search

modzero / mod0BurpUploadScanner

HTTP file upload scanner for Burp Proxy
Other
480 stars 138 forks source link

Bug #101

Open omar-nadhif opened 2 years ago

omar-nadhif commented 2 years ago 
Traceback (most recent call last):
  File "C:\Users\marc\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 982, in doActiveScan
    self.do_checks(injector)
  File "C:\Users\marc\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1187, in do_checks
    self._recursive_upload_files(injector, burp_colab)
  File "C:\Users\marc\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1187, in do_checks
    self._recursive_upload_files(injector, burp_colab)
  File "C:\Users\marc\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 3680, in _recursive_upload_files
    content = file(os.path.join(path, filename), "rb").read()
IOError: [Errno 2] No such file or directory: 'C:\\Wordlists\\fuzzdb-master\\web-backdoors\\asp\\cmd-asp-5.1.asp'

Upload Scanner Version: 1.0.8a

Extension code location: doActiveScan
Jython version: 2.7.3 (tags/v2.7.3:5f29801fe, Sep 10 2022, 18:52:49)
[Java HotSpot(TM) 64-Bit Server VM (Oracle Corporation)]
Java version: 13.0.2
Burp version: Burp Suite Professional 2022 9.3
Command line arguments: 
Was loaded from BApp: True
Request: 'POST /repository/repository_ajax.php?action=upload HTTP/1.1\r\nHost: elearning.uad.ac.id\r\nCookie:
_ga=GA1.3.696607809.1666714069; _gid=GA1.3.608038746.1666714069;
MoodleSession=d858rhf9tnnr0o22c9ng8b42i9\r\nContent-Length: 298644\r\nCache-Control: max-age=0\r
\nSec-Ch-Ua: "Chromium";v="103", ".Not/A)Brand";v="99"\r\nSec-Ch-Ua-Mobile: ?0\r\nSec-Ch-Ua-
Platform: "Windows"\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://elearning.uad.ac.id\r
\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryIxg6BGId1dqbSDi0\r\nUser-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/103.0.5060.134 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9
,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nSec-Fetch-
Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest:
iframe\r\nReferer: https://elearning.uad.ac.id/user/edit.php?id=11368&returnto=profil...