Burp Suite, the leading toolkit for web application security testing

Burp Scanner - Issue Types

The list below shows all of the types of issues that Burp Scanner can report. The "Type ID" column shows the numeric type identifier used in Burp Scanner's XML output.

Issue Name Type ID
OS command injection1048832
SQL injection1049088
ASP.NET tracing enabled1049216
File path traversal1049344
XML external entity injection1049600
LDAP injection1049856
XPath injection1050112
XML injection1050368
ASP.NET debugging enabled1050624
HTTP PUT enabled1050880
Out-of-band resource load (HTTP)1051136
File path manipulation1051392
PHP code injection1051648
Server-side JavaScript code injection1051904
Perl code injection1052160
Ruby code injection1052416
Python code injection1052432
Unidentified code injection1052672
SSI injection1052928
Cross-site scripting (stored)2097408
HTTP response header injection2097664
Cross-site scripting (reflected)2097920
Cross-site scripting (DOM-based)2097936
JavaScript injection (DOM-based)2097952
Path-relative style sheet import2097960
Client-side SQL injection (DOM-based)2097968
WebSocket hijacking (DOM-based)2097984
Local file path manipulation (DOM-based)2098000
Client-side XPath injection (DOM-based)2098016
Client-side JSON injection (DOM-based)2098032
Flash cross-domain policy2098176
Silverlight cross-domain policy2098432
HTML5 cross-origin resource sharing2098688
Cross-site request forgery2098944
Cleartext submission of password3145984
External service interaction (DNS)3146240
External service interaction (HTTP)3146256
Referer-dependent response4194560
X-Forwarded-For dependent response4194576
User agent-dependent response4194592
Password returned in later response4194816
Password field submitted using GET method4195072
Password returned in URL query string4195328
SQL statement in request parameter4195456
Cross-domain POST4195584
ASP.NET ViewState without MAC enabled4195840
XML entity expansion4196096
Long redirection response4196352
Serialized object in HTTP message4196608
Duplicate cookies set4196864
Open redirection5243136
Open redirection (DOM-based)5243152
SSL cookie without secure flag set5243392
Cookie scoped to parent domain5243648
Cross-domain Referer leakage5243904
Cross-domain script include5244160
Cookie without HttpOnly flag set5244416
Session token in URL5244672
Password field with autocomplete enabled5244928
Password value set in cookie5245184
File upload functionality5245312
Frameable response (potential Clickjacking)5245344
Browser cross-site scripting filter disabled5245360
TRACE method is enabled5245440
Cookie manipulation (DOM-based)5245696
Ajax request header manipulation (DOM-based)5245952
Denial of service (DOM-based)5246208
HTML5 web message manipulation (DOM-based)5246464
HTML5 storage manipulation (DOM-based)5246720
Link manipulation (DOM-based)5246976
Document domain manipulation (DOM-based)5247232
DOM data manipulation (DOM-based)5247488
Database connection string disclosed6291584
Source code disclosure6291632
Directory listing6291712
Email addresses disclosed6291968
Private IP addresses disclosed6292224
Social security numbers disclosed6292480
Credit card numbers disclosed6292736
Private key disclosed6292816
Robots.txt file6292992
Cacheable HTTPS response7340288
Base64-encoded data in parameter7340544
Multiple content types specified8388864
HTML does not specify charset8389120
HTML uses unrecognized charset8389376
Content type incorrectly stated8389632
Content type is not specified8389888
SSL certificate16777472
Extension generated134217728

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Friday, February 12, 2016


This release gives the Scanner the capability to report all instances where user input is returned in application responses, both reflected and stored. The information gathered is primarily of use to manual security testers. Some applications contain numerous instances of input retrieval, since it is very common for the entire URL to be reflected within responses. For these reasons, the new Scanner checks are off by default, but can be turned on in the Scanner options.

See all release notes ›

Copyright © 2016 PortSwigger Ltd. All rights reserved.