Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workflow match template use flow has Javascript Error #4736

Closed
dockernes opened this issue Feb 6, 2024 · 0 comments · Fixed by #5064
Closed

Workflow match template use flow has Javascript Error #4736

dockernes opened this issue Feb 6, 2024 · 0 comments · Fixed by #5064
Assignees
@RamanaReddy0M
Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
nuclei v3.2.5

Comments

@dockernes
Copy link

dockernes commented Feb 6, 2024
edited by RamanaReddy0M
Loading

Nuclei version:

E:\PenetrationT\scan\nuclei>nuclei -version
[INF] Nuclei Engine Version: v3.1.10
[INF] Nuclei Config Directory: C:\Users\zouch\AppData\Roaming\nuclei
[INF] Nuclei Cache Directory: C:\Users\zouch\AppData\Local\nuclei
[INF] PDCP Directory: C:\Users\zouch\.pdcp

Current Behavior:

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x20 pc=0x292135b]

goroutine 16 [running]:
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).ExecuteWithResults(0xc000fd1db8?, 0xcc11a5?)
        github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:195 +0x1b
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).runWorkflowStep(0xc0003e8fc0, 0xc000ceb1f0, 0xc000f7cc80, 0xc000fae94c, 0xc000fc80e0, 0xc000a50f80)
        github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:149 +0x3e6
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeWorkflow.func1(0xc000fc80e0?, 0x3a79778?, 0x51746a0?, 0x78?, 0x2ff7ca0?, 0xc000ceb1f0)
        github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:43 +0x71
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeWorkflow(0x0?, 0xc000f7cc80, 0xc000a50f80)
        github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:46 +0x1e6
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0xf349e0?, 0xc0?, 0xc000fab9b0)
        github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:121 +0x1fb
created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 15
        github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:107 +0x4f1

Expected Behavior:

[php-detect] [http] [info] http://127.0.0.1

Steps To Reproduce:

  1. Run 'nuclei.exe -w custom\workflow-test.yaml -u http://127.0.0.1'
    Error:
nuclei.exe -w custom\workflow-test.yaml -u http://127.0.0.1

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.10

                projectdiscovery.io

[WRN] Found 14 template[s] loaded with deprecated paths, update before v3 for continued support.
[INF] Current nuclei version: v3.1.10 (latest)
[INF] Current nuclei-templates version: v9.7.5 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] Workflows loaded for current scan: 1
[INF] Executing 2 signed templates from projectdiscovery/nuclei-templates
[INF] Executing 1 signed templates from test.test
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x20 pc=0x292135b]

goroutine 16 [running]:
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).ExecuteWithResults(0xc000fd1db8?, 0xcc11a5?)
        github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:195 +0x1b
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).runWorkflowStep(0xc0003e8fc0, 0xc000ceb1f0, 0xc000f7cc80, 0xc000fae94c, 0xc000fc80e0, 0xc000a50f80)
        github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:149 +0x3e6
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeWorkflow.func1(0xc000fc80e0?, 0x3a79778?, 0x51746a0?, 0x78?, 0x2ff7ca0?, 0xc000ceb1f0)
        github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:43 +0x71
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeWorkflow(0x0?, 0xc000f7cc80, 0xc000a50f80)
        github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:46 +0x1e6
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0xf349e0?, 0xc0?, 0xc000fab9b0)
        github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:121 +0x1fb
created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 15
        github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:107 +0x4f1
  1. Run Nuclei version 3.0.4 'nuclei304.exe -w custom\workflow-test.yaml -u http://127.0.0.1' No Error
nuclei304.exe -w custom\workflow-test.yaml -u http://127.0.0.1

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.0.4

                projectdiscovery.io

[WRN] Found 14 template[s] loaded with deprecated paths, update before v3 for continued support.
[INF] Current nuclei version: v3.0.4 (outdated)
[INF] Current nuclei-templates version: v9.7.5 (latest)
[INF] Workflows loaded for current scan: 1
[INF] Executing 2 signed templates from projectdiscovery/nuclei-templates
[INF] Executing 1 signed templates from test.test
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[php-detect] [http] [info] http://127.0.0.1

Anything else:

file: workflow-test.yaml

id: myscan-workflow

info:
  name: myscan-workflow
  author: UbranGames
  description: test
  reference: https://test.test

workflows:
  - template: custom/flow-test.yaml
    matchers:
      - name: php
        subtemplates:
          - template: custom/mytemp/custom-php-detect.yaml
          - template: http/exposures/configs/phpinfo-files.yaml
          - template: http/exposures/configs/php-fpm-config.yaml

file: flow-test.yaml

id: flow-test

info:
  name: flow-test
  author: UbranGames
  severity: low
  description: Flow Test
  reference:
    - https://test.test
  classification:
    cwe-id: CWE-200
  tags: finger
  metadata:
    max-request: 6
    verified: true

flow: |
  http(1);

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: word
        name: php
        words:
          - PHP/
          - PHPSESSION
          - 'X-Powered-By: PHP'
          - 'x-powered-by: php'
        condition: or
        part: header


  - method: GET
    path:
      - "{{BaseURL}}/test/"

    matchers:
      - type: word
        name: php
        words:
          - PHP/
          - PHPSESSION
          - 'X-Powered-By: PHP'
          - 'x-powered-by: php'
        condition: or
        part: header
@dockernes dockernes added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Feb 6, 2024
@tarunKoyalwar tarunKoyalwar self-assigned this Feb 6, 2024
@tarunKoyalwar tarunKoyalwar removed their assignment Feb 22, 2024
@tarunKoyalwar tarunKoyalwar added the Priority: High After critical issues are fixed, these should be dealt with before any further issues. label Feb 22, 2024
@RamanaReddy0M RamanaReddy0M self-assigned this Apr 17, 2024
@RamanaReddy0M RamanaReddy0M linked a pull request Apr 17, 2024 that will close this issue
Fix panic err using flow templates with workflow #5064
Merged
4 tasks
@RamanaReddy0M RamanaReddy0M mentioned this issue Apr 17, 2024
Merged
4 tasks
@ehsandeep ehsandeep added this to the nuclei v3.2.5 milestone Apr 18, 2024
This was referenced Apr 23, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RamanaReddy0M RamanaReddy0M

Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
nuclei v3.2.5
Development

Successfully merging a pull request may close this issue.

Fix panic err using flow templates with workflow projectdiscovery/nuclei
4 participants
@ehsandeep @dockernes @tarunKoyalwar @RamanaReddy0M