search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.09k stars 2.46k forks source link

FALSE POSSITIVE RAIN: Don't forget your jacket Albanian, there is a terrible FALSE POSSITIVE RAIN #5517

Closed lekosbelas closed 1 month ago

lekosbelas commented 1 month ago

What private template I use, I get false positive like a Amazon rains. I am using the template that my friend uses and this one is from your "cloud.projectdiscovery" Why is that? 


(base) mr@*** ~ % nuclei -t  sqli-time.yaml -l bug-2-son-fix.txt -dast -lfa  -fuzz

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.0

        projectdiscovery.io

[INF] Supplied input was automatically deduplicated (22 removed).
[INF] Current nuclei version: v3.3.0 (latest)
[INF] Current nuclei-templates version: v9.9.2 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 67
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 46426
[time-based-sqli] [http] [critical] https://target./
[time-based-sqli] [http] [critical] https://target/?ref
[time-based-sqli] [http] [critical] https://target/.well-known/assetlinks.json
[time-based-sqli] [http] [critical] https://target/?s
[time-based-sqli] [http] [critical] https://target/?00034034032043204320234043204302
[time-based-sqli] [http] [critical] https://target/?trk
[time-based-sqli] [http] [critical] https://target/?utm_source
[time-based-sqli] [http] [critical] https://target/?0as0dds0a0das0a0dsd
[time-based-sqli] [http] [critical] https://target/?fbclid
[time-based-sqli] [http] [critical] https://target/?t
[time-based-sqli] [http] [critical] https://target/?00zz
[time-based-sqli] [http] [critical] https://target/?0023324324
[time-based-sqli] [http] [critical] https://target/?selectAccount
[time-based-sqli] [http] [critical] https://target/?quicktube
[time-based-sqli] [http] [critical] https://target/?__cf_chl_tk
[time-based-sqli] [http] [critical] https://target/?0043432
[time-based-sqli] [http] [critical] https://target/?controls
[time-based-sqli] [http] [critical] https://target/?02030404320432
[time-based-sqli] [http] [critical] https://target/?_rsc
[time-based-sqli] [http] [critical] https://target/?q
[time-based-sqli] [http] [critical] https://target/?%F0%9F%98%84
[time-based-sqli] [http] [critical] https://target/
[time-based-sqli] [http] [critical] https://target/?002234342
[time-based-sqli] [http] [critical] https://target/?model
[time-based-sqli] [http] [critical] https://target/?twclid
[time-based-sqli] [http] [critical] https://target/?utm_campaign
[time-based-sqli] [http] [critical] https://target/?utm_medium
[time-based-sqli] [http] [critical] https://target/?utm_source
[time-based-sqli] [http] [critical] https://target/_next/image?url
[time-based-sqli] [http] [critical] https://target/Location.png
dogancanbakir commented 1 month ago

To unravel the mystery of the Amazon rain phenomenon, we require additional information. Kindly furnish the details. Remember, you can always reach out over Discord if you're not comfortable sharing more information, here, on GitHub - the template, for example.

<!-- 
1. Please search to see if an issue already exists for the bug you encountered.
2. For support requests, FAQs or "How to" questions, please use the GitHub Discussions section instead - https://github.com/projectdiscovery/nuclei/discussions or
3. Join our discord server at https://discord.gg/projectdiscovery and post the question on the #nuclei channel.
-->

<!-- ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION. -->

### Nuclei version:
<!-- You can find current version of nuclei with "nuclei -version" -->
<!-- We only accept issues that are reproducible on the latest version of nuclei. -->
<!-- You can find the latest version of project at https://github.com/projectdiscovery/nuclei/releases/ -->

## Nuclei command:

<!-- Provide the exact command you used to run Nuclei. -->
<!-- Please redact any literal target hosts/URLs or other sensitive information. -->

### Current Behavior:
<!-- A concise description of what you're experiencing. -->

### Expected Behavior:
<!-- A concise description of what you expected to happen. -->

### Steps To Reproduce:
<!--
Example: steps to reproduce the behavior:
1. Run 'nuclei -t ... -u ..'
2. See error...
-->

### Anything else:
<!-- Links? References? Screenshots? Anything that will give us more context about the issue that you are encountering! -->
dogancanbakir commented 1 month ago

I got all the details over Discord. This is happening because you're using a template with what we call a weak matcher. This is also why the template was added to the .nuclei-ignore file. For more details https://github.com/projectdiscovery/nuclei-templates/pull/10141. Closing this.