modzero / mod0BurpUploadScanner

HTTP file upload scanner for Burp Proxy
Other
483 stars 138 forks source link

Bug #112

Open mezzy306 opened 1 year ago

mezzy306 commented 1 year ago
Traceback (most recent call last):
  File "/home/kairiz/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 982, in doActiveScan
    self.do_checks(injector)
  File "/home/kairiz/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1074, in do_checks
    colab_tests.extend(self._magick(injector, burp_colab))
  File "/home/kairiz/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1074, in do_checks
    colab_tests.extend(self._magick(injector, burp_colab))
  File "/home/kairiz/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1440, in _magick
    self._send_sleep_based(injector, basename, content, types, injector.opts.sleep_time, issue)
  File "/home/kairiz/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 4315, in _send_sleep_based
    new_content = content.replace(BurpExtender.MARKER_CACHE_DEFEAT_URL, "https://example.org/" + ''.join(random.sample(string.ascii_letters, 11)) + "/")
AttributeError: 'NoneType' object has no attribute 'replace'

Upload Scanner Version: 1.0.8a

Extension code location: doActiveScan
Jython version: 2.7.3 (tags/v2.7.3:5f29801fe, Sep 10 2022, 18:52:49)
[OpenJDK 64-Bit Server VM (Debian)]
Java version: 17.0.5
Burp version: Burp Suite Professional 2022 8.2
Command line arguments: 
Was loaded from BApp: True
Request: 'POST /api/Dom/UploadDomTrackingDocument HTTP/2\r\nHost: uat-mostapi.mglobal-logistics.com\r\nUser-
Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0\r\nAccept: multipart
/form-data\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type:
multipart/form-data; boundary="3ffc2a8f-37e4-4aad-bdf7-e11b40b7634c"\r\nContent-Length: 617\r\nRole:
Admin\r\nOrigin: https://uat-most.mglobal-logistics.com\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode:
cors\r\nSec-Fetch-Site: same-site\r\nAuthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Iml
ibnUucmFobWFuQG1lcmF0dXNsaW5lLmNvbSIsInJvbGUiOiJBZG1pbiIsIm5iZiI6MTY5NjgxODYwOSwiZXhwIjoxNjk2ODYxODA
5LCJpYXQiOjE2OTY4MTg2MDl9.QZkFUl-wQ2TVqlVw6TkcdfP_LS3EGYyHRbH0tqLcGY8\r\nReferer: https://uat-most
.mglobal-logistics.com/\r\nTe: trailers\r\n\r\n--3ffc2a8f-37e4-4aad-bdf7-e11b40b7634c\r\nContent-
Type: text/plain; charset=utf-8\r\nContent-Disposition: form-data;
name=Email\r\n\r\nibnu.rahman@meratus...