Burp Suite User Forum

Create new post

Bug in Lab - Reflected XSS with some SVG markup allowed

Teo | Last updated: Oct 19, 2020 07:56AM UTC

Hi, first I want to thank you for these awesome labs! They really rock! Unfortunately I think something is wrong with this challenge:Reflected XSS with some SVG markup allowed. I am able to trigger an alert box, but it doesn't seem to solve the lab. Any ideas? Payload Used: /?search=%3csvG%2fx%3d%22%3e%22%2foNloaD%3dalert("XSS")%2f%2f Thank you in advance!

Ben, PortSwigger Agent | Last updated: Oct 19, 2020 09:43AM UTC

Hi, I have just tried this lab and was able to trigger an alert box and solve the lab by using the payload that you have suggested in your forum post - which browser are you using?

Teo | Last updated: Oct 20, 2020 08:40AM UTC

I am using Firefox, but I tried it with Chromium too but it doesn't work either. By the way I noticed that after some hours the lab seems solved... I still get the same problem with all the labs now, I trigger the alert boxes but keep getting Not Solved Message.

Ben, PortSwigger Agent | Last updated: Oct 20, 2020 02:33PM UTC

Hi, When i did my run through earlier this week i used Firefox. I believe that lab mentions it is designed to work with Chrome but the payload you supplied worked first time. I find it strange that you are seeing this issue with multiple browsers - do you have any common extensions loaded between the two? Have you tried this on a different machine? Which other labs are displaying the same behavior for you?

Ali | Last updated: Oct 23, 2020 12:31AM UTC

Hello i am facing the same the exact same issue.

Ben, PortSwigger Agent | Last updated: Oct 23, 2020 10:29AM UTC

Hi, Can you confirm what steps you have carried out to complete this lab and what payload you are ultimately trying to use?

Low | Last updated: Feb 23, 2021 06:35AM UTC

Hi, I have also encountered the similar situation. In my case, I am doing the lab on FireFox. I triggered the XSS vulnerability with the following payload: <svg><animatetransform onbegin=alert(1)>. The lab was not solved despite the fact that we have triggered the XSS via the svg payload. Upon noting this, I replicated this by copying the URL to a Google Chrome browser and immediately the lab gets solved.

Ben, PortSwigger Agent | Last updated: Feb 23, 2021 08:08AM UTC

Hi, I just tested this lab and was able to solve it in a Firefox browser using the suggested payload in the solution so it appears to be functioning as expected.

Sampath | Last updated: Nov 27, 2021 05:30PM UTC

Hi I am able to trigger vulnerability using the following payload. But the lab was not solved. I tried with firefox and chrome browsers but same result "Not solved". "><svg><animatetransform%20onbegin=alert(1)>

Ben, PortSwigger Agent | Last updated: Nov 29, 2021 08:57AM UTC

Hi Sampath, Using the payload that you have supplied successfully solves the lab when I attempt it - how are you delivering the payload?

Thomas | Last updated: Nov 30, 2021 01:46PM UTC

I'm having the same issue. The following payload triggered the alert, but did not solve the lab (tried both FireFox and Chome): <svg><animatetransform onbegin=alert(1337) attributeName=transform>

Ben, PortSwigger Agent | Last updated: Nov 30, 2021 02:15PM UTC

Hi Thomas, Having just tried your payload using a Firefox browser (version 94.0.2), the lab solves for me. Can you confirm how you are entering the payload?

Thomas | Last updated: Nov 30, 2021 02:37PM UTC

I tried both in the URL and in the search input. I restarted the lab now, and it accepted it. I noticed the same with another lab right now, I had to let the lab instance timeout before successfully trying the exact same payload once more in a new instance.

Agnieszka | Last updated: Nov 30, 2021 06:30PM UTC

I also got a bit tired with this task. I tried to solve it using: Burp built-in browser, Firefox, Chrome and Microsoft Edge, also in incognito mode, both by pasting payload to the URL and to the search box. I also tried to use the Burp Repeater. Also with no positive effect. After many attempts, it worked, exactly in the same way that I started with, i.e. using the built-in Burp browser (I pasted the payload into the URL). The positive thing is that I have done it so many times that I will remember what it was about for the rest of my life :)

Karel | Last updated: Feb 05, 2022 08:28PM UTC

Hello! I am facing the same issue.

Karel | Last updated: Feb 05, 2022 08:28PM UTC

Hello! I am facing the same issue.

Karel | Last updated: Feb 05, 2022 08:28PM UTC

Hello! I am facing the same issue.

Ben, PortSwigger Agent | Last updated: Feb 07, 2022 08:13AM UTC

Hi Karel, I have just performed another run through of this lab and I can solve it using the solution provided so it does appear to be working as expected. Are you able to provide us with some more details regarding how you are trying to solve it and what payload you are entering?

Vishal | Last updated: Sep 30, 2024 05:29AM UTC

Still facing the same issue, even I triggered an alert box it does not say SOLVED. Strange...

Ben, PortSwigger Agent | Last updated: Sep 30, 2024 10:14AM UTC

Hi Vishal, Which browser are you using? Again, I have just launched a fresh instance of this lab (as of right now) and been able to solve it using the exploit provided in the written solution.

Vishal | Last updated: Oct 01, 2024 04:53AM UTC

I am using the embeded browser in burp pro. I tried it but facing same issue.

Vishal | Last updated: Oct 01, 2024 05:17AM UTC

Same is the case with Stored XSS into anchor href attribute with double quotes HTML-encoded lab. Even after using the solution provided in lab, the lab says NOT SOLVED. I am using browser within burp.

Ben, PortSwigger Agent | Last updated: Oct 01, 2024 09:14AM UTC

Hi Vishal, Again, having just tried that lab this morning and entering the payload as the website parameter this then solves the lab successfully.

Vishal | Last updated: Oct 01, 2024 01:19PM UTC

Hi Ben I tried it in different browsers as well as diffrent paylods but it says not solved. Strange

Ben, PortSwigger Agent | Last updated: Oct 02, 2024 08:23AM UTC

Hi Vishal, If you try this again today and are still having issues are you able to send us an email at support@portswigger.net and include screenshots of the steps that you are carrying out so that we can see this more clearly?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.