Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Panic in multipart fuzzing + unsupported content-type & filename #5703

Closed
1 task done
Ice3man543 opened this issue Oct 7, 2024 · 0 comments · Fixed by #5702
Closed
1 task done

[BUG] Panic in multipart fuzzing + unsupported content-type & filename #5703

Ice3man543 opened this issue Oct 7, 2024 · 0 comments · Fixed by #5702
Assignees
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone

Comments

@Ice3man543
Copy link
Member

Is there an existing issue for this?

  • I have searched the existing issues.

Current Behavior

Not supported to fuzz like below

-----------------------------13382841176870751782402671908
Content-Disposition: form-data; name="surname"

test
-----------------------------13382841176870751782402671908
Content-Disposition: form-data; name="image"; filename="xss.svg"
Content-Type: image/svg+xml

<!DOCTYPE ccabca [ <!ENTITY ccabca SYSTEM "file:////etc/passwd"> ]><x>&ccabca;</x>

Expected Behavior

it should work

Steps To Reproduce

Default command

Relevant log output

No response

Environment

  • OS: Mac
  • Nuclei: Latest
  • Go: go1.22

Anything else?

No response

@Ice3man543 Ice3man543 added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Oct 7, 2024
@Ice3man543 Ice3man543 self-assigned this Oct 7, 2024
@Ice3man543 Ice3man543 linked a pull request Oct 7, 2024 that will close this issue
4 tasks
@ehsandeep ehsandeep added this to the nuclei v3.3.5 milestone Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants