![]() To make sharing these proof-of-concept exploits with other people easier, we have a Copy as curl command feature which generates a curl command that replicates a request inside Burp Suite.įor example, given the following request: POST / HTTP/1.1Ĭontent-Type: application/x-www-form-urlencoded This vulnerability was privately reported to our bug bounty program by Paul Mutton, and he's kindly agreed to let us publish this writeup.īurp Suite users often craft complex HTTP requests to demonstrate vulnerabilities in websites. We patched Burp Suite a while back, but suspect the technique might be useful to exploit other applications that have a 'copy as curl' feature, or invoke curl from the command line. ![]() In this post, we'll explore a little-known feature in curl that led to a local-file disclosure vulnerability in both Burp Suite Pro, and Google Chrome.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |