search

PortSwigger / BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
https://portswigger.net/burp/documentation/scanner/bchecks
GNU Lesser General Public License v3.0
588 stars 104 forks source link

Unexpected error occurred while running BCheck xxxx: Zncf #156

Closed nbxiglk0 closed 4 months ago

nbxiglk0 commented 7 months ago

Hi, I got an error when start BCheck script, The strange thing is that there were no problems before, all scripts ran normally, but when a scan task unexpectedly paused, the problem suddenly appeared after I deleted the task and re-created the scan task.I tried recreating the scan task but the result is the same。 image And I found that the scripts with errors all used the given insertion point then statement, and there were no errors in other scripts.And there is no problem with BChecks editor verification。 The sample script is as follows 

metadata:
    language: v2-beta
    name: "SSRF"
    description: "SSRF Check"
    author: "nbxiglk"

define:
    ssrf_addr=`https://{generate_collaborator_address()}/ssrftest`

# we will automatically insert into nested insertion points
given insertion point then

    # prevent false positives by checking answer isn't
    # already in base response
    if {insertion_point_base_value} matches "http" then
        send payload:
            replacing: {ssrf_addr}

        if any interactions then
            report issue:
                severity: high
                confidence: tentative
                detail: "The application transforms input in a way that suggests it might be
                         vulnerable to some kind of server-side code injection."
                remediation: "Manual investigation is advised."
        end if
    end if
metadata:
    language: v2-beta
    name: "NoSQL Bool Base SQL Inject"
    description: "NoSQL Bool Base SQL Inject"
    author: "nbxiglk"

define:
    fcheckpl="' && 0 && 'x"
    scheckpl="' && 1 && 'x"

# we will automatically insert into nested insertion points
given insertion point then

    send request called fcheck:
        send payload:
            appending: {fcheckpl}

        if not({latest.response.body} is {base.response.body}) then
            send request called scheck:
                send payload:
                    appending: {scheckpl}
            if {latest.response.body} is {base.response.body} then
                report issue:
                    severity: high
                    confidence: firm
                    detail: `NoSQL SQL Inject with {insertion_point_base_value}`
                    remediation: "Manual investigation is advised."
            end if
        end if
Michelle-PortSwigger commented 7 months ago

To help us investigate this, can you please go to Settings > Suite > Performance feedback and send us the Debug ID? Or send an email to support@portswigger.net with the output from Help > Diagnostics for the installation of Burp where you had this problem?

Thank you :)

nbxiglk0 commented 7 months ago

I will do this next time the problem reappears。

Michelle-PortSwigger commented 6 months ago

Thank you, that would be great, as so far, I've not been able to replicate the problem here.

Michelle-PortSwigger commented 4 months ago

Unable to replicate and no further reports of the issue. Closing issue, but it can be re-opened if needed.