Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix panic with fuzz template #5068

Merged
merged 4 commits into from
Apr 23, 2024
Merged

Fix panic with fuzz template #5068

merged 4 commits into from
Apr 23, 2024

Conversation

RamanaReddy0M
Copy link
Contributor

@RamanaReddy0M RamanaReddy0M commented Apr 18, 2024

Proposed changes

test.yaml

id: log4j-header-injection

info:
  name: Log-4j Injection In Headers
  author: Nishantbhagat57
  severity: high
  description: Detects potential Out-of-Band Log-4j Injection vulnerabilities, blind testing using payloads in headers.
  reference:
    - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/
  tags: cmdi, oast, dast, log4j

http:
  - payloads:
      inject:
        - aa

    fuzzing:
      - part: header
        type: replace
        mode: multiple
        fuzz:
          User-Agent: "{{inject}}"
          Referer: "{{inject}}"
          X-Client-IP: "{{inject}}"
          X-Forwarded-For: "{{inject}}"
          X-Api-Version: "{{inject}}"
          
    matchers-condition: or
    matchers:
      - type: word
        words:
          - "test"

TEST:

✗ nuclei -t test.yaml -u example.com -dast

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@RamanaReddy0M RamanaReddy0M self-assigned this Apr 18, 2024
@RamanaReddy0M RamanaReddy0M marked this pull request as draft April 18, 2024 13:52
@RamanaReddy0M RamanaReddy0M linked an issue Apr 22, 2024 that may be closed by this pull request
@RamanaReddy0M RamanaReddy0M marked this pull request as ready for review April 22, 2024 17:01
Copy link
Member

@tarunKoyalwar tarunKoyalwar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm !

$ ./nuclei -t a.yaml -u https://example.com -debug-req -dast

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.4

		projectdiscovery.io

[INF] Current nuclei version: v3.2.4 (latest)
[INF] Current nuclei-templates version: v9.8.5 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 142
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [log4j-header-injection] Dumped HTTP request for https://example.com

GET / HTTP/1.1
Host: example.com
User-Agent: aa
Referer: aa
X-Api-Version: aa
X-Client-Ip: aa
X-Forwarded-For: aa
Accept-Encoding: gzip

[INF] No results found. Better luck next time!

@ehsandeep ehsandeep merged commit bf0cae3 into dev Apr 23, 2024
9 of 12 checks passed
@ehsandeep ehsandeep deleted the fix-fuzz-template-panic branch April 23, 2024 08:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Fuzzing with multiple mode not working
3 participants