search

modzero / mod0BurpUploadScanner

HTTP file upload scanner for Burp Proxy
Other
483 stars 138 forks source link

Bug #62

Open allengerysena opened 4 years ago

allengerysena commented 4 years ago 
Traceback (most recent call last):
  File "C:\Users\mxtvn\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 981, in doActiveScan
    self.do_checks(injector)
  File "C:\Users\mxtvn\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1088, in do_checks
    self._php_rce(injector)
  File "C:\Users\mxtvn\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1088, in do_checks
    self._php_rce(injector)
  File "C:\Users\mxtvn\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1725, in _php_rce
    self._servercode_rce_backdoored_file(injector, self._php_gen_payload,
  File "C:\Users\mxtvn\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1968, in _servercode_rce_backdoored_file
    self._send_simple(injector, types, basename, content, redownload=True)
  File "C:\Users\mxtvn\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 4225, in _send_simple
    urrs.append(self._make_http_request(injector, req, redownload_filename=x))
  File "C:\Users\mxtvn\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 4380, in _make_http_request
    attack = self._callbacks.makeHttpRequest(service, req)
RuntimeException: java.lang.RuntimeException: ads.sestyc.com

Upload Scanner Version: 1.0.8

Extension code location: doActiveScan
Jython version: 2.7.1 (default:0df7adb1b397, Jun 30 2017, 19:02:43) 
[Java HotSpot(TM) 64-Bit Server VM (Oracle Corporation)]
Java version: 1.8.0_241
Burp version: Burp Suite Professional 2.1 04
Command line arguments: 
Was loaded from BApp: True
Request: 'POST /assets/demo/ajaxupload.php HTTP/1.1\r\nHost: ads.sestyc.com\r\nUser-Agent: Mozilla/5.0
(Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0\r\nAccept: */*\r\nAccept-
Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r
\nContent-Type: multipart/form-data;
boundary=---------------------------312781034134664996492312788678\r\nContent-Length:
198808\r\nOrigin: https://ads.sestyc.com\r\nConnection: close\r\nReferer:
https://ads.sestyc.com/profile/\r\nCookie: _ga=GA1.2.1057701055.1585388493;
_gid=GA1.2.1062440722.1585388493; PHPSESSID=laeu2fcdsp5rn21q8qq95lust7\r\n\r\n
-----------------------------312781034134664996492312788678\r\nContent-Disposition: form-data;
name="file"; filename="flag.jpg"\r\nContent-Type: image/jpeg\r\n\r\n\xff\xd8\xff\xe0\x00\x10JFIF\x00
\x01\x01\x01\x00\x90\x00\x90\x00\x00\xff\xe1\x00"Exif\x00\x00MM\x00*\x00\x00\x00\x08\x00\x01\x01\x12
\x00\x03\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\xff\xdb\x0...