-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insufficient Fix for #2698 #3166
Comments
@zy9ard3 , If you look into URL encoding RFC etc . You will see that
These are reserved characters which are used for parsing urls and other stuff . Above PR Introduced helper functions and option to only encode given characters (similar to above screenshot) .To implement something like this in nuclei a new field needs to introduced either to template or CLI option and before this PR all characters were url encoded and there weren't any major issues with that behaviour. but still its something worth to investigate and discuss |
|
Thanks for the Acknowledgement !! Apart from the above ones, can we use other characters like |
@zy9ard3 , yes |
Nuclei version:
latest ==> 2.8.6
Current Behavior :
The fix for #2698 seems insufficient as the engine still encoding some chars like
;
and breaking the necessary payloads like ( i.e :xyzwhatever;alert(1)
,1;WAITFOR+DELAY+'0:0:12'--
)Expected Behavior :
Fix can be enhanced with respect to the below chars like Burpsuite
The text was updated successfully, but these errors were encountered: