Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positive on geoserver default login #6811

Closed
V35HR4J opened this issue Mar 1, 2023 · 1 comment · Fixed by #7697
Closed

False positive on geoserver default login #6811

V35HR4J opened this issue Mar 1, 2023 · 1 comment · Fixed by #7697
Assignees
@ritikchaddha @professorabhay
Labels
defcon31 Done Ready to merge false-positive Nuclei template reporting invalid/unexpected result

Comments

@V35HR4J
Copy link
Contributor

V35HR4J commented Mar 1, 2023

Nuclei Version: Latest

Template FIle: default-logins/geoserver/geoserver-default-login.yaml

Command to reproduce:
The comparison of checking valid login success is very loose as it only checks "!contains(tolower(location), 'error=true')" and 302 that's not sufficient.
I stumbled upon a target where it was redirecting to /org.geoserver.web.GeoServerLoginPage?error=false which gave 302 redirection but it was 404 - Not found after the redirection:
Screen Shot 2023-03-01 at 8 43 25 AM
@V35HR4J V35HR4J added the false-positive Nuclei template reporting invalid/unexpected result label Mar 1, 2023
@professorabhay
Copy link
Contributor

Hey @ehsandeep, I would like to work on it.

@professorabhay professorabhay mentioned this issue Jul 14, 2023
Merged
2 tasks
@ritikchaddha ritikchaddha linked a pull request Jul 21, 2023 that will close this issue
Solve Issue - #6811 #7697
Merged
2 tasks
@ritikchaddha ritikchaddha added the Done Ready to merge label Jul 21, 2023
@ritikchaddha ritikchaddha self-assigned this Jul 21, 2023
DhiyaneshGeek added a commit that referenced this issue Jul 21, 2023
@DhiyaneshGeek
Merge pull request #7697 from professorabhay/main
9cd6ac5 
Solve Issue - #6811
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ritikchaddha ritikchaddha

@professorabhay professorabhay

Labels
defcon31 Done Ready to merge false-positive Nuclei template reporting invalid/unexpected result
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Solve Issue - #6811 professorabhay/nuclei-templates
4 participants
@ehsandeep @ritikchaddha @V35HR4J @professorabhay