nuclei
nuclei copied to clipboard
Published
20 hours ago •
projectdiscovery
projectdiscovery
Trailing slash after file name with raw http template format
trafficstars
Nuclei version:
dev,master
Current Behavior:
echo https://example.com/test.html | nuclei -t rr.yaml -debug-req
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.7.5
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.7.5 (latest)
[INF] Using Nuclei Templates 9.1.3 (latest)
[INF] Templates added in last update: 40
[INF] Templates loaded for scan: 1
[INF] [test] Dumped HTTP request for https://example.com/test.html/
GET /test.html/ HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36
Connection: close
Accept-Encoding: gzip
[INF] No results found. Better luck next time!
Expected Behavior:
GET /test.html HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36
Connection: close
Accept-Encoding: gzip
Steps To Reproduce:
id: test
info:
name: test
author: pdteam
severity: info
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
echo https://example.com/test.html | nuclei -t rr.yaml -debug-req
@ehsandeep the same behaviour occurs when using base http format.
id: test
info:
name: test
author: pdteam
severity: info
requests:
- path:
- "{{BaseURL}}/"
We need to fix this for the http module as a whole as it's not specific to raw http format
I am still facing the same problem. Current Behavior:
nuclei -target https://www.test.com/test -id generic-blind-xxe -debug-req 02/04
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.2.2
projectdiscovery.io
[WRN] Found 3150 templates loaded with deprecated protocol syntax, update before v3 for continued support.
[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.site
[INF] [generic-blind-xxe] Dumped HTTP request for https://www.test.com/test/
POST /test/ HTTP/1.1
Host: www.test.com
User-Agent: Mozilla/5.0 (X11; CrOS x86_64 0.3.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Connection: close
Content-Length: 114
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.test.com/test
Accept-Encoding: gzip
<?xml version="1.0"?>
<!DOCTYPE foo SYSTEM "http://co613ea6570dhpatnpqggmuhw4nkw3sxz.oast.site">
<foo>&e1;</foo>
[INF] No results found. Better luck next time!
Steps To Reproduce:
id: generic-blind-xxe
info:
name: Generic Blind XXE
author: geeknik
severity: high
description: This template detects Generic Blind XXE.
metadata:
max-request: 1
tags: xxe,generic,blind
http:
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: {{BaseURL}}
<?xml version="1.0"?>
<!DOCTYPE foo SYSTEM "http://{{interactsh-url}}">
<foo>&e1;</foo>
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
