Open trashpandacan opened 4 years ago
Traceback (most recent call last): File "/Users/cannon/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1026, in run_flexiinjector self.do_checks(fi) File "/Users/cannon/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1092, in do_checks self._jsp_rce(injector) File "/Users/cannon/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1092, in do_checks self._jsp_rce(injector) File "/Users/cannon/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1868, in _jsp_rce self._servercode_rce_backdoored_file(injector, self._jsp_gen_payload_tags, self._jsp_rce_params, File "/Users/cannon/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1968, in _servercode_rce_backdoored_file self._send_simple(injector, types, basename, content, redownload=True) File "/Users/cannon/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 4225, in _send_simple urrs.append(self._make_http_request(injector, req, redownload_filename=x)) File "/Users/cannon/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 4380, in _make_http_request attack = self._callbacks.makeHttpRequest(service, req) NullPointerException: java.lang.NullPointerException Upload Scanner Version: 1.0.8 Extension code location: run_flexiinjector Jython version: 2.7.2 (v2.7.2:925a3cc3b49d, Mar 21 2020, 10:03:58) [OpenJDK 64-Bit Server VM (Oracle Corporation)] Java version: 14 Burp version: Burp Suite Professional 2020 8.1 Command line arguments: Was loaded from BApp: True Request: 'POST /a/upload?fileType=IMAGE HTTP/1.1\r\nHost: cadencetest3.ideascalegov.com\r\nConnection: close\r\nContent-Length: 4697\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nX- Requested-With: XMLHttpRequest\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36\r\nContent-Type: multipart /form-data; boundary=----WebKitFormBoundaryFwGKuAPL3G3b9qT6\r\nSec-Fetch-Site: same-origin\r\nSec- Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nReferer: https://cadencetest3.ideascalegov.com/\r \nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9\r\nCookie: _ga=GA1.2.1208714084.1598455974; _gid=GA1.2.509119000.1598455974; _gat_trackerB=1; ISSESSIONID=ceb06379-2019-4230-80f2-1d30b246d06e\r\nX-Forwarded-Host: cannoodle\r\n\r\n------ WebKitFormBoundaryFwGKuAPL3G3b9qT6\r\nContent-Disposition: form-data; name="target-content- type"\r\n\r\njson\r\n------WebKitFormBoundaryFwGKuAPL3G3b9qT6\r\nContent-Di...