Query automerge not supported in headless mode #3919
Labels
headless
Status: Completed
Nothing further to be done with this issue. Awaiting to be closed.
Type: Bug
Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
When scanning the provided URL, it appears that query automerge is not supported in headless mode. This limitation affects the ability to automatically determine whether to append an XSS payload using an ampersand (&) or a question mark (?) when dealing with URLs like
https://host.com/test/
andhttps://host.com/test/?param=1
.Context
Query automerge is a crucial feature that determines the appropriate delimiter to use when appending an XSS payload to URLs. The presence or absence of existing query parameters should influence the choice between & and ? as the delimiter.
Expected Behavior
In headless mode, the scanning process should support query automerge and correctly determine the appropriate delimiter to use based on the presence or absence of existing query parameters.
Steps to Reproduce
Access the URL: https://xxxxxx.oastify.com/?test=1 in headless mode.
Observe that query automerge is not supported and the delimiter for appending an XSS payload is not determined correctly.
Template example
echo https://example.com/testing?a=b | nuclei -t aa.yaml -headless -p http://127.0.0.1:8080 -v
Results into:
Expected:
The text was updated successfully, but these errors were encountered: