Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing '=' in RAW Request with URL Path Variable #4512

Closed
dogancanbakir opened this issue Dec 19, 2023 Discussed in #4474 · 0 comments · Fixed by #4513
Closed

Missing '=' in RAW Request with URL Path Variable #4512

dogancanbakir opened this issue Dec 19, 2023 Discussed in #4474 · 0 comments · Fixed by #4513
Assignees
@dogancanbakir
Milestone
nuclei v3.1.3

Comments

@dogancanbakir
Copy link
Member

Discussed in #4474

Originally posted by nikolasCW December 8, 2023

Description:

I've encountered an issue when using a template with a URL path stored in a variable, including GET parameters. Specifically, when sending this path in a RAW request to the server, a parameter with no value (e.g., param2=) gets stripped of the '=' sign in the request.

Steps to Reproduce:

  1. Create a nuclei template with a URL path stored in a variable.
  2. Include a GET parameter with no value (e.g., param2=) in the URL path.
  3. Use the template to send a RAW request to the server.

Expected Behavior:

The RAW request should include the '=' sign for parameters with no value, maintaining the original structure of the URL path.

Actual Behavior:

The RAW request omits the '=' sign for parameters with no value, altering the intended URL path structure.

Environment:

nuclei version: 3.1.0 and 3.0.4

Example Template:

id: CVE-2023-XXXXX
info:
  name: XXX
  author: foo
  severity: high
variables:
  path: '/lol.php?param1=foo&param2=&param3=bar'
http:
  - raw:
      - |
        GET /{{path}} HTTP/1.1
        Host: {{Hostname}}
        Connection: close

        # 
    unsafe: true
    req-condition: true

Nuclei Debug output

user@attack:~$ ./31/nuclei -t var.yaml -u http://example.com -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.0

		projectdiscovery.io

[INF] Current nuclei version: v3.1.0 (latest)
[INF] Current nuclei-templates version: v9.7.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2023-XXXXX] Dumped HTTP request for http://example.com//lol.php?param1=foo&param2&param3=bar

GET //lol.php?param1=foo&param2&param3=bar HTTP/1.1
Host: example.com
Connection: close

....
@dogancanbakir dogancanbakir self-assigned this Dec 19, 2023
@dogancanbakir dogancanbakir mentioned this issue Dec 19, 2023
Merged
4 tasks
@ehsandeep ehsandeep added this to the nuclei v3.1.3 milestone Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dogancanbakir dogancanbakir

Labels
None yet
Projects
None yet
Milestone
nuclei v3.1.3
Development

Successfully merging a pull request may close this issue.

fix missing eq sign projectdiscovery/nuclei
2 participants
@ehsandeep @dogancanbakir