search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.08k stars 2.59k forks source link

[Bug] Template generic-blind-xxe wrong raw definition #9488

Closed derekkddj closed 1 week ago

derekkddj commented 6 months ago

The original template is:

id: generic-blind-xxe

info:
  name: Generic Blind XXE
  author: geeknik
  severity: high
  description: This template detects Generic Blind XXE.
  metadata:
    max-request: 1
  tags: xxe,generic,blind

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}

But acording to documentation: https://docs.projectdiscovery.io/templates/protocols/http/raw-http

It should be:

id: generic-blind-xxe

info:
  name: Generic Blind XXE
  author: geeknik
  severity: high
  description: This template detects Generic Blind XXE.
  metadata:
    max-request: 1
  tags: xxe,generic,blind

http:
  - raw:
      - |
        POST  HTTP/1.1
        Host: {{Hostname}}

With the original template nuclei always add a trailing slash to every URL. www.target.com/wii -> www.target.com/wii/

And is not the intended operation.

ehsandeep commented 6 months ago

@dhd0004 there is bug in nuclei engine that is being fixed here - https://github.com/projectdiscovery/nuclei/pull/4955

derekkddj commented 6 months ago

but in that bug they were using "unsafe:true", not in this template EDIT: sorry, i saw there was a bug referenced https://github.com/projectdiscovery/nuclei/issues/4921