrpc-brute-force.yaml file was added"
This reverts commit c0e4ca75a6ddbcf65e9443849a05c7b8f2625af9.
* few fixes
* Added wordpress user and pass list
* improved matcher
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-29 22:04:23 +05:30
Sandeep Singh
d6da741663
IBM WebSphere Portal SSRF ( #3442 )
...
* Added IBM WebSphere Portal SSRF Detection
* Added IBM WebSphere Panel detection
* moving templates around
2021-12-29 17:32:10 +05:30
Prince Chaddha
4ba5e931cc
Update sl-studio-lfi.yaml
2021-12-29 09:20:13 +05:30
Prince Chaddha
b7974b288e
Update and rename sl-studio-lfi.yaml to vulnerabilities/other/sl-studio-lfi.yaml
2021-12-29 09:16:32 +05:30
Emad Youssef
ce7b60d79c
Update open-redirect.yaml ( #3404 )
...
* Update open-redirect.yaml
add new payloads
* minor update
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-26 20:53:11 +05:30
Prince Chaddha
0ddd4c7911
Update and rename dicoogle-pacs-lfi.yaml to vulnerabilities/other/dicoogle-pacs-lfi.yaml
2021-12-24 19:23:04 +05:30
johnk3r
fa99cba4b3
Create vmware-horizon-log4j-jndi-rce.yaml ( #3403 )
...
* Create vmware-horizon-log4j-jndi-rce.yaml
* Update vmware-horizon-log4j-jndi-rce.yaml
* Update vmware-horizon-log4j-jndi-rce.yaml
* minor update
* minor update
* Added VMware Horizon detection
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-23 22:30:08 +05:30
niudaii
8289e92291
Fixed h3c-imc-rce.yaml ( #3401 )
...
* Fixed h3c-imc-rce.yaml
* Update h3c-imc-rce.yaml
* Additional payload for windows
Co-authored-by: niudai <niudai@zp857s-mbp.local>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-23 20:23:42 +05:30
Sandeep Singh
c57984b8f8
Added UniFi Network Log4j JNDI RCE ( #3402 )
...
Co-Authored-By: KrE80r <13027962+KrE80r@users.noreply.github.com>
Co-authored-by: KrE80r <13027962+KrE80r@users.noreply.github.com>
2021-12-23 08:57:03 +05:30
Melvin
7933cfc470
Removing extra space from raw HTTP request
...
Should prevent issues with parsing this request
2021-12-22 13:33:51 +01:00
Prince Chaddha
a511dac237
Merge pull request #3354 from DhiyaneshGeek/master
...
Create wordpress-ssrf-oembed.yaml
2021-12-21 18:48:42 +05:30
Prince Chaddha
6e6349205d
Update and rename pacsone-server-6-6-2-lfi.yaml to vulnerabilities/other/pacsone-server-lfi.yaml
2021-12-21 17:32:19 +05:30
Sandeep Singh
7a5cdc2bc3
Added ServiceNow Helpdesk Credential Exposure ( #3371 )
...
* Added ServiceNow Helpdesk Credential Exposure
Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com>
* matcher update
Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com>
2021-12-19 23:42:01 +05:30
Sandeep Singh
4af3a04b3c
Apache OFBiz Log4j JNDI RCE ( #3374 )
...
* Added Apache OFBiz Log4j JNDI RCE
* fixed matcher to match hostname in both cases
2021-12-18 15:46:49 +05:30
Prince Chaddha
dcf3f57bdf
Merge pull request #3373 from projectdiscovery/princechaddha-patch-2
...
Create global-domains-xss.yaml
2021-12-18 15:02:06 +05:30
Prince Chaddha
71027cbc79
Merge pull request #3357 from Akokonunes/patch-90
...
Create global-domains-lfi.yaml
2021-12-18 14:52:35 +05:30
Prince Chaddha
3b067a1aca
Create global-domains-xss.yaml
2021-12-18 14:51:08 +05:30
Prince Chaddha
0f40857119
Update and rename global-domains-lfi.yaml to vulnerabilities/other/global-domains-lfi.yaml
2021-12-18 14:43:28 +05:30
Prince Chaddha
9a4941d995
Merge pull request #3356 from Akokonunes/patch-89
...
Create groupoffice-lfi.yaml
2021-12-18 14:33:42 +05:30
Prince Chaddha
7b39972bfd
Merge pull request #3367 from gy741/rule-add-v80
...
Create oliver-library-server-lfi.yaml
2021-12-18 14:33:23 +05:30
Prince Chaddha
d911551318
Merge pull request #3358 from Akokonunes/patch-91
...
Create asanhamayesh-cms-lfi.yaml
2021-12-18 14:32:12 +05:30
Prince Chaddha
c6521085b7
Update groupoffice-lfi.yaml
2021-12-18 14:32:09 +05:30
Prince Chaddha
4747277a4e
Update and rename asanhamayesh-cms-lfi.yaml to vulnerabilities/other/asanhamayesh-lfi.yaml
2021-12-18 14:28:39 +05:30
Prince Chaddha
35faabd29f
Update and rename groupoffice-lfi.yaml to vulnerabilities/other/groupoffice-lfi.yaml
2021-12-18 14:26:46 +05:30
Prince Chaddha
8afbfdc8dc
Update and rename oliver-library-server-lfi.yaml to oliver-library-lfi.yaml
2021-12-18 14:23:57 +05:30
GwanYeong Kim
4fdb934da0
Create oliver-library-server-lfi.yaml
...
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-18 10:55:28 +09:00
meme-lord
09324d1be7
Added MobileIron log4j template ( #3355 )
...
* Added MobileIron log4j
* misc updates
Co-authored-by: meme-lord <17912559+meme-lord@users.noreply.github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-16 22:37:32 +05:30
sandeep
fdeb2b8500
Merge branch 'master' of https://github.com/DhiyaneshGeek/nuclei-templates into pr/3354
2021-12-16 14:32:14 +05:30
Dhiyaneshwaran
7670d1d6b8
Update wordpress-ssrf-oembed.yaml
2021-12-16 14:28:12 +05:30
sandeep
1cfc899a27
update: lint fix
2021-12-16 14:25:00 +05:30
Dhiyaneshwaran
77441c0d81
Update wordpress-ssrf-oembed.yaml
2021-12-16 14:24:56 +05:30
Dhiyaneshwaran
0047b611cf
Update wordpress-ssrf-oembed.yaml
2021-12-16 14:21:53 +05:30
Dhiyaneshwaran
499fe055bf
Create wordpress-ssrf-oembed.yaml
2021-12-16 13:48:34 +05:30
sandeep
39a71c641a
update: added more reference
2021-12-15 21:20:18 +05:30
Evan Rubinstein
11fe2fdfee
Added apache-solr-log4j RCE ( #3336 )
...
* update: added apache-solr-log4j-rce
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
2021-12-15 21:15:43 +05:30
Sandeep Singh
d9ed21458f
Added VMware VCenter Log4j JNDI RCE ( #3340 )
...
* Added VMware VCenter Log4j JNDI RCE
Co-Authored-By: FQ Hsu <fanqxu@gmail.com>
* update: removed static UA
Co-Authored-By: FQ Hsu <fanqxu@gmail.com>
Co-authored-by: FQ Hsu <fanqxu@gmail.com>
2021-12-14 21:27:30 +05:30
sandeep
c9ddd7a0ae
update: id + reference update
2021-12-14 21:07:46 +05:30
Evan Rubinstein
dddb0bbb82
Added CVE-2021-24997 ( #3298 )
...
* Added CVE-39226
* Added CVE-39226
* Delete CVE-39226.yaml
* Renamed CVE-39226 to CVE-2021-39226
Fixed naming error
* Added Wp-Guppy-Information-Disclosure template
* Removed File
Found better descriptor
* Added CVE-2021-24997
Added WordPress Guppy Information Disclosure CVE
* Fixed CVE-2021-24997
Fixed YAML formatting
* Fixed Typo
URL Path had an extra double quote
* Auto Generated Templates Stats [Wed Dec 8 23:07:24 UTC 2021] 🤖
* Deleted Blank Space
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Update CVE-2021-24997.yaml
* Added CVE-2021-43496
* Update CVE-2021-43496.yaml
* fix: syntax update
* Added New Vuln
* Update CVE-2021-24997.yaml
* Update CVE-2021-43496.yaml
* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml
* fix: lints update
Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
2021-12-14 02:22:26 +05:30
pudsec
8cac8b5a36
Update open-redirect.yaml ( #3333 )
2021-12-13 20:42:06 +05:30
S Bani
b76dbf91c6
Add Another Redirect Payload and Extend the Regex to Recognize it ( #3299 )
...
* Fix Open Redirect Header Regex
The regex was missing the correct escaping for special char `/`
* Add New General Open Redirect
There's another option for open redirects. I tested it in FF and Chrome.
* Update Location Redirect Regex
* update: mix changes
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-13 20:38:21 +05:30
Prince Chaddha
79a95a56d7
Update and rename pieregister-plugin-open-redirect.yaml to vulnerabilities/wordpress/pieregister-open-redirect.yaml
2021-12-12 16:59:16 +05:30
Dwi Siswanto
6a4bbdf93a
Update Grafana Arbitrary File Read ( #3321 )
...
* Add Grafana plugins wordlist
* Using payloads instead
* fix: updated variable name
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-11 11:07:55 +05:30
Prince Chaddha
0e94557017
Merge pull request #3248 from pikpikcu/patch-307
...
added thruk-xss
2021-12-09 22:01:56 +05:30
Prince Chaddha
f476c5ff5b
Update thruk-xss.yaml
2021-12-09 21:58:15 +05:30
Prince Chaddha
d35a55f7b4
Update and rename watchguard-fireware-ad-helper-component-credentials-disclosure.yaml to watchguard-credentials-disclosure.yaml
2021-12-09 21:05:13 +05:30
GwanYeong Kim
bde4e1815a
Create watchguard-fireware-ad-helper-component-credentials-disclosure.yaml
...
a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext.
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-09 16:02:48 +09:00
Sandeep Singh
2521cb62bf
Added CVE-2021-43798 ( #3296 )
...
* Added CVE-2021-43798
* updated with default plugin list
* Update grafana-file-read.yaml
2021-12-08 16:46:47 +05:30
z0ne
d79b085051
add grafana file read ( #3286 )
...
* add grafana file read
* update: more reference
Co-authored-by: dev <z0ne>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-07 15:42:59 +05:30
Prince Chaddha
fdcccb5938
Update and rename netsweeper-reflected-xss.yaml to netsweeper-rxss.yaml
2021-12-07 13:56:30 +05:30