Burp Suite User Forum

Missed RFI

Nicolas | Last updated: Oct 08, 2019 11:18AM UTC

Hi, testing again on zero.webappsecurity.com Burp ( 2.1.04 ) is missing the remote file inclusion at /help.html eg: http://zero.webappsecurity.com/help.html?topic=https://www.google.com

Burp User | Last updated: Oct 08, 2019 11:29AM UTC

Adding more information. After forcing an audit on the specific URL Burp was able to identify the Out of band resource loading that was missed on the initial website crawl and audit scan.

Liam, PortSwigger Agent | Last updated: Oct 08, 2019 02:16PM UTC

Thanks for this report. We've replicated this behavior and created a ticket to investigate further. We'll update this thread when we have something to share. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.