search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
18.19k stars 2.32k forks source link

SIGSEGV on browser user agent value #5345

Open sttrv opened 2 days ago

sttrv commented 2 days ago

Nuclei version:

latest (3.2.9)

Current Behavior:

SIGSEGV when running workflow that includes template using headless protocol despite not enabling headless

Expected Behavior:

no SIGSEGV

Steps To Reproduce: nuclei -w ... (include headless template)

[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x1eb503f]
39-
40-goroutine 97 [running]:
41-github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine.(*Browser).UserAgent(...)
42- github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine/engine.go:134
43-github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless.(*Request).ExecuteWithResults(0xc0039b8700, 0xc00101e600?, 0x0, 0x410565?, 0xc000ab6300)
44- github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/request.go:50 +0xbf
45-github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/multiproto.(*MultiProtocol).ExecuteWithResults(0xc003c108d0, 0xc0027a0500)
46- github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/multiproto/multi.go:114 +0x217
--
50- github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:94 +0x63f
51-github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeWorkflow.func1(0xc0056b1f20?, 0x365d4f8?, 0x4e5df40?, 0x0?, 0xa0?, 0xc000b147e0)
52- github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:42 +0x71
53-github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeWorkflow(0x365d4f8?, 0xc0027a0500, 0xc0009becc0)
54- github.com/projectdiscovery/nuclei/v3/pkg/core/workflow_execute.go:45 +0x1c9
55-github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x2355187?, 0x0?, 0xc00101e600)
56- github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:129 +0x226
57-created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 16
58- github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:115 +0x511
59-

Anything else:

No

dogancanbakir commented 2 days ago

Can you please try again using the dev branch to see if you encounter the same error?

sttrv commented 1 day ago

Oh yup, still does. You can try it yourself as described above, use workflows that includes headless templates (you can use any of the community maintained nuclei templates). Then run it without -w and without -headless

dogancanbakir commented 1 day ago

Can you please share the complete cmd?