daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,343 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

582 Commits (e4c1927a2f468b41e5e4f4b77ec9d807eab366b7)

Author SHA1 Message Date
Noam Rathaus d8bd0d2744 This is a better name for the test 2021-05-02 09:07:50 +03:00
PikPikcU c5bdf6cbca
Create landray-oa-fileread.yaml 2021-05-02 04:42:37 +00:00
sandeep cc9d4eddf1 Update rce-via-java-deserialization.yaml 2021-05-01 17:22:03 +05:30
Noam Rathaus 9d66fd0ae1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-29 12:03:56 +03:00
sandeep 020c9a959c Additional payload 2021-04-29 13:38:39 +05:30
Noam Rathaus f898e4b539 Correct product name 2021-04-29 09:20:58 +03:00
Noam Rathaus 574135de9a Expose reference 2021-04-29 09:12:56 +03:00
Noam Rathaus 25a38d34ec Missing 's' 2021-04-29 09:11:35 +03:00
Noam Rathaus a7de9915c7 Removed self-reference 2021-04-29 08:58:02 +03:00
Noam Rathaus 91b6b1b175 Make references visible 2021-04-29 08:57:39 +03:00
Noam Rathaus 2860cdfb4a Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-29 08:38:11 +03:00
sandeep 2920fa9bfb matcher and payload update 2021-04-28 19:44:28 +05:30
Prince Chaddha a55db7af44
Merge pull request #1332 from projectdiscovery/princechaddha-patch-2 
Create WooYun-2015-148227.yaml
 2021-04-28 18:51:07 +05:30
Noam Rathaus ecb436df3e Those aren't really regexes 2021-04-28 15:07:39 +03:00
Noam Rathaus ad9314acdc Provide references to the problem (in eclipse site) and how it was fixed (and Jenkins upstream bugs related to this) 2021-04-28 14:17:47 +03:00
Noam Rathaus 9ece07bf9a Provide reference 2021-04-28 14:00:15 +03:00
Noam Rathaus e32c1bd4c1 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-28 13:29:39 +03:00
Prince Chaddha 8d9d46e00a
Merge pull request #1362 from underfl0w/chamilo-lms-sqli 
Chamilo 1.11.14 LMS sql injection
 2021-04-28 15:55:14 +05:30
Prince Chaddha 722e305878
Update chamilo-lms-sqli.yaml 2021-04-28 15:48:34 +05:30
sandeep 5f5430a7a4 Payload and matcher fix 2021-04-28 14:42:10 +05:30
sullo be24a83a98 Simplify regex 2021-04-27 10:42:41 -04:00
sullo 1824c1df92 More flexible matching to prevent false-negatives 2021-04-27 10:38:57 -04:00
Noam Rathaus 3bdb2fdbd4 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-27 14:02:16 +03:00
Noam Rathaus f55bb45e75 Give some description 2021-04-27 14:02:08 +03:00
sandeep 3adf607b6f Matcher for DNS interaction 2021-04-27 16:24:39 +05:30
Prince Chaddha eaf70d16ab
Merge pull request #1350 from projectdiscovery/princechaddha-patch-15 
Create zcms-v3-sqli.yaml
 2021-04-27 16:09:32 +05:30
Prince Chaddha 427f99b0c1
Update wordpress-rce-simplefilelist.yaml 2021-04-27 15:25:28 +05:30
Noam Rathaus 1aca402bf6 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-27 09:42:50 +03:00
Noam Rathaus 4cc6b3bdb0 Reduce FP due to not actually execution of the PHP but rather it being returned as is (the content) 2021-04-27 09:42:41 +03:00
Prince Chaddha d705648dc4
Merge pull request #1343 from projectdiscovery/princechaddha-patch-8 
Create spark-webui-unauth.yaml
 2021-04-26 21:58:53 +05:30
Prince Chaddha 3079fce648
Update spark-webui-unauth.yaml 2021-04-26 21:57:46 +05:30
Prince Chaddha f726562445
Update spark-webui-unauth.yaml 2021-04-26 21:56:13 +05:30
Prince Chaddha 487e2300e1
Merge pull request #1331 from projectdiscovery/princechaddha-patch-1 
Create unauth-spark-api.yaml
 2021-04-26 21:52:22 +05:30
Prince Chaddha 5fcba18d1e
Merge pull request #1349 from projectdiscovery/princechaddha-patch-14 
Create xunchi-file-read.yaml
 2021-04-26 21:06:27 +05:30
Prince Chaddha ac29e9a622
Merge pull request #1348 from projectdiscovery/princechaddha-patch-13 
Create xiuno-bbs-reinstallation.yaml
 2021-04-26 21:05:39 +05:30
Prince Chaddha 4cc83776f3
Merge pull request #1352 from projectdiscovery/princechaddha-patch-17 
Create ecology-springframework-directory-traversal.yaml
 2021-04-26 20:48:30 +05:30
Noam Rathaus 2e1e0e932f Product name 2021-04-26 09:07:57 +03:00
Noam Rathaus 19a4bbc844 Correct product name, and link to the Gitee 2021-04-26 09:03:24 +03:00
Noam Rathaus 3857469468 Add reference 2021-04-26 09:01:39 +03:00
Noam Rathaus 909a0ce4dd Product seems to be called ectouch 2021-04-26 08:51:08 +03:00
Noam Rathaus bb974381b5 add references 2021-04-26 08:48:16 +03:00
Jurjen de Jonge b9ad93a3cd Reverted back to old technique 
The ;INSERT method only seemed to work on my dev enviroment.
 2021-04-24 22:15:57 +03:00
Jurjen de Jonge 5f264c9891 Updated chamilo-lms-sqli.yaml 
Uses SQL injection to insert data into the database, then checks to see
if this data has been added;
 2021-04-24 21:41:38 +03:00
Jurjen de Jonge d4e8720797 Chamilo 1.11.14 LMS sql injection 
YAML file is now indented correctly
 2021-04-24 19:35:29 +03:00
Jurjen de Jonge 2f7746fe3d Chamilo 1.11.14 LMS sql injection 2021-04-24 19:11:58 +03:00
Geeknik Labs 05c948eddd
Update error-based-sql-injection.yaml 2021-04-23 14:12:58 +00:00
Prince Chaddha 71e25fa42d
Create ecology-springframework-directory-traversal.yaml 2021-04-23 18:52:08 +05:30
Prince Chaddha 85bc6464cb
Create ecology-filedownload-directory-traversal.yaml 2021-04-23 18:50:11 +05:30
Prince Chaddha 2aa7764e58
Create zcms-v3-sqli.yaml 2021-04-23 18:48:00 +05:30
Prince Chaddha 525475ea2e
Create xunchi-file-read.yaml 2021-04-23 18:45:02 +05:30
Prince Chaddha 3527ffcd5c
Update xiuno-bbs-reinstallation.yaml 2021-04-23 18:41:15 +05:30
Prince Chaddha bfa6113b45
Create xiuno-bbs-reinstallation.yaml 2021-04-23 18:40:17 +05:30
Prince Chaddha 9341841862
Create wuzhicms-sqli.yaml 2021-04-23 18:26:43 +05:30
sandeep f10fcbcf2f Improved matcher 2021-04-23 18:19:23 +05:30
Prince Chaddha bfae33ab72
Create ueditor-file-upload.yaml 2021-04-23 17:45:09 +05:30
Prince Chaddha fcb93ad108
Create spark-webui-unauth.yaml 2021-04-23 17:37:19 +05:30
sandeep 972dbfa78a Update apache-solr-file-read.yaml 2021-04-23 15:49:45 +05:30
sandeep f7875a24d6 Adding Apache Solr <= 8.8.1 Arbitrary File Read 2021-04-23 15:48:04 +05:30
sandeep 6cd5b9d35c CVE update 2021-04-23 08:47:52 +05:30
sandeep 476bb7806f minor update and workflow update 2021-04-23 08:38:45 +05:30
Robbie ddc321794f
Create wp-modern-events-calendar-lite.yml 2021-04-22 20:15:52 +01:00
Prince Chaddha ed1f462a3c
Create resin-cnnvd-200705-315.yaml 2021-04-22 19:37:30 +05:30
Prince Chaddha 7b051a70a9
Create WooYun-2015-148227.yaml 2021-04-22 14:29:47 +05:30
Prince Chaddha af89aaf731
Update unauth-spark-api.yaml 2021-04-22 14:23:08 +05:30
Prince Chaddha 6c80ff0b68
Update unauth-spark-api.yaml 2021-04-22 13:48:03 +05:30
Prince Chaddha c89872228c
Update unauth-spark-api.yaml 2021-04-22 13:46:18 +05:30
Prince Chaddha 22ddf02690
Create unauth-spark-api.yaml 2021-04-22 13:45:01 +05:30
sandeep 333c7965ad Adding Showdoc < 2.8.6 File Upload RCE 2021-04-22 01:04:21 +05:30
Prince Chaddha d8ccf26cc5
Merge pull request #1222 from projectdiscovery/princechaddha-patch-7 
Create feifeicms-lfr.yaml
 2021-04-21 23:56:37 +05:30
Prince Chaddha 89dd2b02a6
Merge pull request #1210 from projectdiscovery/princechaddha-patch-1 
Create 74cms-sqli.yaml
 2021-04-21 23:54:00 +05:30
Prince Chaddha 8d53d57728
Merge pull request #1243 from projectdiscovery/princechaddha-patch-12 
Create maccmsv10-backdoor.yaml
 2021-04-21 23:49:17 +05:30
Prince Chaddha 41b35fe99b
Merge pull request #1242 from projectdiscovery/princechaddha-patch-11 
Create myucms-lfr.yaml
 2021-04-21 23:48:16 +05:30
Prince Chaddha 63effa3f1f
Merge pull request #1279 from projectdiscovery/princechaddha-patch-16 
Create nuuo-file-inclusion.yaml
 2021-04-21 23:41:50 +05:30
Noam Rathaus e9a13c2018 Merge branch 'master' of https://github.com/projectdiscovery/nuclei-templates 2021-04-20 18:41:10 +03:00
Noam Rathaus e5e995e909 Usually matchers is under requests and not at top level 2021-04-20 18:40:55 +03:00
sandeep 5b4c21c7fa Update wordpress-wordfence-waf-bypass-xss.yaml 2021-04-20 15:25:04 +05:30
sandeep 36195f82a0 Added wordpress-wordfence-waf-bypass-xss 2021-04-20 15:23:05 +05:30
Noam Rathaus 38b3359803 reference 2021-04-18 16:11:49 +03:00
Noam Rathaus ba15cabf57 Uncomment description and reference 2021-04-18 16:11:30 +03:00
Noam Rathaus bea9027bde Reference and description 2021-04-18 16:09:44 +03:00
Noam Rathaus 29caaefe8d No need for " 2021-04-18 16:09:38 +03:00
sandeep ed9965095c Update moodle-xss.yaml 2021-04-14 02:15:17 +05:30
Prince Chaddha 3fa6b9fb74
Create nuuo-file-inclusion.yaml 2021-04-14 01:57:44 +05:30
PD-Team 93bb29bf9e
Merge pull request #1272 from pikpikcu/patch-143 
Add POC
 2021-04-14 01:54:24 +05:30
sandeep 9302d0397b Update eyou-email-rce.yaml 2021-04-14 01:54:06 +05:30
sandeep 19553cf671 matcher improvements 2021-04-14 01:53:24 +05:30
Prince Chaddha ccb620bf73
Update wordpress-rce-simplefilelist.yaml 2021-04-13 18:26:30 +05:30
PikPikcU 98af0ce0cc
Create erp-nc-directory-traversal.yaml 2021-04-13 07:18:15 +00:00
PikPikcU c19e8aa1cc
Create qi-anxin-netkang-next-generation-firewall-rce.yaml 2021-04-13 07:13:07 +00:00
PikPikcU 9583b3bbd5
Create oa-v9-uploads-file.yaml 2021-04-13 07:06:02 +00:00
PikPikcU 52f5496134
Create core-chuangtian-cloud-rce.yaml 2021-04-13 06:53:27 +00:00
PikPikcU fb3b481ae8
Create eyou-email-rce.yaml 2021-04-13 06:40:20 +00:00
sandeep 17d836b2c4 Adding moodle-xss 2021-04-12 23:55:06 +05:30
PD-Team 020fdc5e0a
Merge pull request #1253 from pikpikcu/patch-141 
Create turbocrm-xss.yaml
 2021-04-11 17:25:49 +05:30
sandeep d96746d193 minor update 2021-04-11 17:24:54 +05:30
LuskaBol b0595790cb
Rename vulnerabilities/rockethcat/unauth-message-read.yaml to vulnerabilities/rocketchat/unauth-message-read.yaml 2021-04-10 22:27:51 -03:00
PikPikcU cdac8b34a6
Create turbocrm-xss.yaml 2021-04-11 00:22:56 +00:00
sandeep b36ec072d6 template update 2021-04-10 13:10:29 +05:30
Gal Nagli ab46a9b2f0
Update basic-cors.yaml 
Severity should be info.
 2021-04-10 01:01:09 +03:00
Prince Chaddha 1df35d4f32
Create maccmsv10-backdoor.yaml 2021-04-10 03:30:22 +05:30
Prince Chaddha 939b8bee6c
Create myucms-lfr.yaml 2021-04-10 03:10:57 +05:30
Prince Chaddha 03c6126f60
Create etouch-v2-sqli.yaml 2021-04-07 22:03:17 +05:30
Prince Chaddha 797098e7fc
Create feifeicms-lfr.yaml 2021-04-07 19:54:35 +05:30
Prince Chaddha 220a6461fb
Create 74cms-sqli.yaml 2021-04-06 23:59:29 +05:30
sandeep 0c243d188a tags improvements 2021-04-06 13:45:46 +05:30
sandeep e4b9397b06 Adding missing wordpress tags 2021-04-06 13:19:32 +05:30
sandeep 8fdfc64e54 misc tag updates 2021-04-06 12:16:11 +05:30
sandeep d34ca6773b misc changes 2021-04-05 23:55:18 +05:30
sandeep e934241101 Update empirecms-xss.yaml 2021-04-05 22:13:16 +05:30
PikPikcU d789177b06
Create empirecms-xss.yaml 2021-04-05 08:16:27 +00:00
sandeep 40fb0066c3 more reference 2021-04-02 21:38:35 +05:30
sandeep 3daa03c799 Update cache-poisoning.yaml 2021-04-02 19:19:50 +05:30
Mohamed Elbadry 5eb1e78503
Create cache-poisoning.yaml 2021-04-02 15:14:09 +02:00
sandeep 532dc4cf0c Added more info and strict matcher 2021-03-29 17:05:11 +05:30
Rojan Rijal 82fbfcf962
Create unauth-message-read.yaml 2021-03-28 23:42:11 -07:00
PD-Team 59574cc701
Revert "Create apache-spark-rce" 2021-03-26 00:16:29 +05:30
sandeep 28bf41830f Merge branch 'patch-104' of https://github.com/pikpikcu/nuclei-templates into pikpikcu-patch-104 2021-03-25 22:37:34 +05:30
Prince Chaddha 2aa7c97e40
Update apache-spark-rce.yaml 2021-03-25 21:25:59 +05:30
sandeep b5c4ed0e2e Update wordpress-rce-simplefilelist.yaml 2021-03-25 19:21:30 +05:30
Mzack9999 351167e91f removing redundant boolean check 2021-03-25 00:28:50 +01:00
Prince Chaddha 9a750ba944
Merge pull request #1136 from pikpikcu/patch-134 
Create thinkcmf-arbitrary-code-execution.yaml
 2021-03-24 17:22:58 +05:30
Prince Chaddha 915aeb93bb Update thinkcmf-arbitrary-code-execution.yaml 2021-03-24 17:21:31 +05:30
PikPikcU 356856a983
Create thinkcmf-arbitrary-code-execution.yaml 2021-03-24 01:10:20 +00:00
PikPikcU 568a795319
Update thinkcmf-lfi.yaml 2021-03-24 00:42:53 +00:00
PD-Team 1e541d324f
Merge pull request #1116 from pikpikcu/patch-127 
Create tpshop-directory-traversal.yaml
 2021-03-21 21:04:43 +05:30
sandeep 7af81a3ce8 Update tpshop-directory-traversal.yaml 2021-03-21 21:04:33 +05:30
PD-Team 0c20bbf8b5
Merge pull request #1119 from pikpikcu/patch-130 
Create xdcms-sqli
 2021-03-21 20:43:51 +05:30
sandeep 8fd55de534 Update error-based-sql-injection.yaml 2021-03-21 20:28:22 +05:30
PikPikcU 7674824c98
Create xdcms-sqli.yaml 2021-03-21 10:15:44 +00:00
PikPikcU ce51bfee06
Create tpshop-directory-traversal.yaml 2021-03-21 02:53:52 +00:00
Geeknik Labs a3d7047521
Update error-based-sql-injection.yaml 
Reverting back to raw http request. Sending encoded requests using net/http were missing blatant SQL injections. 

Before:

[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[INF] No results found. Better luck next time!

After:

[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[2021-03-20 14:48:59] [error-based-sql-injection:MariaDB] [http] [high] https://REDACTED/') [check the manual that corresponds to your MariaDB server version]
 2021-03-20 19:52:48 +00:00
Prince Chaddha c04d699985 wordpress-infinitewp-auth-bypass 2021-03-19 02:10:02 +05:30
sandeep d2115fa8f6 Update hashicorp-consul-rce.yaml 2021-03-18 18:37:43 +05:30
sandeep 4e16407c52 Update hashicorp-consul-rce.yaml 2021-03-18 18:36:13 +05:30
PD-Team 75cd16f667
Merge pull request #1100 from geeknik/patch-51 
Create error-based-sql-injection.yaml
 2021-03-18 14:06:56 +05:30
sandeep 0c602a56e7 Update error-based-sql-injection.yaml 2021-03-18 14:05:19 +05:30
sandeep ad84ecb792 tag improvements 2021-03-18 13:24:36 +05:30
Geeknik Labs 988d0c75c9
Update error-based-sql-injection.yaml 2021-03-17 20:39:57 +00:00
Geeknik Labs 019a193aec
Update error-based-sql-injection.yaml 2021-03-17 19:31:08 +00:00
Geeknik Labs be020357e8
Update error-based-sql-injection.yaml 2021-03-17 19:25:02 +00:00
Geeknik Labs 99bb91c255
Update error-based-sql-injection.yaml 2021-03-17 19:19:27 +00:00
Geeknik Labs 8fe5f4e1ff
Create error-based-sql-injection.yaml 
🎉  OMG 🎉 
Detect Error Based SQL Injection
Includes regex matchers + extractors for 29 Database Engines
💥 https://buymeacoffee.com/geeknik 💥
 2021-03-17 17:30:53 +00:00
sandeep 3c8432686c Update viewlinc-crlf-injection.yaml 2021-03-16 14:05:20 +05:30
Geeknik Labs e951c75c59
Update viewlinc-crlf-injection.yaml 2021-03-15 20:04:37 +00:00
Geeknik Labs 0068d7ae0c
Create viewlinc-crlf-injection.yaml 
This was discovered whilst participating in a private Hacker0x01 bug bounty program.
 2021-03-15 20:00:56 +00:00
PD-Team fb65d9341b
Merge branch 'master' into patch-4 2021-03-15 00:30:30 +05:30
sandeep ffae74a6a8 Updated to openam-detection 2021-03-15 00:27:59 +05:30
PD-Team 47a7ea85e0
Merge pull request #1066 from r3naissance/master 
Add teacherease-xss and parentlink-xss to /vulnerabilities/other/
 2021-03-14 17:12:05 +05:30
sandeep e18b34cc64 few updates 2021-03-14 17:07:52 +05:30
Dhiyaneshwaran ed87cc42a8
Create pmb-local-file-disclosure.yaml 2021-03-12 22:42:45 +05:30