Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Save to file (extractors) doesn't respect default file system restriction #4564

Closed
ehsandeep opened this issue Jan 2, 2024 · 0 comments · Fixed by #4565
Closed

Save to file (extractors) doesn't respect default file system restriction #4564

ehsandeep opened this issue Jan 2, 2024 · 0 comments · Fixed by #4565
Assignees
@tarunKoyalwar
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
nuclei v3.1.4

Comments

@ehsandeep
Copy link
Member

Nuclei version:

latest / dev

Current Behavior:

    extractors:
      - type: json
        json:
          - '.data'
        to: "/tmp/test.txt"

As of now above extractor can write arbitrary content to arbitrary location on the file system.

Expected Behavior:

above extractor should failed to write and should work only when -lfa option is used.

Anything else:

#3608
@ehsandeep ehsandeep added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jan 2, 2024
@tarunKoyalwar tarunKoyalwar linked a pull request Jan 2, 2024 that will close this issue
deprecate(remove): file write in extractor using to #4565
Merged
@tarunKoyalwar tarunKoyalwar mentioned this issue Jan 3, 2024
Merged
@ehsandeep ehsandeep added this to the nuclei v3.1.4 milestone Jan 4, 2024
@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Jan 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
nuclei v3.1.4
Development

Successfully merging a pull request may close this issue.

deprecate(remove): file write in extractor using to projectdiscovery/nuclei
2 participants
@ehsandeep @tarunKoyalwar