Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Minesweeper will match for every Domain Name *server.com

xsscx Nov 26, 2018 01:27PM UTC

Bug Report for Minesweeper
==========================
Issue: The current code as of Nov-26-2018 will match for every Domain Name *server.com

Repro:
1. Install Minesweeper in Burp Pro Beta .12

2.Create a file named minesweeper-domain-test.txt and stash it in DefaultRoot

3. Include a few Domain Names in minesweeper-domain-test.txt, for example:
charlotteobserver.com
newsobserver.com
anythingserver.com

4. PoC: http://localhost/minesweeper-domain-test.txt

5. Check Results for Minesweeper

>> Scripts were included from the following cryptocurrency mining domain: server.com

This App will produce alot of Noise. Your Mileage May Vary.


Liam Tai-Hogan Nov 26, 2018 02:42PM UTC Support Center agent

Hoyt, extensions are produced by third parties. It might be worth contacting them with any issues:

- https://github.com/portswigger/mine-sweeper

Let us know if you have any trouble getting in touch.


Post Your public answer

Your name
Your email address
Answer