A pull request with the recommended changes has been opened: #1
A recent static-analysis audit of the public nuclei-template ecosystem identified templates in this repository that hard-code a third-party out-of-band (OOB) callback subdomain into the exploit payload, leaking scan-result signals to the controller of that subdomain on every successful exploit.
Templates with replaceable hard-coded callbacks (fix-in-place):
apachesolrlfissrf.yaml — leaks to https://bugbounty.requestcatcher.com/ssrfblind_ssrf.yaml — leaks to https://9a7d-183-82-25-4.ngrok.io
Templates recommended for deletion (cannot be safely fixed — see PR for per-file rationale):
CVE-2020-13942.yamlARPSyndicate/nuclei/cvescan/critical/CVE-2021-26295.yamlARPSyndicate/jaeles/vulnscan/info/errors-n-vulns.yamlssrf.yaml
These templates appear here as byte-identical copies of upstream PoCs — the same issue exists in many other community repositories. The recommended fix is the linked PR; if not merged, please at minimum delete the affected files so future scans do not leak to the embedded third party.
A pull request with the recommended changes has been opened: #1
A recent static-analysis audit of the public nuclei-template ecosystem identified templates in this repository that hard-code a third-party out-of-band (OOB) callback subdomain into the exploit payload, leaking scan-result signals to the controller of that subdomain on every successful exploit.
Templates with replaceable hard-coded callbacks (fix-in-place):
apachesolrlfissrf.yaml— leaks tohttps://bugbounty.requestcatcher.com/ssrfblind_ssrf.yaml— leaks tohttps://9a7d-183-82-25-4.ngrok.ioTemplates recommended for deletion (cannot be safely fixed — see PR for per-file rationale):
CVE-2020-13942.yamlARPSyndicate/nuclei/cvescan/critical/CVE-2021-26295.yamlARPSyndicate/jaeles/vulnscan/info/errors-n-vulns.yamlssrf.yamlThese templates appear here as byte-identical copies of upstream PoCs — the same issue exists in many other community repositories. The recommended fix is the linked PR; if not merged, please at minimum delete the affected files so future scans do not leak to the embedded third party.