search

PortSwigger / BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
https://portswigger.net/burp/documentation/scanner/bchecks
GNU Lesser General Public License v3.0
619 stars 109 forks source link

add apache shiro vuln check #109

Closed QdghJ closed 1 year ago

QdghJ commented 1 year ago

Add Apache Shiro Vulnerability Detection Script, refer to https://github.com/vulhub/vulhub/blob/master/shiro/CVE-2016-4437/README.md, https://github.com/vulhub/vulhub/blob/master/shiro/CVE-2020-1957/README.md

QdghJ commented 1 year ago

Firstly, thank you for the amazing contribution.

Can we ask please for the following changes before we merge?

  • Clean up the two .txt files
  • Split the key cracking .bcheck into its own PR and put int he /CVEd/ directory
  • Leave the remaining two BChecks in /other/ as this PR

This is so we maintain repo hygiene.

Thank you in advance from all at PortSwigger.

I can accept these changes. output.txt is used to locate the original key corresponding to the encrypted 'rememberMe' value. However, in future updates, I can include them in comments for easier reference. Thank you.