nuclei
nuclei copied to clipboard
projectdiscovery
`Path`, `Query` Variables not populated in response variables
Nuclei version:
v3.2.8
Current Behavior:
Path, Query Variables not populated in response variables
Expected Behavior:
The Path and Query variables in memory should be populated.
Steps To Reproduce:
./nuclei -t . -id posthog-admin-panel -u https://us.posthog.com -svd -v -duc [4/06/24| 2:00PM]
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.2.8
projectdiscovery.io
[VER] Started metrics server at localhost:9092
...
[DBG] HTTP Protocol request variables:
1. BaseURL => https://us.posthog.com
2. DN => posthog
3. FQDN => us.posthog.com
4. File =>
5. Host => us.posthog.com
6. Hostname => us.posthog.com
7. Input => https://us.posthog.com
8. Path =>
9. Port => 443
10. Query =>
11. RDN => posthog.com
12. RootURL => https://us.posthog.com
13. SD => us
14. Scheme => https
15. TLD => com
16. ip =>
[VER] [posthog-admin-panel] Sent HTTP request to https://us.posthog.com/login?next=/
[DBG] Http Protocol response variables:
1. BaseURL => https://us.posthog.com
2. DN => posthog
3. FQDN => us.posthog.com
4. File =>
5. Host => us.posthog.com
6. Hostname => us.posthog.com
7. Input => https://us.posthog.com
8. Path =>
9. Port => 443
10. Query =>
11. RDN => posthog.com
12. RootURL => https://us.posthog.com
13. SD => us
14. Scheme => https
15. TLD => com
16. all_headers => HTTP/1.1 200 OK Connecti .... e-Options: SAMEORIGIN
17. body => <!DOCTYPE html> <html lan .... </body> </html>
18. content_length => 43708
19. content_type => text/html; charset=utf-8
20. cross_origin_opener_policy => same-origin
21. curl-command => curl -X 'GET' -H 'Accept: .... posthog.com/login?next=/'
22. date => Tue, 04 Jun 2024 08:32:32 GMT
23. duration => 2.08194475
24. header => HTTP/1.1 200 OK Connecti .... e-Options: SAMEORIGIN
25. host => https://us.posthog.com
26. interactsh-server =>
27. ip => 54.197.92.152
28. matched => https://us.posthog.com/login?next=/
29. posthog_csrftoken => X1dpTkXbqjGPaJ72OoZchsWUNG7auVJ0
30. referrer_policy => same-origin
31. request => GET /login?next=/ HTTP/1. .... Accept-Encoding: gzip
32. response => HTTP/1.1 200 OK Connecti .... </body> </html>
33. server => envoy
34. set_cookie => posthog_csrftoken=X1dpTkX .... h=/; SameSite=Lax; Secure
35. status_code => 200
36. template-id => posthog-admin-panel
37. template-info => {PostHog Login Panel - De .... ied:true] 0x14037ac74a0 }
38. template-path => /Users/0xinfection/Work/n .... /posthog-admin-panel.yaml
39. type => http
40. vary => Cookie, Accept-Encoding
41. x_content_type_options => nosniff
42. x_envoy_upstream_service_time => 21
43. x_frame_options => SAMEORIGIN
[posthog-admin-panel] [http] [info] https://us.posthog.com/login?next=/
Anything else:
I have been trying to run default login templates in form of workflows, however this looks difficult with how nuclei currently works as there is no way to pass down path from the technology template hit to the default-login template. Technology identification templates have lots of paths which the template tries to bruteforce but the default-login templates have just a single embedded path. Is there a way I can resolve this?
To elaborate: lets say the tech template tries to bruteforce /software/, /, /soft/ and it hits on /soft/. The default-login templates just tries /login while ideally it should be /soft/login as it assumes the software is hosted on the root path.
