Trust_null with wrong result
hayicle opened this issue · comments
HaYiCle commented
Hi,
As i tested in portswigger lab - The result is wrong with trust_null.
2020-08-12 17:24:32 INFO Start checking trust_null for https://acbd1f041e7e90af80c6221d008d000c.web-security-academy.net/accountDetails
response_header={'access-control-allow-origin': 'null', 'access-control-allow-credentials': 'true', 'content-type': 'application/json; charset=utf-8', 'x-xss-protection': '0', 'content-encoding': 'gzip', 'connection': 'close', 'content-length': '98'}
=> vulnerable
2020-08-12 17:24:34 INFO nothing found for {url: https://acbd1f041e7e90af80c6221d008d000c.web-security-academy.net/accountDetails, origin: null, type: trust_null}
=> however nothing found
May you please have a look ?
Have a nice day ^^!
Jianjun Chen commented
Oh...too bad... Thank you for pointing it out, @hayicle.