fourcube
/ CVE-2025-29927.bcheck
Created
March 24, 2025 07:55
Burp BCheck for CVE-2025-29927 (Next.js middleware bypass)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| metadata: | |
| language: v2-beta | |
| name: "CVE-2025-29927 - Next.js middleware bypass" | |
| description: "Checks for differences in responses when using different x-middleware-subrequest header paths" | |
| author: "Chris Grieger - blueredix.com" | |
| tags: "next.js", "middleware" | |
| run for each: | |
| middleware_value = "pages/_middleware", | |
| "middleware", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| +CSCOE+/logon.html | |
| +CSCOT+/oem | |
| +CSCOT+/translation | |
| -/health | |
| -/healthy | |
| -/liveness | |
| -/readiness | |
| -/ready | |
| -/whoami | |
| .%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/var/www/html/index.html |
ripp3rdoc
/ CVE-2019-18935.yaml
Last active
March 27, 2024 08:59
Telerik UI Insecure Deserialization — Nuclei Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2019-18935 | |
| info: | |
| name: Deserialization Vulnerability in Telerik UI for ASP.NET AJAX. | |
| author: Talson | |
| severity: critical | |
| description: | | |
| Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. | |
| remediation: | | |
| As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation. | |
| reference: |
hxlxmj
/ CVE-2023-36845.yaml
Created
September 20, 2023 04:15
Nuclei Template For Juniper Networks Junos OS PHP External Variable Modification Vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2023-36845 | |
| info: | |
| name: Juniper Networks Junos OS PHP External Variable Modification Vulnerability | |
| author: hxlxmj | |
| severity: medium | |
| description: | | |
| A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables. | |
| reference: | |
| - https://nvd.nist.gov/vuln/detail/CVE-2023-36845 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2023-26255 | |
| info: | |
| name: Stagil navigation for jira - Local File Inclusion | |
| author: 0x240x23elu | |
| severity: high | |
| description: Prior to version 2.0.52 of the “Stagil navigation for jira – Menù & Themes", the fileName parameter is vulnerable to a "Directory Traversal" that would allow an attacker to read files on the server knowing their path | |
| reference: | |
| - https://github.com/1nters3ct/CVEs/blob/main/CVE-2023-26255.md | |
| cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
win3zz
/ zendesk_endpoints.txt
Created
July 18, 2023 09:01
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/v2/accounts | |
| GET /api/v2/activities?since=cstest | |
| GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest | |
| GET /api/v2/automations | |
| POST /api/v2/automations | |
| GET /api/v2/bookmarks | |
| POST /api/v2/bookmarks | |
| GET /api/v2/brands | |
| POST /api/v2/brands | |
| GET /api/v2/custom_objects |
Esonhugh
/ maltrail-command-injection.nuclei.yaml
Created
July 10, 2023 17:28
Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: maltrail-os-command-injection | |
| info: | |
| author: Esonhugh | |
| name: Unauthenticated OS Command Injection in stamparm/maltrail | |
| severity: critical | |
| description: | | |
| Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process. | |
| reference: | |
| - "https://huntr.dev/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87/" |
Esonhugh
/ nacos_bypass_nuclei_template.yaml
Last active
December 18, 2023 06:50
nacos default jwt secret encryption vuln nuclei poc leaking all passwords and create user automatically exploit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: nacos-bypass-authentication | |
| variables: | |
| #token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.vqhkMLKmquQ6R5AD6VWrTOqgClC599nnAQgQLHhPcLc | |
| # token is signed with a very long time expire. | |
| # token exp -1 | |
| token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6LTF9.ybUomrBRXZhbUMWVgXRz3Q6zndbF-Zdk4RGpCnV-Ofs | |
| info: | |
| name: Nacos Bypass Auth with default jwt secret |
jhaddix
/ reconftw.cfg
Last active
March 11, 2025 01:07
reconFTW config file: NO google/osint, wordlist creation, nuclei js analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################# | |
| # reconFTW config file # | |
| ################################################################# | |
| # General values | |
| tools=~/Tools # Path installed tools | |
| SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path | |
| profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile | |
| reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version | |
| generate_resolvers=false # Generate custom resolvers with dnsvalidator |
zenelite123
/ xss.json
Created
January 13, 2023 15:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "url": "https://gist.githubusercontent.com/zenelite123/72274842b61e6abdc0c6a7e4edb62b6f/raw/f436f20513608e8c947d224d8fcb671e2587980a/xss.yaml", | |
| "urls": [ | |
| { | |
| "url": "https://gist.githubusercontent.com/zenelite123/72274842b61e6abdc0c6a7e4edb62b6f/raw/f436f20513608e8c947d224d8fcb671e2587980a/xss.yaml", | |
| "name": "Foo" | |
| } | |
| ] | |
| } |
NewerOlder