Validation of the Spoofing Nuclei template
Nuclei has over 21,000 stars on GitHub and over 2.1 million downloads. The tool uses “templates,” in the form of YAML files, that define specific checks or tests for the vulnerability scanning process. Verifying the authenticity of these templates is important to avoid tampered or malicious templates that mislead or compromise the scanning process.
Nuclei has a Go regex-based signature verification process for authentication. The error is caused by a difference between how the signature verification process and the YAML parser handle newline characters, ProjectDiscovery explains. While Go’s validation logic considers “r” part of the same line, the YAML parser treats it as a line break, thus leaving attackers open to malicious code.
This, combined with the fact that Nuclei has flawed processing of many signature “digest:” lines, could lead to an attacker injecting malicious content into the template while keeping the signature valid in the innocuous part of the template.
Source link