Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct False Positive Result from server-status-localhost.yaml and rename it to apache-server-status-localhost.yaml #9825

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Correct False Positive Result from server-status-localhost.yaml and rename it to apache-server-status-localhost.yaml #9825

wants to merge 5 commits into from
+51 −36

Conversation

NaN-KL
Copy link

@NaN-KL NaN-KL commented May 17, 2024

Template / PR Information

This PR mitigates a potential false positive result where server-status is detected even when a system is not vulnerable to header forgery. This PR also seeks to rename the template ID to be in line with standard naming conventions and move it within the apache folder with the other server-status template (apache-server-status.yaml)

  • Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
  • References:

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Demonstration of usage:

❯ echo "http://192.168.200.22:8080" | nuclei -t ~/nuclei-templates/http/misconfiguration/server-status-localhost.yaml -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.4

                projectdiscovery.io

[INF] Current nuclei version: v3.2.4 (outdated)
[INF] Current nuclei-templates version: v9.8.6 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 65
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [server-status-localhost] Dumped HTTP request for http://192.168.200.22:8080/server-status

GET /server-status HTTP/1.1
Host: 192.168.200.22:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/604.2.4 (KHTML, like Gecko) Version/9.1.2 Safari/604.2.4
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [server-status-localhost] Dumped HTTP response http://192.168.200.22:8080/server-status

HTTP/1.1 403 Forbidden
Connection: close
Content-Length: 199
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 17 May 2024 08:32:28 GMT
Server: Apache/2.4.59 (Unix)

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
[server-status-localhost:status-1] [http] [low] http://192.168.200.22:8080/server-status
[INF] [server-status-localhost] Dumped HTTP request for http://192.168.200.22:8080/server-status

GET /server-status HTTP/1.1
Host: 192.168.200.22:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.64
Connection: close
Accept: */*
Accept-Language: en
Forwarded: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-For-IP: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-Host: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-True-IP: 127.0.0.1
Accept-Encoding: gzip

[DBG] [server-status-localhost] Dumped HTTP response http://192.168.200.22:8080/server-status

HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 17 May 2024 08:32:28 GMT
Server: Apache/2.4.59 (Unix)

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html><head>
<title>Apache Status</title>
</head><body>
<h1>Apache Server Status for 192.168.200.22 (via 192.168.16.2)</h1>

<dl><dt>Server Version: Apache/2.4.59 (Unix)</dt>
<dt>Server MPM: event</dt>
<dt>Server Built: May 14 2024 02:56:29
... REDACTED FOR BREVITY ...
</body></html>
[server-status-localhost:word-1] [http] [low] http://192.168.200.22:8080/server-status```


### Additional References:

- [Nuclei Template Creation Guideline](https://nuclei.projectdiscovery.io/templating-guide/)
- [Nuclei Template Matcher Guideline](https://github.com/projectdiscovery/nuclei-templates/wiki/Unique-Template-Matchers)
- [Nuclei Template Contribution Guideline](https://github.com/projectdiscovery/nuclei-templates/blob/master/CONTRIBUTING.md)
- [PD-Community Discord server](https://discord.gg/projectdiscovery)

@GeorginaReeder
Copy link

Thanks for your contribution @NaN-KL , we appreciate it!

We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!

@DhiyaneshGeek DhiyaneshGeek added the good first issue Good for newcomers label May 17, 2024
@ritikchaddha ritikchaddha self-assigned this Jun 5, 2024
@ritikchaddha ritikchaddha added the Done Ready to merge label Jun 12, 2024
@ritikchaddha
Copy link
Contributor

Hello @NaN-KL, thank you so much for sharing this template with the community and contributing to this project 🍻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DhiyaneshGeek DhiyaneshGeek Awaiting requested review from DhiyaneshGeek

Assignees

@ritikchaddha ritikchaddha

Labels
Done Ready to merge good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@NaN-KL @GeorginaReeder @ritikchaddha @DhiyaneshGeek