external-service-interaction possible fp?

[iuliu8899]

Nuclei Version:

Template file:

http/miscellaneous/external-service-interaction.yaml

Command to reproduce:

nuclei -u http://1.94.99.66 -id external-service-interaction

This would match result since server respond with 302 code and location header points to interactsh url. And then nuclei follow this redirects thus trigger oob interaction.

If I comment out redirects: true this line, (which makes a similar template with http/vulnerabilities/generic/oob-header-based-interaction.yaml), no results found and I think it's good.

I don't think follow redircts is vulnerable since this action happens totally on client side.

If I'm wrong, any suggestion to understand this?

Anything else:

Or we should differentiate external-service-interaction and oob-header-based-interaction? like, external-service-interaction only test follow redirect targets, while oob-header-based-interaction test no redirects targets?

[ritikchaddha]

Hello @iuliu8899, I'm not getting any false positives on the host you shared above. Would you mind sharing additional information, including valid debug data, to investigate this issue? It would be greatly appreciated.

[iuliu8899]

@ritikchaddha your screenshots shows the request was blocked by some waf...

can u try this:

nuclei -u https://internalcrm.nysoftland.com.cn -id external-service-interaction

which I believe no waf protect this target.