Commit Graph

222 Commits (fd5fb9781231aff9f9df07b236d8c6a7980ccf7f)

Author SHA1 Message Date
sandeep 0436e97c0e payload update to work on both platform 2021-09-12 18:32:24 +05:30
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
sandeep 064cc0c29f Update CVE-2017-18638.yaml
Co-Authored-By: bigzeroo <39177268+bigzeroo@users.noreply.github.com>
2021-09-03 13:56:09 +05:30
sandeep 216c66771f Added CVE-2017-18638
Co-Authored-By: bigzero <3676342+bigzero@users.noreply.github.com>
2021-09-03 13:52:53 +05:30
sandeep c266084621 Added stop-at-first-match in applicable templates 2021-09-02 17:29:10 +05:30
sandeep fa7bb137cd Update CVE-2017-5487.yaml 2021-09-02 13:16:45 +05:30
Muhammad Daffa 4f5c28eabf
Update CVE-2017-5487.yaml 2021-09-02 06:59:23 +07:00
Noam Rathaus 47b2395031 Add description 2021-08-29 09:48:18 +03:00
forgedhallpass 296edfc37b Merge remote-tracking branch 'origin' into dynamic_attributes 2021-08-23 14:40:33 +03:00
sandeep 2aa54304ee Payloads positional update to keep the request format uniform 2021-08-22 23:39:33 +05:30
Sandeep Singh 357b478e52
Update and rename CVE-2017–4011.yaml to CVE-2017-4011.yaml 2021-08-21 02:30:02 +05:30
forgedhallpass 77103bc629 Satisfying the linter (all errors and warnings)
* whitespace modifications only
2021-08-19 17:44:46 +03:00
forgedhallpass 2a320412bf Misc (minor)
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 17:25:01 +03:00
forgedhallpass f55d6b75e1 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:59:12 +03:00
forgedhallpass 7b29be739e Merge branch 'master' into dynamic_attributes 2021-08-19 16:23:26 +03:00
forgedhallpass 0b432b341b Added comments with URLs under the "references" field
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 16:15:35 +03:00
forgedhallpass e68d15ab63 Fixed mistakes/typos in the templates.
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-19 15:30:14 +03:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
Prince Chaddha 3a030cca66
Update CVE-2017–4011.yaml 2021-08-17 17:01:34 +05:30
Geeknik Labs 9d8c364040
Create CVE-2017–4011.yaml 2021-08-16 15:45:09 -05:00
sandeep 07aa96ed15 Fixing CVE-2017-12629 2021-08-09 20:55:06 +05:30
Sandeep Singh 2ca144c36a
Merge pull request #2329 from pikpikcu/patch-245
Added AvantFAX
2021-08-06 21:41:40 +05:30
sandeep e75efd42da minor update 2021-08-06 21:39:24 +05:30
sandeep d60171ed9d Added additional matchers 2021-08-06 20:16:35 +05:30
mass0ma 9646633d30 Added CVE-2017-14651 Template 2021-08-05 16:59:36 +00:00
Prince Chaddha f63f7af8aa
Update CVE-2017-18024.yaml 2021-08-05 20:40:16 +05:30
PikPikcU 9ff9493341
Create CVE-2017-18024.yaml 2021-08-05 12:48:55 +07:00
r3dg33k dfcd364059 update to CVE-2017-5487, added extractor 2021-08-02 01:08:39 -04:00
Sandeep Singh c703d92c5b
Merge pull request #2222 from pikpikcu/patch-228
Add PhpCollab (unauthenticated) Arbitrary File Upload
2021-07-27 19:44:35 +05:30
sandeep b984f86d67 removing extra headers 2021-07-27 17:59:13 +05:30
sandeep d43a54ada1 Update CVE-2017-6090.yaml 2021-07-27 17:56:56 +05:30
sandeep bfc130dfbd Merge branch 'patch-228' of https://github.com/pikpikcu/nuclei-templates into pr/2222 2021-07-27 17:51:06 +05:30
sandeep 448aec1edb minor updates 2021-07-27 17:50:49 +05:30
PikPikcU 870339ebe1
Update CVE-2017-6090.yaml 2021-07-27 19:10:51 +07:00
Muhammad Daffa 590e6ae172
Create CVE-2017-15647.yaml 2021-07-27 18:36:29 +07:00
PikPikcU 315215aa02
Create CVE-2017-6090.yaml 2021-07-27 16:51:01 +07:00
sandeep 6ccc5f8792 matcher update to handle edge cases 2021-07-25 03:05:55 +05:30
Prince Chaddha cfd72afbc5
Update CVE-2017-9288.yaml 2021-07-19 11:30:44 +05:30
Prince Chaddha 70b1ba08d6
Update CVE-2017-18536.yaml 2021-07-19 11:29:58 +05:30
Prince Chaddha 63765c5693
Update CVE-2017-17451.yaml 2021-07-19 11:29:23 +05:30
Prince Chaddha df69924f5b
Update CVE-2017-17059.yaml 2021-07-19 11:15:37 +05:30
Prince Chaddha b47cf72dd0
Update CVE-2017-17043.yaml 2021-07-19 11:15:08 +05:30
sandeep 450c6b3690 Updated POC for CVE-2017-15944 2021-07-17 17:07:28 +05:30
Prince Chaddha 900347eeb4
Merge pull request #2044 from daffainfo/patch-72
Create CVE-2017-17043.yaml
2021-07-16 11:07:52 +05:30
Prince Chaddha a047cd77ff
Update CVE-2017-17043.yaml 2021-07-16 10:50:55 +05:30
Prince Chaddha ffb5edffd8
Merge pull request #2042 from daffainfo/patch-70
Create CVE-2017-17451.yaml
2021-07-16 10:49:33 +05:30
Prince Chaddha c7d0efa420
Merge pull request #2043 from daffainfo/patch-71
Create CVE-2017-17059.yaml
2021-07-16 10:49:20 +05:30
Prince Chaddha be7247bc77
Update CVE-2017-17059.yaml 2021-07-16 10:44:57 +05:30
Prince Chaddha 7ae1641822
Merge pull request #2041 from daffainfo/patch-69
Create CVE-2017-18536.yaml
2021-07-16 10:43:08 +05:30
Prince Chaddha f0d1da0d2e
Update CVE-2017-17451.yaml 2021-07-16 10:43:04 +05:30
Prince Chaddha a7f2472922
Update CVE-2017-18536.yaml 2021-07-16 10:41:33 +05:30
Prince Chaddha 4287359c29
Update CVE-2017-9288.yaml 2021-07-16 10:30:43 +05:30
Muhammad Daffa 03698a57ee
Create CVE-2017-9288.yaml 2021-07-16 11:28:40 +07:00
Muhammad Daffa 5be858f2d6
Create CVE-2017-17043.yaml 2021-07-16 11:27:01 +07:00
Muhammad Daffa 2a76b19a36
Create CVE-2017-17059.yaml 2021-07-16 11:25:24 +07:00
Muhammad Daffa d07faf8034
Create CVE-2017-17451.yaml 2021-07-16 11:22:53 +07:00
Muhammad Daffa e89607941c
Create CVE-2017-18536.yaml 2021-07-16 11:20:28 +07:00
Geeknik Labs fc35b4c56d
Update CVE-2017-5487.yaml
Fixes #1985
2021-07-13 18:58:52 +00:00
sandeep 3bbcb23cd0 Severity update as this directly doesn't pose any risk. 2021-07-11 13:39:21 +05:30
Geeknik Labs c8ba8e13ce
Create CVE-2017-16806.yaml 2021-07-06 19:50:32 +00:00
sandeep 36a0918092 fixes 2021-07-04 16:02:51 +05:30
sandeep 13a5215bda Update CVE-2017-9841.yaml 2021-07-04 15:50:15 +05:30
sandeep b137eb57d3 More edge cases
Only looking for DNS interaction is not reliable as few servers make DNS requests for host included in path or query parameter.
2021-07-04 00:41:57 +05:30
Sandeep Singh 52e0c861a1
Merge pull request #1733 from milo2012/master
Added CVE-2018-1000130/ CVE-2018-2628/ CVE-2018-2628/ CVE-2019-3401/ CVE-2020-1938/ oracle-bi-default-login/ jolokia-heap-disclosure
2021-07-02 18:27:45 +05:30
sandeep 16da6c9980 strict matchers 2021-07-02 18:20:58 +05:30
Keith 8490fe60ca Add CVE-2017-9822.yaml - DotNetNuke Cookie Deserialization Remote Code Execution (RCE) 2021-06-30 19:35:01 +08:00
Keith f78452e808 Add CVE-2017-9822.yaml - DotNetNuke Cookie Deserialization Remote Code Execution (RCE) 2021-06-30 19:32:59 +08:00
Prince Chaddha b46dc119e7
Update CVE-2017-12794.yaml 2021-06-29 10:07:07 +05:30
PikPikcU 9cc9a52db2
Create CVE-2017-12794.yaml 2021-06-24 15:49:12 +00:00
Geeknik Labs 988726f5c8
Create CVE-2017-15944.yaml
This fixes #1091. I changed line 20 from `part: body` to `part: header`.
2021-06-18 20:45:44 +00:00
sandeep 69ded42e3a Template rename / update 2021-06-10 21:57:07 +05:30
sandeep 8fa1dbc604 Minor updates 2021-06-09 21:37:22 +05:30
Dhiyaneshwaran 6c79bfa14d
Create CVE-2017-9140.yaml 2021-06-09 18:40:47 +05:30
Prince Chaddha 83ce809e8d Updated author names 2021-06-09 17:50:56 +05:30
sandeep 9045f0bb2a misc changes 2021-06-09 14:23:32 +05:30
SaN ThosH c5d4e5e400
Update CVE-2017-9506.yaml 2021-06-09 13:11:39 +05:30
Sandeep Singh 23a59704e9
Merge pull request #1585 from pikpikcu/patch-171
Add CVE-2017-14535
2021-06-01 11:07:56 +05:30
sandeep b021a0cf49 Misc changes 2021-06-01 11:06:13 +05:30
sandeep 2cc30c771a misc updates 2021-05-31 16:53:36 +05:30
PikPikcU b0eca52c4b
Create CVE-2017-14535.yaml 2021-05-31 09:46:53 +00:00
sandeep b7d103a740 Update CVE-2017-1000486.yaml 2021-05-28 10:27:21 +05:30
sandeep 450cf76976 Improved template 2021-05-28 10:25:48 +05:30
Moritz 0c0eaf114c Update CVE-2017-1000486.yaml file to pass Checks 2021-05-27 11:38:23 +02:00
Moritz 24bcb23857 Add Detection for PrimeFaces 5.x EL Injection (CVE-2017-1000486) 2021-05-27 10:17:31 +02:00
sandeep ff93978e09 Removing status matcher to avoid missing true positives results. 2021-05-12 02:04:56 +05:30
sandeep de70b699bc More references 2021-05-11 23:47:49 +05:30
sandeep 1c04ba5abc Additional matchers 2021-05-11 23:47:09 +05:30
Pina 79962222c5
cve-2017-12149 jboss deserialization rce 2021-05-11 12:07:05 +01:00
sandeep 1913076aef Update CVE-2017-7269.yaml 2021-05-09 22:50:07 +05:30
Geeknik Labs ce63f8ebea
Update CVE-2017-7269.yaml 2021-05-09 15:43:32 +00:00
Geeknik Labs f6dc6a1376
Update CVE-2017-7269.yaml 2021-05-09 15:16:07 +00:00
sandeep c0f5cf03ab tags update 2021-05-09 20:41:52 +05:30
Sandeep Singh f8ebcb9239
Merge pull request #1303 from projectdiscovery/oob-templates-update
OOB Template updates (WIP)
2021-05-05 00:01:55 +05:30
Sandeep Singh 81c7aac3ab
Merge pull request #1372 from projectdiscovery/CVE-2017-3506
Added CVE-2017-3506
2021-05-05 00:01:18 +05:30
Sandeep Singh 2080bfdab3
Merge pull request #1380 from projectdiscovery/cves/CVE-2017-12629
Added CVE-2017-12629
2021-05-05 00:00:43 +05:30
sandeep 641e125c79 improved payload 2021-05-02 18:51:04 +05:30
sandeep daff7a614c RAW requests 2021-04-27 16:55:09 +05:30
sandeep 7a2edf0085 Moving files around 2021-04-27 16:38:12 +05:30