Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected error occurred while running BCheck xxxx: Zncf #156

Closed
nbxiglk0 opened this issue Dec 5, 2023 · 4 comments
Closed

Unexpected error occurred while running BCheck xxxx: Zncf #156

nbxiglk0 opened this issue Dec 5, 2023 · 4 comments

Comments

@nbxiglk0
Copy link

nbxiglk0 commented Dec 5, 2023

Hi, I got an error when start BCheck script, The strange thing is that there were no problems before, all scripts ran normally, but when a scan task unexpectedly paused, the problem suddenly appeared after I deleted the task and re-created the scan task.I tried recreating the scan task but the result is the same。
image
And I found that the scripts with errors all used the given insertion point then statement, and there were no errors in other scripts.And there is no problem with BChecks editor verification。
The sample script is as follows

metadata:
    language: v2-beta
    name: "SSRF"
    description: "SSRF Check"
    author: "nbxiglk"

define:
    ssrf_addr=`https://{generate_collaborator_address()}/ssrftest`

# we will automatically insert into nested insertion points
given insertion point then

    # prevent false positives by checking answer isn't
    # already in base response
    if {insertion_point_base_value} matches "http" then
        send payload:
            replacing: {ssrf_addr}

        if any interactions then
            report issue:
                severity: high
                confidence: tentative
                detail: "The application transforms input in a way that suggests it might be
                         vulnerable to some kind of server-side code injection."
                remediation: "Manual investigation is advised."
        end if
    end if

metadata:
    language: v2-beta
    name: "NoSQL Bool Base SQL Inject"
    description: "NoSQL Bool Base SQL Inject"
    author: "nbxiglk"

define:
    fcheckpl="' && 0 && 'x"
    scheckpl="' && 1 && 'x"

# we will automatically insert into nested insertion points
given insertion point then

    send request called fcheck:
        send payload:
            appending: {fcheckpl}

        if not({latest.response.body} is {base.response.body}) then
            send request called scheck:
                send payload:
                    appending: {scheckpl}
            if {latest.response.body} is {base.response.body} then
                report issue:
                    severity: high
                    confidence: firm
                    detail: `NoSQL SQL Inject with {insertion_point_base_value}`
                    remediation: "Manual investigation is advised."
            end if
        end if
@Michelle-PortSwigger
Copy link
Contributor

To help us investigate this, can you please go to Settings > Suite > Performance feedback and send us the Debug ID? Or send an email to [email protected] with the output from Help > Diagnostics for the installation of Burp where you had this problem?

Thank you :)

@nbxiglk0
Copy link
Author

I will do this next time the problem reappears。

@Michelle-PortSwigger
Copy link
Contributor

Thank you, that would be great, as so far, I've not been able to replicate the problem here.

@Michelle-PortSwigger
Copy link
Contributor

Unable to replicate and no further reports of the issue. Closing issue, but it can be re-opened if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nbxiglk0 @Michelle-PortSwigger