sullo
ef1f7c5e92
Updates across many templates for clarity, spelling, and grammar.
2021-09-05 17:13:45 -04:00
sandeep
c266084621
Added stop-at-first-match in applicable templates
2021-09-02 17:29:10 +05:30
sandeep
faf111362c
Removing extra space
2021-09-01 12:37:02 +05:30
forgedhallpass
a4250b8f2f
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-26 15:04:14 +03:00
Sandeep Singh
e66463d466
Merge pull request #2355 from G4L1T0/corsmisc
...
add cors-misconfig.yaml
2021-08-26 04:26:37 +05:30
sandeep
1999a9b560
Enhanced CORS checks
2021-08-26 04:24:06 +05:30
forgedhallpass
a124e393b4
Merge remote-tracking branch 'origin' into dynamic_attributes
2021-08-23 19:15:14 +03:00
sandeep
e160acb481
misc updates
2021-08-20 16:37:22 +05:30
forgedhallpass
77103bc629
Satisfying the linter (all errors and warnings)
...
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass
7b29be739e
Merge branch 'master' into dynamic_attributes
2021-08-19 16:23:26 +03:00
forgedhallpass
ffaff64565
Changes fixes/around dynamic attributes ("additional-fields")
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass
cdf9451158
Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
...
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
Prince Chaddha
067c9a8755
Create xmlrpc-pingback-ssrf.yaml
2021-08-18 16:39:22 +05:30
Prince Chaddha
f60cef447b
Update generic-blind-xxe.yaml
2021-08-17 22:57:34 +05:30
Prince Chaddha
c39f0e2077
Create generic-blind-xxe.yaml
2021-08-17 17:18:52 +05:30
Prince Chaddha
6ac4da7993
Merge branch 'master' into corsmisc
2021-08-11 13:17:10 +05:30
Prince Chaddha
b466fce758
Update basic-cors.yaml
2021-08-11 13:15:04 +05:30
Prince Chaddha
5ac272597b
Delete cors-misconfig.yaml
2021-08-11 13:14:04 +05:30
Prince Chaddha
cb94b58009
Update basic-cors.yaml
2021-08-11 13:13:45 +05:30
Prince Chaddha
d49dc5f9d4
Update top-xss-params.yaml
2021-08-11 13:08:49 +05:30
Prince Chaddha
c576f4317b
Update open-redirect.yaml
2021-08-11 13:08:24 +05:30
Prince Chaddha
efa7319d40
Update generic-windows-lfi.yaml
2021-08-11 13:08:11 +05:30
Prince Chaddha
57b8d89815
Update generic-linux-lfi.yaml
2021-08-11 13:08:00 +05:30
Prince Chaddha
cbfe76f33f
Update error-based-sql-injection.yaml
2021-08-11 13:07:46 +05:30
Prince Chaddha
aa0b195c99
Update crlf-injection.yaml
2021-08-11 13:07:36 +05:30
Prince Chaddha
2165418c59
Update cache-poisoning.yaml
2021-08-11 13:07:27 +05:30
Prince Chaddha
4d4ae2edd2
Update basic-xss-prober.yaml
2021-08-11 13:07:17 +05:30
Prince Chaddha
791472aa2b
Update basic-cors.yaml
2021-08-11 13:07:05 +05:30
G4L1T0
a44324ec2f
updatev2 cors-misconfig.yaml
2021-08-09 11:57:37 -03:00
G4L1T0
e98fb7179e
update cors-misconfig.yaml
2021-08-09 11:56:37 -03:00
sandeep
318aa4736e
misc update
2021-08-07 23:04:27 +05:30
sandeep
2233ebf3f1
moving files around
2021-08-07 23:02:17 +05:30
sandeep
d564c257d8
Additional check add
2021-06-29 17:26:42 +05:30
Emad Youssef
38668c44e7
Update open-redirect.yaml
...
this payload worked for me while i was hunting.
2021-06-21 10:21:44 +02:00
sandeep
962959f573
Removed invalid payload
2021-06-11 22:20:01 +05:30
Prince Chaddha
83ce809e8d
Updated author names
2021-06-09 17:50:56 +05:30
sandeep
7cd00b6145
Removing invalid paths
2021-05-11 02:15:17 +05:30
Geeknik Labs
37ac4c0924
Update top-xss-params.yaml
...
Fix more false positives.
2021-05-10 18:39:09 +00:00
Geeknik Labs
dea16d4ebd
Update top-xss-params.yaml
...
Fixes an edge case false positive on AkamaiGhost servers
2021-05-10 18:20:48 +00:00
Sandeep Singh
bd9997113e
Merge pull request #1430 from geeknik/patch-90
...
Update open-redirect.yaml
2021-05-07 16:18:32 +05:30
sandeep
871a4107b5
Added complete payload and matcher
2021-05-07 15:21:59 +05:30
Geeknik Labs
2f41002213
Update open-redirect.yaml
2021-05-06 22:38:09 +00:00
Geeknik Labs
565404910b
Update top-xss-params.yaml
2021-05-06 12:55:40 +00:00
sandeep
020c9a959c
Additional payload
2021-04-29 13:38:39 +05:30
sullo
be24a83a98
Simplify regex
2021-04-27 10:42:41 -04:00
sullo
1824c1df92
More flexible matching to prevent false-negatives
2021-04-27 10:38:57 -04:00
Geeknik Labs
05c948eddd
Update error-based-sql-injection.yaml
2021-04-23 14:12:58 +00:00
Gal Nagli
ab46a9b2f0
Update basic-cors.yaml
...
Severity should be info.
2021-04-10 01:01:09 +03:00
sandeep
0c243d188a
tags improvements
2021-04-06 13:45:46 +05:30
sandeep
40fb0066c3
more reference
2021-04-02 21:38:35 +05:30
sandeep
3daa03c799
Update cache-poisoning.yaml
2021-04-02 19:19:50 +05:30
Mohamed Elbadry
5eb1e78503
Create cache-poisoning.yaml
2021-04-02 15:14:09 +02:00
sandeep
8fd55de534
Update error-based-sql-injection.yaml
2021-03-21 20:28:22 +05:30
Geeknik Labs
a3d7047521
Update error-based-sql-injection.yaml
...
Reverting back to raw http request. Sending encoded requests using net/http were missing blatant SQL injections.
Before:
[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[INF] No results found. Better luck next time!
After:
[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[2021-03-20 14:48:59] [error-based-sql-injection:MariaDB] [http] [high] https://REDACTED/ ') [check the manual that corresponds to your MariaDB server version]
2021-03-20 19:52:48 +00:00
sandeep
0c602a56e7
Update error-based-sql-injection.yaml
2021-03-18 14:05:19 +05:30
Geeknik Labs
988d0c75c9
Update error-based-sql-injection.yaml
2021-03-17 20:39:57 +00:00
Geeknik Labs
019a193aec
Update error-based-sql-injection.yaml
2021-03-17 19:31:08 +00:00
Geeknik Labs
be020357e8
Update error-based-sql-injection.yaml
2021-03-17 19:25:02 +00:00
Geeknik Labs
99bb91c255
Update error-based-sql-injection.yaml
2021-03-17 19:19:27 +00:00
Geeknik Labs
8fe5f4e1ff
Create error-based-sql-injection.yaml
...
🎉 OMG 🎉
Detect Error Based SQL Injection
Includes regex matchers + extractors for 29 Database Engines
💥 https://buymeacoffee.com/geeknik 💥
2021-03-17 17:30:53 +00:00
sandeep
5241e0f960
Update open-redirect.yaml
2021-02-26 01:16:45 +05:30
ganoes
8927253cb3
Improvement of the regex in open redirection template
2021-02-25 11:13:01 +01:00
Geeknik Labs
07eb454de6
Update open-redirect.yaml
...
Seems a bit rude to add a production website like test.com to a template like this will generate a ton of unexpected traffic for a company who might not be expecting it or appreciating it.
2021-02-15 17:42:57 +00:00
sandeep
0c82bbb53c
Update open-redirect.yaml
2021-02-14 17:12:34 +05:30
sandeep
0ee8b53fb4
payload updates
2021-02-14 17:11:51 +05:30
Afaq
dea2fd28dc
update name
2021-02-14 13:35:57 +05:00
Afaq
01535dd36a
added new signatures for URL Redirect
...
Update double quotes with single quotes against escaping, and added new signatures
2021-02-14 13:29:18 +05:00
sandeep
ec7a29957d
Adding tags to vulnerabilities and workflows
2021-02-12 11:23:01 +05:30
team-projectdiscovery
1468d8a52c
matcher updates
2021-01-11 12:14:22 +05:30
team-projectdiscovery
187e4a5feb
moving more files around
2021-01-09 18:32:04 +05:30
team-projectdiscovery
95d784d9b7
moving folder/files around
2021-01-08 22:25:54 +05:30