search

modzero / mod0BurpUploadScanner

HTTP file upload scanner for Burp Proxy
Other
480 stars 138 forks source link

Bug #81

Open Anas200614 opened 3 years ago

Anas200614 commented 3 years ago 
Traceback (most recent call last):
  File "C:\Users\moham\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1026, in run_flexiinjector
    self.do_checks(fi)
  File "C:\Users\moham\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1078, in do_checks
    colab_tests.extend(self._ghostscript(injector, burp_colab))
  File "C:\Users\moham\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1078, in do_checks
    colab_tests.extend(self._ghostscript(injector, burp_colab))
  File "C:\Users\moham\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1606, in _ghostscript
    colab_tests.extend(self._send_collaborator(injector, burp_colab, self.GS_TYPES, basename + param + cmd_name,
  File "C:\Users\moham\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 4294, in _send_collaborator
    urr = self._make_http_request(injector, req, redownload_filename=x)
  File "C:\Users\moham\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 4380, in _make_http_request
    attack = self._callbacks.makeHttpRequest(service, req)
NullPointerException: java.lang.NullPointerException

Upload Scanner Version: 1.0.8

Extension code location: run_flexiinjector
Jython version: 2.7.2 (v2.7.2:925a3cc3b49d, Mar 21 2020, 10:03:58)
[Java HotSpot(TM) 64-Bit Server VM (Oracle Corporation)]
Java version: 9.0.4
Burp version: Burp Suite Professional 2020 9.2
Command line arguments: 
Was loaded from BApp: True
Request: 'POST /accounts/145886228 HTTP/1.1\r\nHost: accounts.shopify.com\r\nConnection: close\r\nContent-
Length: 7086\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: null\r\nContent-
Type: multipart/form-data; boundary=----WebKitFormBoundary6yGpf2KvcBkaipjr\r\nUser-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88
Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp
,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nSec-Fetch-Site: same-origin\r\nSec-
Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip,
deflate\r\nAccept-Language: en-GB,en-US;q=0.9,en;q=0.8\r\nCookie: _y=0497460d-E2BA-4395-275A-
00AA51FDBD40; _shopify_y=0497460d-E2BA-4395-275A-00AA51FDBD40;
_shopify_fs=2020-11-26T12%3A46%3A28.255Z; _biz_uid=43288b6fda8a4b589d6b7da7e77816cc;
_ga=GA1.2.80895674.1606394790; _scid=4906d960-785f-4c0a-ab96-d8aa10bf5...