BCheck: CVE-2021-20323 is not detecting fixed versions #208

GanbaruTobi · 2024-05-14T08:57:40Z

Current behavior

The check says that keycloak is vulnerable

Expected behavior

No warning for fixed versions

Motivation for change

Its not working as expected

Environment details

Burp version: 2024.4.2
BCheck language version:
Operating System: Linux

Additional details

The response contains an escaped xss payload instead of an unescaped:
...Unrecognized field \"<img src=x onerror=\"alert('Bo0oq')\"/>\ ...

But it would need to look like here: https://medium.com/@raia39499/how-i-exploit-cve-2021-20323-33d2f8d6826c

The text was updated successfully, but these errors were encountered:

Hannah-PortSwigger · 2024-05-14T15:21:28Z

Hi

Just to check, is the issue related to this BCheck: https://github.com/PortSwigger/BChecks/blob/main/vulnerabilities-CVEd/CVE-2021-20323%20keycloak%20xss.bcheck

If you have any improvements to make, we'd love to see a pull request!

GanbaruTobi added the bug Something isn't working label May 14, 2024

Hannah-PortSwigger added good first issue Good for newcomers template Issue in BCheck template and removed bug Something isn't working labels May 14, 2024

PortSwiggerWiener added the bug Something isn't working label Aug 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BCheck: CVE-2021-20323 is not detecting fixed versions #208

BCheck: CVE-2021-20323 is not detecting fixed versions #208

GanbaruTobi commented May 14, 2024 •

edited

Loading

Hannah-PortSwigger commented May 14, 2024

BCheck: CVE-2021-20323 is not detecting fixed versions #208

BCheck: CVE-2021-20323 is not detecting fixed versions #208

Comments

GanbaruTobi commented May 14, 2024 • edited Loading

Current behavior

Expected behavior

Motivation for change

Environment details

Additional details

Hannah-PortSwigger commented May 14, 2024

GanbaruTobi commented May 14, 2024 •

edited

Loading