Skip to content

added 2 BChecks - CVE-2025-30208_Vite_dev_server and CONNECT_port_scan #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
josh-psw merged 4 commits into from
Apr 25, 2025
Merged

added 2 BChecks - CVE-2025-30208_Vite_dev_server and CONNECT_port_scan #248

josh-psw merged 4 commits into from
Apr 25, 2025

Conversation

@Hipapheralkus
Copy link
Contributor

@Hipapheralkus Hipapheralkus commented Apr 15, 2025

BCheck Contributions

  • BCheck compiles and executes as expected
  • BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
  • Only .bcheck files have been added or modified
  • BCheck is in the appropriate folder
  • PR contains single or limited number of BChecks (Multiple PRs are preferred)
  • BCheck attempts to minimize false positives

PortSwiggerWiener
PortSwiggerWiener reviewed Apr 20, 2025
View reviewed changes
Copy link
Collaborator

@PortSwiggerWiener PortSwiggerWiener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for your submissions!

The CONNECT BCheck looks really interesting.

With respect to the Vite fs disclosure bcheck, would it make sense to send check2 before checking for the 403? You could then check for the base directory reveal in the responses from either check1 or check2.

@Hipapheralkus
Copy link
Contributor Author

Hipapheralkus commented Apr 23, 2025

We've added 403 check for Windows as it was missing. But to your question -> since payloads are different for Windows and Linux, we are sending Linux first and Windows checks later. Or maybe we've misunderstood about how more efficiently it could be done:)

@PortSwiggerWiener
Copy link
Collaborator

PortSwiggerWiener commented Apr 23, 2025

Thanks for the update. Your change looks good. I agree that you need to send separate payloads for Windows and Linux. I was thinking:

  1. send check1
  2. check response for "root:x:0:0"
  3. send check2
  4. check response for "[fonts]"
  5. check check1 and check2 for 403 and "vite serving allow list"

As long as a Window machine won't return the 403 response then our approaches are equivalent.

@Hipapheralkus
Copy link
Contributor Author

Hipapheralkus commented Apr 25, 2025

thank you, is this better? :)

PortSwiggerWiener
PortSwiggerWiener approved these changes Apr 25, 2025
View reviewed changes
Copy link
Collaborator

@PortSwiggerWiener PortSwiggerWiener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again for your PR and patience during the review process.

Looks good 👍

@josh-psw josh-psw merged commit 3225a29 into PortSwigger:main Apr 25, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PortSwiggerWiener PortSwiggerWiener PortSwiggerWiener approved these changes

@josh-psw josh-psw josh-psw approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Hipapheralkus @PortSwiggerWiener @josh-psw