Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-05-05
Full Version: HackerOne Disclosed Reports - 2026-05-05
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

5 hours ago
Logo
Low
resolved

Out of scope: Improper Input Validation Order on /api-internal/login via password field leads to unnecessary resource consumption


Bug reported by was disclosed at May 5, 2026, 3:07 pm   |  

A security issue was discovered in the /api-internal/login authentication endpoint of the internal login interface of Burp Suite DAST (Enterprise). The issue was caused by improper input validation order, where the application processed user-supplied input before enforcing field-level validation. This allowed extremely large payloads in the password field to be buffered and parsed prior to rejection, resulting in unnecessary resource consumption. The application fully processed the requests before applying validation, violating the fail-fast principle.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-05-05