Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicate Query Parameter #4494

Closed
n00b-bot opened this issue Dec 16, 2023 · 3 comments
Closed

Duplicate Query Parameter #4494

n00b-bot opened this issue Dec 16, 2023 · 3 comments
Labels
DAST Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@n00b-bot
Copy link

n00b-bot commented Dec 16, 2023
edited by ehsandeep
Loading

Nuclei version:

v3.1.1

Current Behavior:

Duplicate query parameter when receive from input
image

Expected Behavior:

Only one parameter nothing

Steps To Reproduce:

Template:

id: fuzz-header-multiple

info:
  name: fuzz header multiple
  author: pdteam
  severity: info
  description: |
    In this template we fuzz multiple headers with single payload

http:
  - raw:
      - |+
        GET /kek?a=1 HTTP/1.1
        Host: {{Hostname}}
        Origin: https://example.com
        X-Forwared-For: 1337
        Cookie: z=aaa; bb=aaa
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
        Accept-Language: en-US,en;q=0.9
        Connection: close
    fuzzing:
      - part: query
        type: replace
        mode: single
        fuzz:
          - "hehe"

Run with template
nuclie -t test.yaml -u http://testphp.vulnweb.com/?nothing=1 -svd -lfa --debug

Anything else:
@n00b-bot n00b-bot added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Dec 16, 2023
This was referenced Dec 16, 2023
Closed
Closed
@ntriisii
Copy link

hey any updates on this, I'm still getting the same error in version 3.1.3, for a very simple raw http request

id: test_test
info:
  name: test_code
  author: name
  severity: info
  
http:
  - raw:
      - |
        GET {{Path}} HTTP/1.1
        Host: {{Hostname}}
    matchers:
      - type: word
        words:
          - ''

running nuclei -t ~/bbtools/my-nuclei-templates/xss-detection.yaml -u 'http://localhost:8023/test?query1=1&query2=2' -duc -debug-req

would result in:

[INF] Current nuclei version: v3.1.3 (outdated)
[INF] Current nuclei-templates version: v9.6.4 (outdated)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 121
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [test_test] Dumped HTTP request for http://localhost:8023/test/?query1=1&query1=1&query2=2&query2=2

GET /test/?query1=1&query1=1&query2=2&query2=2 HTTP/1.1
Host: localhost:8023
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
Connection: close
Accept-Encoding: gzip

[test_test] [http] [info] http://localhost:8023/test/?query1=1&query1=1&query2=2&query2=2

it also adds a / at the end of the path which was not included in the given URL, don't know if this intended or not.

@n00b-bot
Copy link
Author

n00b-bot commented Jan 8, 2024

@ntriisii Temporary you can use my pull request

@ehsandeep
Copy link
Member

This was fixed as part of #4477

@ehsandeep ehsandeep added the DAST label Aug 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
DAST Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
3 participants
@ehsandeep @n00b-bot @ntriisii