ProjectDiscovery
-
|
功能 在发送请求后通过提取器获取参数,在拼接到下一个请求中,但是我写的yaml文件无法实现,请问是哪写错了吗? 我这样写的话只会发送第一个post包之后就结束了 我想实现的效果是通过post方式请求 http://{{Hostname}}/eis/service/api.aspx?action=saveImg,然后提取返回的结果 /files/editor_img/20231020171002898274/20231020171002898274.txt, 会使用到的请求包和返回的数据包如下: post请求包 post返回包 get 请求包 get返回包 |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
|
我也匹配不到 运行提示: 甚至AI也无法完成😂😂 |
Beta Was this translation helpful? Give feedback.
-
|
The translation I get of this question is: There is a problem when using nuclei to write templatesFunction After sending the request, the parameters are obtained through the extractor and spliced into the next request. However, the yaml file I wrote cannot be implemented. Is there something wrong? id: template-id
info:
name: Template Name
author:c
severity: info
description: description
reference:
- https://
tags: tags
http:
- raw:
- |
POST /eis/service/api.aspx?action=saveImg HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Content-Length: 182
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxdgaqmqu
Accept-Encoding: gzip, deflate
------WebKitFormBoundaryxdgaqmqu
Content-Disposition: form-data; name="file"filename="1.txt"
Content-Type: text/html
11223344556677889900@@
------WebKitFormBoundaryxdgaqmqu--
- |
GET /Public//Uploads/date HTTP/1.1
rand_key: {{randkey}}
Host: {{Hostname}}
extractors:
- type: regex
name: randkey
part: body
internal: true
regex:
- '(\d{4}-\d{2}-\d{2})\\/([a-f0-9]+\.txt)'If I write it like this, it will only send the first post package and then it will end. The effect I want to achieve is to request http://{{Hostname}}/eis/service/api.aspx?action=saveImg through post method, and then extract the returned result /files/editor_img/20231020171002898274/20231020171002898274.txt, The request packets and returned data packets that will be used are as follows: post request package POST /eis/service/api.aspx?action=saveImg HTTP/1.1
Host: 1.1.1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Content-Length: 182
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxdgaqmqu
------WebKitFormBoundaryxdgaqmqu
Content-Disposition: form-data; name="file"filename="1.txt"
Content-Type: text/html
11223344556677889900@@
------WebKitFormBoundaryxdgaqmqu--post return package HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=hnhljk55x3xlzeq1qip5p5fw; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Fri, 20 Oct 2023 09:10:02 GMT
Connection: close
Content-Length: 63
/files/editor_img/20231020171002898274/20231020171002898274.txtget request package get returns package |
Beta Was this translation helpful? Give feedback.
-
|
And then the response I can't match it either extractors:
- type: regex
name: path
group: 1
regex:
- '/files/editor_img/\d{20}/\d{20}\.txt'
- '(/files/editor_img/[0-9]+/[0-9]+\.txt)'
part: body_1Running tips:
Even AI can’t complete it😂😂 |
Beta Was this translation helpful? Give feedback.
-
|
@olearycrew This is the first response packet that needs to get the |
Beta Was this translation helpful? Give feedback.
-
|
@admin-set @Shea-Des check this out as an example template - https://templates.nuclei.sh/public/CNVD-2020-26585 |
Beta Was this translation helpful? Give feedback.
@admin-set @Shea-Des check this out as an example template - https://templates.nuclei.sh/public/CNVD-2020-26585