admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-08 19:53:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba03e54063a94de8155adf476dc07e5b39bca341
nuclei-templates/file/nodejs/generic-path-traversal.yaml

20 lines
871 B
YAML
Raw Normal View History

Create generic-path-traversal.yaml
2022-12-22 16:29:18 +05:30
id: generic-path-traversal
info:
updated names
2023-07-02 23:10:27 +05:30
name: Generic - Path Traversal
Create generic-path-traversal.yaml
2022-12-22 16:29:18 +05:30
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks.
tags: file,nodejs
file:
- extensions:
- all
updated extractor to matcher
2022-12-22 17:06:43 +05:30
matchers:
Create generic-path-traversal.yaml
2022-12-22 16:29:18 +05:30
- type: regex
regex:
Update generic-path-traversal.yaml
2023-06-28 10:41:36 +05:30
- "[^\\.]*\\.createReadStream\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
templateman update
2023-10-14 16:57:55 +05:30
condition: or
chore: sign templates 🤖
2024-12-01 13:57:55 +00:00
# digest: 490a00463044022077a05bec4a7bab41f89e41a82dc9ec945191bc1bd30dddd8f214a5b2eb1e00b902200df3a1bd784aecc8d34e62e7cc01161524651c15b790ae0475a99881bc01c272:922c64590222798bb761d5b6d8e72950
Reference in New Issue Copy Permalink