Burp Suite User Forum

Login to post

2nd Solution in Lab: "DOM-based open redirection"

Login | Last updated: Nov 13, 2022 10:42PM UTC

I redirected to: https://YOUR-LAB-ID.web-security-academy.net/post/comment/confirmation?postId=%22%3E%3Cscript%3Elocation%3D%22https%3A%2F%2FYOUR-EXPLOIT-SERVER-ID.exploit-server.net%22%3B%3C%2Fscript%3E but the Lab isn't marked as solved. Is it an unintended solution? Greetings

Michelle, PortSwigger Agent | Last updated: Nov 14, 2022 11:34AM UTC

Hi To solve this lab, you will need to change the behavior of the 'Back to blog' link on the main blog post page rather than on the confirmation page after having submitted a comment. On the main blog post page, if you look closely at the page, you'll see the 'Back to blog' contains the following, which is slightly different from the comment confirmation page. <a href='#' onclick='returnURL' = /url=https?:\/\/.+)/.exec(location); if(returnUrl)location.href = returnUrl[1];else location.href = "/"'>Back to Blog</a> I hope this helps.

Login | Last updated: Nov 14, 2022 12:31PM UTC

OK, that's nice. But you should state in the lab's description that the issue is on the main blog post page. I found the redirect (in fact an XSS) on the cofirmation page immediately and tried to make it work for an hour or two. Greetings

You need to Log in to post a reply. Or register here, for free.