Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burpsuite active scan changed my table's shape and data

yahyakord | Last updated: Aug 25, 2022 06:52PM UTC

I used burpsuite to do an active scan of my web application and it found vulnerabilities. After the scan was done, one of my tables got messed up: |-----|---------------------|----------------|-----------------------|---------| | Row | Pan number |Card number |Date of insert | Edit | |-----|---------------------|----------------|-----------------------|---------| | 1 |"ping -n 21 127/0/0 | 0 | 8/24/2022 | Edit | | |---------------------|----------------|-----------------------|---------| | | 2 | 0 | 8/24/2022 | Edit | | |---------------------|----------------|-----------------------|---------| | | 3 | 0 | 8/24/2022 | Edit | |-----|---------------------|----------------|-----------------------|---------| | 4 |'+(function(){if(typ | 0 | 8/24/2022 | Edit | |-----|---------------------|----------------|-----------------------|---------| | 5 |sleep(20) | 0 | 8/24/2022 | Edit | |-----|---------------------|----------------|-----------------------|---------| | 6 | |'-->'-->'| |-----|---------------------|----------------|-----------------------|---------| I've noticed that some row numbers moved into Pan number with a square like shape above it (Couldn't draw the shape in the table), instead of my previous pan numbers got weird statements. Last raw the Edit which is a hyperlink got changed into this '-->'-->'-->'--> with a single column . When I try to add another card, the entire table moves up (e.g. 41 rows) and shows many other strange entries, and sometimes goes down (e.g. 10 rows). Also, many entries disappeared. Why does this happen? Can someone please tell me what is going on on how to get my previous data back?

Ben, PortSwigger Agent | Last updated: Aug 26, 2022 10:45AM UTC

Hi, The default active scan will use a configuration that checks for things like SQL Injection, which can result in data being added into the underlying database. We would always recommend running vulnerability scans on non-production sites or sites which can easily be restored in case of issues. Do you have the ability to restore the database to a previously 'good' state?

yahyakord | Last updated: Aug 27, 2022 12:08PM UTC

Thanks Dear Ben for reply Unfortunately, I haven't noticed the recommendation not to run the active scan on non-production sites, and now I am in real trouble. What I believe happened is, that we have a form in our web application to add a new card number (non-digit entries are restricted through the browser only), and Burpsuite tried different non-digit entries ( All kinds of stuff such as ping, SQL statements, and many more ). Could you please tell me what happened to the table ? The table is acting strangly . I am not able to use the web appliacation to remove , edit those creepy entries . When trying to add the new entry the number of rows are suddenly increasing or decreasing and showing other weird burpsuite entries not my new added entry why? Unforetunetly we do not have the ability to restore the database to a previously 'good' state. Could you please tell what options do I have to get ou of this nightmare ?

Ben, PortSwigger Agent | Last updated: Aug 29, 2022 01:04PM UTC

Hi, Depending upon how you have carried out your scan (whether this was a full crawl and audit of the site or an active scan of previously proxied locations) Burp can and will interact with any forms in the target web application. If, as previously mentioned, you have just performed an active scan (this is essentially an audit-only scan of existing requests that have already been captured in Burp) then it would seem likely that you have configured Burp to audit the page containing the form. If this is the case then, as previously noted, Burp will send various different payloads, using various different insertion points, in order to attempt to identify vulnerabilities on the page. The likely result of this is that data has been inserted into the database of your application and is the cause of the behaviour that you are seeing now. In terms of your specific situation - obviously we have no oversight of how your application works and cannot really advise you on how to revert these changes at anything other than a high level. To confirm, you have no backups of the database that could be used to restore the database? Do you have the ability to interact with the underlying database directly and make changes there?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.