Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Ajax request header manipulation (DOM-based) & Other DOM-based issues

M | Last updated: Jul 07, 2023 12:09PM UTC

Hi, I often see such DOM-based issues, for example, something like this: Issue: Ajax request header manipulation (DOM-based) Issue detail: The application may be vulnerable to DOM-based Ajax request header manipulation. Data is read from document.cookie and passed to xhr.setRequestHeader.value. Then you explain: "Ajax request header manipulation arises when a script writes controllable data into a header of an Ajax request that is issued using XmlHttpRequest... " You are considering data in "document.cookie" as "controllable data" by the attacker. Which is incorrect in most of the cases. Correct me if I'm wrong. I believe such issues are quite confusing and are in fact FPs. For example, how/why "document.cookie" is considered unsafe to read data from it? The reason I'm raising this is because I'm getting many DOM-based Burp issues and most of them are useless or not exploitable. I believe you guys either need to explain them further, or show how these can actually be exploited, or completely remove or update them. Maybe I'm wrong about them after all, or I'm missing some core DOM knowledge.

Michelle, PortSwigger Agent | Last updated: Jul 10, 2023 10:59AM UTC

Thanks for the feedback. We'll share this with the team to review the severity levels associated with these reported vulnerabilities. There are some circumstances where this could be exploitable. For example, XSS on subdomain A lets you set cookies which could then give you control over a cookie on subdomain B. However, the severity levels we're reporting may not be accurately reflecting the majority of cases, so we'll take a closer look at this. Thanks again for getting in touch to raise this :)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.