Updating the blog post on dynamic auth

[anze3db]

Hey! I'm not sure this is the right place to ask this, but could you update the Scanning Login-Protected Targets with Nuclei v3.2 blog post and fix the template in the dynamic section? The blog post ranks higher in google than the docs, so a lot of people might get stuck because the examples in the blog post don't work.

The template in the blog post:

There are two issues:

1. The template still includes variables with name: instead of key: which was fixed in this repo 5 months ago.
2. The template in the blog doesn't include the input: property. Without it I get the following error:

[FTL] Could not fetch dynamic secret: no extracted values found for dynamic secret

It's marked as optional in the docs here, but I have hardcoded urls in my login template, but I'm still getting the error.

[ehsandeep]

@anze3db Thanks for creating the issue! This is the right place to request changes.

I’ve updated the name: → key: reference in the blog as you correctly pointed out. Regarding input:, you mentioned you’re still getting an error even after specifying the value. Is the issue specifically related to the input field, or is it something else?

cc @tarunKoyalwar ^

[anze3db]

@ehsandeep no, I only get the error if I don't include the input: field in the secret.yaml file. If I add it, the error goes away. That's why I think the input: field should also be included in the blog post as it is in the docs.

The docs also say that input: is optional if the target is hardcoded, but I'm getting the same error even if I put the whole URL in the login template and never use ({{BaseURL}}). I'm not sure if this is a nuclei bug or a docs issue, though.

[tarunKoyalwar]

@anze3db when you put your url instead of {{BaseURL}}, did you set the self-contained: true in template because that's required

[anze3db]

I did not know about self-contained, sorry! I have just confirmed that if I add self-contained: true the error goes away. 👍

I think the blog post's instructions are still incorrect because the login template uses {{BaseURL}} and doesn't include self-contained but the secrets.yaml also doesn't include input:.

[tarunKoyalwar]

thanks for confirming, we will update the blog post to reflect new changes and improve instructions