Skip to content
This repository has been archived by the owner on Apr 4, 2024. It is now read-only.

Bug #119

Open
TrustStephen opened this issue Mar 14, 2024 · 0 comments
Open

Bug #119

TrustStephen opened this issue Mar 14, 2024 · 0 comments

Comments

@TrustStephen
Copy link 

Traceback (most recent call last):
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 982, in doActiveScan
    self.do_checks(injector)
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 1089, in do_checks
    self._php_rce(injector)
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 1089, in do_checks
    self._php_rce(injector)
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 1726, in _php_rce
    self._servercode_rce_backdoored_file(injector, self._php_gen_payload,
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 1958, in _servercode_rce_backdoored_file
    for payload, expect, name, ext, content in bi.get_files(size, payload_func, formats):
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 5746, in get_files
    for payload, expect, name, ext, c in self.get_exiftool_images(payload_func, size, formats):
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 5770, in get_exiftool_images
    x = ImageHelpers.new_image(size[0], size[1], ext[1:])
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 4649, in new_image
    g2d.setColor(Color(color))
  File "/home/stephen/Job-Burp/upload-scanner/UploadScanner.py", line 4649, in new_image
    g2d.setColor(Color(color))
IllegalAccessException: java.lang.IllegalAccessException: class org.python.core.PyReflectedFunction cannot access class sun.java2d.SunGraphics2D (in module java.desktop) because module java.desktop does not export sun.java2d to unnamed module @1fa909c9

Upload Scanner Version: 1.0.8a

Extension code location: doActiveScan
Jython version: 2.7.0 (default:9987c746f838, Apr 29 2015, 02:25:11) 
[OpenJDK 64-Bit Server VM (Oracle Corporation)]
Java version: 21.0.1
Burp version: Burp Suite Professional 2024 1.1.6
Command line arguments: 
Was loaded from BApp: False
Request: 'POST /education/aln/inputidp HTTP/1.1\r\nHost: s013-oneapi-app-ukw-api.azure-api.net\r\nUser-Agent:
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0\r\nAccept:
application/json, text/plain, */*\r\nAccept-Language: en-GB,en;q=0.5\r\nAccept-Encoding: gzip,
deflate, br\r\nReferer: https://aln.capita-software.co.uk/\r\nOcp-Apim-Subscription-Key:
92f883d933c74b81bdaf1aa084518465\r\nConnectionid: Education9382\r\nAuthorization: Bearer eyJhbGciOiJ
SUzI1NiIsImtpZCI6Im1zMy1ua2xhX2s1bnJWb3hxd3N4UzZTbnllOWRxamVsZG53clByVk50dUEiLCJ0eXAiOiJKV1QifQ.eyJz
dWIiOiJjZjFlNzY3Ny1lZWViLTQ5Y2ItYjA1MS02ODRhNzgxZTU3MzgiLCJuYW1lIjoiT25lIFVzZXIiLCJleHRlbnNpb25fbWZh
QnlQaG9uZU9yRW1haWwiOiJwaG9uZSIsImVtYWlsIjoic3RlcGhlbi5yb2JpbnNvbit1c2VyMkB0cnVzdG1hcnF1ZS5jb20iLCJp
ZHAiOiJMb2NhbCIsInRpZCI6ImIwNWMyODMzLTYwM2ItNDUzOS1hZjkyLWZmNGIzODVhYWVlMyIsIm5vbmNlIjoiNWIyMGNjM2Et
YWI0My00NzhkLTkzOTMtMTk5MDFiNGM4MWRjIiwic2NwIjoidXNlcl9hY2Nlc3MiLCJhenAiOiJjZmNmNTFjYS0xMTRiLTRkY2Ut
YjNlMi1hN2QzNDM1ODV...
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TrustStephen