A pull request with the recommended changes has been opened: #9
A recent static-analysis audit of the public nuclei-template ecosystem identified templates in this repository that hard-code a third-party out-of-band (OOB) callback subdomain into the exploit payload, leaking scan-result signals to the controller of that subdomain on every successful exploit.
Templates with replaceable hard-coded callbacks (fix-in-place):
1001-to-2000-templates/apachesolrlfissrf.yaml — leaks to https://bugbounty.requestcatcher.com/ssrf2001-to-3000-templates/blind_ssrf.yaml — leaks to https://9a7d-183-82-25-4.ngrok.io
Templates recommended for deletion (cannot be safely fixed — see PR for per-file rationale):
12001-to-13000-templates/CVE-2020-13942 2.yaml14001-to-15000-templates/cve-2021-26295-5853.yaml14001-to-15000-templates/cve-2021-26295-5854.yaml14001-to-15000-templates/cve-2021-26295-5856.yaml14001-to-15000-templates/cve-2021-26295-5857.yaml24001-to-25000-templates/errors-n-vulns.yaml29001-to-30000-templates/lfr.yaml36001-to-37000-templates/ssrf.yaml
These templates appear here as byte-identical copies of upstream PoCs — the same issue exists in many other community repositories. The recommended fix is the linked PR; if not merged, please at minimum delete the affected files so future scans do not leak to the embedded third party.
A pull request with the recommended changes has been opened: #9
A recent static-analysis audit of the public nuclei-template ecosystem identified templates in this repository that hard-code a third-party out-of-band (OOB) callback subdomain into the exploit payload, leaking scan-result signals to the controller of that subdomain on every successful exploit.
Templates with replaceable hard-coded callbacks (fix-in-place):
1001-to-2000-templates/apachesolrlfissrf.yaml— leaks tohttps://bugbounty.requestcatcher.com/ssrf2001-to-3000-templates/blind_ssrf.yaml— leaks tohttps://9a7d-183-82-25-4.ngrok.ioTemplates recommended for deletion (cannot be safely fixed — see PR for per-file rationale):
12001-to-13000-templates/CVE-2020-13942 2.yaml14001-to-15000-templates/cve-2021-26295-5853.yaml14001-to-15000-templates/cve-2021-26295-5854.yaml14001-to-15000-templates/cve-2021-26295-5856.yaml14001-to-15000-templates/cve-2021-26295-5857.yaml24001-to-25000-templates/errors-n-vulns.yaml29001-to-30000-templates/lfr.yaml36001-to-37000-templates/ssrf.yamlThese templates appear here as byte-identical copies of upstream PoCs — the same issue exists in many other community repositories. The recommended fix is the linked PR; if not merged, please at minimum delete the affected files so future scans do not leak to the embedded third party.