Comments (4)
maoning
commented on May 2, 2024
Hi @0xtavi ,
Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.
Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.
Thanks!
from tsunami-security-scanner-plugins.
0xtavi
commented on May 2, 2024
Hello @maoning
There's no example provided for web fingerprinters at https://github.com/google/tsunami-security-scanner-plugins/tree/master/examples . Also no community fingerprinter yet.
Should I add the fingerprinter for Confluence here https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/fingerprinters/web ?
Thank you
from tsunami-security-scanner-plugins.
maoning
commented on May 2, 2024
@0xtavi That's correct! You can use https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/src/main/java/com/google/tsunami/plugins/fingerprinters/web/tools/FingerprintUpdater.java to generate the fingerprinting file for confluence.
from tsunami-security-scanner-plugins.
maoning
commented on May 2, 2024
You can use 4494593 as an example for the automation script you need to implement to spin up different versions of the application to generate fingerprints.
from tsunami-security-scanner-plugins.
Related Issues (20)
- PRP: Atlassian Jira Seraph Authentication Bypass RCE critical(CVE-2022-0540)
- PRP : CVE-2023-20198: Cisco WebUI RCE
- PRP: Atlassian Confluence RCE (CVE-2023-22527) HOT 1
- PRP: CVE-2021-24155 Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution
- Additional RCE payloads for Tsunami scanner payload generator HOT 1
- PRP: Request Jenkins Arbitrary File Read (CVE-2024-23897) HOT 11
- PRP: Request CVE-2023-7028 Account-Take-Over Vulnerability In Gitlab HOT 2
- PRP: CVE-2019-8451: Atlassian Jira pre auth SSRF
- PRP: CVE-2020-2096: Jenkins GitLab Hook Plugin XSS HOT 1
- PRP: Request Apache Ofbiz Authentication Bypass Leads to RCE (CVE-2023-51467) HOT 9
- PRP: connectwise screenconnect authentication bypass HOT 2
- PRP: Request Web Application Fingerprint - Grafana HOT 5
- PRP: Adobe ColdFusion RCE (CVE-2023-26360) HOT 3
- CVE-2023-5376 - Korenix JetNet TFTP Improper Authentication HOT 1
- PRP: Request Web Application Fingerprint - Apache Solr HOT 4
- PRP: JetBrains TeamCity Authentication Bypass (CVE-2023-42793) HOT 1
- PRP: Request Web Application Fingerprint - Apache Couchdb HOT 6
- PRP: Request Web Application Fingerprint - Apache Ofbiz
- PRP: WordPress Bricks Builder Plugin Unauthenticated RCE (CVE-2024-25600) HOT 1
- PRP: Request CVE-2020-13927 Apache Airflow's Experimental API Authentication Bypass HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tsunami-security-scanner-plugins.