search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
18.27k stars 2.32k forks source link

Fuzzing loses context of request condition #4891

Open Mzack9999 opened 3 months ago

Mzack9999 commented 3 months ago

Nuclei version:

main|dev

Current Behavior:

Fuzzing uses a flat request iteration logic that loses context of ordering while fuzzing a particular element, namely request count is always zero at https://github.com/projectdiscovery/nuclei/blob/df67578d98df605d8a97d52b007d445dcc9c293e/pkg/protocols/http/request_fuzz.go#L195

Expected Behavior:

Either erroring if matchers/dsl contains request condition logic or introduce the concept of fuzzing context, while fuzzing a particular item (for example a query parameter) initialize a counter until the attack type has finished for that particular element:

matchers:
      - type: dsl
        dsl:
          - 'duration_1>18'
          - 'duration_2<7'
iambouali commented 1 month ago

@Mzack9999 any update here?

nancunyitong commented 2 weeks ago

any update here?

nancunyitong commented 2 weeks ago

is this same problem? Current Behavior:

image

test template

image

Expected Behavior:

image