gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
Closed gwen001 closed 1 year ago
gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
1 year ago Tool has been accepted by the team: https://offsec.tools/tool/uploadscanner
Thank you for your contribution!
[link]https://github.com/PortSwigger/upload-scanner[/link] [tags]burpsuite,vulnerabilities,fileupload,scanner[/tags] [short_descr]HTTP file upload scanner for Burp Proxy.[/short_descr] [long_descr]While the extension has various interesting features in its various modules, one of the main features is:
1/ Taking a small gif, png, jpeg, tiff, pdf, zip and mp4 file 2/ If it’s an image, resize the image (sizes are UI options) 3/ If it’s an image, give it a random new color 4/ If the file format supports it, use the exiftool file format meta data techniques "keywords", "comment", "iptc:keywords", "xmp:keywords", "exif:ImageDescription" and "ThumbnailImage" ... 5/ ... to inject PHP, JSP, ASP, XXE, SSRF, XXS and SSI payloads ... 6/ ... then upload with various combinations of file extensions and content-types ... 7/ ... to detect issues via sleep based payloads, Burp Collaborator interactions or by downloading the file again[/long_descr] [image]https://raw.githubusercontent.com/gwen001/offsectools_www/main/32d97d67f4b1eb44ff0e079de24485fe.png[/image]