nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard
Published 4 months ago verified publisher icon projectdiscovery

False positives in wordpress detection

Open tarunkant opened this issue 1 year ago • 1 comments

Nuclei Version:

v3.2.9

Template file:

http/technologies/wordpress-detect.yaml

Description:

These two matchers are very generic and generating false positives, it is recommended to restrict the matchers:

- '\/wp-content/themes\/'
- '\/wp-includes\/'

tarunkant avatar Aug 05 '24 07:08 tarunkant

Hello, the response time for this issue was longer than usual because the team was traveling for DEFCON. The team will respond to this issue shortly. Thank you for your contribution

princechaddha avatar Aug 21 '24 16:08 princechaddha

Hi @tarunkant

Is it possible to share the false positive target, it will help us in fixing the template

Thanks

DhiyaneshGeek avatar Sep 02 '24 07:09 DhiyaneshGeek

@DhiyaneshGeek, here you go: https://survey.hotstar.com/

tarunkant avatar Sep 02 '24 07:09 tarunkant

Hi @tarunkant

i have updated the template, by removing the weak matcher #10649

Let me know if this works

Thanks

DhiyaneshGeek avatar Sep 02 '24 08:09 DhiyaneshGeek

@DhiyaneshGeek, yes it is fixed, thanks!

tarunkant avatar Sep 02 '24 08:09 tarunkant

@DhiyaneshGeek @ritikchaddha,

Now this change is not detecting WordPress at this: https://ads.hotstar.com/.

Can you please take a look at this?

Thanks,

tarunkant avatar Sep 12 '24 10:09 tarunkant

Hey @tarunkant, Thanks for updating, we are looking into it.

ritikchaddha avatar Sep 12 '24 13:09 ritikchaddha

Any update here?

tarunkant avatar Sep 23 '24 08:09 tarunkant

Hi @tarunkant

i have fixed the missing detection https://github.com/projectdiscovery/nuclei-templates/pull/10915

Let me know if the changes works

Thanks

DhiyaneshGeek avatar Oct 05 '24 19:10 DhiyaneshGeek

It is fixed, thanks!

tarunkant avatar Oct 10 '24 06:10 tarunkant