Commit Graph

121 Commits (e2778058fbd7fe81313395b1e73f2bc58562ac2a)

Author SHA1 Message Date
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
sandeep c266084621 Added stop-at-first-match in applicable templates 2021-09-02 17:29:10 +05:30
sandeep faf111362c Removing extra space 2021-09-01 12:37:02 +05:30
forgedhallpass a4250b8f2f Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-26 15:04:14 +03:00
Sandeep Singh e66463d466
Merge pull request #2355 from G4L1T0/corsmisc
add cors-misconfig.yaml
2021-08-26 04:26:37 +05:30
sandeep 1999a9b560 Enhanced CORS checks 2021-08-26 04:24:06 +05:30
forgedhallpass a124e393b4 Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 19:15:14 +03:00
sandeep e160acb481 misc updates 2021-08-20 16:37:22 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass ffaff64565 Changes fixes/around dynamic attributes ("additional-fields")
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:17:27 +03:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
Prince Chaddha 067c9a8755
Create xmlrpc-pingback-ssrf.yaml 2021-08-18 16:39:22 +05:30
Prince Chaddha f60cef447b
Update generic-blind-xxe.yaml 2021-08-17 22:57:34 +05:30
Prince Chaddha c39f0e2077
Create generic-blind-xxe.yaml 2021-08-17 17:18:52 +05:30
Prince Chaddha 6ac4da7993
Merge branch 'master' into corsmisc 2021-08-11 13:17:10 +05:30
Prince Chaddha b466fce758
Update basic-cors.yaml 2021-08-11 13:15:04 +05:30
Prince Chaddha 5ac272597b
Delete cors-misconfig.yaml 2021-08-11 13:14:04 +05:30
Prince Chaddha cb94b58009
Update basic-cors.yaml 2021-08-11 13:13:45 +05:30
Prince Chaddha d49dc5f9d4
Update top-xss-params.yaml 2021-08-11 13:08:49 +05:30
Prince Chaddha c576f4317b
Update open-redirect.yaml 2021-08-11 13:08:24 +05:30
Prince Chaddha efa7319d40
Update generic-windows-lfi.yaml 2021-08-11 13:08:11 +05:30
Prince Chaddha 57b8d89815
Update generic-linux-lfi.yaml 2021-08-11 13:08:00 +05:30
Prince Chaddha cbfe76f33f
Update error-based-sql-injection.yaml 2021-08-11 13:07:46 +05:30
Prince Chaddha aa0b195c99
Update crlf-injection.yaml 2021-08-11 13:07:36 +05:30
Prince Chaddha 2165418c59
Update cache-poisoning.yaml 2021-08-11 13:07:27 +05:30
Prince Chaddha 4d4ae2edd2
Update basic-xss-prober.yaml 2021-08-11 13:07:17 +05:30
Prince Chaddha 791472aa2b
Update basic-cors.yaml 2021-08-11 13:07:05 +05:30
G4L1T0 a44324ec2f updatev2 cors-misconfig.yaml 2021-08-09 11:57:37 -03:00
G4L1T0 e98fb7179e update cors-misconfig.yaml 2021-08-09 11:56:37 -03:00
sandeep 318aa4736e misc update 2021-08-07 23:04:27 +05:30
sandeep 2233ebf3f1 moving files around 2021-08-07 23:02:17 +05:30
sandeep d564c257d8 Additional check add 2021-06-29 17:26:42 +05:30
Emad Youssef 38668c44e7
Update open-redirect.yaml
this payload worked for me while i was hunting.
2021-06-21 10:21:44 +02:00
sandeep 962959f573 Removed invalid payload 2021-06-11 22:20:01 +05:30
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30
sandeep 7cd00b6145 Removing invalid paths 2021-05-11 02:15:17 +05:30
Geeknik Labs 37ac4c0924
Update top-xss-params.yaml
Fix more false positives.
2021-05-10 18:39:09 +00:00
Geeknik Labs dea16d4ebd
Update top-xss-params.yaml
Fixes an edge case false positive on AkamaiGhost servers
2021-05-10 18:20:48 +00:00
Sandeep Singh bd9997113e
Merge pull request #1430 from geeknik/patch-90
Update open-redirect.yaml
2021-05-07 16:18:32 +05:30
sandeep 871a4107b5 Added complete payload and matcher 2021-05-07 15:21:59 +05:30
Geeknik Labs 2f41002213
Update open-redirect.yaml 2021-05-06 22:38:09 +00:00
Geeknik Labs 565404910b
Update top-xss-params.yaml 2021-05-06 12:55:40 +00:00
sandeep 020c9a959c Additional payload 2021-04-29 13:38:39 +05:30
sullo be24a83a98 Simplify regex 2021-04-27 10:42:41 -04:00
sullo 1824c1df92 More flexible matching to prevent false-negatives 2021-04-27 10:38:57 -04:00
Geeknik Labs 05c948eddd
Update error-based-sql-injection.yaml 2021-04-23 14:12:58 +00:00
Gal Nagli ab46a9b2f0
Update basic-cors.yaml
Severity should be info.
2021-04-10 01:01:09 +03:00
sandeep 0c243d188a tags improvements 2021-04-06 13:45:46 +05:30
sandeep 40fb0066c3 more reference 2021-04-02 21:38:35 +05:30
sandeep 3daa03c799 Update cache-poisoning.yaml 2021-04-02 19:19:50 +05:30
Mohamed Elbadry 5eb1e78503
Create cache-poisoning.yaml 2021-04-02 15:14:09 +02:00
sandeep 8fd55de534 Update error-based-sql-injection.yaml 2021-03-21 20:28:22 +05:30
Geeknik Labs a3d7047521
Update error-based-sql-injection.yaml
Reverting back to raw http request. Sending encoded requests using net/http were missing blatant SQL injections. 

Before:

[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[INF] No results found. Better luck next time!

After:

[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[2021-03-20 14:48:59] [error-based-sql-injection:MariaDB] [http] [high] https://REDACTED/') [check the manual that corresponds to your MariaDB server version]
2021-03-20 19:52:48 +00:00
sandeep 0c602a56e7 Update error-based-sql-injection.yaml 2021-03-18 14:05:19 +05:30
Geeknik Labs 988d0c75c9
Update error-based-sql-injection.yaml 2021-03-17 20:39:57 +00:00
Geeknik Labs 019a193aec
Update error-based-sql-injection.yaml 2021-03-17 19:31:08 +00:00
Geeknik Labs be020357e8
Update error-based-sql-injection.yaml 2021-03-17 19:25:02 +00:00
Geeknik Labs 99bb91c255
Update error-based-sql-injection.yaml 2021-03-17 19:19:27 +00:00
Geeknik Labs 8fe5f4e1ff
Create error-based-sql-injection.yaml
🎉  OMG 🎉 
Detect Error Based SQL Injection
Includes regex matchers + extractors for 29 Database Engines
💥 https://buymeacoffee.com/geeknik 💥
2021-03-17 17:30:53 +00:00
sandeep 5241e0f960 Update open-redirect.yaml 2021-02-26 01:16:45 +05:30
ganoes 8927253cb3 Improvement of the regex in open redirection template 2021-02-25 11:13:01 +01:00
Geeknik Labs 07eb454de6
Update open-redirect.yaml
Seems a bit rude to add a production website like test.com to a template like this will generate a ton of unexpected traffic for a company who might not be expecting it or appreciating it.
2021-02-15 17:42:57 +00:00
sandeep 0c82bbb53c Update open-redirect.yaml 2021-02-14 17:12:34 +05:30
sandeep 0ee8b53fb4 payload updates 2021-02-14 17:11:51 +05:30
Afaq dea2fd28dc
update name 2021-02-14 13:35:57 +05:00
Afaq 01535dd36a
added new signatures for URL Redirect
Update double quotes with single quotes against escaping, and added new signatures
2021-02-14 13:29:18 +05:00
sandeep ec7a29957d Adding tags to vulnerabilities and workflows 2021-02-12 11:23:01 +05:30
team-projectdiscovery 1468d8a52c matcher updates 2021-01-11 12:14:22 +05:30
team-projectdiscovery 187e4a5feb moving more files around 2021-01-09 18:32:04 +05:30
team-projectdiscovery 95d784d9b7 moving folder/files around 2021-01-08 22:25:54 +05:30