Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

ask about xss

olek | Last updated: Nov 09, 2023 09:18PM UTC

Hi Team I would like ask about some issue about xss.When I insert payload in burp as <script>alert(1)</script> in repeater and send this xss works on website .But when I copy links or create CSRF poc and try execute from file this doesn't works . website.com/blabla/?q=<script>alert(1)</script> This is Valid xss or not .? Why this not works form links and from CSRF poc.

Hannah, PortSwigger Agent | Last updated: Nov 10, 2023 12:49PM UTC

Hi Could you provide some more information on how you are copying the request to be used in your browser? Are you using the "Request in browser" context-menu item, or a different menu item?

olek | Last updated: Nov 10, 2023 03:25PM UTC

1.I copy and show in browser .This you see xss pop. 2.Create CSRF poc save in notepad and use in browser and this not works . 3.When I copy and show pop up.But when I use this links in new tab .This not works . This website https://en.wst.com.pl/education_offer/architecture?Url=%22%3E%3Cscript%3Ealert(1)%3C/script%3E But only when I send this is repeater. POC CSRF and copy past links do not works .????

Hannah, PortSwigger Agent | Last updated: Nov 13, 2023 02:27PM UTC

Hi Could you drop us an email at support@portswigger.net with a screen recording of the behavior you are describing, please? Do you also see this behavior on any of our CSRF labs? For example, https://portswigger.net/web-security/csrf/lab-no-defenses

olek | Last updated: Nov 13, 2023 04:26PM UTC