Zeroc00i News & Tricks - https://hackerone.com/reports/3176157Um pesquisador explorou o MCP do Burp usando dns rebinding :) e levou 2k de dolares

20:26 · Oct 8, 2025 · Wed

https://hackerone.com/reports/3176157

Um pesquisador explorou o MCP do Burp usando dns rebinding :) e levou 2k de dolares

PortSwigger Web Security disclosed on HackerOne: DNS Rebinding SSRF...

The Burp Suite MCP (Model Context Protocol) server on port 9876 lacks proper origin validation and CORS protection, enabling DNS rebinding attacks to bypass the Same-Origin Policy.

Pre-Requisites:...

Powered by BroadcastChannel & Sepia