Merge branch 'main' into addtimebased

Author: ritikchaddha

.new-additions

@@ -1,69 +1,36 @@
-code/cves/2024/CVE-2024-4340.yaml
-code/cves/2024/CVE-2024-45409.yaml
-http/cves/2017/CVE-2017-5871.yaml
-http/cves/2019/CVE-2019-19411.yaml
-http/cves/2021/CVE-2021-25094.yaml
-http/cves/2021/CVE-2021-40272.yaml
-http/cves/2023/CVE-2023-0676.yaml
-http/cves/2023/CVE-2023-27641.yaml
-http/cves/2023/CVE-2023-39007.yaml
-http/cves/2023/CVE-2023-4151.yaml
-http/cves/2023/CVE-2023-47105.yaml
-http/cves/2024/CVE-2024-3234.yaml
-http/cves/2024/CVE-2024-32964.yaml
-http/cves/2024/CVE-2024-35627.yaml
-http/cves/2024/CVE-2024-3753.yaml
-http/cves/2024/CVE-2024-38816.yaml
-http/cves/2024/CVE-2024-43160.yaml
-http/cves/2024/CVE-2024-43917.yaml
-http/cves/2024/CVE-2024-45440.yaml
-http/cves/2024/CVE-2024-46627.yaml
-http/cves/2024/CVE-2024-4940.yaml
-http/cves/2024/CVE-2024-5488.yaml
-http/cves/2024/CVE-2024-6517.yaml
-http/cves/2024/CVE-2024-7354.yaml
-http/cves/2024/CVE-2024-7714.yaml
-http/cves/2024/CVE-2024-7854.yaml
-http/cves/2024/CVE-2024-8021.yaml
-http/cves/2024/CVE-2024-8877.yaml
-http/cves/2024/CVE-2024-9463.yaml
-http/cves/2024/CVE-2024-9465.yaml
-http/default-logins/datagerry/datagerry-default-login.yaml
-http/default-logins/netdisco/netdisco-default-login.yaml
-http/exposed-panels/dockwatch-panel.yaml
-http/exposed-panels/enablix-panel.yaml
-http/exposed-panels/gitlab-explore.yaml
-http/exposed-panels/gitlab-saml.yaml
-http/exposed-panels/loxone-web-panel.yaml
-http/exposed-panels/m-bus-panel.yaml
-http/exposed-panels/macos-server-panel.yaml
-http/exposed-panels/riello-netman204-panel.yaml
-http/exposed-panels/rstudio-panel.yaml
-http/exposed-panels/saia-pcd-panel.yaml
-http/exposed-panels/workspace-one-uem-ssp.yaml
-http/exposures/logs/action-controller-exception.yaml
-http/exposures/logs/delphi-mvc-exception.yaml
-http/exposures/logs/expression-engine-exception.yaml
-http/exposures/logs/lua-runtime-error.yaml
-http/exposures/logs/mako-runtime-error.yaml
-http/exposures/logs/microsoft-runtime-error.yaml
-http/exposures/logs/mongodb-exception-page.yaml
-http/exposures/logs/sap-logon-error-message.yaml
-http/exposures/logs/twig-runtime-error.yaml
-http/miscellaneous/seized-site.yaml
-http/misconfiguration/ariang-debug-console.yaml
-http/misconfiguration/microsoft/aspnetcore-dev-env.yaml
-http/misconfiguration/netdisco/netdisco-unauth.yaml
-http/technologies/arcgis-detect.yaml
-http/technologies/dizquetv-detect.yaml
-http/technologies/ivanti-epm-detect.yaml
-http/technologies/microsoft/default-azure-function-app.yaml
-http/technologies/vertigis-detect.yaml
-http/technologies/wiki-js-detect.yaml
-http/technologies/windows-communication-foundation-detect.yaml
-http/technologies/wordpress/plugins/unlimited-elements-for-elementor.yaml
-http/token-spray/api-delighted.yaml
-http/token-spray/api-intigriti.yaml
-http/token-spray/api-telegram.yaml
-http/vulnerabilities/retool/retool-svg-xss.yaml
-http/vulnerabilities/wordpress/ninja-forms-xss.yaml
+http/cves/2015/CVE-2015-8562.yaml
+http/cves/2018/CVE-2018-7192.yaml
+http/cves/2018/CVE-2018-7193.yaml
+http/cves/2018/CVE-2018-7196.yaml
+http/cves/2021/CVE-2021-45811.yaml
+http/cves/2023/CVE-2023-1315.yaml
+http/cves/2023/CVE-2023-1317.yaml
+http/cves/2023/CVE-2023-1318.yaml
+http/cves/2024/CVE-2024-32735.yaml
+http/cves/2024/CVE-2024-32736.yaml
+http/cves/2024/CVE-2024-32737.yaml
+http/cves/2024/CVE-2024-32738.yaml
+http/cves/2024/CVE-2024-32739.yaml
+http/cves/2024/CVE-2024-39713.yaml
+http/cves/2024/CVE-2024-43360.yaml
+http/cves/2024/CVE-2024-44349.yaml
+http/cves/2024/CVE-2024-45488.yaml
+http/cves/2024/CVE-2024-46310.yaml
+http/cves/2024/CVE-2024-5910.yaml
+http/default-logins/zebra/zebra-printer-default-login.yaml
+http/exposed-panels/freescout-panel.yaml
+http/exposed-panels/paloalto-expedition-panel.yaml
+http/exposed-panels/sqlpad-panel.yaml
+http/exposed-panels/traccar-panel.yaml
+http/exposed-panels/txadmin-panel.yaml
+http/exposed-panels/usermin-panel.yaml
+http/exposed-panels/veritas-netbackup-panel.yaml
+http/exposed-panels/vmware-aria-panel.yaml
+http/misconfiguration/root-path-disclosure.yaml
+http/technologies/accellion-detect.yaml
+http/technologies/mirth-connect-detect.yaml
+http/technologies/oracle-fusion-detect.yaml
+http/technologies/wordpress/plugins/burst-statistics.yaml
+http/vulnerabilities/yonyou/yonyou-u8-crm-sqli.yaml
+http/vulnerabilities/yonyou/yonyou-u8-crm-tb-sqli.yaml
+passive/cves/2024/CVE-2024-40711.yaml

CONTRIBUTING.md

@@ -56,6 +56,7 @@ Along with the P.O.C following are the required fields in the info section for s
 - If there are more than 1 template for a tech create a separate folder for it
 - Don't share any vulnerable URL publicly on Github or Discord channel.
 - We should only upload a web shell as a last resort to validate the vulnerability, and if we do upload a file, make sure the file name is random(`{{randstr}}`)
+- Do not include code templates for exploits that can be written using HTTP or JavaScript. We avoid adding additional exploit code to the project unless there is an exception.
 
 ### **Submitting a PR**
 

Community-Rewards-FAQ.md

@@ -0,0 +1,75 @@
+# Nuclei Templates Community Rewards Program - FAQ
+
+## What is the purpose of this rewards program?
+The program is designed to reward the community for their efforts in contributing high-quality templates for critical and trending vulnerabilities.
+
+## What are the bounty ranges for template submissions?
+Bounties range from **$50 to $250**, depending on the complexity of the template and the effort required.
+
+## Where can I find bounty issues?
+Only issues listed by us on our GitHub repository with the 💎 **Bounty** label are eligible for rewards. You can find these bounty issues [here](https://github.com/projectdiscovery/nuclei-templates/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22%F0%9F%92%8E%20Bounty%22)
+
+## What is the acceptance criteria for templates?
+Templates must meet the following criteria:
+1. **Complete POC**: A full Proof of Concept (POC) must be provided and not rely solely on version detection.
+2. **Debug Data**: Include debug data to assist with template validation.
+3. **Validation Required**: The template will be reviewed and validated before rewards are given.
+4. **Accurate Matchers**: Use strong matchers to avoid false positives.
+> **Note**: Triagers will make the final decision on whether a template qualifies for a reward based on validation and the acceptance criteria outlined.
+
+## How do I start working on a bounty issue?
+1. **Find an Issue**: Look for issues tagged with 💎 **Bounty**.
+2. **Declare Work**: Comment with `/attempt #<issue_number>` to claim the issue.
+3. **Submit Work**: Submit your pull request with `/claim #<issue_number>` in the PR description when ready.
+
+## How often are new bounty issues added?
+We add new bounty issues on a **weekly basis**, so make sure to check back regularly for fresh opportunities. In the future, you can expect many more bounty issues as the program expands, allowing more opportunities for contributors to participate and earn rewards.
+
+## Can I collaborate with others?
+Yes, you can collaborate with other contributors and split rewards by commenting:
+```
+/claim #<issue_number>
+/split @contributor1
+/split @contributor2
+```
+
+## Is there a limit to how many issues I can work on?
+You can work on up to **3 issues** simultaneously.
+
+## What happens if I don’t complete an issue on time?
+Issues must be completed within **2 months**, or they will be closed.
+
+## How are rewards distributed?
+Rewards are distributed once the template is fully validated. If the issue remains unresolved for **few weeks**, the bounty may increase.
+
+## What should I include in my template submission?
+Include the following:
+- **Complete POC**: A working Proof of Concept.
+- **Matchers**: Multiple matchers to prevent false positives.
+- **Debug Data**: Data to assist the triage team in validation.
+- **Metadata**: Include required fields like `id`, `name`, `author`, `severity`, `description`, and `reference`.
+
+## What types of templates will be rejected?
+Templates may be rejected if they:
+- Rely solely on version detection.
+- Lack a complete POC.
+- Contain weak matchers or redundant changes to existing templates.
+
+## What should I avoid when submitting a template?
+- Avoid sharing real-world targets publicly.
+- Don’t submit templates with weak matchers.
+- Avoid unnecessary changes to existing templates.
+
+## Is there a leaderboard for contributors?
+Yes! We now have a **leaderboard** that showcases top contributors. You can check it out here: [Leaderboard](https://cloud.projectdiscovery.io/templates/leaderboard).
+
+## Is this program permanent?
+The rewards program is currently a test run, but we may make changes based on community feedback.
+
+## What additional rewards are available besides bounties?
+Beyond bounties, we also reward contributors with:
+- **Swag** such as t-shirts and stickers.
+- **Invites to security conferences** for standout contributors.
+- **Stickers** as a token of appreciation for all first-time contributors, regardless of the bounty.
+
+> Contributors who feel their pull request or issue was overlooked for first-time contributor stickers can ping us on our Discord for assistance: [ProjectDiscovery Discord](https://discord.com/invite/projectdiscovery).

README.md

@@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 
 |    TAG    | COUNT |    AUTHOR     | COUNT | DIRECTORY  | COUNT | SEVERITY | COUNT | TYPE | COUNT |
 |-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
-| cve       |  2743 | dhiyaneshdk   |  1397 | http       |  7977 | info     |  3855 | file |   402 |
-| panel     |  1201 | daffainfo     |   866 | file       |   402 | high     |  2033 | dns  |    25 |
-| wordpress |  1035 | dwisiswant0   |   802 | cloud      |   325 | medium   |  1727 |      |       |
-| exposure  |   994 | princechaddha |   497 | workflows  |   192 | critical |  1145 |      |       |
-| xss       |   945 | pussycat0x    |   451 | network    |   137 | low      |   279 |      |       |
-| wp-plugin |   904 | ritikchaddha  |   445 | code       |    82 | unknown  |    43 |      |       |
+| cve       |  2773 | dhiyaneshdk   |  1420 | http       |  8042 | info     |  3887 | file |   402 |
+| panel     |  1212 | daffainfo     |   866 | file       |   402 | high     |  2039 | dns  |    25 |
+| wordpress |  1046 | dwisiswant0   |   802 | cloud      |   325 | medium   |  1742 |      |       |
+| exposure  |   997 | princechaddha |   498 | workflows  |   192 | critical |  1158 |      |       |
+| xss       |   956 | ritikchaddha  |   455 | network    |   137 | low      |   280 |      |       |
+| wp-plugin |   915 | pussycat0x    |   452 | code       |    84 | unknown  |    43 |      |       |
 | osint     |   807 | pikpikcu      |   353 | javascript |    65 |          |       |      |       |
-| tech      |   722 | pdteam        |   302 | ssl        |    30 |          |       |      |       |
-| lfi       |   712 | ricardomaia   |   243 | dast       |    25 |          |       |      |       |
-| misconfig |   710 | geeknik       |   231 | dns        |    22 |          |       |      |       |
+| tech      |   729 | pdteam        |   302 | ssl        |    30 |          |       |      |       |
+| lfi       |   713 | ricardomaia   |   243 | dast       |    25 |          |       |      |       |
+| misconfig |   713 | geeknik       |   231 | dns        |    22 |          |       |      |       |
 
-**718 directories, 9584 files**.
+**723 directories, 9654 files**.
 
 </td>
 </tr>