Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.place/objects/1c38f7aa-fb3f-4dcc-bde4-1aafa1336efb">buherator (buherator@infosec.place)'s status on Friday, 07-Feb-2025 17:35:04 JST</a><a href="https://infosec.place/users/buherator" title="buherator@infosec.place"><img src="https://gnusocial.jp/avatar/105742-48-20230309202713.webp" width="48" height="48" alt="buherator" style="position: absolute; left: 0; top: 0;">buherator</a><div><a href="https://cyberplace.social/@GossiTheDog/113961419030750754" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> That is technically true, but scanners already look for exposed web.configs, so any affected, but not already exploited Internet-facing sites would be simultaneously extremely negligent and lucky.<br><br><a href="https://github.com/projectdiscovery/nuclei-templates/blob/2390fd195ab00f2bb1142dd27ac2ab888622d9bd/http/exposures/configs/web-config.yaml#L22">https://github.com/projectdiscovery/nuclei-templates/blob/2390fd195ab00f2bb1142dd27ac2ab888622d9bd/http/exposures/configs/web-config.yaml#L22</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4523789#notice-8857727">In conversation</a><time datetime="2025-02-07T17:35:04+09:00" title="Friday, 07-Feb-2025 17:35:04 JST">about 23 days ago</time> <span>from <span><a href="https://infosec.place/objects/1c38f7aa-fb3f-4dcc-bde4-1aafa1336efb" rel="external" title="Sent from infosec.place via ActivityPub">infosec.place</a></span></span><a href="https://infosec.place/objects/1c38f7aa-fb3f-4dcc-bde4-1aafa1336efb">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/projectdiscovery/nuclei-templates/blob/2390fd195ab00f2bb1142dd27ac2ab888622d9bd/http/exposures/configs/web-config.yaml#L22">nuclei-templates/http/exposures/configs/web-config.yaml at 2390fd195ab00f2bb1142dd27ac2ab888622d9bd · projectdiscovery/nuclei-templates</a></h5><div></div></header><div>Community curated list of templates for the nuclei engine to find security vulnerabilities. - projectdiscovery/nuclei-templates</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
buherator (buherator@infosec.place)'s status on Friday, 07-Feb-2025 17:35:04 JSTbuherator
in reply to
- Kevin Beaumont
@GossiTheDog That is technically true, but scanners already look for exposed web.configs, so any affected, but not already exploited Internet-facing sites would be simultaneously extremely negligent and lucky.

https://github.com/projectdiscovery/nuclei-templates/blob/2390fd195ab00f2bb1142dd27ac2ab888622d9bd/http/exposures/configs/web-config.yaml#L22
In conversationabout 23 days ago from infosec.placepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  nuclei-templates/http/exposures/configs/web-config.yaml at 2390fd195ab00f2bb1142dd27ac2ab888622d9bd · projectdiscovery/nuclei-templates
  Community curated list of templates for the nuclei engine to find security vulnerabilities. - projectdiscovery/nuclei-templates

Public

Embed Notice

HTML Code

Corresponding Notice