| _id | url | tool | result | timestamp |
|---|---|---|---|---|
69e3d8166634e3f9dd7fe59d
|
burp
|
*** LARGE PROPERTY ***
~501 KB Preview:{"metadata":{"issue_count Click to fetch this property |
Sat Apr 18 2026 19:14:30 GMT+0000 (Coordinated Universal Time)
|
|
69e7c88f59a6632dae07de0a
|
burp
|
*** LARGE PROPERTY ***
~631 KB Preview:{"metadata":{"issue_count Click to fetch this property |
Tue Apr 21 2026 18:57:19 GMT+0000 (Coordinated Universal Time)
|
|
69e8be9159a6632dae07de0c
|
burp
|
*** LARGE PROPERTY ***
~1.06 MB Preview:{"metadata":{"issue_count Click to fetch this property |
Wed Apr 22 2026 12:26:57 GMT+0000 (Coordinated Universal Time)
|
|
69e94ca059a6632dae07de11
|
burp
|
*** LARGE PROPERTY ***
~31.8 MB Preview:{"metadata":{"issue_count Click to fetch this property |
Wed Apr 22 2026 22:33:07 GMT+0000 (Coordinated Universal Time)
|
|
69eaad0a59a6632dae07de2f
|
burp
|
{
"metadata": {
"issue_counts": {
"Information": {
"Certain": 7,
"Firm": 0,
"Tentative": 0,
"Total": 7
},
"False Positive": {
"Certain": 0,
"Firm": 0,
"Tentative": 0,
"Total": 0
},
"High": {},
"Medium": {
"Certain": 0,
"Firm": 0,
"Tentative": 0,
"Total": 0
},
"Low": {
"Certain": 2,
"Firm": 0,
"Tentative": 0,
"Total": 2
}
},
"report_generated": "Report generated by Burp Suiteweb vulnerability scannerv2026.3.3, at Fri Apr 24 05:06:00 IST 2026.",
"scan_id": ""
},
"vulnerabilities": [
{
"title": "Strict transport security not enforced",
"raw_title": "1. Strict transport security not enforced",
"anchor_id": "1",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/01000300_stricttransportsecuritynotenforced",
"summary": {},
"details": {
"Issue description": "The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against its users. This attack is performed by rewriting HTTPS links as HTTP, so that if a targeted user follows a link to the site from an HTTP page, their browser never attempts to use an encrypted connection. The sslstrip tool automates this process. \n\nTo exploit this vulnerability, an attacker must be suitably positioned to intercept and modify the victim's network traffic.This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.",
"Issue remediation": "The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.\n\nNote that because HSTS is a \"trust on first use\" (TOFU) protocol, a user who has never accessed the application will never have seen the HSTS header, and will therefore still be vulnerable to SSL stripping attacks. To mitigate this risk, you can optionally add the 'preload' flag to the HSTS header, and submit the domain for review by browser vendors.",
"References": [
{
"text": "HTTP Strict Transport Security",
"href": "https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security"
},
{
"text": "sslstrip",
"href": "https://github.com/moxie0/sslstrip"
},
{
"text": "HSTS Preload Form",
"href": "https://hstspreload.appspot.com/"
}
],
"Vulnerability classifications": [
{
"text": "CWE-523: Unprotected Transport of Credentials",
"href": "https://cwe.mitre.org/data/definitions/523.html"
},
{
"text": "CAPEC-94: Man in the Middle Attack",
"href": "https://capec.mitre.org/data/definitions/94.html"
},
{
"text": "CAPEC-157: Sniffing Attacks",
"href": "https://capec.mitre.org/data/definitions/157.html"
}
]
},
"evidence": [],
"instances": [
{
"anchor_id": "1.1",
"url": "https://bun.com/",
"summary": {
"Severity": "Low",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/"
},
"details": {},
"evidence": []
},
{
"anchor_id": "1.2",
"url": "https://bun.com/robots.txt",
"summary": {
"Severity": "Low",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/robots.txt"
},
"details": {},
"evidence": []
}
]
},
{
"title": "Cross-origin resource sharing",
"raw_title": "2. Cross-origin resource sharing",
"anchor_id": "2",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/00200600_crossoriginresourcesharing",
"summary": {},
"details": {
"Issue background": "An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.\nIf another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially retrieve content from the application, and sometimes carry out actions within the security context of the logged in user.\n\nEven if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by an attacker to exploit the trust relationship and attack the application that allows access. CORS policies on pages containing sensitive information should be reviewed to determine whether it is appropriate for the application to trust both the intentions and security posture of any domains granted access.",
"Issue remediation": "Any inappropriate domains should be removed from the CORS policy.",
"References": [
{
"text": "Web Security Academy: Cross-origin resource sharing (CORS)",
"href": "https://portswigger.net/web-security/cors"
},
{
"text": "Exploiting CORS Misconfigurations",
"href": "https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties"
}
],
"Vulnerability classifications": [
{
"text": "CWE-942: Overly Permissive Cross-domain Whitelist",
"href": "https://cwe.mitre.org/data/definitions/942.html"
}
]
},
"evidence": [],
"instances": [
{
"anchor_id": "2.1",
"url": "https://bun.com/",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nIf the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.2",
"url": "https://bun.com/robots.txt",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/robots.txt"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nIf the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
}
]
},
{
"title": "Cross-origin resource sharing: arbitrary origin trusted",
"raw_title": "3. Cross-origin resource sharing: arbitrary origin trusted",
"anchor_id": "3",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/00200601_crossoriginresourcesharingarbitraryorigintrusted",
"summary": {},
"details": {
"Issue background": "An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.\n\nTrusting arbitrary origins effectively disables the same-origin policy, allowing two-way interaction by third-party web sites. Unless the response consists only of unprotected public content, this policy is likely to present a security risk.\n\nIf the site specifies the header Access-Control-Allow-Credentials: true, third-party sites may be able to carry out privileged actions and retrieve sensitive information. Even if it does not, attackers may be able to bypass any IP-based access controls by proxying through users' browsers.",
"Issue remediation": "Rather than using a wildcard or programmatically verifying supplied origins, use a whitelist of trusted domains.",
"References": [
{
"text": "Web Security Academy: Cross-origin resource sharing (CORS)",
"href": "https://portswigger.net/web-security/cors"
},
{
"text": "Exploiting CORS Misconfigurations",
"href": "https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties"
}
],
"Vulnerability classifications": [
{
"text": "CWE-942: Overly Permissive Cross-domain Whitelist",
"href": "https://cwe.mitre.org/data/definitions/942.html"
}
]
},
"evidence": [],
"instances": [
{
"anchor_id": "3.1",
"url": "https://bun.com/",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.\nThe application allowed access from the requested origin \nhttps://nspotalngaxb.com\nIf the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "3.2",
"url": "https://bun.com/robots.txt",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/robots.txt"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.\nThe application allowed access from the requested origin \nhttps://islgzxzgjehx.com\nIf the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
}
]
},
{
"title": "Robots.txt file",
"raw_title": "4. Robots.txt file",
"anchor_id": "4",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/00600600_robotsdottxtfile",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/robots.txt"
},
"details": {
"Issue detail": "The web server contains a robots.txt file.",
"Issue background": "The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site that robots are allowed, or not allowed, to crawl and index.\n\nThe presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.",
"Issue remediation": "The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honor the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorized access.",
"Vulnerability classifications": [
{
"text": "CWE-200: Information Exposure",
"href": "https://cwe.mitre.org/data/definitions/200.html"
}
]
},
"evidence": [],
"instances": []
},
{
"title": "TLS certificate",
"raw_title": "5. TLS certificate",
"anchor_id": "5",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/01000100_tlscertificate",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/"
},
"details": {
"Issue detail": "The server presented a valid, trusted TLS certificate. This issue is purely informational.\nThe server presented the following certificates:\nServer certificate\nIssued to:\n \nbun.com, *.bun.com\nIssued by:\n \nWE1\nValid from:\n \nSun Mar 01 07:18:33 IST 2026\nValid to:\n \nSat May 30 08:18:27 IST 2026\nCertificate chain #1\nIssued to:\n \nWE1\nIssued by:\n \nGTS Root R4\nValid from:\n \nWed Dec 13 14:30:00 IST 2023\nValid to:\n \nTue Feb 20 19:30:00 IST 2029\nCertificate chain #2\nIssued to:\n \nGTS Root R4\nIssued by:\n \nGlobalSign Root CA\nValid from:\n \nWed Nov 15 09:13:21 IST 2023\nValid to:\n \nFri Jan 28 05:30:42 IST 2028\nCertificate chain #3\nIssued to:\n \nGlobalSign Root CA\nIssued by:\n \nGlobalSign Root CA\nValid from:\n \nTue Sep 01 17:30:00 IST 1998\nValid to:\n \nFri Jan 28 17:30:00 IST 2028",
"Issue background": "TLS (or SSL) helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an TLS certificate that is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, TLS connections to the server will not provide the full protection for which TLS is designed.\n\nIt should be noted that various attacks exist against TLS in general, and in the context of HTTPS web connections in particular. It may be possible for a determined and suitably-positioned attacker to compromise TLS connections without user detection even when a valid TLS certificate is used.",
"References": [
{
"text": "SSL/TLS Configuration Guide",
"href": "https://wiki.mozilla.org/Security/Server_Side_TLS"
}
],
"Vulnerability classifications": [
{
"text": "CWE-295: Improper Certificate Validation",
"href": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"text": "CWE-326: Inadequate Encryption Strength",
"href": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"text": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"href": "https://cwe.mitre.org/data/definitions/327.html"
}
]
},
"evidence": [],
"instances": []
},
{
"title": "Hidden HTTP 2",
"raw_title": "6. Hidden HTTP 2",
"anchor_id": "6",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/01000500_hiddenhttp2",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://bun.com",
"Path": "/"
},
"details": {
"Issue detail": "The server did not list \nh2\n in the ALPN field during the TLS handshake. However, when a HTTP/2 request was sent over the TLS connection, a HTTP/2 response was received. This indicates that the server does support HTTP/2, despite not advertising it.",
"Issue background": "Clients that support HTTP/2 typically default to HTTP/1.1, and only use HTTP/2 if the server advertises support for it via the ALPN field during the TLS handshake.\n\n Some misconfigured servers that do support HTTP/2 fail to advertise this, making it appear as though they only support HTTP/1.1. This can lead to people overlooking viable HTTP/2 attack surface and missing associated vulnerabilities, such as HTTP/2 downgrade-based request smuggling.",
"Issue remediation": "If you want to use HTTP/2, make sure the server is configured to advertise it correctly. Otherwise, consider fully disabling it server-side to reduce unnecessary attack surface.",
"References": [
{
"text": "HTTP/2: The Sequel is Always Worse",
"href": "https://portswigger.net/research/http2"
}
],
"Vulnerability classifications": [
{
"text": "CWE-912: Hidden Functionality",
"href": "https://cwe.mitre.org/data/definitions/912.html"
}
]
},
"evidence": [],
"instances": []
}
]
}
|
Thu Apr 23 2026 23:36:44 GMT+0000 (Coordinated Universal Time)
|
|
69ec143a59a6632dae07de30
|
burp
|
*** LARGE PROPERTY ***
~508 KB Preview:{"metadata":{"issue_count Click to fetch this property |
Sat Apr 25 2026 01:09:18 GMT+0000 (Coordinated Universal Time)
|
|
69ee149f59a6632dae07de65
|
burp
|
{
"metadata": {
"issue_counts": {
"High": {},
"Information": {
"Certain": 23,
"Firm": 0,
"Tentative": 0,
"Total": 23
},
"Low": {
"Certain": 0,
"Firm": 0,
"Tentative": 0,
"Total": 0
},
"Medium": {
"Certain": 0,
"Firm": 0,
"Tentative": 0,
"Total": 0
},
"False Positive": {
"Certain": 0,
"Firm": 0,
"Tentative": 0,
"Total": 0
}
},
"report_generated": "Report generated by Burp Suiteweb vulnerability scannerv2026.3.3, at Sun Apr 26 19:04:48 IST 2026.",
"scan_id": ""
},
"vulnerabilities": [
{
"title": "Content security policy: allows untrusted style execution",
"raw_title": "1. Content security policy: allows untrusted style execution",
"anchor_id": "1",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/00200505_contentsecuritypolicyallowsuntrustedstyleexecution",
"summary": {},
"details": {
"Issue background": "Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting attacks by disabling dangerous behaviours such as untrusted JavaScript execution.\n Websites can specify their security policy in a response header or meta tag, enabling fine-grained control over dangerous features like scripts and stylesheets.",
"Issue remediation": "Mitigate style-based data exfiltration by avoiding 'unsafe-inline', data: URLs, and global wildcards in style directives.\n Use a secure, random nonce of at least 8 characters 'nonce-RANDOM' in the relevant directive.",
"References": [
{
"text": "Web Security Academy: What is CSP?",
"href": "https://portswigger.net/web-security/cross-site-scripting/content-security-policy"
},
{
"text": "PortSwigger Research: Blind CSS exfiltration",
"href": "https://portswigger.net/research/blind-css-exfiltration"
},
{
"text": "PortSwigger Research: Offensive CSS research",
"href": "https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities#badcss"
},
{
"text": "Content Security Policy (CSP)",
"href": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
}
],
"Vulnerability classifications": [
{
"text": "CWE-116: Improper Encoding or Escaping of Output",
"href": "https://cwe.mitre.org/data/definitions/116.html"
},
{
"text": "CWE-159: Failure to Sanitize Special Element",
"href": "https://cwe.mitre.org/data/definitions/159.html"
},
{
"text": "CAPEC-468: Generic Cross-Browser Cross-Domain Theft",
"href": "https://capec.mitre.org/data/definitions/468.html"
}
]
},
"evidence": [],
"instances": [
{
"anchor_id": "1.1",
"url": "https://mypngd.in/",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/"
},
"details": {
"Issue detail": "The content security policy fails to prevent untrusted style execution. As a result, it may fail to mitigate style based data exfiltration.\nThe policy allows global wildcard URLs which allows arbitrary styles to be executed.\nThe policy allows data: URLs which allows arbitrary styles to be executed."
},
"evidence": []
},
{
"anchor_id": "1.2",
"url": "https://mypngd.in/api`,lr=e=",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/api`,lr=e="
},
"details": {
"Issue detail": "The content security policy fails to prevent untrusted style execution. As a result, it may fail to mitigate style based data exfiltration.\nThe policy allows global wildcard URLs which allows arbitrary styles to be executed.\nThe policy allows data: URLs which allows arbitrary styles to be executed."
},
"evidence": []
},
{
"anchor_id": "1.3",
"url": "https://mypngd.in/robots.txt",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/robots.txt"
},
"details": {
"Issue detail": "The content security policy fails to prevent untrusted style execution. As a result, it may fail to mitigate style based data exfiltration.\nThe policy allows global wildcard URLs which allows arbitrary styles to be executed.\nThe policy allows data: URLs which allows arbitrary styles to be executed."
},
"evidence": []
}
]
},
{
"title": "Cross-origin resource sharing",
"raw_title": "2. Cross-origin resource sharing",
"anchor_id": "2",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/00200600_crossoriginresourcesharing",
"summary": {},
"details": {
"Issue background": "An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.\nIf another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially retrieve content from the application, and sometimes carry out actions within the security context of the logged in user.\n\nEven if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by an attacker to exploit the trust relationship and attack the application that allows access. CORS policies on pages containing sensitive information should be reviewed to determine whether it is appropriate for the application to trust both the intentions and security posture of any domains granted access.",
"Issue remediation": "Any inappropriate domains should be removed from the CORS policy.",
"References": [
{
"text": "Web Security Academy: Cross-origin resource sharing (CORS)",
"href": "https://portswigger.net/web-security/cors"
},
{
"text": "Exploiting CORS Misconfigurations",
"href": "https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties"
}
],
"Vulnerability classifications": [
{
"text": "CWE-942: Overly Permissive Cross-domain Whitelist",
"href": "https://cwe.mitre.org/data/definitions/942.html"
}
]
},
"evidence": [],
"instances": [
{
"anchor_id": "2.1",
"url": "https://mypngd.in/",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.2",
"url": "https://mypngd.in/api/hall-of-fame",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/api/hall-of-fame"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nIf the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.3",
"url": "https://mypngd.in/api`,lr=e=",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/api`,lr=e="
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.4",
"url": "https://mypngd.in/assets/BPCL%20logo-aHv5sfBQ.jpeg",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/assets/BPCL%20logo-aHv5sfBQ.jpeg"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nThe content type header indicates that the response is not likely to contain sensitive in-session data.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.5",
"url": "https://mypngd.in/assets/HP%20Logo-Bq15FQ4a.png",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/assets/HP%20Logo-Bq15FQ4a.png"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nThe content type header indicates that the response is not likely to contain sensitive in-session data.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.6",
"url": "https://mypngd.in/assets/Hall%20of%20fame-CWTjvyKs.png",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/assets/Hall%20of%20fame-CWTjvyKs.png"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nThe content type header indicates that the response is not likely to contain sensitive in-session data.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.7",
"url": "https://mypngd.in/assets/IndianOil%20Logo-Drld7FzW.png",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/assets/IndianOil%20Logo-Drld7FzW.png"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nThe content type header indicates that the response is not likely to contain sensitive in-session data.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.8",
"url": "https://mypngd.in/assets/emblem-DLJXVKkH.png",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/assets/emblem-DLJXVKkH.png"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nThe content type header indicates that the response is not likely to contain sensitive in-session data.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.9",
"url": "https://mypngd.in/assets/hero-banner-CPiemxX_.jpg",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/assets/hero-banner-CPiemxX_.jpg"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nThe content type header indicates that the response is not likely to contain sensitive in-session data.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.10",
"url": "https://mypngd.in/assets/index-C_jT4fyw.js",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/assets/index-C_jT4fyw.js"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.11",
"url": "https://mypngd.in/assets/index-hinGR8AJ.css",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/assets/index-hinGR8AJ.css"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nThe content type header indicates that the response is not likely to contain sensitive in-session data.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.12",
"url": "https://mypngd.in/favicon.svg",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/favicon.svg"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nThe content type header indicates that the response is not likely to contain sensitive in-session data.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
},
{
"anchor_id": "2.13",
"url": "https://mypngd.in/robots.txt",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/robots.txt"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks."
},
"evidence": []
}
]
},
{
"title": "Cross-origin resource sharing: arbitrary origin trusted",
"raw_title": "3. Cross-origin resource sharing: arbitrary origin trusted",
"anchor_id": "3",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/00200601_crossoriginresourcesharingarbitraryorigintrusted",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/api/hall-of-fame"
},
"details": {
"Issue detail": "The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.\nThe application allowed access from the requested origin \nhttps://vuusborribio.com\nIf the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.\nSince the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.",
"Issue background": "An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.\n\nTrusting arbitrary origins effectively disables the same-origin policy, allowing two-way interaction by third-party web sites. Unless the response consists only of unprotected public content, this policy is likely to present a security risk.\n\nIf the site specifies the header Access-Control-Allow-Credentials: true, third-party sites may be able to carry out privileged actions and retrieve sensitive information. Even if it does not, attackers may be able to bypass any IP-based access controls by proxying through users' browsers.",
"Issue remediation": "Rather than using a wildcard or programmatically verifying supplied origins, use a whitelist of trusted domains.",
"References": [
{
"text": "Web Security Academy: Cross-origin resource sharing (CORS)",
"href": "https://portswigger.net/web-security/cors"
},
{
"text": "Exploiting CORS Misconfigurations",
"href": "https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties"
}
],
"Vulnerability classifications": [
{
"text": "CWE-942: Overly Permissive Cross-domain Whitelist",
"href": "https://cwe.mitre.org/data/definitions/942.html"
}
]
},
"evidence": [],
"instances": []
},
{
"title": "Cacheable HTTPS response",
"raw_title": "4. Cacheable HTTPS response",
"anchor_id": "4",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/00700100_cacheablehttpsresponse",
"summary": {},
"details": {
"Issue description": "Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.",
"Issue remediation": {
"text": "Applications should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:",
"items": [
"Cache-control: no-store",
"Pragma: no-cache"
]
},
"References": [
{
"text": "Web Security Academy: Information disclosure",
"href": "https://portswigger.net/web-security/information-disclosure"
}
],
"Vulnerability classifications": [
{
"text": "CWE-524: Information Exposure Through Caching",
"href": "https://cwe.mitre.org/data/definitions/524.html"
},
{
"text": "CWE-525: Information Exposure Through Browser Caching",
"href": "https://cwe.mitre.org/data/definitions/525.html"
},
{
"text": "CAPEC-37: Retrieve Embedded Sensitive Data",
"href": "https://capec.mitre.org/data/definitions/37.html"
}
]
},
"evidence": [],
"instances": [
{
"anchor_id": "4.1",
"url": "https://mypngd.in/",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/"
},
"details": {},
"evidence": []
},
{
"anchor_id": "4.2",
"url": "https://mypngd.in/api`,lr=e=",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/api`,lr=e="
},
"details": {},
"evidence": []
},
{
"anchor_id": "4.3",
"url": "https://mypngd.in/favicon.svg",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/favicon.svg"
},
"details": {},
"evidence": []
},
{
"anchor_id": "4.4",
"url": "https://mypngd.in/robots.txt",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/robots.txt"
},
"details": {},
"evidence": []
}
]
},
{
"title": "TLS certificate",
"raw_title": "5. TLS certificate",
"anchor_id": "5",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/01000100_tlscertificate",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/"
},
"details": {
"Issue detail": "The server presented a valid, trusted TLS certificate. This issue is purely informational.\nThe server presented the following certificates:\nServer certificate\nIssued to:\n \nmypngd.in, dev.mypngd.in, qa.mypngd.in, uat.mypngd.in\nIssued by:\n \nGlobalSign RSA OV SSL CA 2018\nValid from:\n \nThu Mar 19 12:21:14 IST 2026\nValid to:\n \nSun Oct 04 12:21:14 IST 2026\nCertificate chain #1\nIssued to:\n \nGlobalSign RSA OV SSL CA 2018\nIssued by:\n \nGlobalSign\nValid from:\n \nWed Nov 21 05:30:00 IST 2018\nValid to:\n \nTue Nov 21 05:30:00 IST 2028\nCertificate chain #2\nIssued to:\n \nGlobalSign\nIssued by:\n \nGlobalSign\nValid from:\n \nWed Mar 18 15:30:00 IST 2009\nValid to:\n \nSun Mar 18 15:30:00 IST 2029\nCertificate chain #3\nIssued to:\n \nGlobalSign\nIssued by:\n \nGlobalSign\nValid from:\n \nWed Mar 18 15:30:00 IST 2009\nValid to:\n \nSun Mar 18 15:30:00 IST 2029",
"Issue background": "TLS (or SSL) helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an TLS certificate that is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, TLS connections to the server will not provide the full protection for which TLS is designed.\n\nIt should be noted that various attacks exist against TLS in general, and in the context of HTTPS web connections in particular. It may be possible for a determined and suitably-positioned attacker to compromise TLS connections without user detection even when a valid TLS certificate is used.",
"References": [
{
"text": "SSL/TLS Configuration Guide",
"href": "https://wiki.mozilla.org/Security/Server_Side_TLS"
}
],
"Vulnerability classifications": [
{
"text": "CWE-295: Improper Certificate Validation",
"href": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"text": "CWE-326: Inadequate Encryption Strength",
"href": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"text": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"href": "https://cwe.mitre.org/data/definitions/327.html"
}
]
},
"evidence": [],
"instances": []
},
{
"title": "Hidden HTTP 2",
"raw_title": "6. Hidden HTTP 2",
"anchor_id": "6",
"reference_url": "https://portswigger.net/knowledgebase/issues/details/01000500_hiddenhttp2",
"summary": {
"Severity": "Information",
"Confidence": "Certain",
"Host": "https://mypngd.in",
"Path": "/"
},
"details": {
"Issue detail": "The server did not list \nh2\n in the ALPN field during the TLS handshake. However, when a HTTP/2 request was sent over the TLS connection, a HTTP/2 response was received. This indicates that the server does support HTTP/2, despite not advertising it.",
"Issue background": "Clients that support HTTP/2 typically default to HTTP/1.1, and only use HTTP/2 if the server advertises support for it via the ALPN field during the TLS handshake.\n\n Some misconfigured servers that do support HTTP/2 fail to advertise this, making it appear as though they only support HTTP/1.1. This can lead to people overlooking viable HTTP/2 attack surface and missing associated vulnerabilities, such as HTTP/2 downgrade-based request smuggling.",
"Issue remediation": "If you want to use HTTP/2, make sure the server is configured to advertise it correctly. Otherwise, consider fully disabling it server-side to reduce unnecessary attack surface.",
"References": [
{
"text": "HTTP/2: The Sequel is Always Worse",
"href": "https://portswigger.net/research/http2"
}
],
"Vulnerability classifications": [
{
"text": "CWE-912: Hidden Functionality",
"href": "https://cwe.mitre.org/data/definitions/912.html"
}
]
},
"evidence": [],
"instances": []
}
]
}
|
Sun Apr 26 2026 13:35:32 GMT+0000 (Coordinated Universal Time)
|
|
69f1421659a6632dae07de77
|
burp
|
*** LARGE PROPERTY ***
~1.73 MB Preview:{"metadata":{"issue_count Click to fetch this property |
Tue Apr 28 2026 23:26:14 GMT+0000 (Coordinated Universal Time)
|
|
69f1421759a6632dae07de78
|
burp
|
*** LARGE PROPERTY ***
~1.73 MB Preview:{"metadata":{"issue_count Click to fetch this property |
Tue Apr 28 2026 23:26:15 GMT+0000 (Coordinated Universal Time)
|
|
69f30fd859a6632dae07de93
|
burp
|
*** LARGE PROPERTY ***
~868 KB Preview:{"metadata":{"issue_count Click to fetch this property |
Thu Apr 30 2026 08:16:30 GMT+0000 (Coordinated Universal Time)
|
| Documents | 25 |
| Total doc size | 40.9 MB |
| Average doc size | 1.64 MB |
| Pre-allocated size | 11.41 MB |
| Indexes | 1 |
| Total index size | 36 KB |
| Padding factor | |
| Extents |
| Name | Columns | Size | Attributes | Actions |
|---|---|---|---|---|
| _id_ |
_id ASC
|
36 KB | DEL |