Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[BUG] Nuclei Crashes when input list is long (JSONL) #5862

Open
parthmalhotra opened this issue Nov 28, 2024 · 1 comment
Open

[BUG] Nuclei Crashes when input list is long (JSONL) #5862

parthmalhotra opened this issue Nov 28, 2024 · 1 comment
Assignees
@dogancanbakir
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@parthmalhotra
Copy link
Member 

[cookie-injection] [http] [info] https://xxxxxx.xxx.com [GET]
panic: runtime error: slice bounds out of range [554:31]

goroutine 826964 [running]:
internal/poll.(*FD).Write(0x14019762500, {0x1400d78b100, 0x1f, 0x1b00})
	internal/poll/fd_unix.go:380 +0x3ac
net.(*netFD).Write(0x14019762500, {0x1400d78b100?, 0x1afb?, 0x10025bba4?})
	net/fd_posix.go:96 +0x28
net.(*conn).Write(0x1400228c0b0, {0x1400d78b100?, 0x14003861058?, 0x1400d78b100?})
	net/net.go:191 +0x34
crypto/tls.(*Conn).write(0x1401f629180, {0x1400d78b100?, 0x5?, 0x1b00?})
	crypto/tls/conn.go:944 +0x100
crypto/tls.(*Conn).writeRecordLocked(0x1401f629180, 0x15, {0x1401f6294dc, 0x2, 0x10})
	crypto/tls/conn.go:1025 +0x508
crypto/tls.(*Conn).sendAlertLocked(0x1401f629180, 0x0)
	crypto/tls/conn.go:845 +0x68
crypto/tls.(*Conn).closeNotify(0x1401f629180)
	crypto/tls/conn.go:1454 +0x110
crypto/tls.(*Conn).Close(0x1401f629180)
	crypto/tls/conn.go:1423 +0x8c
net/http.(*persistConn).closeLocked(0x14019433c20, {0x10380be00, 0x104f6bd10})
	net/http/transport.go:2746 +0x104
net/http.(*persistConn).close(0x140038615f8?, {0x10380be00?, 0x104f6bd10?})
	net/http/transport.go:2731 +0xd0
net/http.(*persistConn).roundTrip(0x14019433c20, 0x1402954f2c0)
	net/http/transport.go:2681 +0xa84
net/http.(*Transport).roundTrip(0x14012c3b2c0, 0x1403270ef00)
	net/http/transport.go:604 +0x69c
net/http.(*Transport).RoundTrip(0x1403270ef00?, 0x10380b2a0?)
	net/http/roundtrip.go:17 +0x1c
net/http.send(0x1403270e100, {0x10380b2a0, 0x14012c3b2c0}, {0x100528070?, 0x8?, 0x105038fc0?})
	net/http/client.go:260 +0x4e0
net/http.(*Client).send(0x140189e4390, 0x1403270e100, {0x14003861bb8?, 0x156?, 0x105038fc0?})
	net/http/client.go:181 +0x9c
net/http.(*Client).do(0x140189e4390, 0x1403270e100)
	net/http/client.go:724 +0x6f4
net/http.(*Client).Do(...)
	net/http/client.go:590
github.com/projectdiscovery/retryablehttp-go.(*Client).Do(0x14028d86820, 0x1402954eb80)
	github.com/projectdiscovery/retryablehttp-go@v1.0.86/do.go:56 +0x1e4
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeRequest(0x1400216a400, 0x1400909c180, 0x14003862cb0, 0x1400909d080, 0x0, 0x14003862c80?, 0x14003862d18?)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request.go:796 +0x1294
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeGeneratedFuzzingRequest(0x1400216a400, {0x1402954eb80, {0x0, 0x0, 0x0}, 0x1400909d080, {0x1038334d0, 0x1400c593910}, {0x0, 0x0}, ...}, ...)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:184 +0x17c
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeAllFuzzingRules.func1({0x1402954eb80, {0x0, 0x0, 0x0}, 0x1400909d080, {0x1038334d0, 0x1400c593910}, {0x0, 0x0}, {0x0, ...}, ...})
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:137 +0x98
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).execWithInput(0x14000630640, 0x140087c6140, 0x1402954eb80, {0x0, 0x0, 0x0}, {0x1038334d0, 0x1400c593910}, {0x0, 0x0}, ...)
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:183 +0x1e0
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartComponentOnValues(0x14000630640, 0x140087c6140, {0x140021462a0, 0x14}, {0x140021462a0, 0x14}, {0x1038334d0?, 0x1400c593910})
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:100 +0x194
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartComponent(0x0?, 0x0?, {{0x0, 0x0}, {0x140021462a0, 0x14}, {0x140021462a0, 0x14}}, {0x1038334d0?, 0x140060a5090?})
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:45 +0xbc
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartRule(...)
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:18
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executeRuleValues(0x14000630640, 0x140087c6140, {0x1038334d0, 0x140060a5090})
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/execute.go:235 +0x22c
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).Execute(0x14000630640, 0x140087c6140)
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/execute.go:145 +0x96c
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeAllFuzzingRules(0x1400216a400, 0x1400909c180, 0x14020ded710, 0x10020f28c?, 0x1400909c360)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:147 +0x2fc
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeFuzzingRule(0x1400216a400, 0x1400909c180, 0x1400f955978?, 0x10020e9a4?)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:67 +0x11c
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).ExecuteWithResults(0x1400216a400, 0x1400909c180, 0x14020ded710, 0x1400909c330, 0x1400909c360)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request.go:466 +0x148
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic.(*Generic).ExecuteWithResults(0x1400213b080, 0x14028d863c0)
	github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic/exec.go:61 +0x28c
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).Execute(0x140007225c0, 0x14028d863c0)
	github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:212 +0x360
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x18408fc0?, 0x40?, 0x140052885c0)
	github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:139 +0x1b0
created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 36
	github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:115 +0x4ac
parth@Parths-Laptop Desktop % pbpaste > aa4.txt                                                                                        
parth@Parths-Laptop Desktop % nuclei -t ~/Downloads/fuzzing/ -l aa4.txt -pd -jle 3resulttt2.json -dast -im jsonl

Input file shared privately
@parthmalhotra parthmalhotra added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Nov 28, 2024
@dogancanbakir
Copy link
Member

Tried numerous times but could not replicate the issue.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@dogancanbakir dogancanbakir

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@parthmalhotra @dogancanbakir