Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] DSL Responses Do Not Work Properly with Code Protocol #5748

Open
1 task done
hipotermia opened this issue Oct 20, 2024 · 2 comments
Open
1 task done

[BUG] DSL Responses Do Not Work Properly with Code Protocol #5748

hipotermia opened this issue Oct 20, 2024 · 2 comments
Assignees
@dwisiswant0
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@hipotermia
Copy link

Is there an existing issue for this?

  • I have searched the existing issues.

Current Behavior

When using the code protocol, DSL responses are not functioning as expected.

  • status_code_1 == 200 evaluates to true.
  • status_code_2 == 200 evaluates to true.

However, when comparing the two status codes:

  • status_code_1 == status_code_2 does not match.

And by removing the code protocol, works.

Expected Behavior

status_code_1 == status_code_2 should match if are equal, regardless if code is being used.

Steps To Reproduce

The following template should hit, but it doesn't.

id: test

info:
  name: test
  author: hipotermia
  severity: high

code:
  - engine:
      - py
      - python3
    source: |
      print('/')

http:
  - raw:
      - |+
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |+
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == status_code_2"

Relevant log output

No response

Environment

  • OS: Lunux
  • Nuclei: 3.3.5
  • Go: 1.22.4

Anything else?

No response
@hipotermia hipotermia added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Oct 20, 2024
@dwisiswant0
Copy link
Member

I'll leave it here for notes:

  • issue-5748-b:
code:
  - engine:
      - sh
      - bash
    source: id

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: dsl
        dsl:
          - 'concat("status_code_1: ", status_code_1)'
          - 'concat("status_code_2: ", status_code_2)'
  • issue-5748-c:
http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: dsl
        dsl:
          - 'concat("status_code_1: ", status_code_1)'
          - 'concat("status_code_2: ", status_code_2)'

Output:

[issue-5748-b] [http] [info] http://scanme.sh ["status_code_1: 200"]
[issue-5748-b] [http] [info] http://scanme.sh ["status_code_2: 200"]
[issue-5748-c] [http] [info] http://scanme.sh ["status_code_1: 200"]
[issue-5748-c] [http] [info] http://scanme.sh ["status_code_1: 200","status_code_2: 200"]

@dwisiswant0
Copy link
Member

I'm going to be off for a few days, so I’m dropping this here as a note (for myself as well). I suspect that the underlying issue might be found here:

nuclei/pkg/tmplexec/multiproto/multi.go

Lines 119 to 120 in ff23949

values := m.options.GetTemplateCtx(inputItem.MetaInput).GetAll()
err := req.ExecuteWithResults(inputItem, output.InternalEvent(values), nil, multiProtoCallback)

This was introduced in #5426.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dwisiswant0 dwisiswant0

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dwisiswant0 @hipotermia