Burp Suite User Forum

Create new post

Burp misses open redirect

Patrick | Last updated: May 18, 2017 06:39PM UTC

Hey, I was testing an application which is listening on HTTP and does a redirect to HTTP/S, without a trailing /. Example HTTP Request: http://[victim]/XYZ Example HTTP Response: HTTP 301 Location: https://[victim]XYZ As the / is missing from the document request, we control the domain name string. There are likely ample of ways to do this, but the most simple would be: http://[victim]/@[attacker]. Thought it would be simple to include if you wished. -Patrick

PortSwigger Agent | Last updated: May 22, 2017 08:01AM UTC

Thanks for this report. We'll investigate and get back to you.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.