Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create 000~ROOT~000-exposed.bcheck #226

Merged
merged 2 commits into from
Sep 3, 2024
Merged

Create 000~ROOT~000-exposed.bcheck #226

merged 2 commits into from
Sep 3, 2024

Conversation

r3nt0n
Copy link
Contributor

@r3nt0n r3nt0n commented Aug 30, 2024

BCheck Contributions

This Bcheck attempts to detect the exposure of 000~ROOT~000 file, which can be leveraged like a path traversal to access the entire filesystem.

  • BCheck compiles and executes as expected
  • BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
  • Only .bcheck files have been added or modified
  • BCheck is in the appropriate folder
  • PR contains single or limited number of BChecks (Multiple PRs are preferred)
  • BCheck attempts to minimize false positives

Hannah-PortSwigger
Hannah-PortSwigger requested changes Aug 30, 2024
View reviewed changes
Copy link
Contributor

@Hannah-PortSwigger Hannah-PortSwigger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your submission!

We have some feedback points for consideration - please let us know what you think :)

other/files/000~ROOT~000-exposed.bcheck Outdated Show resolved Hide resolved
other/files/000~ROOT~000-exposed.bcheck Show resolved Hide resolved
other/files/000~ROOT~000-exposed.bcheck Outdated Show resolved Hide resolved
@r3nt0n
Copy link
Contributor Author

r3nt0n commented Aug 30, 2024

Thank you for the feedback! Sorry, I'm still getting used to Bchecks.

Yes, I can see what you mean about the unnecessarily repeated requests. I tend to scan specific requests instead of entire targets, so I was trying to make sure that it's checked both in the current path and at the root level. If I understood correctly, using given path, the only way to detect the issue at the root level would be to specifically scan a root-level request, right?

Ideally, the behavior I would like to achieve would be:

  • Test the issue one time at the root level, no matter which path is being currently scanned
  • Test the issue again on each path scanned

Is there any way to achieve this?

@Hannah-PortSwigger
Copy link
Contributor

@r3nt0n That's ok, we're here to help!

If that's the behavior you are looking for, then just changing given request then to given path then without changing the rest of your logic should result in that behavior happening.

Please let us know when you've made this change :)

@r3nt0n
Copy link
Contributor Author

r3nt0n commented Sep 2, 2024
edited
Loading

Thank you!

Change made. I also included some enhancements, to ensure that the Bcheck always perform a GET request, regardless the method used in the original request, and to better handle cases where the path ends with / and when it doesn't. Let me know what you think, any feedback would be appreciated.

Hannah-PortSwigger
Hannah-PortSwigger approved these changes Sep 2, 2024
View reviewed changes
Copy link
Contributor

@Hannah-PortSwigger Hannah-PortSwigger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making the changes, looks good! 👍

@Hannah-PortSwigger Hannah-PortSwigger merged commit c4714d2 into PortSwigger:main Sep 3, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josh-psw josh-psw josh-psw approved these changes

@Hannah-PortSwigger Hannah-PortSwigger Hannah-PortSwigger approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@r3nt0n @Hannah-PortSwigger @josh-psw