nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Added symfony_fragment_detect.yaml Template

Open impalanichamy opened this issue 1 year ago • 4 comments

Template / PR Information

while reading symfony framework related vulnerabilities, I came across the following blogs. By appending /_fragment , we could identify fragment page. If we are getting 403 forbidden error or symfony error, we could achieve remote code execution

  • Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
  • References: https://www.ambionics.io/blog/symfony-secret-fragment https://medium.com/@m4cddr/how-i-got-rce-in-10-websites-26dd87441f22 https://al1z4deh.medium.com/how-i-hacked-28-sites-at-once-rce-5458211048d5 https://github.com/ambionics/symfony-exploits

Template Validation

I've validated this template locally?

  • [ ] YES

Additional Details (leave it blank if not applicable)

image I used the existing shodan dork

image

Additional References:

impalanichamy avatar Apr 24 '23 13:04 impalanichamy

Hi @impalanichamy Thank you for sharing this template with the community and for your contribution to this project 🚀 .i have updated the condition and severity, can you check and let me know if it works.

pussycat0x avatar May 17 '23 19:05 pussycat0x

@pussycat0x we can move this to misconfiguration folder , what you think about it ?

DhiyaneshGeek avatar May 18 '23 10:05 DhiyaneshGeek

Hi @pussycat0x , Yes, It works fine! Thanks for the edits

impalanichamy avatar May 19 '23 13:05 impalanichamy

PR #5203

pussycat0x avatar May 31 '23 03:05 pussycat0x

Hello @impalanichamy, thank you so much for sharing this template with the community and contributing to this project 🍻

ritikchaddha avatar Jun 08 '23 18:06 ritikchaddha