Closed 2009panda closed 7 months ago
Thanks for your submission. Looks like an interesting idea.
Is there something unique to Telerik UI that we can also look for within the response in order to minimize the chance of this raising false positives?
Hi, the two ways I've found to enumerate Telerik UI version is to look for html comments containing the version number, such as follows
and from script tags in responses where Telerik UI javascript is loaded.
The problem is, not always both are present, so by checking only for version number (as is done in the bcheck) instead of Version%3d{version_number}, it should cover both scenarios.
Excellent. So one options would be to generalize your checking to include either of these, but as you said, you may miss some scenarios. Perhaps a better option would be to look for something unrelated to the version that is specific to Telerik. So the logic would be something like:
if ((<some test to fingerprint Telerik UI>) and ("2007.1423" in {latest.response.body} or "2007.1521" in {latest.response.body} ... or "2017.1.118" in {latest.response.body})) then
Excellent. So one options would be to generalize your checking to include either of these, but as you said, you may miss some scenarios. Perhaps a better option would be to look for something unrelated to the version that is specific to Telerik. So the logic would be something like:
if ((<some test to fingerprint Telerik UI>) and ("2007.1423" in {latest.response.body} or "2007.1521" in {latest.response.body} ... or "2017.1.118" in {latest.response.body})) then
Thanks for the input, i added a check for the presence of "Telerik.Web.UI.WebResource.axd", which should eliminate the risk of raising false positives, it now looks like this
if (("Telerik.Web.UI.WebResource.axd" in {latest.response.body}) and ("2007.1423" in {latest.response.body} or "2007.1521" in {latest.response.body} ... or "2017.1.118" in {latest.response.body})) then
@2009panda As a contributor to our GitHub repository, we would like to invite you to our closed Discord community.
It is a place where passionate Burp users, including people who directly work on building and developing Burp here at PortSwigger, can talk about the tooling and web security in general.
If you would like to join, please email us at support@portswigger.net and we will send over an invite link.
Thank you!
Add bcheck for CVE-2017-9248, It looks for telerik version code numbers e.g. 2015.2.623 in responses, and if it finds one, creates an issue.