Burp Suite User Forum

Login to post

Bug in "CORS vulnerability with internal network pivot attack"?

KingCrab | Last updated: May 28, 2022 12:25PM UTC

Login form on the lab (/login endpoint) returns 500 error during logging attempt from main page (but looks like /login works from victim's browser). For me it looks a bit of insane to find Blind XSS in non-working login form.

Michelle, PortSwigger Agent | Last updated: May 31, 2022 09:12AM UTC

Thanks for your message and for taking the time to report this. We've passed these details on to the team so they can take a closer look.

You need to Log in to post a reply. Or register here, for free.