nginx-version.yaml template producing false-positive results
hczdmr opened this issue · comments
Nuclei Version:
latest
Template file:
/technologies/nginx/nginx-version.yaml
Command to reproduce:
nuclei -u httpx://hangikur.com -t /opt/nuclei-templates/technologies/nginx/nginx-version.yaml
Anything else:
This template producing false positive result for not have a version number in HTTP response header.
that's not a false positive. if you check the response header of the website, there is no nginx version in the header
C:\Users\user>curl -I "https://hangikur.com"
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 04 May 2022 00:11:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 11080
Connection: keep-alive
Vary: Accept-Encoding
Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
I know there is no nginx version in the response header but template name is "nginx version detect". If there is a version info in the header, I assume the template to work correctly. Isn't it?
Hello @hczdmr, thank you so much for creating this issue and contributing to this project 🚀