search

modzero / mod0BurpUploadScanner

HTTP file upload scanner for Burp Proxy
Other
480 stars 138 forks source link

Bug #100

Open A1vinSmith opened 2 years ago

A1vinSmith commented 2 years ago 
Traceback (most recent call last):
  File "/Users/AlvinSmith/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 982, in doActiveScan
    self.do_checks(injector)
  File "/Users/AlvinSmith/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1079, in do_checks
    colab_tests.extend(self._ghostscript(injector, burp_colab))
  File "/Users/AlvinSmith/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1079, in do_checks
    colab_tests.extend(self._ghostscript(injector, burp_colab))
  File "/Users/AlvinSmith/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1588, in _ghostscript
    self._send_sleep_based(injector, basename + cmd_name, sleep_content, self.GS_TYPES, injector.opts.sleep_time, issue)
  File "/Users/AlvinSmith/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 4323, in _send_sleep_based
    resp = self._make_http_request(injector, req, throttle=False)
  File "/Users/AlvinSmith/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 4381, in _make_http_request
    attack = self._callbacks.makeHttpRequest(service, req)
RuntimeException: java.lang.RuntimeException: Extension generated task deleted

Upload Scanner Version: 1.0.8a

Extension code location: doActiveScan
Jython version: 2.7.2 (v2.7.2:925a3cc3b49d, Mar 21 2020, 10:03:58)
[OpenJDK 64-Bit Server VM (Oracle Corporation)]
Java version: 17.0.2
Burp version: Burp Suite Professional 2022 6.1
Command line arguments: 
Was loaded from BApp: True
Request: 'POST /admin/upload HTTP/1.1\r\nHost: 10.129.220.248:8009\r\nContent-Length: 7771\r\nCache-Control:
max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: http://10.129.220.248:8009\r\nContent-Type:
multipart/form-data; boundary=----WebKitFormBoundarylC3UaoVSmc4BvOt1\r\nUser-Agent: Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53
Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp
,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nReferer:
http://10.129.220.248:8009/admin/settings\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-
GB,en-US;q=0.9,en;q=0.8\r\nCookie: PHPSESSID=pei9469sfmq1anmsj33qomot6g\r\nConnection: close\r\n\r\n
------WebKitFormBoundarylC3UaoVSmc4BvOt1\r\nContent-Disposition: form-data; name="uploadFile";
filename="; sleep 10;"\r\nContent-Type: application/x-php\r\n\r\n\xff\xd8\xff\xe0\x00\x10JFIF\x00\x0
1\x01\x00\x00\x01\x00\x01\x00\x00\xff\xdb\x00\...