Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: fixed bug due to parallel auto setting in http #4992

Merged
merged 2 commits into from
Apr 8, 2024
Merged

feat: fixed bug due to parallel auto setting in http #4992

merged 2 commits into from
Apr 8, 2024

Conversation

Ice3man543
Copy link
Member

@Ice3man543 Ice3man543 commented Apr 4, 2024
edited
Loading

Proposed changes

Closes #4993

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@Ice3man543 Ice3man543 self-assigned this Apr 4, 2024
@Ice3man543 Ice3man543 added the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label Apr 4, 2024
@denandz
Copy link
Contributor

denandz commented Apr 4, 2024

If my reading here is correct, this will still cause problems with greater than 10 payloads? I don't think this is a reasonable fix, since there's a condition here where the issue crops up again. We're introducing an edge case where <10 payloads behaves one way, and >10 behaves another way.

A better option might be to detect when variable substitution and an extractor is being used programatically, then turn off auto-concurrency. There's a very simplified version of this logic in the script in issue #4993

@denandz
Copy link
Contributor

denandz commented Apr 4, 2024

Confirmed, with this patch anything that has >NUCLEI_PAYLOAD_AUTO_CONCURRENCY_THRESHOLD payloads will continue to break:

doi@DESKTOP-B49A2DEE:/dev/shm/nuclei-templates$ NUCLEI_PAYLOAD_AUTO_CONCURRENCY_THRESHOLD=2 ~/go/src/github.com/projectdiscovery/nuclei/cmd/nuclei/nuclei -t ./http/default-logins/phpmyadmin/phpmyadmin-default-login.yaml -u http://127.0.0.1:8081/ 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.3

		projectdiscovery.io

[INF] Current nuclei version: v3.2.3 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] No results found. Better luck next time!
doi@DESKTOP-B49A2DEE:/dev/shm/nuclei-templates$ ~/go/src/github.com/projectdiscovery/nuclei/cmd/nuclei/nuclei -t ./http/default-logins/phpmyadmin/phpmyadmin-default-login.yaml -u http://127.0.0.1:8081/ 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.3

		projectdiscovery.io

[INF] Current nuclei version: v3.2.3 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[phpmyadmin-default-login] [http] [high] http://127.0.0.1:8081/index.php [password="root",user="root"]

@ehsandeep ehsandeep requested a review from Mzack9999 April 5, 2024 22:23
ehsandeep
ehsandeep approved these changes Apr 8, 2024
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merging this as hotfix to be included in release!

@ehsandeep ehsandeep merged commit a844e6f into dev Apr 8, 2024
12 checks passed
@ehsandeep ehsandeep deleted the fix-templates-not-working branch April 8, 2024 10:34
@ehsandeep ehsandeep removed the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label Apr 8, 2024
@tarunKoyalwar tarunKoyalwar mentioned this pull request Apr 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees

@Ice3man543 Ice3man543

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Erroneous extractor logic - 28 checks failing to detect issues
3 participants
@Ice3man543 @denandz @ehsandeep