[FALSE-NEGATIVE] 178 Nuclei Templates Hard Code interact.sh #11771
Description
Template IDs or paths
Some examples:
./http/vulnerabilities/other/nextjs-redirect.yaml: - '{{BaseURL}}/_next/image?url=/\/\interact.sh/&q=100&w=128&h=128'
./http/vulnerabilities/other/nextjs-redirect.yaml: - 'Location: /\/\/interact.sh'
./http/vulnerabilities/other/bitrix-open-redirect.yaml: - '/bitrix/rk.php?goto=https://interact.sh'
./http/vulnerabilities/other/bitrix-open-redirect.yaml: - '/bitrix/redirect.php?event1=&event2=&event3=&goto=https://interact.sh'
./http/vulnerabilities/other/bitrix-open-redirect.yaml: - '/bitrix/redirect.php?event3=352513&goto=https://interact.sh'Environment
[INF] Current nuclei version: v3.3.10 (latest)
[INF] Current nuclei-templates version: v10.1.5 (latest)Steps To Reproduce
I noticed that a lot of templates were using interact.sh as the target instead of the OOB variable.
I was thinking about doing a search and replace for these instances of "interact.sh" for {{interactsh-url}}, but I wanted to post here to make sure there wasn't something I was missing. Would you like me to make a pull request?
[~/nuclei-templates] $ grep -ir interact.sh ./* | wc -l
178
Plus. I dont think that these templates work anyway because of interact.sh DNS
[~/nuclei-templates] $ dig interact.sh
; <<>> DiG 9.20.4-4-Debian <<>> interact.sh
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22840
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;interact.sh. IN A
;; Query time: 0 msec
;; SERVER: 10.224.184.2#53(10.224.184.2) (UDP)
;; WHEN: Wed Mar 19 14:07:29 UTC 2025
;; MSG SIZE rcvd: 40
Relevant dumped responses
Anything else?
No response