Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2018-11784 FP #10495

Closed
iuliu8899 opened this issue Aug 8, 2024 · 6 comments
Closed

CVE-2018-11784 FP #10495

iuliu8899 opened this issue Aug 8, 2024 · 6 comments
Assignees
@DhiyaneshGeek
Labels
Done Ready to merge false-positive Nuclei template reporting invalid/unexpected result

Comments

@iuliu8899
Copy link
Contributor

Nuclei Version:

Template file:

CVE-2018-11784

Command to reproduce:

request to http

GET /interact.sh HTTP/1.1
Host: www.nxxx.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

redirect to https

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://www.nxxx.cominteract.sh
Server: Microsoft-IIS/10.0
X-Powered-By: ezEIP
X-Frame-Options: SAMEORIGIN
Date: Thu, 08 Aug 2024 06:27:24 GMT
Connection: close
Content-Length: 159

<head><title>文档已移动</title></head>
<body><h1>对象已移动</h1>可在<a HREF="https://www.nxxx.cominteract.sh">此处</a>找到该文档</body>

Anything else:

it's just a redirect from http to https.

ref: http://www.liuhaihua.cn/archives/537086.html
@iuliu8899 iuliu8899 added the false-positive Nuclei template reporting invalid/unexpected result label Aug 8, 2024
@princechaddha
Copy link
Member

Hello, the response time for this issue was longer than usual because the team was traveling for DEFCON. The team will respond to this issue shortly. Thank you for your contribution

@DhiyaneshGeek
Copy link
Member

HI @iuliu8899

i couldn't replicate the issue , let me know if i'm missing something

nuclei -u http://www.nxxx.com -id CVE-2018-11784 -vv -debug

i also observed that the template is working as intended

feel free to re-open if you still face the issue

Thanks

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Sep 2, 2024
@iuliu8899
Copy link
Contributor Author

iuliu8899 commented Sep 5, 2024
edited
Loading

Hi @DhiyaneshGeek
sorry about that I hided some sensitive url information in before.

can you try again with this url ?

nuclei -u http://www.nuzarsurf.com -id CVE-2018-11784 -vv

@iuliu8899
Copy link
Contributor Author

iuliu8899 commented Sep 5, 2024
edited
Loading

btw I can't reopen this issue due to some permission limit?

@DhiyaneshGeek
Copy link
Member

Hi @iuliu8899

i can replicate the issue , re-opening the issue

Thanks for flagging us

@DhiyaneshGeek DhiyaneshGeek reopened this Sep 5, 2024
@DhiyaneshGeek DhiyaneshGeek removed the Done Ready to merge label Sep 5, 2024
@DhiyaneshGeek
Copy link
Member

Hi @iuliu8899

i have fixed the FP and raised PR #10916

Let me know if the changes looks good

Thanks

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Oct 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Ready to merge false-positive Nuclei template reporting invalid/unexpected result
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@princechaddha @DhiyaneshGeek @iuliu8899