ghost
commented
7 years ago Did you post about this in the forums? Can you post the exact line of code you are trying to execute when grabbing switch one? Are you sourcing bunny helpers?
Open Viss opened 7 years ago
ghost
commented
7 years ago Did you post about this in the forums? Can you post the exact line of code you are trying to execute when grabbing switch one? Are you sourcing bunny helpers?
Biocow
commented
7 years ago Viss, I was playing with this over the weekend and switch1/switch2 was working fine for me. But the better way to do this is include the the bunny_helpers.sh and use the variable $SWITCH_POSITION. Here are some files I was playing with. Throw them into one of the folders and play around.
I did find issues as you said with escaping characters. Putting a contraction (it's, can't, etc...) in one of the external files causes problems.
Viss
commented
7 years ago I did not post this in the forums. I also did not load the bunny helpers, this seems like it was the cause of the switch problem.
the code I was trying to execute was:
and I had to format it like this to finally execute:
\<script\>alert\(1\)\<\/script\>
Which as you can see is going to get overwhelming really fast the more characters I add that need escaping.
I'll try again after loading the scripts and see if that helps.
xillwillx
commented
7 years ago newer firmware release negates the need for bunny_helpers.sh https://storage.googleapis.com/bashbunny_updates/ch_fw_1.1-changelog.txt
- Extensions
- Extensions from the /payloads/library/extensions folder are sourced automatically for each payload.txt. and provide new Bunny Script capabilities.
- Extensions replaces bunny_helpers.sh
the wiki says that one can place payloads into "switch1/xss.txt" and that it can be called by saying: Q switch1/xss.txt
However in practice, I cannot get this to function. I have even created a script to attempt to identify where the path is when the switch position is set to '1', and where the files live on disk. I'm getting weird mixed results.
Also, it would seem that the payloads:
and
' or 1=1;--
Appear to need some heavy escaping.
Perhaps a howto for this sort of thing could be done? Or maybe a way to put the raw characters somewhere when specifying a file for reading the payload where the chars don't have to be escaped?