nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard
Published 4 months ago verified publisher icon projectdiscovery

Additional matchers for OAST Templates

Open ehsandeep opened this issue 4 years ago • 0 comments

Nuclei Version:

latest

Template file:

OAST-based templates with a single matcher.

Issue detail:

There are web servers that request/lookup any incoming host/URLs as part of the request URI, resulting in interaction (dns/http) and false-positive results for templates that use DNS/HTTP interaction as the only matcher to validate detection.

This can be fixed by adding an additional response-based matcher, along with DNS/HTTP interaction confirmation where possible. Additionally, we can add the following matcher to confirm the user agent or any string in the request received by the interact server.

      - type: word
        part: interactsh_request
        words:
          - "ShibbolethIdp"

Anything else:

It's also not possible to add more matchers in cases where detections are completely blind and the interaction point is the only way to confirm the issue, so there will be some exceptions as well.

ehsandeep avatar Mar 14 '22 11:03 ehsandeep