Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

identify_only reports will report first matching #75

Open
liquidsec opened this issue Jun 25, 2023 · 2 comments
Open

identify_only reports will report first matching #75

liquidsec opened this issue Jun 25, 2023 · 2 comments
Assignees
@liquidsec
Labels
bug Something isn't working

Comments

@liquidsec
Copy link
Collaborator

We need to report as a list since there could be multiple matches

{"description": "Cryptographic Product identified. Product Type: [Java Server Faces Viewstate] Product: [Ly8gp+FZKt9XsaxT5gZu41DDxO74k029z88gNBOru2jXW0g1Og+RUPdf2d8hGNTiofkD1VvmQTZAfeV+5qijOoD+SPzw6K72Y1H0sxfx5mFcfFtmqX7iN6Gq0fwLM+9PKQz88f+e7KImJqG1cz5KYhcrgT87c5Ayl03wEHvWwktTq9TcBJc4f1VnNHXVZgALGqQuETU8hYwZ1VilDmQ7J4pZbv+pvPUvzk+/e2oNeybso6TXqUrbT2Mz3k7yfe92q3pRjdxRlGxmkO9bPqNOtETlLPE5dDiZYo1U9gr8BBD=] Detecting Module: [Jsf_viewstate]",

(from bbot scan)
@liquidsec liquidsec added the bug Something isn't working label Jun 25, 2023
@liquidsec liquidsec self-assigned this Jun 25, 2023
@liquidsec
Copy link
Collaborator Author

This is also preventing actual vulnerabilities from being detected if another module has an identify_only hit first.

This is now a high priority bug

@liquidsec
Copy link
Collaborator Author

This should already be fixed, however a test needs to be written specifically to confirm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@liquidsec liquidsec

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@liquidsec