Add Devise check

PortSwigger · Jul 18, 2023 · b327b5e · b327b5e
1 parent 2a532cb
commit b327b5e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -35,6 +35,9 @@ To invoke these checks, just run a normal active scan.
 The host header checks tamper with the host header, which may result in requests being routed to different applications on the same host. Exercise caution when running this scanner against applications in a shared hosting environment.
 
 #### Changelog:
+**1.0.24 20230801**
+- Devise (no CVE, refer to [Smashing the State Machine](https://portswigger.net/research/smashing-the-state-machine))
+
 **1.0.23 20211210**
  - Log4Shell (CVE-2021-44228)
 

diff --git a/activeScan++.py b/activeScan++.py
@@ -31,7 +31,7 @@
 except ImportError:
     print "Failed to load dependencies. This issue may be caused by using the unstable Jython 2.7 beta."
 
-VERSION = "1.0.23"
+VERSION = "1.0.24"
 FAST_MODE = False
 DEBUG = False
 callbacks = None
@@ -69,7 +69,8 @@ def registerExtenderCallbacks(self, this_callbacks):
             callbacks.registerScannerCheck(SimpleFuzz())
             callbacks.registerScannerCheck(EdgeSideInclude())
             if collab_enabled:
-                callbacks.registerScannerCheck(Log4j())
+                # callbacks.registerScannerCheck(Log4j())
+                # log4j is disabled because this extension is better: https://github.com/silentsignal/burp-log4shell
                 callbacks.registerScannerCheck(Solr())
                 callbacks.registerScannerCheck(doStruts_2017_12611_scan())
 
@@ -102,6 +103,7 @@ def doActiveScan(self, basePair, insertionPoint):
         ['/.well-known/apple-app-site-association', 'applinks', 'https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html'],
         ['/.well-known/openid-configuration', '"authorization_endpoint"', 'https://portswigger.net/research/hidden-oauth-attack-vectors'],
         ['/.well-known/oauth-authorization-server', '"authorization_endpoint"', 'https://portswigger.net/research/hidden-oauth-attack-vectors'],
+        ['/users/confirmation', 'onfirmation token', 'Websites using the Devise framework often have a race condition enabling email forgery: https://portswigger.net/research/smashing-the-state-machine'],
     ]