Closed abdilahrf closed 9 months ago
Hi,
Was the interaction synchronous or asynchronous? Currently BChecks only support the former, i.e. it polls whilst executing the BCheck and any subsequent interactions will not be reported.
I believe it was synchronous, Testing this using portswigger labs for OOB SQL Injection https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-exploiting-blind-sql-injection-using-out-of-band-oast-techniques/sql-injection/blind/lab-out-of-band
Thanks for the update. We suspect this could be a timing issue, so we'll run some tests here and be in touch later this week to let you know how we're getting on.
Having said that, I'm back with a few more checks already :). I've just been doing some tests using your BCheck against the lab 'Blind SQL injection with out-of-band interaction' and it has been reporting an issue for me when I use the 'Run test' functionality from the BCheck editor in our latest early Adopter version, 2023.10.2. Which specific lab were you using for your testing? If you can let me know I'll check against the same one.
Its weird, now its working and creating the issue found thanks @Michelle-PortSwigger .
Hi, I am creating this bcheck to detect OOB SQL Injection within cookie insertion point I saw the DNS call within burp collaborator but the issue is not created to burpsuite dashboard.