Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Bchecks bug?

and0x00 | Last updated: Jun 06, 2024 06:39PM UTC

I don't understand, but this just doesn't work for me. ``` metadata: language: v2-beta name: "Sql Injection" description: "Classic SQL Injection" given query insertion point then if {base.response.status_code} is "200" then send payload called weaponized: appending: "'" if {weaponized.response.status_code} differs from {base.response.status_code} then send payload called benign: appending: "''" if {benign.response.status_code} is {base.response.status_code} then report issue: severity: high confidence: certain detail: `When adding a single quote, the status code of the response changed from {base.response.status_code} to {weaponized.response.status_code}. When two quotes were injected, the status code of the response reverted to {base.response.status_code}. This indicates that the server is passing the user-supplied value to a database without first sanitizing the input.` remediation: "Never pass user input directly to a database, use prepared stateaments when interacting with SQL databases!" end if end if end if ``` In the output, I see things like "When adding a single quote, the status code of the response changed from 200 to 200." And I simply copied this from a PortSwigger video 'https://www.youtube.com/watch?v=NaiQMJk4nus'. I don't understand, help.

and0x00 | Last updated: Jun 06, 2024 06:41PM UTC

I tested this on the last 3 versions 2024.5.1, 2024.4.5, 2024.5.

and0x00 | Last updated: Jun 06, 2024 07:28PM UTC

Work! if {weaponized.response.status_code} differs from {base.response.status_code} then change> if not ({weaponized.response.status_code} is {base.response.status_code}) then ``` metadata: language: v2-beta name: "Sql Injection" description: "SQL Injection" given query insertion point then if {base.response.status_code} is "200" then send payload called weaponized: appending: "'" if not ({weaponized.response.status_code} is {base.response.status_code}) then send payload called benign: appending: "''" if {benign.response.status_code} is {base.response.status_code} then report issue: severity: high confidence: certain detail: `When adding a single quote, the status code of the response changed from {base.response.status_code} to {weaponized.response.status_code}. When two quotes were injected, the status code of the response reverted to {base.response.status_code}. This indicates that the server is passing the user-supplied value to a database without first sanitizing the input.` remediation: "Never pass user input directly to a database, use prepared stateaments when interacting with SQL databases!" end if end if end if ```

Michelle, PortSwigger Agent | Last updated: Jun 07, 2024 07:49AM UTC

Hi Thanks for the update. Does the BCheck now do everything you need it to or do you have any further questions about it?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.