Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use CL instead of TE + unit test #4154

Merged
merged 2 commits into from
Sep 16, 2023
Merged

use CL instead of TE + unit test #4154

merged 2 commits into from
Sep 16, 2023

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Sep 15, 2023
edited
Loading

Proposed Changes

@tarunKoyalwar tarunKoyalwar self-assigned this Sep 15, 2023
@tarunKoyalwar tarunKoyalwar changed the title force transfer encoding + unit test use CL instead of TE + unit test Sep 15, 2023
@tarunKoyalwar
Copy link
Member Author

POC

$ ./nuclei -u http://localhost:8000 -id CVE-2022-35405 -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.15-dev

		projectdiscovery.io


[INF] Current nuclei version: v2.9.15-dev (development)
[INF] Current nuclei-templates version: v9.6.3 (latest)
[INF] New templates added in latest release: 54
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[INF] [CVE-2022-35405] Dumped HTTP request for http://localhost:8000/xmlrpc

POST /xmlrpc HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36
Connection: close
Content-Length: 153
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

<?xml version="1.0"?><methodCall><methodName>2VRMFcfz6SXPuYWXg3PNNDW95kp</methodName><params><param><value>big0us</value></param></params></methodCall>
[DBG] [CVE-2022-35405] Dumped HTTP response http://localhost:8000/xmlrpc

HTTP/1.1 404 Not Found
Connection: close
Content-Length: 19
Content-Type: text/plain; charset=utf-8
Date: Fri, 15 Sep 2023 16:12:17 GMT
X-Content-Type-Options: nosniff

404 page not found
[INF] No results found. Better luck next time!
$  simplehttpserver -verbose

   _____ _                 __     __  __________________                                
  / ___/(_)___ ___  ____  / /__  / / / /_  __/_  __/ __ \________  ______   _____  _____
  \__ \/ / __ -__ \/ __ \/ / _ \/ /_/ / / /   / / / /_/ / ___/ _ \/ ___/ | / / _ \/ ___/
 ___/ / / / / / / / /_/ / /  __/ __  / / /   / / / ____(__  )  __/ /   | |/ /  __/ /    
/____/_/_/ /_/ /_/ .___/_/\___/_/ /_/ /_/   /_/ /_/   /____/\___/_/    |___/\___/_/     
                /_/                                                       - v0.0.6

		projectdiscovery.io

Serving /Users/tarun/Codebase2/nuclei/v2 on http://0.0.0.0:8000/

[2023-09-15 21:42:17]
Remote Address: 127.0.0.1:63084
POST /xmlrpc HTTP/1.1
Host: localhost:8000
Connection: close
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
Content-Length: 153
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36

<?xml version="1.0"?><methodCall><methodName>2VRMFcfz6SXPuYWXg3PNNDW95kp</methodName><params><param><value>big0us</value></param></params></methodCall>

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff

@tarunKoyalwar tarunKoyalwar linked an issue Sep 15, 2023 that may be closed by this pull request
All 'method: POST' templates using 'Transfer-Encoding: chunked' header #4032
Closed
@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review September 15, 2023 16:14
ehsandeep
ehsandeep approved these changes Sep 15, 2023
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

echo http://localhost | ./nuclei -id CVE-2020-16846

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.15-dev

		projectdiscovery.io

[INF] Current nuclei version: v2.9.15-dev (development)
[INF] Current nuclei-templates version: v9.6.3 (latest)
[INF] New templates added in latest release: 54
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[CVE-2020-16846] [http] [critical] http://localhost/run

dogancanbakir
dogancanbakir approved these changes Sep 16, 2023
View reviewed changes
Copy link
Member

@dogancanbakir dogancanbakir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM -It would be beneficial for us to document this implicit decision to provide clarity to the users.

@ehsandeep ehsandeep merged commit cdd54ac into dev Sep 16, 2023
12 checks passed
@ehsandeep ehsandeep deleted the issue-4032-transfer-encoding branch September 16, 2023 08:50
@ehsandeep ehsandeep added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Sep 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@dogancanbakir dogancanbakir dogancanbakir approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

All 'method: POST' templates using 'Transfer-Encoding: chunked' header
3 participants
@tarunKoyalwar @ehsandeep @dogancanbakir