diff --git a/README.md b/README.md index bad5c2e..33a8f93 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,9 @@ To invoke these checks, just run a normal active scan. The host header checks tamper with the host header, which may result in requests being routed to different applications on the same host. Exercise caution when running this scanner against applications in a shared hosting environment. #### Changelog: +**1.0.24 20230801** +- Devise (no CVE, refer to [Smashing the State Machine](https://portswigger.net/research/smashing-the-state-machine)) + **1.0.23 20211210** - Log4Shell (CVE-2021-44228) diff --git a/activeScan++.py b/activeScan++.py index 0bbd3d8..d6517ae 100644 --- a/activeScan++.py +++ b/activeScan++.py @@ -31,7 +31,7 @@ except ImportError: print "Failed to load dependencies. This issue may be caused by using the unstable Jython 2.7 beta." -VERSION = "1.0.23" +VERSION = "1.0.24" FAST_MODE = False DEBUG = False callbacks = None @@ -69,7 +69,8 @@ def registerExtenderCallbacks(self, this_callbacks): callbacks.registerScannerCheck(SimpleFuzz()) callbacks.registerScannerCheck(EdgeSideInclude()) if collab_enabled: - callbacks.registerScannerCheck(Log4j()) + # callbacks.registerScannerCheck(Log4j()) + # log4j is disabled because this extension is better: https://github.com/silentsignal/burp-log4shell callbacks.registerScannerCheck(Solr()) callbacks.registerScannerCheck(doStruts_2017_12611_scan()) @@ -102,6 +103,7 @@ def doActiveScan(self, basePair, insertionPoint): ['/.well-known/apple-app-site-association', 'applinks', 'https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html'], ['/.well-known/openid-configuration', '"authorization_endpoint"', 'https://portswigger.net/research/hidden-oauth-attack-vectors'], ['/.well-known/oauth-authorization-server', '"authorization_endpoint"', 'https://portswigger.net/research/hidden-oauth-attack-vectors'], + ['/users/confirmation', 'onfirmation token', 'Websites using the Devise framework often have a race condition enabling email forgery: https://portswigger.net/research/smashing-the-state-machine'], ]