The list below shows all of the types of issues that Burp Scanner can report. The "Type ID" column shows the numeric type identifier used in Burp Scanner's XML output.
Issue Name | Type ID |
OS command injection | 1048832 |
SQL injection | 1049088 |
ASP.NET tracing enabled | 1049216 |
File path traversal | 1049344 |
XML external entity injection | 1049600 |
LDAP injection | 1049856 |
XPath injection | 1050112 |
XML injection | 1050368 |
ASP.NET debugging enabled | 1050624 |
HTTP PUT enabled | 1050880 |
Cross-site scripting (stored) | 2097408 |
HTTP header injection | 2097664 |
Cross-site scripting (reflected) | 2097920 |
Flash cross-domain policy | 2098176 |
Silverlight cross-domain policy | 2098432 |
HTML5 cross-origin resource sharing | 2098688 |
Cleartext submission of password | 3145984 |
Referer-dependent response | 4194560 |
User agent-dependent response | 4194592 |
Password returned in later response | 4194816 |
Password field submitted using GET method | 4195072 |
Password returned in URL query string | 4195328 |
SQL statement in request parameter | 4195456 |
Cross-domain POST | 4195584 |
ASP.NET ViewState without MAC enabled | 4195840 |
Open redirection | 5243136 |
SSL cookie without secure flag set | 5243392 |
Cookie scoped to parent domain | 5243648 |
Cross-domain Referer leakage | 5243904 |
Cross-domain script include | 5244160 |
Cookie without HttpOnly flag set | 5244416 |
Session token in URL | 5244672 |
Password field with autocomplete enabled | 5244928 |
Password value set in cookie | 5245184 |
File upload functionality | 5245312 |
Frameable response (potential Clickjacking) | 5245344 |
Browser cross-site scripting filter disabled | 5245360 |
TRACE method is enabled | 5245440 |
Database connection string disclosed | 6291584 |
Source code disclosure | 6291632 |
Directory listing | 6291712 |
Email addresses disclosed | 6291968 |
Private IP addresses disclosed | 6292224 |
Social security numbers disclosed | 6292480 |
Credit card numbers disclosed | 6292736 |
Robots.txt file | 6292992 |
Cacheable HTTPS response | 7340288 |
Multiple content types specified | 8388864 |
HTML does not specify charset | 8389120 |
HTML uses unrecognized charset | 8389376 |
Content type incorrectly stated | 8389632 |
Content type is not specified | 8389888 |
SSL certificate | 16777472 |
Get help from other users, at the Burp Suite User Forum:
This release fixes a bug which was introduced in the v1.5rc2 release, and which caused the active scan checks for XSS to fail to execute in some situations