Burp Suite User Forum

Login to post

Bug in Lab - Reflected XSS with some SVG markup allowed

Teo | Last updated: Oct 19, 2020 07:56AM UTC

Hi, first I want to thank you for these awesome labs! They really rock! Unfortunately I think something is wrong with this challenge:Reflected XSS with some SVG markup allowed. I am able to trigger an alert box, but it doesn't seem to solve the lab. Any ideas? Payload Used: /?search=%3csvG%2fx%3d%22%3e%22%2foNloaD%3dalert("XSS")%2f%2f Thank you in advance!

Ben, PortSwigger Agent | Last updated: Oct 19, 2020 09:43AM UTC

Hi, I have just tried this lab and was able to trigger an alert box and solve the lab by using the payload that you have suggested in your forum post - which browser are you using?

Teo | Last updated: Oct 20, 2020 08:40AM UTC

I am using Firefox, but I tried it with Chromium too but it doesn't work either. By the way I noticed that after some hours the lab seems solved... I still get the same problem with all the labs now, I trigger the alert boxes but keep getting Not Solved Message.

Ben, PortSwigger Agent | Last updated: Oct 20, 2020 02:33PM UTC

Hi, When i did my run through earlier this week i used Firefox. I believe that lab mentions it is designed to work with Chrome but the payload you supplied worked first time. I find it strange that you are seeing this issue with multiple browsers - do you have any common extensions loaded between the two? Have you tried this on a different machine? Which other labs are displaying the same behavior for you?

Ali | Last updated: Oct 23, 2020 12:31AM UTC

Hello i am facing the same the exact same issue.

Ben, PortSwigger Agent | Last updated: Oct 23, 2020 10:29AM UTC

Hi, Can you confirm what steps you have carried out to complete this lab and what payload you are ultimately trying to use?

You need to Log in to post a reply. Or register here, for free.