search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.33k stars 2.65k forks source link

False positive in Cred-spraying template #7930

Open nullenc0de opened 1 year ago

nullenc0de commented 1 year ago

This codepen account does not exist. I made it up.

# nuclei -var username=sjgnsjgsgjb@sdmsgsgs.com -var password=werwjnfbw -t /root/nuclei-templates/http/credential-stuffing/cloud/

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.10

                projectdiscovery.io

[INF] Current nuclei version: v2.9.10 (latest)
[INF] Current nuclei-templates version: v9.6.1 (latest)
[INF] New templates added in latest release: 198
[INF] Templates loaded for current scan: 11
[codepen-login-check] [http] [critical] https://codepen.io/login/login [werwjnfbw,sjgnsjgsgjb@sdmsgsgs.com]
MetzinAround commented 1 year ago

@princechaddha I was able to reproduce as well. 

nuclei -var username=boo@aol.com -var password=younevercallmeanymore -t nuclei-templates/http/credential-stuffing/cloud
                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.10

        projectdiscovery.io

[INF] Current nuclei version: v2.9.10 (latest)
[INF] Current nuclei-templates version: v9.6.1 (latest)
[INF] New templates added in latest release: 198
[INF] Templates loaded for current scan: 11
[codepen-login-check] [http] [critical] https://codepen.io/login/login [boo@aol.com,younevercallmeanymore]