Is "Body" works as intended?

Question

Is "Body" works as intended?

Sh1Yo opened this issue 5 years ago · 3 comments

As we can see in the docs:

Header() and Body() have same usage of Query() generator.

- Query("{{.payload}}", "{{.name}}") works fine, but
- Body("{{.payload}}", "{{.name}}") just ignored.
I tried to set the method to POST, but anyways it doesn't work
My config is -

id: ci-fuzz-01
info:
  name: Command Injection Reflection
  risk: High
payloads:
- 'echo TJEGSE$((2314+6548321))$(echo TJEGSE)TJEGSE' 
requests:
- detections:
  - StringSearch("response", "6550635") && (StringCount("response", "6550635") > StringCount("oresponse",
    "6550635"))
  generators:
  - Body("{{.payload}}", "{{.name}}")
type: fuzz
variables:
- name: 'cmd

'

Answer 1 · 2020-05-03T06:34:55.000Z

This look like a bug let me investigate and let you know.

Answer 2 · 2020-05-16T05:31:31.000Z

Body("{{.payload}}") this should works. Because I do not support body select param yet

Answer 3 · 2020-05-16T08:53:57.000Z

Okay, but I think that select param for Body is a necessary option so I will leave the issue open until you add it.