Muhammad Daffa

[New Checker]

2

List of endpoints that will be included in the Key-Checker * https://coinigy.docs.apiary.io/#reference/account-data/account-info/userinfo?console=1 * https://anti-captcha.com/apidoc/methods/getBalance * https://proxycrawl.com/docs/crawling-api * https://randommer.io/randommer-api * https://fungenerators.com/api/facts/ * https://www.perfecttense.com/api * https://jokes.one/api/joke/#curl * https://currencylayer.com/documentation * https://currencyscoop.com/code-samples * https://1forge.com/api...

Could not execute any template using any host

3

### Description: My nuclei dont want to run using any host, this is the error nuclei given using some random template ``` Could not execute request for https://google.com: GET https://google.com/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)...

Hi, I have a question. How to use this tool if the GraphQL query is inside the JSON body? ``` POST /graphql HTTP/1.1 Host: example.com {"operationName":"test","query":"query test($input: test!).....\n}\n"} ```

## Description The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since...

Bug PHP Code Injection

1

Hello, i found PHP Code injection  Iam using system() function in PHP to test it, when run simple php code injection payload `` The output will be like this...

Denial of Service by Rendering Image that have very big pixel

4

## Description There is Denial of Service (DoS) because `imageproxy` didn't check the size of the pixel image ## Affected version Latest version (0.11.2) ## CVSS Score CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H - 6.5...

Too many false positives when checking JS files

2

## Description There is a lot of false positives when reconftw checking JS files  ## Solution I think we cannot depend the js checking to public nuclei templates

Add HTTP Request Smuggling

3

Nice tools! it helped me a lot when doing penetration testing. I have an idea to add HTTP request smuggling scan into reconftw using this tool https://github.com/defparam/smuggler What do you...

### Template / PR Information - Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX - References: ### Template Validation I've validated this template locally? - [ ] YES - [...

### Template / PR Information - Add malware detector templates - References: https://github.com/daffainfo/nuclei-malware ### Template Validation I've validated this template locally? - [x] YES - [ ] NO ### Additional...