Merge branch 'main' into princechaddha-patch-1

projectdiscovery · Feb 22, 2025 · 581717d · 581717d
2 parents 11bbe10 + 24c1f8b
commit 581717d
Show file tree

Hide file tree

Showing 607 changed files with 6,527 additions and 14,961 deletions.
diff --git a/.new-additions b/.new-additions
@@ -1,207 +1,3 @@
-dast/vulnerabilities/xss/csp/adnxs-ib-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/adnxs-secure-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/adobe-campaign-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/adroll-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/afterpay-help-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/akamai-content-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/alibaba-ug-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/aliexpress-acs-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/amap-wb-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/amazon-aax-eu-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/amazon-media-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/amazon-romania-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/amazon-s3-elysium-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ancestrycdn-angular-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/angularjs-code-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/app-link-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/apple-developer-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/arkoselabs-cdn-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/arkoselabs-client-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ayco-portal-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/azure-inno-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/baidu-map-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/baidu-passport-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/battlenet-eu-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/bazaarvoice-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/bdimg-apps-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/bebezoo-1688-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/bild-don-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/bing-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/bing-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/blogger-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/buzzfeed-mango-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/bytedance-sso-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/carbonads-srv-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/chartbeat-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/clearbit-reveal-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/cloudflare-cdn-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/cloudflare-challenges-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/cloudflare-info-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/cloudfront-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/coinbase-commerce-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/coinbase-investor-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/crisp-client-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/criteo-cas-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/criteo-dynamic-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/criteo-gum-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/cxense-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/dailymotion-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/dblp-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/demdex-dpm-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/digitalocean-anchor-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/disqus-links-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/doubleclick-pubads-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/doubleclick-securepubads-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/duckduckgo-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/elastic-info-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ethicalads-server-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/facebook-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/facebook-graph-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/fastly-storemapper-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/firebaseio-rentokil-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/flickr-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/forismatic-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/fqtag-query-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/fqtag-s-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/fwmrm-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/getdrip-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/github-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/github-gist-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/gitlab-page-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/go-dev-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-accounts-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-ajax-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-analytics-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-apis-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-clients1-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-complete-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-cse-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-maps-api-ssl-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-maps-apis-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-maps-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-maps-de-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-maps-lv-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-maps-ru-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-recaptcha-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-tagmanager-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/google-translate-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/googleadservices-partner-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/googleapis-blogger-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/googleapis-customsearch-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/googleapis-storage-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/googleapis-translate-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/googletagmanager-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/gravatar-secure-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/grubhub-assets-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/gstatic-angular-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/gstatic-recaptcha-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/gstatic-ssl-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/hatenaapis-bookmark-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/hcaptcha-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/hcaptcha-js-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/here-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/hsforms-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/hubspot-forms-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ibm-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ieee-oamssoqae-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/im-apps-sync-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/indeed-tr-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/indeed-uk-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ip-api-edns-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ipify-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ipinfo-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/itunes-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/jd-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/jsdelivr-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/lijit-ap-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/livechatinc-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/liveperson-lptag-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/lpsnmedia-accdn-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/mailru-connect-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/marketo-app-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/mathtag-pixel-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/matomo-demo-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/meetup-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/meteoprog-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/mi-huodong-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/microsoft-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/microsofttranslator-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/mixpanel-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/moatads-geo-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/naver-global-apis-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/naver-like-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/olark-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/onetrust-geolocation-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/openai-tcr9i-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/opendatasoft-docs-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/openexchangerates-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/openstreetmap-nominatim-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ovoenergy-js-smb-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/parastorage-static-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/paypal-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/pbs-urs-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/pinterest-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/pinterest-widgets-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/pixplug-visitor-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/qq-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/quantserve-pixel-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/quantserve-secure-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/quantserve-segapi-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/recaptcha-net-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/reddit-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ring-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/roblox-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/samsung-shop-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/servicenow-kbcprod-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/shopify-cdn-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/shopify-thehive-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/skimresources-r-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/skype-config-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/snyk-go-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/soundcloud-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/st-angular-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/stackexchange-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/swiftype-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/syncfusion-cdn-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/taobao-suggest-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/tealiumiq-visitor-service-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/tiktok-analytics-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/tumblr-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/twitter-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ulogin-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/unpkg-angular-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/unpkg-hyperscript-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/usersnap-widget-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/vercel-storage-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/vimeo-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/virtualearth-dev-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/vk-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/wikipedia-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/wistia-fast-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/wordpress-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/wordpress-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/wordpress-public-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/x-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yahoo-ads-yap-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yahoo-search-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yandex-mc-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yandex-social-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yandex-st-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yandex-translate-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yandexcloud-smartcaptcha-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yastat-angular-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yastatic-angular-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/youku-acs-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/youtube-api-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/youtube-suggestqueries-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/ytimg-s-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yuedust-angular-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/yugiohmonstrosdeduelo-blogger-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/zendesk-support-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/zendesk-thiscanbeanything-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/zhike-help-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/zhuanjia-sogou-csp-bypass.yaml
-dast/vulnerabilities/xss/csp/zoom-st3-csp-bypass.yaml
 file/keys/shopify-shared-secret-key.yaml
 http/cves/2021/CVE-2021-45793.yaml
 http/cves/2022/CVE-2022-25226.yaml
@@ -238,7 +34,6 @@ http/exposed-panels/reposilite-panel.yaml
 http/exposed-panels/supertokens-panel.yaml
 http/exposed-panels/tenemos-t24-panel.yaml
 http/exposed-panels/veracore-panel.yaml
-http/global-matchers/secrets-patterns-pii.yaml
 http/global-matchers/secrets-patterns-rules.yaml
 http/misconfiguration/casdoor-unauth-operations.yaml
 http/misconfiguration/netalertx-dashboard.yaml

diff --git a/README.md b/README.md
@@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 
 |    TAG    | COUNT |    AUTHOR     | COUNT | DIRECTORY  | COUNT | SEVERITY | COUNT | TYPE | COUNT |
 |-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
-| cve       |  2928 | dhiyaneshdk   |  1573 | http       |  8348 | info     |  3996 | file |   404 |
-| panel     |  1256 | daffainfo     |   866 | cloud      |   419 | high     |  2215 | dns  |    25 |
-| wordpress |  1094 | dwisiswant0   |   803 | file       |   404 | medium   |  1883 |      |       |
-| exposure  |  1050 | princechaddha |   570 | workflows  |   192 | critical |  1226 |      |       |
-| xss       |   997 | ritikchaddha  |   528 | code       |   160 | low      |   291 |      |       |
-| wp-plugin |   957 | pussycat0x    |   452 | network    |   140 | unknown  |    43 |      |       |
+| cve       |  2954 | dhiyaneshdk   |  1577 | http       |  8399 | info     |  4016 | file |   404 |
+| panel     |  1268 | daffainfo     |   867 | cloud      |   419 | high     |  2231 | dns  |    25 |
+| wordpress |  1095 | dwisiswant0   |   804 | file       |   404 | medium   |  1896 |      |       |
+| exposure  |  1052 | princechaddha |   570 | workflows  |   192 | critical |  1233 |      |       |
+| xss       |  1003 | ritikchaddha  |   533 | code       |   160 | low      |   292 |      |       |
+| wp-plugin |   958 | pussycat0x    |   452 | network    |   140 | unknown  |    37 |      |       |
 | osint     |   807 | pikpikcu      |   352 | javascript |    66 |          |       |      |       |
-| tech      |   753 | pdteam        |   302 | dast       |    40 |          |       |      |       |
-| lfi       |   740 | ricardomaia   |   247 | ssl        |    36 |          |       |      |       |
-| misconfig |   723 | geeknik       |   234 | dns        |    22 |          |       |      |       |
+| tech      |   760 | pdteam        |   302 | dast       |    40 |          |       |      |       |
+| lfi       |   744 | ricardomaia   |   247 | ssl        |    36 |          |       |      |       |
+| misconfig |   725 | geeknik       |   234 | dns        |    22 |          |       |      |       |
 
-**782 directories, 10167 files**.
+**786 directories, 10220 files**.
 
 </td>
 </tr>

diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json