Is there an existing issue for this?
Current Behavior
When using the time_delay analyzer, the Cookie set via the -H command-line flag does not appear in the new requests (packets) when Nuclei transforms the delay time.
Expected Behavior
Cookies set via the -H parameter should be preserved in the packets generated for time delay
Steps To Reproduce
- template YAML
id: time-based-sqli
info:
name: MySQL SQLi - Blind Time based
author: pdteam
severity: critical
reference:
- https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlScanRule.java
http:
- payloads:
injections:
- "' and 8 in (select sleep([SLEEPTIME]) ) and ''='"
attack: pitchfork
analyzer:
name: time_delay
# parameters:
# sleep_duration: 4
fuzzing:
- parts: #request # fuzz all the request parts.
- query
- body
type: postfix
mode: single
fuzz:
- "{{injections}}"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: analyzer
words:
- "true"
- Command Line
.\nuclei.exe -u "https://dvwa.com/vulnerabilities/sqli/?Submit=Submit&id=1" -fuzz -H "Cookie: PHPSESSID=bmmveof9tj3vmikrklronbo022; security=low" -debug -v -t .\time-based-sqli.yaml -p "http://127.0.0.1:8080"
- The poc triger sleep with set cookie
- After chage delay time , request don't have cookie
Relevant log output
Environment
- OS: Windows11
- Nuclei: v3.7.0
- Go:
Anything else?
No response
Is there an existing issue for this?
Current Behavior
When using the time_delay analyzer, the Cookie set via the -H command-line flag does not appear in the new requests (packets) when Nuclei transforms the delay time.
Expected Behavior
Cookies set via the -H parameter should be preserved in the packets generated for time delay
Steps To Reproduce
.\nuclei.exe -u "https://dvwa.com/vulnerabilities/sqli/?Submit=Submit&id=1" -fuzz -H "Cookie: PHPSESSID=bmmveof9tj3vmikrklronbo022; security=low" -debug -v -t .\time-based-sqli.yaml -p "http://127.0.0.1:8080"
Relevant log output
Environment
Anything else?
No response