login

Burp Suite, the leading toolkit for web application security testing

Burp Scanner - Issue Types

The list below shows all of the types of issues that Burp Scanner can report. The "Type ID" column shows the numeric type identifier used in Burp Scanner's XML output.

Issue Name Type ID
OS command injection1048832
SQL injection1049088
ASP.NET tracing enabled1049216
File path traversal1049344
XML external entity injection1049600
LDAP injection1049856
XPath injection1050112
XML injection1050368
ASP.NET debugging enabled1050624
HTTP PUT enabled1050880
Remote file inclusion1051136
Cross-site scripting (stored)2097408
HTTP response header injection2097664
Cross-site scripting (reflected)2097920
Cross-site scripting (DOM-based)2097936
JavaScript injection (DOM-based)2097952
Client-side SQL injection (DOM-based)2097968
WebSocket hijacking (DOM-based)2097984
Local file path manipulation (DOM-based)2098000
Flash cross-domain policy2098176
Silverlight cross-domain policy2098432
HTML5 cross-origin resource sharing2098688
Cross domain manipulation (DOM-based)2098944
Cleartext submission of password3145984
Referer-dependent response4194560
X-Forwarded-For dependent response4194576
User agent-dependent response4194592
Password returned in later response4194816
Password field submitted using GET method       4195072
Password returned in URL query string4195328
SQL statement in request parameter4195456
Cross-domain POST4195584
ASP.NET ViewState without MAC enabled4195840
XML entity expansion4196096
Long redirection response4196352
Open redirection5243136
Open redirection (DOM-based)5243152
SSL cookie without secure flag set5243392
Cookie scoped to parent domain5243648
Cross-domain Referer leakage5243904
Cross-domain script include5244160
Cookie without HttpOnly flag set5244416
Session token in URL5244672
Password field with autocomplete enabled5244928
Password value set in cookie5245184
File upload functionality5245312
Frameable response (potential Clickjacking)5245344
Browser cross-site scripting filter disabled5245360
TRACE method is enabled5245440
Cookie manipulation (DOM-based)5245696
Ajax request header manipulation (DOM-based)5245952
Denial of service (DOM-based)5246208
HTML5 web message manipulation (DOM-based)5246464
HTML5 storage manipulation (DOM-based)5246720
Database connection string disclosed6291584
Source code disclosure6291632
Directory listing6291712
Email addresses disclosed6291968
Private IP addresses disclosed6292224
Social security numbers disclosed6292480
Credit card numbers disclosed6292736
Robots.txt file6292992
Cacheable HTTPS response7340288
Base64-encoded data in parameter7340544
Multiple content types specified8388864
HTML does not specify charset8389120
HTML uses unrecognized charset8389376
Content type incorrectly stated8389632
Content type is not specified8389888
SSL certificate16777472
Extension-generated issue134217728

User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Tuesday, August 19, 2014

1.6.05

This release fixes a UI bug affecting a small number of users who are running Burp on Java 1.6.

See all release notes ›

Copyright © 2014 PortSwigger Ltd. All rights reserved.