search

modzero / mod0BurpUploadScanner

HTTP file upload scanner for Burp Proxy
Other
483 stars 138 forks source link

Bug #66

Open subhash0x opened 4 years ago

subhash0x commented 4 years ago 
Traceback (most recent call last):
  File "C:\Users\Darkworld\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 981, in doActiveScan
    self.do_checks(injector)
  File "C:\Users\Darkworld\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1122, in do_checks
    colab_tests.extend(self._xxe_xmp(injector, burp_colab))
  File "C:\Users\Darkworld\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1122, in do_checks
    colab_tests.extend(self._xxe_xmp(injector, burp_colab))
  File "C:\Users\Darkworld\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 2649, in _xxe_xmp
    return x.do_collaborator_tests(injector, burp_colab, injector.opts.get_enabled_file_formats())
  File "C:\Users\Darkworld\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 5981, in do_collaborator_tests
    c = self._send_collab(injector, burp_colab, types, basename, content, old_xmp, new_xmp, issue)
  File "C:\Users\Darkworld\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 6021, in _send_collab
    urr = self._make_http_request(injector, req, redownload_filename=filename)
  File "C:\Users\Darkworld\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 4380, in _make_http_request
    attack = self._callbacks.makeHttpRequest(service, req)
RuntimeException: java.lang.RuntimeException: ie.trustpilot.com

Upload Scanner Version: 1.0.8

Extension code location: doActiveScan
Jython version: 2.7.1 (default:0df7adb1b397, Jun 30 2017, 19:02:43) 
[Java HotSpot(TM) 64-Bit Server VM (Oracle Corporation)]
Java version: 1.8.0_241
Burp version: Burp Suite Professional 2.1 07
Command line arguments: 
Was loaded from BApp: True
Request: 'POST /consumer/profileimage HTTP/1.1\r\nHost: ie.trustpilot.com\r\nUser-Agent: Mozilla/5.0 (Windows
NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
root@vih1v6k3awh88x4rl1pid17nler9rdf2.burpcollaborator.net\r\nAccept: */*\r\nAccept-Language: en-
GB,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nRequestVerificationToken: L_BmWrJd7_LZgr0imIK8oYELR
bJAs0VXBQyj_DsCg513yfK_WSqqqLdsycrOwu8kJz6go1gGglSzxOXTRzjx6xSo66Ji6OhGAN34BFSUbpg1\r\nX-Requested-
With: XMLHttpRequest\r\nContent-Type: multipart/form-data;
boundary=---------------------------324716114336314320874122347574\r\nContent-Length:
12040\r\nOrigin: https://ie.trustpilot.com\r\nConnection: close\r\nReferer:
http://479akf9cz56hx6t0aaer2awwangigg45.burpcollaborator.net/ref\r\nCookie:
__RequestVerificationToken-legacy=qGgKjy37_FagunnougdWTbVmIJQoafQ-
Q6q0CeRCV4tZfYwsJ6YxjAJcfU5YcTiWyphcWB6MCTaqmiW7QBWhYMdd9COAonEwKoV4r-QO1sA1;
__RequestVerificationToken=qGgKjy37_FagunnougdWTbVmIJQoafQ-
Q6q0CeRCV4...