Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Nuclei Crashes when input list is long (JSONL) #5862

Open
parthmalhotra opened this issue Nov 28, 2024 · 1 comment
Open

[BUG] Nuclei Crashes when input list is long (JSONL) #5862

parthmalhotra opened this issue Nov 28, 2024 · 1 comment
Assignees
@dogancanbakir
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@parthmalhotra
Copy link
Member 

[cookie-injection] [http] [info] https://xxxxxx.xxx.com [GET]
panic: runtime error: slice bounds out of range [554:31]

goroutine 826964 [running]:
internal/poll.(*FD).Write(0x14019762500, {0x1400d78b100, 0x1f, 0x1b00})
	internal/poll/fd_unix.go:380 +0x3ac
net.(*netFD).Write(0x14019762500, {0x1400d78b100?, 0x1afb?, 0x10025bba4?})
	net/fd_posix.go:96 +0x28
net.(*conn).Write(0x1400228c0b0, {0x1400d78b100?, 0x14003861058?, 0x1400d78b100?})
	net/net.go:191 +0x34
crypto/tls.(*Conn).write(0x1401f629180, {0x1400d78b100?, 0x5?, 0x1b00?})
	crypto/tls/conn.go:944 +0x100
crypto/tls.(*Conn).writeRecordLocked(0x1401f629180, 0x15, {0x1401f6294dc, 0x2, 0x10})
	crypto/tls/conn.go:1025 +0x508
crypto/tls.(*Conn).sendAlertLocked(0x1401f629180, 0x0)
	crypto/tls/conn.go:845 +0x68
crypto/tls.(*Conn).closeNotify(0x1401f629180)
	crypto/tls/conn.go:1454 +0x110
crypto/tls.(*Conn).Close(0x1401f629180)
	crypto/tls/conn.go:1423 +0x8c
net/http.(*persistConn).closeLocked(0x14019433c20, {0x10380be00, 0x104f6bd10})
	net/http/transport.go:2746 +0x104
net/http.(*persistConn).close(0x140038615f8?, {0x10380be00?, 0x104f6bd10?})
	net/http/transport.go:2731 +0xd0
net/http.(*persistConn).roundTrip(0x14019433c20, 0x1402954f2c0)
	net/http/transport.go:2681 +0xa84
net/http.(*Transport).roundTrip(0x14012c3b2c0, 0x1403270ef00)
	net/http/transport.go:604 +0x69c
net/http.(*Transport).RoundTrip(0x1403270ef00?, 0x10380b2a0?)
	net/http/roundtrip.go:17 +0x1c
net/http.send(0x1403270e100, {0x10380b2a0, 0x14012c3b2c0}, {0x100528070?, 0x8?, 0x105038fc0?})
	net/http/client.go:260 +0x4e0
net/http.(*Client).send(0x140189e4390, 0x1403270e100, {0x14003861bb8?, 0x156?, 0x105038fc0?})
	net/http/client.go:181 +0x9c
net/http.(*Client).do(0x140189e4390, 0x1403270e100)
	net/http/client.go:724 +0x6f4
net/http.(*Client).Do(...)
	net/http/client.go:590
github.com/projectdiscovery/retryablehttp-go.(*Client).Do(0x14028d86820, 0x1402954eb80)
	github.com/projectdiscovery/[email protected]/do.go:56 +0x1e4
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeRequest(0x1400216a400, 0x1400909c180, 0x14003862cb0, 0x1400909d080, 0x0, 0x14003862c80?, 0x14003862d18?)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request.go:796 +0x1294
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeGeneratedFuzzingRequest(0x1400216a400, {0x1402954eb80, {0x0, 0x0, 0x0}, 0x1400909d080, {0x1038334d0, 0x1400c593910}, {0x0, 0x0}, ...}, ...)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:184 +0x17c
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeAllFuzzingRules.func1({0x1402954eb80, {0x0, 0x0, 0x0}, 0x1400909d080, {0x1038334d0, 0x1400c593910}, {0x0, 0x0}, {0x0, ...}, ...})
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:137 +0x98
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).execWithInput(0x14000630640, 0x140087c6140, 0x1402954eb80, {0x0, 0x0, 0x0}, {0x1038334d0, 0x1400c593910}, {0x0, 0x0}, ...)
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:183 +0x1e0
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartComponentOnValues(0x14000630640, 0x140087c6140, {0x140021462a0, 0x14}, {0x140021462a0, 0x14}, {0x1038334d0?, 0x1400c593910})
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:100 +0x194
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartComponent(0x0?, 0x0?, {{0x0, 0x0}, {0x140021462a0, 0x14}, {0x140021462a0, 0x14}}, {0x1038334d0?, 0x140060a5090?})
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:45 +0xbc
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartRule(...)
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:18
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executeRuleValues(0x14000630640, 0x140087c6140, {0x1038334d0, 0x140060a5090})
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/execute.go:235 +0x22c
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).Execute(0x14000630640, 0x140087c6140)
	github.com/projectdiscovery/nuclei/v3/pkg/fuzz/execute.go:145 +0x96c
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeAllFuzzingRules(0x1400216a400, 0x1400909c180, 0x14020ded710, 0x10020f28c?, 0x1400909c360)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:147 +0x2fc
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeFuzzingRule(0x1400216a400, 0x1400909c180, 0x1400f955978?, 0x10020e9a4?)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:67 +0x11c
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).ExecuteWithResults(0x1400216a400, 0x1400909c180, 0x14020ded710, 0x1400909c330, 0x1400909c360)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request.go:466 +0x148
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic.(*Generic).ExecuteWithResults(0x1400213b080, 0x14028d863c0)
	github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic/exec.go:61 +0x28c
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).Execute(0x140007225c0, 0x14028d863c0)
	github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:212 +0x360
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x18408fc0?, 0x40?, 0x140052885c0)
	github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:139 +0x1b0
created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 36
	github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:115 +0x4ac
parth@Parths-Laptop Desktop % pbpaste > aa4.txt                                                                                        
parth@Parths-Laptop Desktop % nuclei -t ~/Downloads/fuzzing/ -l aa4.txt -pd -jle 3resulttt2.json -dast -im jsonl

Input file shared privately
@parthmalhotra parthmalhotra added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Nov 28, 2024
@dogancanbakir
Copy link
Member

Tried numerous times but could not replicate the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dogancanbakir dogancanbakir

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@parthmalhotra @dogancanbakir