Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix target loading with input-mode #5369

Merged
merged 1 commit into from
Jul 8, 2024
Merged

Fix target loading with input-mode #5369

merged 1 commit into from
Jul 8, 2024

Conversation

RamanaReddy0M
Copy link
Contributor

@RamanaReddy0M RamanaReddy0M commented Jul 4, 2024
edited
Loading

Proposed changes

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@RamanaReddy0M RamanaReddy0M linked an issue Jul 4, 2024 that may be closed by this pull request
input-mode JSONL with headless/fuzzing not working #5339
Closed
@RamanaReddy0M RamanaReddy0M self-assigned this Jul 4, 2024
tarunKoyalwar
tarunKoyalwar approved these changes Jul 8, 2024
View reviewed changes
Copy link
Member

@tarunKoyalwar tarunKoyalwar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm !

$ ./nuclei -t ./dom-xss.yaml -l dom_xss.jsonl -im jsonl -dast -headless --debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.9

		projectdiscovery.io

[INF] Current nuclei version: v3.2.9 (latest)
[INF] Current nuclei-templates version: v9.9.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 164
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] [dom-xss] Dumped Headless request for https://mim.giize.com/domxss.html?input=ddd'"><h1>28582</h1>
[DBG] 	navigate => https://mim.giize.com/domxss.html?input=ddd'"><h1>28582</h1>
	waitload 
[dom-xss:word-2] [headless] [medium] https://mim.giize.com/domxss.html?input=ddd'"><h1>28582</h1>
[dom-xss:word-1] [headless] [medium] https://mim.giize.com/domxss.html?input=ddd'"><h1>28582</h1>
[DBG] [dom-xss] Dumped Headless response for https://mim.giize.com/domxss.html?input=ddd'"><h1>28582</h1>

<html lang="en"><head>
    <meta charset="UTF-8">
    <title>DOM XSS Test</title>
</head>
<body>
    <h1>DOM XSS Test Page</h1>
    <div id="content">ddd'"&gt;<h1>28582</h1></div>

    <script>
        function getQueryParam(param) {
            let params = new URLSearchParams(window.location.search);
            return params.get(param);
        }

        let userInput = getQueryParam('input');
        if (userInput) {
            document.getElementById('content').innerHTML = userInput;
        }
    </script>


</body></html>

Note

example template and jsonl file available in issue description

@tarunKoyalwar tarunKoyalwar requested a review from ehsandeep July 8, 2024 10:45
@ehsandeep ehsandeep merged commit 5cb32a4 into dev Jul 8, 2024
12 checks passed
@ehsandeep ehsandeep deleted the issue-5339-input-mode-bug branch July 8, 2024 10:51
@BrewTestBot BrewTestBot mentioned this pull request Jul 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@tarunKoyalwar tarunKoyalwar tarunKoyalwar approved these changes

Assignees

@RamanaReddy0M RamanaReddy0M

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

input-mode JSONL with headless/fuzzing not working
3 participants
@RamanaReddy0M @ehsandeep @tarunKoyalwar