Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/tmplexec/flow/testcases/noflow-request-condition-payloads.yaml
4538 views
1
id: noflow-request-condition-payloads

2


3
info:

4
  name: No flow with request condition and payloads

5
  author: test

6
  severity: info

7


8
http:

9
  - raw:

10
      - |

11
        GET /step1 HTTP/1.1

12
        Host: {{Hostname}}

13


14
      - |

15
        POST /login HTTP/1.1

16
        Host: {{Hostname}}

17
        Content-Type: application/x-www-form-urlencoded

18


19
        username={{username}}&password={{password}}

20


21
      - |

22
        GET /admin?token={{auth}} HTTP/1.1

23
        Host: {{Hostname}}

24


25
    attack: pitchfork

26
    payloads:

27
      username:

28
        - admin

29
      password:

30
        - secret123

31


32
    matchers-condition: and

33
    matchers:

34
      - type: word

35
        part: body_2

36
        words:

37
          - "login-ok"

38


39
      - type: word

40
        part: body_3

41
        words:

42
          - "admin-ok"

43


44
    extractors:

45
      - type: regex

46
        name: auth

47
        internal: true

48
        part: header_2

49
        group: 1

50
        regex:

51
          - 'X-Auth-Token: ([a-z0-9]+)'

52


53