Update 000~ROOT~000-exposed.bcheck

PortSwigger · Sep 2, 2024 · 771f7c0 · 771f7c0
1 parent bd4c6eb
commit 771f7c0
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/other/files/000~ROOT~000-exposed.bcheck b/other/files/000~ROOT~000-exposed.bcheck
@@ -1,17 +1,18 @@
 metadata:
-    language: v1-beta
+    language: v2-beta
     name: "Filesystem exposure via /home/000~ROOT~000/"
     description: "Tests for exposed 000~ROOT~000 in current path and at the root directory of site"
     author: "r3nt0n"
-    tags: "exposure", "path traversal"
+    tags: "active", "exposure", "path traversal"
 
 run for each:
   payloads_array = 
     "/home/000~ROOT~000/",
-    `{base.request.url.path}/home/000~ROOT~000/`
+    `{regex_replace(base.request.url.path, "/$", "")}/home/000~ROOT~000/`
 
-given request then
+given path then
     send request:
+        replacing method: "GET"
         replacing path: `{payloads_array}`
 
     if "Index of" in {latest.response} then