search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
19.82k stars 2.44k forks source link

decompression bomb increase memory usages #5133

Open ehsandeep opened 4 months ago

ehsandeep commented 4 months ago

Nuclei version:

dev / main

Current Behavior:

out of memory issue

Expected Behavior:

  1. Set max memory limit to read for decompression like nuclei has for response read.
  2. Confirm if each matchers are not doing decompression separately and being resued.

Steps To Reproduce:

id: decompression-bomb

info:
  name: test
  author: parthmalhotra
  severity: critical
  description: |
    test
  reference:
    - http://example.com
  tags: bomb

http:
  - raw:
      - |
        GET /compr.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(zlib_decode(body), "223ff")'
          - 'contains(zlib_decode(body), "2232ff")'
          - 'contains(zlib_decode(body), "22322ff")'
          - 'contains(zlib_decode(body), "223f333f")'
          - 'contains(zlib_decode(body), "224443ff")'
          - 'contains(zlib_decode(body), "223fdf")'
          - 'contains(zlib_decode(body), "2232cff")'
          - 'contains(zlib_decode(body), "2232b2ff")'
          - 'contains(zlib_decode(body), "223fx333f")'
          - 'contains(zlib_decode(body), "2s24443ff")'
          - 'contains(zlib_decode(body), "223fccxf")'
          - 'contains(zlib_decode(body), "223zz2ff")'
          - 'contains(zlib_decode(body), "2332322ff")'
          - 'contains(zlib_decode(body), "22w3f333f")'
          - 'contains(zlib_decode(body), "2244463ff")'
          - 'contains(zlib_decode(body), "22344ffdf")'
          - 'contains(zlib_decode(body), "2232333cff")'
          - 'contains(zlib_decode(body), "2232224b2ff")'
          - 'contains(zlib_decode(body), "223fdfe3x333f")'
          - 'contains(zlib_decode(body), "2s244ffrfrf343ff")'
        condition: and
  1. Save above template as test.yaml
  2. Run nuclei -t test.yaml -u 64.227.170.3 (test host with compressed file compr.txt)
  3. Notice spike in memory usages.
Ice3man543 commented 4 months ago

Fixed here -

  1. https://github.com/projectdiscovery/dsl/pull/132 - dsl repo issue
  2. https://github.com/projectdiscovery/utils/pull/404 - utils repo -> http.ResponseChainReader
  3. https://github.com/projectdiscovery/rawhttp/pull/323 - Rawhttp