Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

interactsh-url dependent variables are not lazy evaluated #4946

Closed
tarunKoyalwar opened this issue Mar 26, 2024 · 0 comments · Fixed by #4941
Closed

interactsh-url dependent variables are not lazy evaluated #4946

tarunKoyalwar opened this issue Mar 26, 2024 · 0 comments · Fixed by #4941
Assignees
@tarunKoyalwar
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@tarunKoyalwar
Copy link
Member

Nuclei version:

main | latest

Current Behavior:

id: some-exploit

info:
  name: "Some Exploit"
  author: pdteam
  severity: critical
  description: this is a test description

variables:
  callback: "{{interactsh-url}}"
  cmd: "nslookup {{callback}}"
  payload: '{{base64(cmd)}}'

http:
  - raw:
      - |
        GET /{{payload}} HTTP/1.1
        Host: {{Hostname}}
    
    matchers:
      - type: status
        status:
          - 200

    extractors:
      - type: dsl
        dsl:
          - 'base64_decode(payload)'
$ nuclei -u https://scanme.sh -t a.yaml       

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

		projectdiscovery.io

[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loaded 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.fun
[some-exploit] [http] [critical] https://scanme.sh/bnNsb29rdXAge3tpbnRlcmFjdHNoLXVybH19 [nslookup {{interactsh-url}}]

Expected Behavior:

$ ./nuclei -u https://scanme.sh -t a.yaml

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.2

		projectdiscovery.io

[INF] Current nuclei version: v3.2.2 (latest)
[INF] Current nuclei-templates version: v9.8.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 85
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.online
[some-exploit] [http] [critical] https://scanme.sh/bnNsb29rdXAgY28xZGtmc280N21oOGNwOGg1MTA2ODRyb2NtNHE5dWd5Lm9hc3Qub25saW5l ["nslookup co1dkfso47mh8cp8h510684rocm4q9ugy.oast.online"]

Steps To Reproduce:

Anything else:
@tarunKoyalwar tarunKoyalwar added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Mar 26, 2024
@tarunKoyalwar tarunKoyalwar self-assigned this Mar 26, 2024
tarunKoyalwar added a commit that referenced this issue Mar 26, 2024
@tarunKoyalwar
fix interactsh-url lazy eval: #4946
26e26ff
@tarunKoyalwar tarunKoyalwar mentioned this issue Mar 26, 2024
Merged
ehsandeep pushed a commit that referenced this issue Mar 29, 2024
@tarunKoyalwar
add -dast flag and multiple bug fixes for dast templates (#4941)
e88889b 
* add default get method

* remove residual payload logic from old implementation

* fuzz: clone current state of component

* fuzz: bug fix stacking of payloads in multiple mode

* improve stdout template loading stats

* stdout: force display warnings if no templates are loaded

* update flags in README.md

* quote non-ascii chars in extractor output

* aws request signature can only be used in signed & verified tmpls

* deprecate request signature

* remove logic related to deprecated fuzzing input

* update test to use ordered params

* fix interactsh-url lazy eval: #4946

* output: skip unnecessary updates when unescaping

* updates as per requested changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add -dast flag and multiple bug fixes for dast templates projectdiscovery/nuclei
1 participant
@tarunKoyalwar