daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,640 Commits
17 Branches
0 Tags
165 MiB
Commit Graph

667 Commits (fb06cba7b899a2b5c04e2e136c6a001450cf22c4)

Author SHA1 Message Date
Prince Chaddha 4ba5e931cc
Update sl-studio-lfi.yaml 2021-12-29 09:20:13 +05:30
Prince Chaddha b7974b288e
Update and rename sl-studio-lfi.yaml to vulnerabilities/other/sl-studio-lfi.yaml 2021-12-29 09:16:32 +05:30
Prince Chaddha 0ddd4c7911
Update and rename dicoogle-pacs-lfi.yaml to vulnerabilities/other/dicoogle-pacs-lfi.yaml 2021-12-24 19:23:04 +05:30
niudaii 8289e92291
Fixed h3c-imc-rce.yaml (#3401) 
* Fixed h3c-imc-rce.yaml

* Update h3c-imc-rce.yaml

* Additional payload for windows

Co-authored-by: niudai <niudai@zp857s-mbp.local>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
 2021-12-23 20:23:42 +05:30
Sandeep Singh c57984b8f8
Added UniFi Network Log4j JNDI RCE (#3402) 
Co-Authored-By: KrE80r <13027962+KrE80r@users.noreply.github.com>

Co-authored-by: KrE80r <13027962+KrE80r@users.noreply.github.com>
 2021-12-23 08:57:03 +05:30
Melvin 7933cfc470
Removing extra space from raw HTTP request 
Should prevent issues with parsing this request
 2021-12-22 13:33:51 +01:00
Prince Chaddha 6e6349205d
Update and rename pacsone-server-6-6-2-lfi.yaml to vulnerabilities/other/pacsone-server-lfi.yaml 2021-12-21 17:32:19 +05:30
Sandeep Singh 7a5cdc2bc3
Added ServiceNow Helpdesk Credential Exposure (#3371) 
* Added ServiceNow Helpdesk Credential Exposure

Co-Authored-By: JP <19959240+jordanpotti@users.noreply.github.com>

* matcher update

Co-authored-by: JP <19959240+jordanpotti@users.noreply.github.com>
 2021-12-19 23:42:01 +05:30
Prince Chaddha dcf3f57bdf
Merge pull request #3373 from projectdiscovery/princechaddha-patch-2 
Create global-domains-xss.yaml
 2021-12-18 15:02:06 +05:30
Prince Chaddha 71027cbc79
Merge pull request #3357 from Akokonunes/patch-90 
Create global-domains-lfi.yaml
 2021-12-18 14:52:35 +05:30
Prince Chaddha 3b067a1aca
Create global-domains-xss.yaml 2021-12-18 14:51:08 +05:30
Prince Chaddha 0f40857119
Update and rename global-domains-lfi.yaml to vulnerabilities/other/global-domains-lfi.yaml 2021-12-18 14:43:28 +05:30
Prince Chaddha 9a4941d995
Merge pull request #3356 from Akokonunes/patch-89 
Create groupoffice-lfi.yaml
 2021-12-18 14:33:42 +05:30
Prince Chaddha 7b39972bfd
Merge pull request #3367 from gy741/rule-add-v80 
Create oliver-library-server-lfi.yaml
 2021-12-18 14:33:23 +05:30
Prince Chaddha c6521085b7
Update groupoffice-lfi.yaml 2021-12-18 14:32:09 +05:30
Prince Chaddha 4747277a4e
Update and rename asanhamayesh-cms-lfi.yaml to vulnerabilities/other/asanhamayesh-lfi.yaml 2021-12-18 14:28:39 +05:30
Prince Chaddha 35faabd29f
Update and rename groupoffice-lfi.yaml to vulnerabilities/other/groupoffice-lfi.yaml 2021-12-18 14:26:46 +05:30
Prince Chaddha 8afbfdc8dc
Update and rename oliver-library-server-lfi.yaml to oliver-library-lfi.yaml 2021-12-18 14:23:57 +05:30
GwanYeong Kim 4fdb934da0 Create oliver-library-server-lfi.yaml 
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-12-18 10:55:28 +09:00
sandeep c9ddd7a0ae update: id + reference update 2021-12-14 21:07:46 +05:30
Evan Rubinstein dddb0bbb82
Added CVE-2021-24997 (#3298) 
* Added CVE-39226

* Added CVE-39226

* Delete CVE-39226.yaml

* Renamed CVE-39226 to CVE-2021-39226

Fixed naming error

* Added Wp-Guppy-Information-Disclosure template

* Removed File

Found better descriptor

* Added CVE-2021-24997

Added WordPress Guppy Information Disclosure CVE

* Fixed CVE-2021-24997

Fixed YAML formatting

* Fixed Typo

URL Path had an extra double quote

* Auto Generated Templates Stats [Wed Dec  8 23:07:24 UTC 2021] 🤖

* Deleted Blank Space

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Update CVE-2021-24997.yaml

* Added CVE-2021-43496

* Update CVE-2021-43496.yaml

* fix: syntax update

* Added New Vuln

* Update CVE-2021-24997.yaml

* Update CVE-2021-43496.yaml

* Update and rename hd-netowrk-realtime-monitor-system-LFI.yaml to hdnetwork-realtime-lfi.yaml

* fix: lints update

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
 2021-12-14 02:22:26 +05:30
Prince Chaddha 0e94557017
Merge pull request #3248 from pikpikcu/patch-307 
added thruk-xss
 2021-12-09 22:01:56 +05:30
Prince Chaddha f476c5ff5b
Update thruk-xss.yaml 2021-12-09 21:58:15 +05:30
Prince Chaddha d35a55f7b4
Update and rename watchguard-fireware-ad-helper-component-credentials-disclosure.yaml to watchguard-credentials-disclosure.yaml 2021-12-09 21:05:13 +05:30
GwanYeong Kim bde4e1815a Create watchguard-fireware-ad-helper-component-credentials-disclosure.yaml 
a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-12-09 16:02:48 +09:00
sandeep 9da0d768a1 fix: syntax + lint 2021-12-03 10:37:42 +05:30
PikPikcU 83f6b2a153
Update thruk-xss.yaml 2021-12-02 19:07:50 +07:00
PikPikcU 435eeca764
Create thruk-xss.yaml 2021-12-02 19:02:40 +07:00
Noam Rathaus 725782050a Add description 2021-11-23 12:09:00 +02:00
Prince Chaddha 1e31e0f76d
Update and rename eibiz-server-3-8-0-lfi.yaml to vulnerabilities/other/eibiz-lfi.yaml 2021-11-18 21:52:30 +05:30
Prince Chaddha 4eb84d7802
Merge pull request #3131 from Akokonunes/patch-70 
Create hrsale-unauthenticated-lfi.yaml
 2021-11-13 23:46:11 +05:30
Prince Chaddha 9a227941a1
Rename hrsale-unauthenticated-lfi.yaml to vulnerabilities/other/hrsale-unauthenticated-lfi.yaml 2021-11-13 23:37:32 +05:30
sandeep b2aa8f9f5b misc updates 2021-11-13 23:01:53 +05:30
sandeep 35bfff6f61 Added skip-variables-check for SSTI template 2021-11-09 22:16:37 +05:30
sandeep cb74944f43 misc updates 2021-11-08 15:45:54 +05:30
Prince Chaddha c51bbf8715
Merge pull request #3099 from ImNightmaree/master 
Create ecshop-sql.yaml
 2021-11-08 13:44:54 +05:30
Prince Chaddha 5a6c30c7cf
Update ecshop-sqli.yaml 2021-11-08 13:42:44 +05:30
Prince Chaddha 85741bbcf9
Update and rename ecshop-sql.yaml to ecshop-sqli.yaml 2021-11-08 13:42:13 +05:30
Prince Chaddha 06bb1f444c
Update seowon-router-rce.yaml 2021-11-08 12:49:37 +05:30
Prince Chaddha 7973948360
Update seowon-router-rce.yaml 2021-11-08 12:43:14 +05:30
GwanYeong Kim 6183e248d8 Create seowon-router-rce.yaml 
Execute commands without authentication as admin user, To use it in all versions, we only enter the router ip & Port(if available) in the request The result of the request is visible on the browser page

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
 2021-11-07 14:50:39 +09:00
ImNightmaree 797d9066a1
More linting 2021-11-07 02:49:07 +00:00
ImNightmaree b77df460dd
Linting 2021-11-07 02:39:21 +00:00
ImNightmaree bbecf3965a
Update ecshop-sql.yaml 2021-11-07 02:36:28 +00:00
ImNightmaree 38135df2a6
Update ecshop-sql.yaml 2021-11-07 02:30:38 +00:00
ImNightmaree f37527101c
Create ecshop-sql.yaml 2021-11-07 02:03:09 +00:00
Prince Chaddha a57cb5081a
Update vanguard-post-xss.yaml 2021-11-05 21:36:53 +05:30
sandeep eef5252cc5 file name update 2021-11-05 06:01:59 +05:30
sandeep 8c3f98c767 fixed invalid template syntax 2021-10-30 16:47:35 +05:30
Noam Rathaus 9848f92894 Add description 2021-10-27 14:06:15 +03:00