search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
18.19k stars 2.32k forks source link

Bug(?) with fuzzing templates in v3.2.4 #5057

Closed reewardius closed 2 months ago

reewardius commented 2 months ago

Nuclei version:

3.2.4

Version 3.2.2 Behavior:

In version 3.2.2 we can import results from other scanners (katana,burp etc.) and then use custom rules to fuzz them.

docker run -v $(pwd):/src projectdiscovery/nuclei:v3.2.2 -l /src/burp -im burp -t /src/fuzzing-requests -id time-body

image

id: time-body

info:
  name: Blind SQL Injection
  author: reewardius
  severity: high
  tags: fuzzing-req

http:
  - filters:
      - type: dsl
        dsl:
          - 'method == "POST"'

    payloads:
      blind:
        - "'+(select*from(select(sleep(9)))a)+'"

    fuzzing:
      - part: body
        type: replace
        mode: single
        fuzz:
          - "{{blind}}"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'duration>=9'

Current Behavior:

In version 3.2.4 the same rule gives an error, what has changed in the new version, how to run them now?

docker run -v $(pwd):/src projectdiscovery/nuclei:v3.2.4 -l /src/burp -im burp -t /src/fuzzing-requests -id time-body

image

reewardius commented 2 months ago

Fix it in the documentation then, that filters no longer exist, but instead pre-condition is used, because versions 3.2.2 and 3.2.4 work differently, and many rules that were written in the first days of release do not work...

image

but the rules use pre-condition image

ehsandeep commented 2 months ago

@reewardius https://github.com/projectdiscovery/docs/pull/41