Skip to content
This repository has been archived by the owner on Apr 4, 2024. It is now read-only.

Bug #98

Open
RandomRobbieBF opened this issue May 2, 2022 · 0 comments
Open

Bug #98

RandomRobbieBF opened this issue May 2, 2022 · 0 comments

Comments

@RandomRobbieBF
Copy link 

Traceback (most recent call last):
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 982, in doActiveScan
    self.do_checks(injector)
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1089, in do_checks
    self._php_rce(injector)
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1089, in do_checks
    self._php_rce(injector)
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1726, in _php_rce
    self._servercode_rce_backdoored_file(injector, self._php_gen_payload,
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 1958, in _servercode_rce_backdoored_file
    for payload, expect, name, ext, content in bi.get_files(size, payload_func, formats):
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 5746, in get_files
    for payload, expect, name, ext, c in self.get_exiftool_images(payload_func, size, formats):
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 5770, in get_exiftool_images
    x = ImageHelpers.new_image(size[0], size[1], ext[1:])
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 4649, in new_image
    g2d.setColor(Color(color))
  File "/Users/rwiggins/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 4649, in new_image
    g2d.setColor(Color(color))
IllegalAccessException: java.lang.IllegalAccessException: class org.python.core.PyReflectedFunction cannot access class sun.java2d.SunGraphics2D (in module java.desktop) because module java.desktop does not export sun.java2d to unnamed module @4f5fe474

Upload Scanner Version: 1.0.8a

Extension code location: doActiveScan
Jython version: 2.7.0 (default:9987c746f838, Apr 29 2015, 02:25:11) 
[OpenJDK 64-Bit Server VM (Oracle Corporation)]
Java version: 17.0.2
Burp version: Burp Suite Professional 2022 3.6
Command line arguments: 
Was loaded from BApp: True
Request: 'POST /wp-json/contact-form-7/v1/contact-forms/81/feedback HTTP/1.1\r\nHost: wordpress.lan\r\nUser-
Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0\r\nAccept:
application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-
Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nContent-Type: multipart/form-data;
boundary=---------------------------15927038533185754381311175691\r\nContent-Length: 1495\r\nOrigin:
http://wordpress.lan\r\nConnection: close\r\nReferer: http://wordpress.lan/booo/\r\nCookie:
pma_lang=en; pmaUser-1=%7B%22iv%22%3A%22VLxH2L1Qwx2txLmm2N5sNg%3D%3D%22%2C%22mac%22%3A%22ae8a9d82da3
1e64229bfb4260be3c931d713c4f4%22%2C%22payload%22%3A%221kIhH9%5C%2FKGsZddHLFGBnRLA%3D%3D%22%7D;
wordpress_test_cookie=WP%20Cookie%20check; tk_ai=woo%3AunKX5ep2q9Hjujqa4kMT1kMZ; wp_lang=en_GB;
pps_show_101=1; pps_actions_101=_JSON%3A%7B%22subscribe%22%3A1%7D; _ga=GA1.2.81168235.1650970769;
fusionredux_current_tab=8...
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RandomRobbieBF