-
Note: I was sent the following by a client's security team, so I'll do my best to answer any questions regarding it.
--------------------------------------------------------------------------------…
-
而且报告页面重复的有点厉害 手工看了下 应该是偶然碰巧导致的 这个报告怎么发你呀
-
# CVE
This is a very common issue. Multiple blogs and hackerone reports cover this. I am including a few of them here.
1. [uber.com may RCE by Flask Jinja2 Template Injection](https://hackerone.c…
-
## CVE ID(s)
There's no CVE for this.
## Report
I created a query to detect [Server-Side Template Injections](https://portswigger.net/research/server-side-template-injection) in several popular…
-
ERROR: Service 'gitlab' failed to build: The command '/bin/sh -c bash ${GITLAB_BUILD_DIR}/install.sh' returned a non-zero code: 4
-
提交issue前,请检查你本地的vulhub是否是最新版,否则可能存在一些由于时间问题导致而今已经修复的bug。
填写如下信息
- Which environment: 哪个环境出现BUG [e.g. python/ssti]: msf Framework: 6.0.5-dev Console : 6.0.5-dev
- Host OS: 操作系统 [e.g. Ubuntu] …
-
custom grep.
why?
dalfox is xss tool, but it can also be used to find other vulnerabilities.
e.g
- ssti
- information leak
- etc..
so, i think need custom grep option
-
**Describe the bug**
I feel a difference when updating nuclei now, which is still executing the `-exclude` template.
**Nuclei version**
`v2.1.1-0.20200911165750-176e3c5b438e`
**Screenshot of t…
-
Add more Security vulnerabilities -- flask jinja2 ssti / flask pin
-
https://github.com/projectdiscovery/nuclei-templates/blob/2e38d35226a203ba7c3833b96ee9ebe1ad021f41/vulnerabilities/pdf-signer-ssti-to-rce.yaml#L13
- Fix:
`Cookie: CSRF-TOKEN=rnqvt{{shell_exec('c…