Burp community forum

"Open redirection" issues share duplicite information with "Cross-domain Referer leakage"

Andrej | Last updated: Aug 21, 2015 08:42AM UTC

After running Burp Active scan, I observed few Open redirection issues. However, when I check Cross-domain Referer leakage issues, there are many reported which I don't think should be there as they were caused by an Open redirection during active scan, for example: https://a40656bd271/a? https://a70b9fe5e59/a? https://a9662d67c39/a? https://aa0a4afcf8c/a? I'm not sure if it was like this up until now too, or it is a newly introduced bug/feature.

PortSwigger Agent | Last updated: Aug 24, 2015 02:16PM UTC

It looks like some of Burp's payloads are being stored by the application and being placed into links within later responses - is that right? If so, then the cross-domain referer leakage issue is perfectly valid. An attacker can use the application's behavior to inject persistent links to a domain that they control, and then capture the Referer header from the resulting requests.

You need to Log in to post a reply. Or register here, for free.