Portswigger


reports in last 90 days

5

disclosed resolved issues

5

disclosed informative issues

4

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low Clicking "http://burp" hyperlink on FireFox CA Installation guide redirects to "burp.com" (unclaimed website).

Open Redirect skykn0t Issue was not triaged


Time to close: 1 Days and 11 hours
Informative

Medium DLL Hijacking in Burp Suite Pro 2.0.19 Installer

Privilege Escalation freetom Issue was not triaged


Time to close: 2 Days and 14 hours
Informative

Medium Privilege Escalation by abusing non-existent path. (Windows)

Privilege Escalation 0x09al Issue was not triaged


Time to close: 0 Days and 11 hours
Duplicate

Medium Build fetches jars over HTTP

Man-in-the-Middle jlleitschuh Time to triage: 0 Days and 0 hours


Time to close: 17 Days and 18 hours
Resolved

No rating Browser Self XSS Protection not implemented

Information Disclosure allenaleen Issue was not triaged


Time to close: 0 Days and 12 hours
Not-applicable

None Activat burp suite pro with the old license after transfared to anothe account

Business Logic Errors egyptghost1 Time to triage: 0 Days and 16 hours


Time to close: 2 Days and 20 hours
Not-applicable

Low Leak of Platform Authentication credentials via Repeater

Information Disclosure jupenur Time to triage: 0 Days and 1 hours


Time to close: 159 Days and 0 hours
Resolved

Medium burp does not validate the common name of the presented collaborator server certificate

Man-in-the-Middle morisson Time to triage: 9 Days and 0 hours


Time to close: 51 Days and 4 hours
Resolved

Low Improper Certificate Validation

Improper Certificate Validation da3mon Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

No rating Misconfiguration: Missing Custom Error Page (CWE-12 & CWE-756)

None supplied tarwadahorse Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

Low Email Spoofing

Violation of Secure Design Principles dhamu007 Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable

Low HTTP OPTION Method is Enabled on portswigger.net

Violation of Secure Design Principles wragg-s Issue was not triaged


Time to close: 5 Days and 12 hours
Not-applicable

High JSBeautifier BApp: Race condition leads to memory disclosure

Memory Corruption - Generic jelmer Time to triage: 0 Days and 9 hours


Time to close: 0 Days and 4 hours
Resolved

No rating XSS in IE11 on portswigger.net via Flash

Cross-site Scripting (XSS) - Generic opnsec Time to triage: 0 Days and 12 hours


Time to close: 0 Days and 7 hours
Resolved

Low Order-phishing via Payment ID URL

Cross-Site Request Forgery (CSRF) sp1d3rs Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 0 hours
Informative