Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected matches with passive mode #2067

Closed
nil0x42 opened this issue May 25, 2022 · 0 comments · Fixed by #2213
Closed

Unexpected matches with passive mode #2067

nil0x42 opened this issue May 25, 2022 · 0 comments · Fixed by #2213
Assignees
@Mzack9999
Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
v2.7.4

Comments

@nil0x42
Copy link

nil0x42 commented May 25, 2022

Nuclei version:

2.7.1

Current Behavior:

This issue is similar to issue #587. but the issue has been closed long time ago so it looks like a regression.
It looks like templates who match response after sending a specific request are still used by passive mode.
For example, if nuclei -passive -target resp.txt is launched, and resp.txt contains "PHP Version", nuclei detects a critical vuln, because of CVE-2019-16759.yaml template:

[2022-05-25 15:01:06] [CVE-2019-16759] [http] [critical] resp.txt

Expected Behavior:

Only launch templates having {{BaseURL}} or {{BaseURL}}/ as path to make the matchers works in the expected way. (as already discussed in #587)
@nil0x42 nil0x42 added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label May 25, 2022
@ehsandeep ehsandeep added the Priority: Medium This issue may be useful, and needs some attention. label Jun 3, 2022
@Mzack9999 Mzack9999 self-assigned this Jun 22, 2022
@Mzack9999 Mzack9999 added the Status: In Progress This issue is being worked on, and has someone assigned. label Jun 22, 2022
@Mzack9999 Mzack9999 linked a pull request Jun 22, 2022 that will close this issue
Adding stricter check on offline templates list #2213
Merged
4 tasks
@Mzack9999 Mzack9999 added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Jun 22, 2022
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Jul 11, 2022
@ehsandeep ehsandeep added this to the v2.7.4 milestone Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
v2.7.4
Development

Successfully merging a pull request may close this issue.

Adding stricter check on offline templates list projectdiscovery/nuclei
3 participants
@nil0x42 @ehsandeep @Mzack9999