search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.17k stars 2.6k forks source link

[Bug] Added more matcher, request, etc to fix https://github.com/projectdiscovery/nuclei/issues/5546 #10590

Closed daffainfo closed 1 month ago

daffainfo commented 1 month ago

Issue: https://github.com/projectdiscovery/nuclei/issues/5546

Many javascript templates use hard-coded ports. And according to one dev said to add some matchers etc to avoid false positives

daffainfo commented 1 month ago

Need to update redis-require-auth template (Check the nuclei issue) and I also found that x11-unauth-access is producing false positive result Command:

echo '50.63.14.108' | naabu --top-ports 100 | nuclei -t nuclei-templates/javascript

Output

[WRN] [x11-unauth-access-intrusive] The return value of a DSL statement must return a boolean value.
[WRN] [x11-unauth-access-intrusive] The return value of a DSL statement must return a boolean value.
[WRN] [x11-unauth-access-intrusive] The return value of a DSL statement must return a boolean value.
[WRN] [x11-unauth-access-intrusive] The return value of a DSL statement must return a boolean value.
pussycat0x commented 1 month ago

Hi @daffainfo can you Try this updated Template? it's working fine from my end https://github.com/projectdiscovery/nuclei-templates/pull/10655/

daffainfo commented 1 month ago

Do not close this issue yet, are you guys already fixredis-require-auth?

DhiyaneshGeek commented 1 month ago

Hi @daffainfo

we observed only x11-unauth-access-intrusive was false positive and fixed the template and closed the issue

thanks for re-opening and letting us know about the issue