Closed nbxiglk0 closed 7 months ago
Hi
I've been taking a look into this and have been able to replicate the validation error. To help me look into what other options might be available, can you tell me more about what you are trying to achieve with your BCheck? It would be good to get a better understanding of why the backslashes need to be replaced for the check on the response and the issue to be generated.
For example, the program will add a backslash in front of the quotation marks to escape the quotation marks entered by the user to prevent the input content from escaping from the quotation marks, but the program forgets to escape the backslash itself.
Suppose there is such a response, <xx name='user input'>abcd</xx>
, so this protection can be bypassed by injecting the formaaa\' onclick=alert(1) \'
, which will return <xx name='aaa\\' onclick=alert(1) \\''>abcd</xx>
in the response , and if you want to verify whether the backslash is not escaped, you need to verify whether the response contains \' onclick=alert(1) \'
, and You can see that there will be two backslashes in the second quotation mark. This requires replacing the two backslashes before they can be matched correctly. If cheng'x escapes the backslashes, it will be \\\' onclick=alert(1) \\\''
.
We've been running a couple of tests here and investikating the behavior. If you create some variables to define the match and replace values being used in the regex_replace, you should be able to achieve what you're describing. For example if you defined the following variable:
define:
myvar=`\\\\\\\\`
and then used it in a regex_replace:
regex_replace({base.response.body},"stuff",{myvar})
The string stuff would be replaced by \\
We are currently doing some further digging into a few inconsistencies we think may exist around the use of backslashes, but the above should give you a starting point.
That's helpful, Thanks.
Hi, i want to replace the "\\" characters to "\"(two back slash to one back slash) in response and then to do next check, but i get error when use regex_replace function,the example code like this
i got the
if "[core]" in {regex_replace({check.response.body},"\\\\","\\")} then
.Unexpected token \
error message, and i don't know what's wrong there.